[jira] [Resolved] (CLOUDSTACK-1389) Interactive Password Prompts during Management Server Startup
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav resolved CLOUDSTACK-1389. - Resolution: Fixed This was fixed by Eric recently on master: https://reviews.apache.org/r/24184/ [~dahn] Daan do you want to cherry pick the following fix by Eric on 4.4 branch? 451e2ab851518832f44c77830347d9bbcb5da13f > Interactive Password Prompts during Management Server Startup > - > > Key: CLOUDSTACK-1389 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1389 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.1.0, 4.2.0 > Environment: devcloud >Reporter: John Burwell > Labels: security > Fix For: 4.4.0 > > > When starting the management with no SSL certificate present, the system > attempts to run a shell script that requires interactive password entry. > Executing the following steps with a user that is either non-sudoer or a > sudoer that requires a password authentication to perform sudo actions (and > who has not already authenticated to sudo), execute the following commands > from root directory of a cloudstack/4.1 checkout: >1. mvn -P developer clean install >2. mvn -pl :cloud-client-ui jetty:run > During the startup process, the management server will not find the > cloud.keystore in the the > client/target/cloud-client-ui-4.1-SNAPSHOT/WEB-INF/classes directory, and > attempt to generate an SSL certificate using the following shell scripts: >sudo keytool -genkey -keystore > /Users/jburwell/Documents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore > -store > pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname > cn="Cloudstack User",ou="0.8.31",o="0.8.31",c="Unknown" > The following is a capture of the script timeout error from the vmops.log: >2013-02-27 09:52:17,157 INFO [cloud.server.ConfigurationServerImpl] > (Timer-2:null) SSL keystore located at /Users/jburwell/Docum > ents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore > 2013-02-27 09:52:17,176 DEBUG [utils.script.Script] (Timer-2:null) Executing: > sudo keytool -genkey -keystore /Users/jburwell/Docu > ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore > -store > pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname > cn="Cloudstack User",ou="0.8.31",o="0.8.31",c="Unknown" > 2013-02-27 09:52:22,188 WARN [utils.script.Script] (Script-1:null) > Interrupting script. > 2013-02-27 09:52:22,190 WARN [utils.script.Script] (Timer-2:null) Timed out: > sudo keytool -genkey -keystore /Users/jburwell/Docu > ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore > -store > pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname > cn="Cloudstack User",ou="0.8.31",o="0.8.31",c="Unknown" . Ou > tput is: dyld: DYLD_ environment variables being ignored because main > executable (/usr/bin/sudo) is setuid or setgid > 2013-02-27 09:52:22,191 WARN [cloud.server.ConfigurationServerImpl] > (Timer-2:null) Would use fail-safe keystore to continue. > java.io.IOException: Fail to generate certificate!: timeout > at > com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490) > at > com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:511) > at > com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) > at > com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:144) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:8 > 0) > at > com.cloud.utils.db.Transaction
[jira] [Resolved] (CLOUDSTACK-1389) Interactive Password Prompts during Management Server Startup
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhinandan Prateek resolved CLOUDSTACK-1389. Resolution: Won't Fix > Interactive Password Prompts during Management Server Startup > - > > Key: CLOUDSTACK-1389 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1389 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.1.0 > Environment: devcloud >Reporter: John Burwell >Assignee: Abhinandan Prateek > Labels: security > Fix For: 4.1.0 > > > When starting the management with no SSL certificate present, the system > attempts to run a shell script that requires interactive password entry. > Executing the following steps with a user that is either non-sudoer or a > sudoer that requires a password authentication to perform sudo actions (and > who has not already authenticated to sudo), execute the following commands > from root directory of a cloudstack/4.1 checkout: >1. mvn -P developer clean install >2. mvn -pl :cloud-client-ui jetty:run > During the startup process, the management server will not find the > cloud.keystore in the the > client/target/cloud-client-ui-4.1-SNAPSHOT/WEB-INF/classes directory, and > attempt to generate an SSL certificate using the following shell scripts: >sudo keytool -genkey -keystore > /Users/jburwell/Documents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore > -store > pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname > cn="Cloudstack User",ou="0.8.31",o="0.8.31",c="Unknown" > The following is a capture of the script timeout error from the vmops.log: >2013-02-27 09:52:17,157 INFO [cloud.server.ConfigurationServerImpl] > (Timer-2:null) SSL keystore located at /Users/jburwell/Docum > ents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore > 2013-02-27 09:52:17,176 DEBUG [utils.script.Script] (Timer-2:null) Executing: > sudo keytool -genkey -keystore /Users/jburwell/Docu > ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore > -store > pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname > cn="Cloudstack User",ou="0.8.31",o="0.8.31",c="Unknown" > 2013-02-27 09:52:22,188 WARN [utils.script.Script] (Script-1:null) > Interrupting script. > 2013-02-27 09:52:22,190 WARN [utils.script.Script] (Timer-2:null) Timed out: > sudo keytool -genkey -keystore /Users/jburwell/Docu > ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore > -store > pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname > cn="Cloudstack User",ou="0.8.31",o="0.8.31",c="Unknown" . Ou > tput is: dyld: DYLD_ environment variables being ignored because main > executable (/usr/bin/sudo) is setuid or setgid > 2013-02-27 09:52:22,191 WARN [cloud.server.ConfigurationServerImpl] > (Timer-2:null) Would use fail-safe keystore to continue. > java.io.IOException: Fail to generate certificate!: timeout > at > com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490) > at > com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:511) > at > com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) > at > com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:144) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:8 > 0) > at > com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37) > at sun.reflect.GeneratedMethodAccessor35.invoke(Unknown Source) >
