[jira] [Resolved] (CLOUDSTACK-1389) Interactive Password Prompts during Management Server Startup
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohit Yadav resolved CLOUDSTACK-1389. - Resolution: Fixed This was fixed by Eric recently on master: https://reviews.apache.org/r/24184/ [~dahn] Daan do you want to cherry pick the following fix by Eric on 4.4 branch? 451e2ab851518832f44c77830347d9bbcb5da13f Interactive Password Prompts during Management Server Startup - Key: CLOUDSTACK-1389 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1389 Project: CloudStack Issue Type: Bug Security Level: Public(Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.1.0, 4.2.0 Environment: devcloud Reporter: John Burwell Labels: security Fix For: 4.4.0 When starting the management with no SSL certificate present, the system attempts to run a shell script that requires interactive password entry. Executing the following steps with a user that is either non-sudoer or a sudoer that requires a password authentication to perform sudo actions (and who has not already authenticated to sudo), execute the following commands from root directory of a cloudstack/4.1 checkout: 1. mvn -P developer clean install 2. mvn -pl :cloud-client-ui jetty:run During the startup process, the management server will not find the cloud.keystore in the the client/target/cloud-client-ui-4.1-SNAPSHOT/WEB-INF/classes directory, and attempt to generate an SSL certificate using the following shell scripts: sudo keytool -genkey -keystore /Users/jburwell/Documents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown The following is a capture of the script timeout error from the vmops.log: 2013-02-27 09:52:17,157 INFO [cloud.server.ConfigurationServerImpl] (Timer-2:null) SSL keystore located at /Users/jburwell/Docum ents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore 2013-02-27 09:52:17,176 DEBUG [utils.script.Script] (Timer-2:null) Executing: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown 2013-02-27 09:52:22,188 WARN [utils.script.Script] (Script-1:null) Interrupting script. 2013-02-27 09:52:22,190 WARN [utils.script.Script] (Timer-2:null) Timed out: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown . Ou tput is: dyld: DYLD_ environment variables being ignored because main executable (/usr/bin/sudo) is setuid or setgid 2013-02-27 09:52:22,191 WARN [cloud.server.ConfigurationServerImpl] (Timer-2:null) Would use fail-safe keystore to continue. java.io.IOException: Fail to generate certificate!: timeout at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490) at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:511) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:8 0) at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37) at
[jira] [Resolved] (CLOUDSTACK-1389) Interactive Password Prompts during Management Server Startup
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhinandan Prateek resolved CLOUDSTACK-1389. Resolution: Won't Fix Interactive Password Prompts during Management Server Startup - Key: CLOUDSTACK-1389 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1389 Project: CloudStack Issue Type: Bug Security Level: Public(Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.1.0 Environment: devcloud Reporter: John Burwell Assignee: Abhinandan Prateek Labels: security Fix For: 4.1.0 When starting the management with no SSL certificate present, the system attempts to run a shell script that requires interactive password entry. Executing the following steps with a user that is either non-sudoer or a sudoer that requires a password authentication to perform sudo actions (and who has not already authenticated to sudo), execute the following commands from root directory of a cloudstack/4.1 checkout: 1. mvn -P developer clean install 2. mvn -pl :cloud-client-ui jetty:run During the startup process, the management server will not find the cloud.keystore in the the client/target/cloud-client-ui-4.1-SNAPSHOT/WEB-INF/classes directory, and attempt to generate an SSL certificate using the following shell scripts: sudo keytool -genkey -keystore /Users/jburwell/Documents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown The following is a capture of the script timeout error from the vmops.log: 2013-02-27 09:52:17,157 INFO [cloud.server.ConfigurationServerImpl] (Timer-2:null) SSL keystore located at /Users/jburwell/Docum ents/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore 2013-02-27 09:52:17,176 DEBUG [utils.script.Script] (Timer-2:null) Executing: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown 2013-02-27 09:52:22,188 WARN [utils.script.Script] (Script-1:null) Interrupting script. 2013-02-27 09:52:22,190 WARN [utils.script.Script] (Timer-2:null) Timed out: sudo keytool -genkey -keystore /Users/jburwell/Docu ments/projects/cloudstack/src/cloudstack-basho/client/target/cloud-client-ui-4.1.0-SNAPSHOT/WEB-INF/classes/cloud.keystore -store pass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 -dname cn=Cloudstack User,ou=0.8.31,o=0.8.31,c=Unknown . Ou tput is: dyld: DYLD_ environment variables being ignored because main executable (/usr/bin/sudo) is setuid or setgid 2013-02-27 09:52:22,191 WARN [cloud.server.ConfigurationServerImpl] (Timer-2:null) Would use fail-safe keystore to continue. java.io.IOException: Fail to generate certificate!: timeout at com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:490) at com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:511) at com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:272) at com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:8 0) at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:37) at sun.reflect.GeneratedMethodAccessor35.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at