> so I guess CS never updates it, and anyone who installed a version with a sudo config missing keytool will probably hit this same problem eventually
Correct. The modification of the sudoers file isn't done via the binary package so it will not change on update. It will only change if cloudstack-setup-management is run. Release notes should probably be modified to include this. On 25 October 2014 01:20, Kirk Kosinski <kirkkosin...@gmail.com> wrote: > Right, it is not ideal, though it was like that for a long time (since > at least CS 2.x). I see that the sudo config was changed recently to be > more locked down, but it did not include keytool due to CLOUDSTACK-1389. > I checked a 4.3 setup which was upgraded from 4.2 and it still has the > old unrestricted config so I guess CS never updates it, and anyone who > installed a version with a sudo config missing keytool will probably hit > this same problem eventually (whenever keytool is run). > > Best regards, > Kirk > > > On 10/24/2014 03:06 PM, Ian Duffy wrote: > >> cloud ALL =NOPASSWD : ALL > > > > This is dangerous advice. It grants the cloud user full sudo access > without > > the requirement of a password. > > > > The following gives more limited access and should allow cloudstack to > > function accordingly: > > > > cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, > > /bin/umount, /usr/bin/keytool > > > > On 24 October 2014 18:44, Andrija Panic <andrija.pa...@gmail.com> wrote: > > > >> Just did quick management server ACS 4.4.1 installation on free server: > >> cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, > >> /bin/umount, /usr/bin/keytool > >> > >> that is what it looks like in ACS 4.4.1 > >> clean install of ACS 4.4.1 works... > >> > >> On 24 October 2014 19:35, Andrija Panic <andrija.pa...@gmail.com> > wrote: > >> > >>> like this: > >>> > >>> Defaults:cloud !requiretty > >>> cloud ALL =NOPASSWD : ALL > >>> > >>> and let us know if the upgtade still fails - it does fail for me with > no > >>> understandable error... > >>> thx > >>> > >>> On 24 October 2014 19:28, Matthew Midgett < > >>> clouds...@trick-solutions.com.invalid> wrote: > >>> > >>>> This is what is in my sudoers file > >>>> > >>>> cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, > >>>> /bin/umount > >>>> > >>>> Should I change it? > >>>> > >>>> -----Original Message----- > >>>> From: Kirk Kosinski [mailto:kirkkosin...@gmail.com] > >>>> Sent: Friday, October 24, 2014 5:23 AM > >>>> To: users@cloudstack.apache.org > >>>> Subject: Re: Broken update from 4.4 to 4.4.1 > >>>> > >>>> Hi, the error below indicates a problem with the sudo config. Make > sure > >>>> /etc/sudoers has a line like: > >>>> > >>>> cloud ALL =NOPASSWD : ALL > >>>> > >>>> Best regards, > >>>> Kirk > >>>> > >>>> On 10/23/2014 01:05 PM, Matthew Midgett wrote: > >>>>> 2014-10-23 15:21:52,943 INFO [c.c.s.ConfigurationServerImpl] > >>>>> (main:null) Processing updateSSLKeyStore > >>>>> 2014-10-23 15:21:52,948 INFO [c.c.s.ConfigurationServerImpl] > >>>>> (main:null) SSL keystore located at > >>>>> /etc/cloudstack/management/cloud.keystore > >>>>> 2014-10-23 15:21:52,951 DEBUG [c.c.u.s.Script] (main:null) Executing: > >>>> sudo keytool -genkey -keystore > /etc/cloudstack/management/cloud.keystore > >>>> -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 > >>>> -dname cn="Cloudstack User",ou="chlt.charlottecolo.com",o=" > >>>> chlt.charlottecolo.com",c="Unknown" > >>>>> 2014-10-23 15:21:52,988 DEBUG [c.c.u.s.Script] (main:null) Exit value > >>>>> is 1 > >>>>> 2014-10-23 15:21:52,989 DEBUG [c.c.u.s.Script] (main:null) sudo: no > >>>>> tty present and no askpass program specified > >>>>> 2014-10-23 15:21:52,991 WARN [c.c.s.ConfigurationServerImpl] > >>>> (main:null) Would use fail-safe keystore to continue. > >>>>> java.io.IOException: Fail to generate certificate!: sudo: no tty > >>>> present and no askpass program specified > >>>>> at > >>>> > >> > com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:595) > >>>>> at > >>>> > >> > com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:623) > >>>>> at > >>>> > >> > com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:299) > >>>>> at > >>>> > >> > com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:164) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle$3.with(CloudStackExtendedLifeCycle.java:114) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.with(CloudStackExtendedLifeCycle.java:153) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.configure(CloudStackExtendedLifeCycle.java:110) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(CloudStackExtendedLifeCycle.java:56) > >>>>> at > >>>> > >> > org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:167) > >>>>> at > >>>> > >> > org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51) > >>>>> at > >>>> > >> > org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:339) > >>>>> at > >>>> > >> > org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:143) > >>>>> at > >>>> > >> > org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:108) > >>>>> at > >>>> > >> > org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:945) > >>>>> at > >>>> > >> > org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContext(DefaultModuleDefinitionSet.java:145) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet$2.with(DefaultModuleDefinitionSet.java:122) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:245) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:250) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:250) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:233) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContexts(DefaultModuleDefinitionSet.java:117) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.load(DefaultModuleDefinitionSet.java:79) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.factory.ModuleBasedContextFactory.loadModules(ModuleBasedContextFactory.java:37) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.init(CloudStackSpringContext.java:70) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:57) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:61) > >>>>> at > >>>> > >> > org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener.contextInitialized(CloudStackContextLoaderListener.java:52) > >>>>> at > >>>> > >> > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210) > >>>>> at > >>>> > >> > org.apache.catalina.core.StandardContext.start(StandardContext.java:4709) > >>>>> at > >>>> > >> > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) > >>>>> at > >>>> > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) > >>>>> at > >>>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) > >>>>> at > >>>> > >> > org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041) > >>>>> at > >>>> > >> > org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964) > >>>>> at > >>>> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502) > >>>>> at > >>>> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) > >>>>> at > >>>> > >> > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) > >>>>> at > >>>> > >> > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142) > >>>>> at > >>>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) > >>>>> at > >>>> org.apache.catalina.core.StandardHost.start(StandardHost.java:722) > >>>>> at > >>>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) > >>>>> at > >>>> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) > >>>>> at > >>>> > org.apache.catalina.core.StandardService.start(StandardService.java:516) > >>>>> at > >>>> org.apache.catalina.core.StandardServer.start(StandardServer.java:710) > >>>>> at > org.apache.catalina.startup.Catalina.start(Catalina.java:593) > >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > >>>>> at > >>>> > >> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > >>>>> at > >>>> > >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > >>>>> at java.lang.reflect.Method.invoke(Method.java:606) > >>>>> at > >> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > >>>>> at > >> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > >>>> > >>>> > >>> > >>> > >>> -- > >>> > >>> Andrija Panić > >>> -------------------------------------- > >>> http://admintweets.com > >>> -------------------------------------- > >>> > >> > >> > >> > >> -- > >> > >> Andrija Panić > >> -------------------------------------- > >> http://admintweets.com > >> -------------------------------------- > >> > > > >
