Hi Daniel,
After you added the Ubuntu hosts, does it have cloud.jks at /etc/cloudstack/agent? Can you confirm any errors seen during addition of KVM host to the Ubuntu based management server? The log: 2018-03-12 20:44:03,787 WARN [utils.nio.Link] (main:null) (logid:) Failed to load keystore, using trust all manager Suggests that your KVM host failed to be secured (i.e. have the keystore jks file setup) which could be due to several reasons. Can you check/confirm that the user used to add the Ubuntu based KVM host was indeed 'root'. A sudoer user may fail to add/create a jks/keystore file if it does not have access in the /etc/cloudstack/agent directory. Furthermore, once the agent is up, with the auth strictness setting set to false, you can re-attempt at re-securing your KVM host using the provisionCertificate API and pass it a host id. However, if you can reproduce the issue that fresh addition of KVM host fails to secure the host (i.e. create the certificates and jks file) that indeed is an issue. A similar issue was recently fixed and will make into 4.11.1.0: https://github.com/apache/cloudstack/pull/2454 (with this fix, addHost will also fail in case it fails to secure the KVM host) - Rohit <https://cloudstack.apache.org> ________________________________ From: Daniel Coric <cori...@gmail.com> Sent: Thursday, March 15, 2018 2:03:36 AM To: users@cloudstack.apache.org Subject: Re: Cloudstack installation on Ubuntu Xenial Hello Rafael, I'm aware of it, thank you. I also assumed that there could be some problem with it, that's why I shared a link (second one) in my first post, hopping that someone could confirm me that assumption. After I have set ca.plugin.root.auth.strictness to false everything worked just fine - although it shouldn't be needed to do that for freshly installed environments. At least it was not needed on the CentoOS. The CA framework did "kick in" (as the article says) and has done his job. Regards Daniel Coric On 2018/03/14 00:48:11, Rafael Weingärtner <rafaelweingart...@gmail.com> wrote: > Looking at the logs you provided looks like something wrong with the > certificate used to secure communication with your KVM agent. I am not > familiar with KVM and ACS. I know however, that there is a CA pluging that > can issue and install certificates on hosts. Have you tried that? > rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > On Tue, Mar 13, 2018 at 5:07 PM, Daniel Coric <cori...@gmail.com> wrote: > > > Hello Rafael, > > > > Thank you for your response. > > > > I really did nothing except installing CS on a fresh installed Ubuntu VM - > > as I did it on the CentOS. On the CentOS everything worked out of the box - > > on the Ubuntu problems. > > > > I tried to install it from different package repositories (community, > > ShapeBlue, self-built), compared and followed Ubuntu specific installation > > instructions from two different sources (ACS, ShapeBlue) every time same > > errors in agent.log. > > > > So, I would rather say that there is something wrong either with the > > source or Ubuntu - but, as the first time CS user I could be wrong, of > > course. > > > > Regards > > Daniel Coric > > > > On 2018/03/13 18:43:46, Rafael Weingärtner <rafaelweingart...@gmail.com> > > wrote: > > > The MySQL thing is only a warning and should not cause problems in your > > > POC. The other is an error. There is something wrong with your agent's > > > configurations/deployment. > > > > > > On Mon, Mar 12, 2018 at 9:57 PM, Daniel Coric <cori...@gmail.com> wrote: > > > > > > > Hello Everyone, > > > > > > > > I'm getting myself familiar with CloudStack so please excuse if I have > > > > overlooked something obvious. > > > > > > > > Using build and install instructions from the official documentation I > > > > have managed to successfully install CloudStack 4.11 on the neasted > > CentOS > > > > 7.4 KVM (from both community provided package repositories and > > self-built > > > > packages). > > > > > > > > I have tried some of the basic operations like: uploading iso images, > > > > adding volumes and users, creating templates, creating and using VMs > > (both > > > > as admin and user) etc. > > > > As far as I can tell, everything worked as expected - except the fact > > that > > > > CentOS VM took about half an hour to shut down. > > > > > > > > Than I decided to give it a try on Ubuntu too. And indeed, Ubuntu > > 16.04.4 > > > > VM shut down normally. > > > > > > > > But, that was also the only thing that worked as expected on that > > Ubuntu > > > > VM. > > > > > > > > I have tried to find some solution on internet but the closest I could > > get > > > > was this thread: > > > > https://www.mail-archive.com/users@cloudstack.apache.org/msg22578.html > > > > and this documentation: > > > > http://docs.cloudstack.apache.org/projects/cloudstack- > > > > administration/en/latest/hosts.html#security > > > > > > > > And I'm not even sure if I am on the right path to the solution - any > > > > assistance would be much appreciated. > > > > > > > > > > > > > > > > Ubuntu 16.04.4 cloudstack-management.err is filled with: > > > > > > > > Mon Mar 12 20:30:24 CET 2018 WARN: Establishing SSL connection without > > > > server's identity verification is not recommended. According to MySQL > > > > 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be > > established > > > > by default if explicit option isn't set. For compliance with existing > > > > applications not using SSL the verifyServerCertificate property is set > > to > > > > 'false'. You need either to explicitly disable SSL by setting > > useSSL=false, > > > > or set useSSL=true and provide truststore for server certificate > > > > verification. > > > > > > > > Ubuntu 16.04.4 agent.log is filled with: > > > > > > > > 2018-03-12 20:43:58,782 INFO [utils.exception.CSExceptionErrorCode] > > > > (main:null) (logid:) Could not find exception: > > com.cloud.utils.exception.NioConnectionException > > > > in error code list for exceptions > > > > 2018-03-12 20:43:58,782 WARN [cloud.agent.Agent] (main:null) (logid:) > > NIO > > > > Connection Exception com.cloud.utils.exception. > > NioConnectionException: > > > > SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250 > > > > 2018-03-12 20:43:58,782 INFO [cloud.agent.Agent] (main:null) (logid:) > > > > Attempted to connect to the server, but received an unexpected > > exception, > > > > trying again... > > > > 2018-03-12 20:44:03,783 INFO [cloud.agent.Agent] (main:null) (logid:) > > > > Connecting to host:10.22.0.5 > > > > 2018-03-12 20:44:03,783 INFO [utils.nio.NioClient] (main:null) > > (logid:) > > > > Connecting to 10.22.0.5:8250 > > > > 2018-03-12 20:44:03,786 INFO [utils.nio.Link] (main:null) (logid:) > > Conf > > > > file found: /etc/cloudstack/agent/agent.properties > > > > 2018-03-12 20:44:03,787 WARN [utils.nio.Link] (main:null) (logid:) > > Failed > > > > to load keystore, using trust all manager > > > > 2018-03-12 20:44:03,858 ERROR [utils.nio.Link] (main:null) (logid:) SSL > > > > error caught during unwrap data: Received fatal alert: > > bad_certificate, for > > > > local address=/10.22.0.5:53356, remote address=/10.22.0.5:8250. The > > > > client may have invalid ca-certificates. > > > > 2018-03-12 20:44:03,858 ERROR [utils.nio.NioClient] (main:null) > > (logid:) > > > > SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250 > > > > 2018-03-12 20:44:03,858 ERROR [utils.nio.NioConnection] (main:null) > > > > (logid:) Unable to initialize the threads. > > > > java.io.IOException: SSL Handshake failed while connecting to host: > > > > 10.22.0.5 port: 8250 > > > > at com.cloud.utils.nio.NioClient.init(NioClient.java:67) > > > > at com.cloud.utils.nio.NioConnection.start( > > NioConnection.java:95) > > > > at com.cloud.agent.Agent.start(Agent.java:263) > > > > at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:410) > > > > at com.cloud.agent.AgentShell.launchAgentFromClassInfo( > > > > AgentShell.java:378) > > > > at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:362) > > > > at com.cloud.agent.AgentShell.start(AgentShell.java:467) > > > > at com.cloud.agent.AgentShell.main(AgentShell.java:502) > > > > > > > > > > > > > > > > Regards > > > > D.Coric > > > > > > > > > > > > > > > > -- > > > Rafael Weingärtner > > > > > > > > > -- > Rafael Weingärtner >
