Hello Rohit, I'm glad you've noticed the thread. Thank you for clearance.
It is definitely reproducible with the 4.11.0.0 and Ubuntu Xenial (16.4.04) - unfortunately I did't save any of the logs. In the process of adding the host, I couldn't authenticate with the "root" user (the default value of "PermitRootLogin" in /etc/ssh/sshd_config is "prohibit-password" - I simply overlooked that fact) so I used "sudoer" user and disabled strictness. After adding the host that way there were none of the keystore/certificate releted files in the /etc/cloudstack/agent directory (only agent.properties environment.properties and log4j-cloud.xml). I had to use provisionCertificate API to generate those. Regards Daniel On 2018/03/15 11:56:43, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > Hi Daniel, > > > After you added the Ubuntu hosts, does it have cloud.jks at > /etc/cloudstack/agent? Can you confirm any errors seen during addition of KVM > host to the Ubuntu based management server? > > > The log: > > 2018-03-12 20:44:03,787 WARN [utils.nio.Link] (main:null) (logid:) Failed to > load keystore, using trust all manager > > > Suggests that your KVM host failed to be secured (i.e. have the keystore jks > file setup) which could be due to several reasons. Can you check/confirm that > the user used to add the Ubuntu based KVM host was indeed 'root'. A sudoer > user may fail to add/create a jks/keystore file if it does not have access in > the /etc/cloudstack/agent directory. > > > Furthermore, once the agent is up, with the auth strictness setting set to > false, you can re-attempt at re-securing your KVM host using the > provisionCertificate API and pass it a host id. However, if you can reproduce > the issue that fresh addition of KVM host fails to secure the host (i.e. > create the certificates and jks file) that indeed is an issue. > > > A similar issue was recently fixed and will make into 4.11.1.0: > > https://github.com/apache/cloudstack/pull/2454 (with this fix, addHost will > also fail in case it fails to secure the KVM host) > > > - Rohit > > <https://cloudstack.apache.org> > > > > ________________________________ > From: Daniel Coric <cori...@gmail.com> > Sent: Thursday, March 15, 2018 2:03:36 AM > To: users@cloudstack.apache.org > Subject: Re: Cloudstack installation on Ubuntu Xenial > > Hello Rafael, > > I'm aware of it, thank you. I also assumed that there could be some problem > with it, that's why I shared a link (second one) in my first post, hopping > that someone could confirm me that assumption. > > After I have set ca.plugin.root.auth.strictness to false everything worked > just fine - although it shouldn't be needed to do that for freshly installed > environments. > > At least it was not needed on the CentoOS. The CA framework did "kick in" (as > the article says) and has done his job. > > Regards > Daniel Coric > > On 2018/03/14 00:48:11, Rafael Weingärtner <rafaelweingart...@gmail.com> > wrote: > > Looking at the logs you provided looks like something wrong with the > > certificate used to secure communication with your KVM agent. I am not > > familiar with KVM and ACS. I know however, that there is a CA pluging that > > can issue and install certificates on hosts. Have you tried that? > > > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > > On Tue, Mar 13, 2018 at 5:07 PM, Daniel Coric <cori...@gmail.com> wrote: > > > > > Hello Rafael, > > > > > > Thank you for your response. > > > > > > I really did nothing except installing CS on a fresh installed Ubuntu VM - > > > as I did it on the CentOS. On the CentOS everything worked out of the box > > > - > > > on the Ubuntu problems. > > > > > > I tried to install it from different package repositories (community, > > > ShapeBlue, self-built), compared and followed Ubuntu specific installation > > > instructions from two different sources (ACS, ShapeBlue) every time same > > > errors in agent.log. > > > > > > So, I would rather say that there is something wrong either with the > > > source or Ubuntu - but, as the first time CS user I could be wrong, of > > > course. > > > > > > Regards > > > Daniel Coric > > > > > > On 2018/03/13 18:43:46, Rafael Weingärtner > > > <rafaelweingart...@gmail.com> > > > wrote: > > > > The MySQL thing is only a warning and should not cause problems in your > > > > POC. The other is an error. There is something wrong with your agent's > > > > configurations/deployment. > > > > > > > > On Mon, Mar 12, 2018 at 9:57 PM, Daniel Coric <cori...@gmail.com> wrote: > > > > > > > > > Hello Everyone, > > > > > > > > > > I'm getting myself familiar with CloudStack so please excuse if I have > > > > > overlooked something obvious. > > > > > > > > > > Using build and install instructions from the official documentation I > > > > > have managed to successfully install CloudStack 4.11 on the neasted > > > CentOS > > > > > 7.4 KVM (from both community provided package repositories and > > > self-built > > > > > packages). > > > > > > > > > > I have tried some of the basic operations like: uploading iso images, > > > > > adding volumes and users, creating templates, creating and using VMs > > > (both > > > > > as admin and user) etc. > > > > > As far as I can tell, everything worked as expected - except the fact > > > that > > > > > CentOS VM took about half an hour to shut down. > > > > > > > > > > Than I decided to give it a try on Ubuntu too. And indeed, Ubuntu > > > 16.04.4 > > > > > VM shut down normally. > > > > > > > > > > But, that was also the only thing that worked as expected on that > > > Ubuntu > > > > > VM. > > > > > > > > > > I have tried to find some solution on internet but the closest I could > > > get > > > > > was this thread: > > > > > https://www.mail-archive.com/users@cloudstack.apache.org/msg22578.html > > > > > and this documentation: > > > > > http://docs.cloudstack.apache.org/projects/cloudstack- > > > > > administration/en/latest/hosts.html#security > > > > > > > > > > And I'm not even sure if I am on the right path to the solution - any > > > > > assistance would be much appreciated. > > > > > > > > > > > > > > > > > > > > Ubuntu 16.04.4 cloudstack-management.err is filled with: > > > > > > > > > > Mon Mar 12 20:30:24 CET 2018 WARN: Establishing SSL connection without > > > > > server's identity verification is not recommended. According to MySQL > > > > > 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be > > > established > > > > > by default if explicit option isn't set. For compliance with existing > > > > > applications not using SSL the verifyServerCertificate property is set > > > to > > > > > 'false'. You need either to explicitly disable SSL by setting > > > useSSL=false, > > > > > or set useSSL=true and provide truststore for server certificate > > > > > verification. > > > > > > > > > > Ubuntu 16.04.4 agent.log is filled with: > > > > > > > > > > 2018-03-12 20:43:58,782 INFO [utils.exception.CSExceptionErrorCode] > > > > > (main:null) (logid:) Could not find exception: > > > com.cloud.utils.exception.NioConnectionException > > > > > in error code list for exceptions > > > > > 2018-03-12 20:43:58,782 WARN [cloud.agent.Agent] (main:null) (logid:) > > > NIO > > > > > Connection Exception com.cloud.utils.exception. > > > NioConnectionException: > > > > > SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250 > > > > > 2018-03-12 20:43:58,782 INFO [cloud.agent.Agent] (main:null) (logid:) > > > > > Attempted to connect to the server, but received an unexpected > > > exception, > > > > > trying again... > > > > > 2018-03-12 20:44:03,783 INFO [cloud.agent.Agent] (main:null) (logid:) > > > > > Connecting to host:10.22.0.5 > > > > > 2018-03-12 20:44:03,783 INFO [utils.nio.NioClient] (main:null) > > > (logid:) > > > > > Connecting to 10.22.0.5:8250 > > > > > 2018-03-12 20:44:03,786 INFO [utils.nio.Link] (main:null) (logid:) > > > Conf > > > > > file found: /etc/cloudstack/agent/agent.properties > > > > > 2018-03-12 20:44:03,787 WARN [utils.nio.Link] (main:null) (logid:) > > > Failed > > > > > to load keystore, using trust all manager > > > > > 2018-03-12 20:44:03,858 ERROR [utils.nio.Link] (main:null) (logid:) > > > > > SSL > > > > > error caught during unwrap data: Received fatal alert: > > > bad_certificate, for > > > > > local address=/10.22.0.5:53356, remote address=/10.22.0.5:8250. The > > > > > client may have invalid ca-certificates. > > > > > 2018-03-12 20:44:03,858 ERROR [utils.nio.NioClient] (main:null) > > > (logid:) > > > > > SSL Handshake failed while connecting to host: 10.22.0.5 port: 8250 > > > > > 2018-03-12 20:44:03,858 ERROR [utils.nio.NioConnection] (main:null) > > > > > (logid:) Unable to initialize the threads. > > > > > java.io.IOException: SSL Handshake failed while connecting to host: > > > > > 10.22.0.5 port: 8250 > > > > > at com.cloud.utils.nio.NioClient.init(NioClient.java:67) > > > > > at com.cloud.utils.nio.NioConnection.start( > > > NioConnection.java:95) > > > > > at com.cloud.agent.Agent.start(Agent.java:263) > > > > > at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:410) > > > > > at com.cloud.agent.AgentShell.launchAgentFromClassInfo( > > > > > AgentShell.java:378) > > > > > at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:362) > > > > > at com.cloud.agent.AgentShell.start(AgentShell.java:467) > > > > > at com.cloud.agent.AgentShell.main(AgentShell.java:502) > > > > > > > > > > > > > > > > > > > > Regards > > > > > D.Coric > > > > > > > > > > > > > > > > > > > > > -- > > > > Rafael Weingärtner > > > > > > > > > > > > > > > -- > > Rafael Weingärtner > > >
