Hey Rohit, I set my ca.plugin.root.auth.strictness to false and restarted all the services and one way ssl works fine. But how do I solve the bug in case I need to enable two way ssl.
regards Swastik On Tue, Apr 3, 2018 at 9:21 AM, Swastik Mittal <mittal.swas...@gmail.com> wrote: > Hey Rohit > > I was installing a fresh enviroment. Added the host through command > cloudstack-setup-agent, here it mentions everything done correctly but > the host doesn't get added. (KVM host) > > Agent log file gives: > > 2018-04-03 09:12:14,584 INFO [cloud.agent.Agent] (main:null) (logid:) > Connecting to host:localhost > 2018-04-03 09:12:14,584 INFO [utils.nio.NioClient] (main:null) > (logid:) Connecting to localhost:8250 > 2018-04-03 09:12:14,585 INFO [utils.nio.Link] (main:null) (logid:) > Conf file found: /etc/cloudstack/agent/agent.properties > 2018-04-03 09:12:14,585 WARN [utils.nio.Link] (main:null) (logid:) > Failed to load keystore, using trust all manager > 2018-04-03 09:12:14,589 ERROR [utils.nio.Link] (main:null) (logid:) > SSL error caught during unwrap data: Unrecognized SSL message, > plaintext connection?, for local address=/127.0.0.1:39863, remote > address=localhost/127.0.0.1:8250. The client may have invalid > ca-certificates. > 2018-04-03 09:12:14,589 ERROR [utils.nio.NioClient] (main:null) > (logid:) SSL Handshake failed while connecting to host: localhost > port: 8250 > 2018-04-03 09:12:14,589 ERROR [utils.nio.NioConnection] (main:null) > (logid:) Unable to initialize the threads. > java.io.IOException: SSL Handshake failed while connecting to host: > localhost port: 8250 > at com.cloud.utils.nio.NioClient.init(NioClient.java:67) > at com.cloud.utils.nio.NioConnection.start(NioConnection.java:95) > at com.cloud.agent.Agent.start(Agent.java:263) > at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:410) > at com.cloud.agent.AgentShell.launchAgentFromClassInfo( > AgentShell.java:378) > at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:362) > at com.cloud.agent.AgentShell.start(AgentShell.java:467) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.commons.daemon.support.DaemonLoader.start( > DaemonLoader.java:243) > 2018-04-03 09:12:14,590 INFO [utils.exception.CSExceptionErrorCode] > (main:null) (logid:) Could not find exception: > com.cloud.utils.exception.NioConnectionException in error code list > for exceptions > 2018-04-03 09:12:14,590 WARN [cloud.agent.Agent] (main:null) (logid:) > NIO Connection Exception > com.cloud.utils.exception.NioConnectionException: SSL Handshake failed > while connecting to host: localhost port: 8250 > 2018-04-03 09:12:14,590 INFO [cloud.agent.Agent] (main:null) (logid:) > Attempted to connect to the server, but received an unexpected > exception, trying again... > > While connecting through UI it gives authentication error. > > I also set ssh and sshd ports to 8250 and was able to ssh into > management from host through it but still getting the same error while > adding it in cloudstack. Management generates a key(.pem) file in the > UI, do we need to add that file in the host settings for connection? > > Also my ca.plugin.root.auth.strictness settings was set to true. On > setting it to false gives the same. > > Regards > Swastik > > On 4/2/18, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > > Swastik, > > > > Did you try to upgrade the env or installed a fresh env? How did you add > the > > host? Was it a kvm host or something else? Instead of localhost, can you > use > > an IP for the mgmt server? Also check and share your ca auth strictness > > global setting. Setting that to false will enforce legacy behavior. > > > > Regards. > > > > Get Outlook for Android<https://aka.ms/ghei36> > > > > > > > > From: Swastik Mittal > > Sent: Monday, 2 April, 4:58 PM > > Subject: SSL authentication failure > > To: users@cloudstack.apache.org > > > > > > Hey, I was using cloudstack version 4.6 earlier and was able to > > configure/add host to my datacenter. On installing version 4.11 on > setting > > up host, host is unable to connect to management on port 8250 because > > management immediately closes the connection and does not allow > connection > > on that port. (Getting this error in agent log) The management server log > > gives, SSL error caught during wrap data: null cert chain, for local > > address=/127.0.0.1:8250, remote address=/127.0.0.1:46029. I was also not > > able to ssh into management on port 8250 even though setting SSHD to all > in > > hosts.allow. I also tried allowing policies on port 8250 through ufw > command > > but it din't work. How do I update policies in 4.11? Any help? Reagrds > > Swastik > > > > > > rohit.ya...@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > @shapeblue > > > > > > > > >