Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Host is still unsecured when provisionCertificate api is called #2763

Closed
borisstoyanov opened this issue Jul 24, 2018 · 2 comments · Fixed by #2764
Closed

Host is still unsecured when provisionCertificate api is called #2763

borisstoyanov opened this issue Jul 24, 2018 · 2 comments · Fixed by #2764

Comments

@borisstoyanov
Copy link
Contributor

SUMMARY

When provisionCertificate api is executed the host ends up in unsecured state, instead should be secured

ISSUE TYPE
  • Bug Report
COMPONENT NAME
API, agent
CLOUDSTACK VERSION
4.12
CONFIGURATION

ca.framework.cert.automatic.renewal = true
ca.plugin.root.allow.expired.cert = true
ca.plugin.root.auth.strictness = false

OS / ENVIRONMENT

NA

STEPS TO REPRODUCE
execute provisionCertificate api with a random kvm host with/out recconect=true, the api call is successful but connection is unsecured.
EXPECTED RESULTS
Connection is secured
ACTUAL RESULTS
Connection is unsecured

agent_unsecured.txt
unsecured_connection.txt
This was referenced Jul 24, 2018
Merged
Closed
@borisstoyanov
Copy link
Contributor Author

ping @rhtyd and @dhlaluku. Could this be related to these changes: #2756

@dhlaluku
Copy link
Contributor

dhlaluku commented Jul 24, 2018
edited

@borisstoyanov I do not think so, that small fix that I did was for the NPE issue. The VM lifecycle tests have already been failing before and I think it might be due to regressions in provisionCertificate API itself that need looking into. Perhaps @rhtyd can help us here since he authored this feature.

rohityadavcloud added a commit to shapeblue/cloudstack that referenced this issue Jul 24, 2018
@rohityadavcloud
kvm: Fixes apache#2763 move post-renewal libvirt restart class suitably
40710e8 
This fixes apache#2763 by moving a post cert-renewal class for kvm
plugin/hypervisor to src/main/java. The regression is due to change
in file-system layout due to maven standard refactoring on master and
issue was not caught during forward-merging of a PR from 4.11 branch.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
@rohityadavcloud rohityadavcloud mentioned this issue Jul 24, 2018
Merged
12 tasks
rohityadavcloud added a commit that referenced this issue Jul 26, 2018
@rohityadavcloud
kvm: Fixes #2763 move post-renewal libvirt restart class suitably (#2764
7667846 
)

This fixes #2763 by moving a post cert-renewal class for kvm
plugin/hypervisor to src/main/java. The regression is due to change
in file-system layout due to maven standard refactoring on master and
issue was not caught during forward-merging of a PR from 4.11 branch.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
@dhlaluku dhlaluku mentioned this issue Aug 16, 2018
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

kvm: Fixes #2763 move post-renewal libvirt restart class suitably shapeblue/cloudstack
2 participants
@borisstoyanov @dhlaluku