KVM: Prevent regenerating keystore on provisionCertificate API

[nvazquez]

Description

It was found out that direct download feature stops working after 'provisionCertificate' API is executed, as both features import certificates into the same /etc/cloudstack/agent/cloud.jks keystore.
The 'provisionCertificate' API invokes a script which regenerates the keystore before adding the new certificate, removing the existing certificates from the keystore. This fix prevents regenerating the keystore before adding the new certificates.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)

Screenshots (if appropriate):

How Has This Been Tested?

[rohityadavcloud]

Can we reuse keystore table for this maybe?

[borisstoyanov]

@blueorangutan package

[blueorangutan]

@borisstoyanov a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-2610

[borisstoyanov]

@blueorangutan test

[borisstoyanov]

@blueorangutan test

[blueorangutan]

@borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

Trillian test result (tid-3409)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 37252 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3075-t3409-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_iso.py
Intermittent failure detected: /marvin/tests/smoke/test_ssvm.py
Intermittent failure detected: /marvin/tests/smoke/test_templates.py
Intermittent failure detected: /marvin/tests/smoke/test_volumes.py
Smoke tests completed. 64 look OK, 4 have error(s)
Only failed tests results shown below:

Test	Result	Time (s)	Test File
test_04_extract_Iso	Failure	1.05	test_iso.py
test_05_stop_ssvm	Error	950.85	test_ssvm.py
test_06_stop_cpvm	Error	957.93	test_ssvm.py
test_07_reboot_ssvm	Error	911.62	test_ssvm.py
test_08_reboot_cpvm	Error	912.01	test_ssvm.py
test_04_extract_template	Failure	1.06	test_templates.py
test_06_download_detached_volume	Failure	10.27	test_volumes.py

[borisstoyanov]

@nvazquez there seems to be something wrong with the SSVM tests here, can you look when you have time.

[nvazquez]

Sure @borisstoyanov let me take a look later today

[nvazquez]

@blueorangutan package

[blueorangutan]

@nvazquez a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-2614

[nvazquez]

@borisstoyanov I have rebased the 4.11 branch and tested those files locally without errors on failing tests (results below). It seems to be errors with checksums tests.

test_ssvm.py:

Test List secondary storage VMs ... === TestName: test_01_list_sec_storage_vm | Status : SUCCESS ===
ok
Test List console proxy VMs ... === TestName: test_02_list_cpvm_vm | Status : SUCCESS ===
ok
Test SSVM Internals ... === TestName: test_03_ssvm_internals | Status : SUCCESS ===
ok
Test CPVM Internals ... === TestName: test_04_cpvm_internals | Status : SUCCESS ===
ok
Test stop SSVM ... === TestName: test_05_stop_ssvm | Status : SUCCESS ===
ok
Test stop CPVM ... === TestName: test_06_stop_cpvm | Status : SUCCESS ===
ok
Test reboot SSVM ... === TestName: test_07_reboot_ssvm | Status : SUCCESS ===
ok
Test reboot CPVM ... === TestName: test_08_reboot_cpvm | Status : SUCCESS ===
ok
Test destroy SSVM ... SKIP: Marvin configuration has no host                            credentials to check router services
Test destroy CPVM ... === TestName: test_10_destroy_cpvm | Status : SUCCESS ===
ok
Test NFS Version on Secondary Storage mounted properly on SSVM ... SKIP: No NFS version provided in test data

----------------------------------------------------------------------
Ran 11 tests in 407.304s

OK (SKIP=2)

test_iso.py, test_templates.py, test_volumes.py:

test_01_1_create_iso_with_checksum_sha1_negative (integration.smoke.test_iso.TestCreateISOWithChecksum) ... === TestName: test_01_1_create_iso_with_checksum_sha1_negative | Status : SUCCESS ===
ok
test_01_create_iso_with_checksum_sha1 (integration.smoke.test_iso.TestCreateISOWithChecksum) ... === TestName: test_01_create_iso_with_checksum_sha1 | Status : SUCCESS ===
ok
test_02_1_create_iso_with_checksum_sha256_negative (integration.smoke.test_iso.TestCreateISOWithChecksum) ... === TestName: test_02_1_create_iso_with_checksum_sha256_negative | Status : SUCCESS ===
ok
test_02_create_iso_with_checksum_sha256 (integration.smoke.test_iso.TestCreateISOWithChecksum) ... === TestName: test_02_create_iso_with_checksum_sha256 | Status : EXCEPTION ===
ERROR
=== TestName: test_02_create_iso_with_checksum_sha256 | Status : EXCEPTION ===
ERROR
test_03_1_create_iso_with_checksum_md5_negative (integration.smoke.test_iso.TestCreateISOWithChecksum) ... === TestName: test_03_1_create_iso_with_checksum_md5_negative | Status : EXCEPTION ===
ERROR
test_03_create_iso_with_checksum_md5 (integration.smoke.test_iso.TestCreateISOWithChecksum) ... === TestName: test_03_create_iso_with_checksum_md5 | Status : SUCCESS ===
ok
test_04_create_iso_with_no_checksum (integration.smoke.test_iso.TestCreateISOWithChecksum) ... === TestName: test_04_create_iso_with_no_checksum | Status : SUCCESS ===
ok
Test create public & private ISO ... === TestName: test_01_create_iso | Status : SUCCESS ===
ok
Test Edit ISO ... === TestName: test_02_edit_iso | Status : SUCCESS ===
ok
Test delete ISO ... === TestName: test_03_delete_iso | Status : SUCCESS ===
ok
Test for extract ISO ... === TestName: test_04_extract_Iso | Status : SUCCESS ===
ok
Update & Test for ISO permissions ... === TestName: test_05_iso_permissions | Status : SUCCESS ===
ok
Test for copy ISO from one zone to another ... SKIP: Not enough zones available to perform copy template
Test delete ISO ... === TestName: test_07_list_default_iso | Status : SUCCESS ===
ok
test_09_copy_delete_template (integration.smoke.test_templates.TestCopyDeleteTemplate) ... SKIP: Skipping test due to there are less than two zones.
Test create public & private template ... === TestName: test_01_create_template | Status : SUCCESS ===
ok
Test when createTemplate is used to create templates having the same name all of them get ... === TestName: test_CreateTemplateWithDuplicateName | Status : SUCCESS ===
ok
test_02_1_create_template_with_checksum_sha1_negative (integration.smoke.test_templates.TestCreateTemplateWithChecksum) ... === TestName: test_02_1_create_template_with_checksum_sha1_negative | Status : SUCCESS ===
ok
test_02_create_template_with_checksum_sha1 (integration.smoke.test_templates.TestCreateTemplateWithChecksum) ... === TestName: test_02_create_template_with_checksum_sha1 | Status : EXCEPTION ===
ERROR
test_03_1_create_template_with_checksum_sha256_negative (integration.smoke.test_templates.TestCreateTemplateWithChecksum) ... === TestName: test_03_1_create_template_with_checksum_sha256_negative | Status : SUCCESS ===
ok
test_03_create_template_with_checksum_sha256 (integration.smoke.test_templates.TestCreateTemplateWithChecksum) ... === TestName: test_03_create_template_with_checksum_sha256 | Status : SUCCESS ===
ok
test_04_1_create_template_with_checksum_md5_negative (integration.smoke.test_templates.TestCreateTemplateWithChecksum) ... === TestName: test_04_1_create_template_with_checksum_md5_negative | Status : SUCCESS ===
ok
test_04_create_template_with_checksum_md5 (integration.smoke.test_templates.TestCreateTemplateWithChecksum) ... === TestName: test_04_create_template_with_checksum_md5 | Status : SUCCESS ===
ok
test_05_create_template_with_no_checksum (integration.smoke.test_templates.TestCreateTemplateWithChecksum) ... === TestName: test_05_create_template_with_no_checksum | Status : SUCCESS ===
ok
Register a template using Direct Download flag ... === TestName: test_01_register_template_direct_download_flag | Status : SUCCESS ===
ok
Deploy a VM from a Direct Download registered template ... === TestName: test_02_deploy_vm_from_direct_download_template | Status : SUCCESS ===
ok
Deploy a VM from a Direct Download registered template with wrong checksum ... === TestName: test_03_deploy_vm_wrong_checksum | Status : SUCCESS ===
ok
Test Edit template ... === TestName: test_02_edit_template | Status : SUCCESS ===
ok
Test delete template ... === TestName: test_03_delete_template | Status : SUCCESS ===
ok
Test for extract template ... === TestName: test_04_extract_template | Status : SUCCESS ===
ok
Update & Test for template permissions ... === TestName: test_05_template_permissions | Status : SUCCESS ===
ok
Test for copy template from one zone to another ... SKIP: Not enough zones available to perform copy template
Test only public templates are visible to normal user ... === TestName: test_07_list_public_templates | Status : SUCCESS ===
ok
Test System templates are not visible to normal user ... === TestName: test_08_list_system_templates | Status : SUCCESS ===
ok
Test Volume creation for all Disk Offerings (incl. custom) ... === TestName: test_01_create_volume | Status : SUCCESS ===
ok
Attach a created Volume to a Running VM ... === TestName: test_02_attach_volume | Status : SUCCESS ===
ok
Download a Volume attached to a VM ... === TestName: test_03_download_attached_volume | Status : SUCCESS ===
ok
Delete a Volume attached to a VM ... === TestName: test_04_delete_attached_volume | Status : SUCCESS ===
ok
Detach a Volume attached to a VM ... === TestName: test_05_detach_volume | Status : SUCCESS ===
ok
Download a Volume unattached to an VM ... === TestName: test_06_download_detached_volume | Status : SUCCESS ===
ok
Test resize (negative) non-existent volume ... === TestName: test_07_resize_fail | Status : SUCCESS ===
ok
Test resize a volume ... === TestName: test_08_resize_volume | Status : SUCCESS ===
ok
Delete a Volume unattached to an VM ... === TestName: test_09_delete_detached_volume | Status : SUCCESS ===
ok
test_10_list_volumes (integration.smoke.test_volumes.TestVolumes) ... === TestName: test_10_list_volumes | Status : SUCCESS ===
ok

[blueorangutan]

@nvazquez unsupported parameters provided. Supported mgmt server os are: centos6, centos7, ubuntu. Supported hypervisors are: kvm-centos6, kvm-centos7, kvm-ubuntu, xenserver-71, xenserver-65sp1, xenserver-62sp1, vmware-65, vmware-60u2, vmware-55u3, vmware-51u1, vmware-50u1

[nvazquez]

@blueorangutan test

[blueorangutan]

@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

Trillian test result (tid-3410)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 37431 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3075-t3410-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_iso.py
Intermittent failure detected: /marvin/tests/smoke/test_ssvm.py
Intermittent failure detected: /marvin/tests/smoke/test_templates.py
Intermittent failure detected: /marvin/tests/smoke/test_usage.py
Intermittent failure detected: /marvin/tests/smoke/test_volumes.py
Intermittent failure detected: /marvin/tests/smoke/test_host_maintenance.py
Smoke tests completed. 64 look OK, 4 have error(s)
Only failed tests results shown below:

Test	Result	Time (s)	Test File
test_04_extract_Iso	Failure	1.08	test_iso.py
test_05_stop_ssvm	Error	941.19	test_ssvm.py
test_06_stop_cpvm	Error	960.49	test_ssvm.py
test_07_reboot_ssvm	Error	912.87	test_ssvm.py
test_08_reboot_cpvm	Error	912.91	test_ssvm.py
test_05_create_template_with_no_checksum	Error	65.50	test_templates.py
test_04_extract_template	Failure	1.09	test_templates.py
test_06_download_detached_volume	Failure	23.77	test_volumes.py

[rohityadavcloud]

@blueorangutan package

[blueorangutan]

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-2843

[nvazquez]

@blueorangutan test

[blueorangutan]

@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[nvazquez]

@rhtyd this is ready for review

[rohityadavcloud]

The script was create to be idempotent for jks creation and cert import. I'll have to test concurrent cases and see if this script would pass/fail. I'll test and review today and keep you posted @nvazquez thanks.

[rohityadavcloud]

I'll also need to test for certificate renewal.

[blueorangutan]

Trillian test result (tid-3645)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 41854 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3075-t3645-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_ssvm.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Smoke tests completed. 68 look OK, 1 have error(s)
Only failed tests results shown below:

Test	Result	Time (s)	Test File
test_05_stop_ssvm	Error	961.34	test_ssvm.py
test_06_stop_cpvm	Error	955.20	test_ssvm.py
test_07_reboot_ssvm	Error	911.84	test_ssvm.py
test_08_reboot_cpvm	Error	910.82	test_ssvm.py

[rohityadavcloud]

@nvazquez LGTM, I reviewed and fixed few issues around certificate renewal
@blueorangutan package

[blueorangutan]

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-2847

[rohityadavcloud]

@blueorangutan test

[blueorangutan]

@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[DaanHoogland]

code changes look good, testing this is done and i'll have to trust that but it is scary ;)

[blueorangutan]

Trillian test result (tid-3650)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 27669 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3075-t3650-kvm-centos7.zip
Smoke tests completed. 69 look OK, 0 have error(s)
Only failed tests results shown below:

Test	Result	Time (s)	Test File

[nvazquez]

Thanks for the last fix @rhtyd
Merging after test results and reviews