> On March 15, 2013, 5:56 a.m., Nitin Mehta wrote: > > Can you please also tell me a list of tests done for this ?
Nitin, I add a list of tests in "Testing Done" part. Please have a look. consoleproxy.url.domain is not used in any source codes. We use "company.com" which is set in SSL certificate update as the domain suffix of console url. I can define a new constant in SecondaryStorageVmManager which is same to ConsoleProxyManager.CERTIFICATE_NAME, but I think it is not necessary. The list "token" is the result I split the download url of ISO/Template by "/". For example, url is https://10-11-101-112.realhostip.com/userdata/2fdd9a70-9c4a-4a04-b1d5-1e41c221a1f9.iso. the token[2] is 10-11-101-112.realhostip.com. > On March 15, 2013, 5:56 a.m., Nitin Mehta wrote: > > server/src/com/cloud/configuration/Config.java, line 120 > > <https://reviews.apache.org/r/9696/diff/2/?file=264869#file264869line120> > > > > are there any dependencies on this flag in the code ? > > We need to remove this flag during migration as well. consoleproxy.url.domain is not used in any source codes. We use "company.com" which is set in SSL certificate update as the domain suffix of console url. > On March 15, 2013, 5:56 a.m., Nitin Mehta wrote: > > server/src/com/cloud/storage/download/DownloadMonitorImpl.java, line 202 > > <https://reviews.apache.org/r/9696/diff/2/?file=264874#file264874line202> > > > > can you please use SecondaryStorageVmManager instead ? I can define a new constant in SecondaryStorageVmManager which is same to ConsoleProxyManager.CERTIFICATE_NAME, but I think it is not necessary. > On March 15, 2013, 5:56 a.m., Nitin Mehta wrote: > > server/src/com/cloud/storage/upload/UploadMonitorImpl.java, line 225 > > <https://reviews.apache.org/r/9696/diff/2/?file=264875#file264875line225> > > > > can you put an example here...seems some hardcoding The list "token" is the result I split the download url of ISO/Template by "/". For example, url is https://10-11-101-112.realhostip.com/userdata/2fdd9a70-9c4a-4a04-b1d5-1e41c221a1f9.iso. the token[2] is 10-11-101-112.realhostip.com. - Wei ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/9696/#review17961 ----------------------------------------------------------- On March 15, 2013, 9:54 a.m., Wei Zhou wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/9696/ > ----------------------------------------------------------- > > (Updated March 15, 2013, 9:54 a.m.) > > > Review request for cloudstack, Nitin Mehta and Jayapal Reddy. > > > Description > ------- > > This patch is for issue CLOUDSTACK-1475 (RegisterISO error after Update SSL > Certificate) > on CloudStack 4.0.1. > > > Changes include: > (1) update realhostip.keystore in SSVM (see the change in config_ssl.sh) > (2) change suffix of download iso/template url rom realhostip.com to > domain_suffix in SSL Certificate. > (3) validate download URL because ssvm publicip or domain suffix may change. > > > This addresses bug CLOUDSTACK-1475. > > > Diffs > ----- > > agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java > 48f5079 > console-proxy/scripts/config_ssl.sh 8d80c47 > core/src/com/cloud/storage/resource/CifsSecondaryStorageResource.java > c606fca > core/src/com/cloud/storage/resource/NfsSecondaryStorageResource.java > 155210d > server/src/com/cloud/configuration/Config.java dbcc97a > server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java > 01b4720 > > server/src/com/cloud/consoleproxy/AgentBasedStandaloneConsoleProxyManager.java > 6172780 > server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java d2df83c > server/src/com/cloud/server/ConfigurationServerImpl.java 3368c9b > server/src/com/cloud/storage/download/DownloadMonitorImpl.java 2736777 > server/src/com/cloud/storage/upload/UploadMonitorImpl.java 4231be8 > > Diff: https://reviews.apache.org/r/9696/diff/ > > > Testing > ------- > > Testing manually ok. > > > To test: > (1) generate update the SSL certificate and it. see "17.3.1. Changing the > Console Proxy SSL Certificate and Domain" part in CloudPlatform3.0.6AdminGuide > http://support.citrix.com/servlet/KbServlet/download/33425-102-696517/CloudPlatform3.0.6AdminGuide.pdf > > (2) visit instance via console. > > (3) Download ISO/Template. The browser will show the download url. > Before patch: the domain suffix of url always be "realhostip.com" > after patch: the domain suffix of url is "company.com" which you set in > step(1). > > (4) Register ISO/Template using the url in step(3). > Before patch: When the domain suffix is not "realhostip.com", it fails with > error message "sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target". > after patch: successful. > > (5) Destroy SSVM, and a new one will be created. > Before patch: the url in step(3) does not change. the url still be the ip > address of old SSVM, and old domain suffix. > after patch: the url will contain the ip address of new SSVM. If the > "company.com" changes, the url will also contain the new domain suffix. > > (6) If you do not have a DNS server (which can resolve company.com domain), > please add an entry in /etc/hosts file of the client. > aaa-bbb-ccc-ddd aaa-bbb-ccc-ddd.company.com # aaa.bbb.ccc.ddd is the > console proxy ip. and ssvm as well. > > > We need to restart management-server after Update SSL Certificate. > > > Thanks, > > Wei Zhou > >
