> On March 15, 2013, 5:56 a.m., Nitin Mehta wrote: > > server/src/com/cloud/storage/download/DownloadMonitorImpl.java, line 202 > > <https://reviews.apache.org/r/9696/diff/2/?file=264874#file264874line202> > > > > can you please use SecondaryStorageVmManager instead ? > > Wei Zhou wrote: > I can define a new constant in SecondaryStorageVmManager which is same to > ConsoleProxyManager.CERTIFICATE_NAME, but I think it is not necessary. > > Nitin Mehta wrote: > I would rather put it in SecondaryStorageVmManager so that other devs are > not confused and the design is more modularized and maintainable.
CPVM and SSVM use the same SSL certificate with name = ConsoleProxyManager.CERTIFICATE_NAME = "CPVMCertificate". ConsoleProxyManager.CERTIFICATE_NAME is also used in com.cloud.storage.secondary.SecondaryStorageManagerImpl.generateSetupCommand(Long). To compatible with lower version of cloudstack, it is difficult to change the certificate name. > On March 15, 2013, 5:56 a.m., Nitin Mehta wrote: > > server/src/com/cloud/configuration/Config.java, line 120 > > <https://reviews.apache.org/r/9696/diff/2/?file=264869#file264869line120> > > > > are there any dependencies on this flag in the code ? > > We need to remove this flag during migration as well. > > Wei Zhou wrote: > consoleproxy.url.domain is not used in any source codes. We use > "company.com" which is set in SSL certificate update as the domain suffix of > console url. > > Nitin Mehta wrote: > But if someone is upgrading to this version s/he will have this entry in > the DB and hence in the global setting correct ? Can you please put a delete > statement so that people upgrading do not get confused by this entry ? You > can look into the upgrade files for example Of course. At first I would like to ensure the fixed version (4.0.2/4.1.0/master), then I willcreate an patch including the removement. > On March 15, 2013, 5:56 a.m., Nitin Mehta wrote: > > server/src/com/cloud/storage/upload/UploadMonitorImpl.java, line 225 > > <https://reviews.apache.org/r/9696/diff/2/?file=264875#file264875line225> > > > > can you put an example here...seems some hardcoding > > Wei Zhou wrote: > The list "token" is the result I split the download url of ISO/Template > by "/". For example, url is > https://10-11-101-112.realhostip.com/userdata/2fdd9a70-9c4a-4a04-b1d5-1e41c221a1f9.iso. > the token[2] is 10-11-101-112.realhostip.com. > > Nitin Mehta wrote: > Wei - Can you please put this as a comment in the code please - this > would greatly help devs to understand in the future ? Of course. - Wei ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/9696/#review17961 ----------------------------------------------------------- On March 15, 2013, 9:54 a.m., Wei Zhou wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/9696/ > ----------------------------------------------------------- > > (Updated March 15, 2013, 9:54 a.m.) > > > Review request for cloudstack, Nitin Mehta and Jayapal Reddy. > > > Description > ------- > > This patch is for issue CLOUDSTACK-1475 (RegisterISO error after Update SSL > Certificate) > on CloudStack 4.0.1. > > > Changes include: > (1) update realhostip.keystore in SSVM (see the change in config_ssl.sh) > (2) change suffix of download iso/template url rom realhostip.com to > domain_suffix in SSL Certificate. > (3) validate download URL because ssvm publicip or domain suffix may change. > > > This addresses bug CLOUDSTACK-1475. > > > Diffs > ----- > > agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java > 48f5079 > console-proxy/scripts/config_ssl.sh 8d80c47 > core/src/com/cloud/storage/resource/CifsSecondaryStorageResource.java > c606fca > core/src/com/cloud/storage/resource/NfsSecondaryStorageResource.java > 155210d > server/src/com/cloud/configuration/Config.java dbcc97a > server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java > 01b4720 > > server/src/com/cloud/consoleproxy/AgentBasedStandaloneConsoleProxyManager.java > 6172780 > server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java d2df83c > server/src/com/cloud/server/ConfigurationServerImpl.java 3368c9b > server/src/com/cloud/storage/download/DownloadMonitorImpl.java 2736777 > server/src/com/cloud/storage/upload/UploadMonitorImpl.java 4231be8 > > Diff: https://reviews.apache.org/r/9696/diff/ > > > Testing > ------- > > Testing manually ok. > > > To test: > (1) generate update the SSL certificate and it. see "17.3.1. Changing the > Console Proxy SSL Certificate and Domain" part in CloudPlatform3.0.6AdminGuide > http://support.citrix.com/servlet/KbServlet/download/33425-102-696517/CloudPlatform3.0.6AdminGuide.pdf > > (2) visit instance via console. > > (3) Download ISO/Template. The browser will show the download url. > Before patch: the domain suffix of url always be "realhostip.com" > after patch: the domain suffix of url is "company.com" which you set in > step(1). > > (4) Register ISO/Template using the url in step(3). > Before patch: When the domain suffix is not "realhostip.com", it fails with > error message "sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target". > after patch: successful. > > (5) Destroy SSVM, and a new one will be created. > Before patch: the url in step(3) does not change. the url still be the ip > address of old SSVM, and old domain suffix. > after patch: the url will contain the ip address of new SSVM. If the > "company.com" changes, the url will also contain the new domain suffix. > > (6) If you do not have a DNS server (which can resolve company.com domain), > please add an entry in /etc/hosts file of the client. > aaa-bbb-ccc-ddd aaa-bbb-ccc-ddd.company.com # aaa.bbb.ccc.ddd is the > console proxy ip. and ssvm as well. > > > We need to restart management-server after Update SSL Certificate. > > > Thanks, > > Wei Zhou > >
