After adjustment, It will not fail at sudo stuff, but does fail for me later for no good reason...
Sent from Google Nexus 4 On Oct 25, 2014 5:22 AM, "Matthew Midgett" <[email protected]> wrote: > I haven't tried to do the upgrade with the adjustments. Can anyone confirm > that adding the permissions for the key store to the cloud user will make > it complete. > > > Sent on a Sprint Samsung Galaxy S® III > > <div>-------- Original message --------</div><div>From: Ian Duffy < > [email protected]> </div><div>Date:10/24/2014 9:06 PM (GMT-05:00) > </div><div>To: [email protected] </div><div>Subject: Re: Broken > update from 4.4 to 4.4.1 </div><div> > </div>> so I guess CS never updates it, and anyone who > installed a version with a sudo config missing keytool will probably hit > this same problem eventually > > Correct. The modification of the sudoers file isn't done via the binary > package so it will not change on update. > It will only change if cloudstack-setup-management is run. > > Release notes should probably be modified to include this. > > On 25 October 2014 01:20, Kirk Kosinski <[email protected]> wrote: > > > Right, it is not ideal, though it was like that for a long time (since > > at least CS 2.x). I see that the sudo config was changed recently to be > > more locked down, but it did not include keytool due to CLOUDSTACK-1389. > > I checked a 4.3 setup which was upgraded from 4.2 and it still has the > > old unrestricted config so I guess CS never updates it, and anyone who > > installed a version with a sudo config missing keytool will probably hit > > this same problem eventually (whenever keytool is run). > > > > Best regards, > > Kirk > > > > > > On 10/24/2014 03:06 PM, Ian Duffy wrote: > > >> cloud ALL =NOPASSWD : ALL > > > > > > This is dangerous advice. It grants the cloud user full sudo access > > without > > > the requirement of a password. > > > > > > The following gives more limited access and should allow cloudstack to > > > function accordingly: > > > > > > cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, > > > /bin/umount, /usr/bin/keytool > > > > > > On 24 October 2014 18:44, Andrija Panic <[email protected]> > wrote: > > > > > >> Just did quick management server ACS 4.4.1 installation on free > server: > > >> cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, > > >> /bin/umount, /usr/bin/keytool > > >> > > >> that is what it looks like in ACS 4.4.1 > > >> clean install of ACS 4.4.1 works... > > >> > > >> On 24 October 2014 19:35, Andrija Panic <[email protected]> > > wrote: > > >> > > >>> like this: > > >>> > > >>> Defaults:cloud !requiretty > > >>> cloud ALL =NOPASSWD : ALL > > >>> > > >>> and let us know if the upgtade still fails - it does fail for me with > > no > > >>> understandable error... > > >>> thx > > >>> > > >>> On 24 October 2014 19:28, Matthew Midgett < > > >>> [email protected]> wrote: > > >>> > > >>>> This is what is in my sudoers file > > >>>> > > >>>> cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, > > >>>> /bin/umount > > >>>> > > >>>> Should I change it? > > >>>> > > >>>> -----Original Message----- > > >>>> From: Kirk Kosinski [mailto:[email protected]] > > >>>> Sent: Friday, October 24, 2014 5:23 AM > > >>>> To: [email protected] > > >>>> Subject: Re: Broken update from 4.4 to 4.4.1 > > >>>> > > >>>> Hi, the error below indicates a problem with the sudo config. Make > > sure > > >>>> /etc/sudoers has a line like: > > >>>> > > >>>> cloud ALL =NOPASSWD : ALL > > >>>> > > >>>> Best regards, > > >>>> Kirk > > >>>> > > >>>> On 10/23/2014 01:05 PM, Matthew Midgett wrote: > > >>>>> 2014-10-23 15:21:52,943 INFO [c.c.s.ConfigurationServerImpl] > > >>>>> (main:null) Processing updateSSLKeyStore > > >>>>> 2014-10-23 15:21:52,948 INFO [c.c.s.ConfigurationServerImpl] > > >>>>> (main:null) SSL keystore located at > > >>>>> /etc/cloudstack/management/cloud.keystore > > >>>>> 2014-10-23 15:21:52,951 DEBUG [c.c.u.s.Script] (main:null) > Executing: > > >>>> sudo keytool -genkey -keystore > > /etc/cloudstack/management/cloud.keystore > > >>>> -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 > > >>>> -dname cn="Cloudstack User",ou="chlt.charlottecolo.com",o=" > > >>>> chlt.charlottecolo.com",c="Unknown" > > >>>>> 2014-10-23 15:21:52,988 DEBUG [c.c.u.s.Script] (main:null) Exit > value > > >>>>> is 1 > > >>>>> 2014-10-23 15:21:52,989 DEBUG [c.c.u.s.Script] (main:null) sudo: no > > >>>>> tty present and no askpass program specified > > >>>>> 2014-10-23 15:21:52,991 WARN [c.c.s.ConfigurationServerImpl] > > >>>> (main:null) Would use fail-safe keystore to continue. > > >>>>> java.io.IOException: Fail to generate certificate!: sudo: no tty > > >>>> present and no askpass program specified > > >>>>> at > > >>>> > > >> > > > com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:595) > > >>>>> at > > >>>> > > >> > > > com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:623) > > >>>>> at > > >>>> > > >> > > > com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:299) > > >>>>> at > > >>>> > > >> > > > com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:164) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle$3.with(CloudStackExtendedLifeCycle.java:114) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.with(CloudStackExtendedLifeCycle.java:153) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.configure(CloudStackExtendedLifeCycle.java:110) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(CloudStackExtendedLifeCycle.java:56) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:167) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:339) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:143) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:108) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:945) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContext(DefaultModuleDefinitionSet.java:145) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet$2.with(DefaultModuleDefinitionSet.java:122) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:245) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:250) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:250) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:233) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContexts(DefaultModuleDefinitionSet.java:117) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.load(DefaultModuleDefinitionSet.java:79) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.factory.ModuleBasedContextFactory.loadModules(ModuleBasedContextFactory.java:37) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.init(CloudStackSpringContext.java:70) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:57) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:61) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener.contextInitialized(CloudStackContextLoaderListener.java:52) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210) > > >>>>> at > > >>>> > > >> > > org.apache.catalina.core.StandardContext.start(StandardContext.java:4709) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) > > >>>>> at > > >>>> > > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) > > >>>>> at > > >>>> > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964) > > >>>>> at > > >>>> > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502) > > >>>>> at > > >>>> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142) > > >>>>> at > > >>>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) > > >>>>> at > > >>>> org.apache.catalina.core.StandardHost.start(StandardHost.java:722) > > >>>>> at > > >>>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) > > >>>>> at > > >>>> > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) > > >>>>> at > > >>>> > > org.apache.catalina.core.StandardService.start(StandardService.java:516) > > >>>>> at > > >>>> > org.apache.catalina.core.StandardServer.start(StandardServer.java:710) > > >>>>> at > > org.apache.catalina.startup.Catalina.start(Catalina.java:593) > > >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > >>>>> at > > >>>> > > >> > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > > >>>>> at > > >>>> > > >> > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > >>>>> at java.lang.reflect.Method.invoke(Method.java:606) > > >>>>> at > > >> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > > >>>>> at > > >> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > > >>>> > > >>>> > > >>> > > >>> > > >>> -- > > >>> > > >>> Andrija Panić > > >>> -------------------------------------- > > >>> http://admintweets.com > > >>> -------------------------------------- > > >>> > > >> > > >> > > >> > > >> -- > > >> > > >> Andrija Panić > > >> -------------------------------------- > > >> http://admintweets.com > > >> -------------------------------------- > > >> > > > > > > > >
