apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

KVM: revert libvirtd config and retry if fail to add a host (#7090)

Browse Source
This commit is contained in:
Wei Zhou 2023-01-18 15:24:47 +01:00 committed by GitHub
parent fe0e44abe9
commit 792f8356e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
scripts/util/keystore-setup
View File

@ -23,6 +23,7 @@ KS_VALIDITY="$4"
CSR_FILE="$5" CSR_FILE="$5"
ALIAS="cloud" ALIAS="cloud"
LIBVIRTD_FILE="/etc/libvirt/libvirtd.conf"
# Re-use existing password or use the one provided # Re-use existing password or use the one provided
if [ -f "$PROPS_FILE" ]; then if [ -f "$PROPS_FILE" ]; then
@ -46,6 +47,27 @@ keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyal
rm -f "$CSR_FILE" rm -f "$CSR_FILE"
addresses=$(ip address | grep inet | awk '{print $2}' | sed 's/\/.*//g' | grep -v '^169.254.' | grep -v '^127.0.0.1' | egrep -v '^::1|^fe80' | grep -v '^::1' | sed 's/^/ip:/g' | tr '\r\n' ',') addresses=$(ip address | grep inet | awk '{print $2}' | sed 's/\/.*//g' | grep -v '^169.254.' | grep -v '^127.0.0.1' | egrep -v '^::1|^fe80' | grep -v '^::1' | sed 's/^/ip:/g' | tr '\r\n' ',')
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" -ext san="$addresses" > /dev/null 2>&1 keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" -ext san="$addresses" > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "Failed to generate CSR file, retrying after removing existing settings"
if [ -f "$LIBVIRTD_FILE" ]; then
echo "Reverting libvirtd to not listen on TLS"
sed -i "s,^listen_tls=1,listen_tls=0,g" $LIBVIRTD_FILE
systemctl restart libvirtd
fi
echo "Removing cloud.* files in /etc/cloudstack/agent"
rm -f /etc/cloudstack/agent/cloud.*
echo "Retrying to generate CSR file"
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" -ext san="$addresses" >/dev/null 2>&1
if [ $? -ne 0 ];then
echo "Failed to generate CSR file while retrying"
exit 1
fi
fi
cat "$CSR_FILE" cat "$CSR_FILE"
# Fix file permissions # Fix file permissions

3
server/src/main/java/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java
View File

@ -260,10 +260,11 @@ public abstract class LibvirtServerDiscoverer extends DiscovererBase implements
final String privateKey = _configDao.getValue("ssh.privatekey"); final String privateKey = _configDao.getValue("ssh.privatekey");
if (!SSHCmdHelper.acquireAuthorizedConnectionWithPublicKey(sshConnection, username, privateKey)) { if (!SSHCmdHelper.acquireAuthorizedConnectionWithPublicKey(sshConnection, username, privateKey)) {
s_logger.error("Failed to authenticate with ssh key");
if (org.apache.commons.lang3.StringUtils.isEmpty(password)) { if (org.apache.commons.lang3.StringUtils.isEmpty(password)) {
s_logger.error("Failed to authenticate with ssh key");
throw new DiscoveredWithErrorException("Authentication error with ssh private key"); throw new DiscoveredWithErrorException("Authentication error with ssh private key");
} }
s_logger.info("Failed to authenticate with ssh key, retrying with password");
if (!sshConnection.authenticateWithPassword(username, password)) { if (!sshConnection.authenticateWithPassword(username, password)) {
s_logger.error("Failed to authenticate with password"); s_logger.error("Failed to authenticate with password");
throw new DiscoveredWithErrorException("Authentication error with host password"); throw new DiscoveredWithErrorException("Authentication error with host password");