cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: Broken update from 4.4 to 4.4.1
Date Sat, 25 Oct 2014 08:57:28 GMT
After adjustment, It will not fail at sudo stuff, but does fail for me
later for no good reason...

Sent from Google Nexus 4
On Oct 25, 2014 5:22 AM, "Matthew Midgett"
<cloudstck@trick-solutions.com.invalid> wrote:

> I haven't tried to do the upgrade with the adjustments. Can anyone confirm
> that adding the permissions for the key store to the cloud user will make
> it complete.
>
>
> Sent on a Sprint Samsung Galaxy S® III
>
> <div>-------- Original message --------</div><div>From: Ian Duffy <
> ian@ianduffy.ie> </div><div>Date:10/24/2014  9:06 PM  (GMT-05:00)
> </div><div>To: users@cloudstack.apache.org </div><div>Subject:
Re: Broken
> update from 4.4 to 4.4.1 </div><div>
> </div>> so I guess CS never updates it, and anyone who
> installed a version with a sudo config missing keytool will probably hit
> this same problem eventually
>
> Correct. The modification of the sudoers file isn't done via the binary
> package so it will not change on update.
> It will only change if cloudstack-setup-management is run.
>
> Release notes should probably be modified to include this.
>
> On 25 October 2014 01:20, Kirk Kosinski <kirkkosinski@gmail.com> wrote:
>
> > Right, it is not ideal, though it was like that for a long time (since
> > at least CS 2.x).  I see that the sudo config was changed recently to be
> > more locked down, but it did not include keytool due to CLOUDSTACK-1389.
> >  I checked a 4.3 setup which was upgraded from 4.2 and it still has the
> > old unrestricted config so I guess CS never updates it, and anyone who
> > installed a version with a sudo config missing keytool will probably hit
> > this same problem eventually (whenever keytool is run).
> >
> > Best regards,
> > Kirk
> >
> >
> > On 10/24/2014 03:06 PM, Ian Duffy wrote:
> > >> cloud ALL =NOPASSWD : ALL
> > >
> > > This is dangerous advice. It grants the cloud user full sudo access
> > without
> > > the requirement of a password.
> > >
> > > The following gives more limited access and should allow cloudstack to
> > > function accordingly:
> > >
> > > cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount,
> > > /bin/umount, /usr/bin/keytool
> > >
> > > On 24 October 2014 18:44, Andrija Panic <andrija.panic@gmail.com>
> wrote:
> > >
> > >> Just did quick management server ACS 4.4.1 installation on free
> server:
> > >> cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount,
> > >> /bin/umount, /usr/bin/keytool
> > >>
> > >> that is what it looks like in ACS 4.4.1
> > >> clean install of ACS 4.4.1 works...
> > >>
> > >> On 24 October 2014 19:35, Andrija Panic <andrija.panic@gmail.com>
> > wrote:
> > >>
> > >>> like this:
> > >>>
> > >>> Defaults:cloud !requiretty
> > >>> cloud ALL =NOPASSWD : ALL
> > >>>
> > >>> and let us know if the upgtade still fails - it does fail for me with
> > no
> > >>> understandable error...
> > >>> thx
> > >>>
> > >>> On 24 October 2014 19:28, Matthew Midgett <
> > >>> cloudstck@trick-solutions.com.invalid> wrote:
> > >>>
> > >>>> This is what is in my sudoers file
> > >>>>
> > >>>> cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount,
> > >>>> /bin/umount
> > >>>>
> > >>>> Should I change it?
> > >>>>
> > >>>> -----Original Message-----
> > >>>> From: Kirk Kosinski [mailto:kirkkosinski@gmail.com]
> > >>>> Sent: Friday, October 24, 2014 5:23 AM
> > >>>> To: users@cloudstack.apache.org
> > >>>> Subject: Re: Broken update from 4.4 to 4.4.1
> > >>>>
> > >>>> Hi, the error below indicates a problem with the sudo config. 
Make
> > sure
> > >>>> /etc/sudoers has a line like:
> > >>>>
> > >>>> cloud ALL =NOPASSWD : ALL
> > >>>>
> > >>>> Best regards,
> > >>>> Kirk
> > >>>>
> > >>>> On 10/23/2014 01:05 PM, Matthew Midgett wrote:
> > >>>>> 2014-10-23 15:21:52,943 INFO  [c.c.s.ConfigurationServerImpl]
> > >>>>> (main:null) Processing updateSSLKeyStore
> > >>>>> 2014-10-23 15:21:52,948 INFO  [c.c.s.ConfigurationServerImpl]
> > >>>>> (main:null) SSL keystore located at
> > >>>>> /etc/cloudstack/management/cloud.keystore
> > >>>>> 2014-10-23 15:21:52,951 DEBUG [c.c.u.s.Script] (main:null)
> Executing:
> > >>>> sudo keytool -genkey -keystore
> > /etc/cloudstack/management/cloud.keystore
> > >>>> -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650
> > >>>> -dname cn="Cloudstack User",ou="chlt.charlottecolo.com",o="
> > >>>> chlt.charlottecolo.com",c="Unknown"
> > >>>>> 2014-10-23 15:21:52,988 DEBUG [c.c.u.s.Script] (main:null)
Exit
> value
> > >>>>> is 1
> > >>>>> 2014-10-23 15:21:52,989 DEBUG [c.c.u.s.Script] (main:null)
sudo: no
> > >>>>> tty present and no askpass program specified
> > >>>>> 2014-10-23 15:21:52,991 WARN  [c.c.s.ConfigurationServerImpl]
> > >>>> (main:null) Would use fail-safe keystore to continue.
> > >>>>> java.io.IOException: Fail to generate certificate!: sudo: no
tty
> > >>>> present and no askpass program specified
> > >>>>>       at
> > >>>>
> > >>
> >
> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:595)
> > >>>>>       at
> > >>>>
> > >>
> >
> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:623)
> > >>>>>       at
> > >>>>
> > >>
> >
> com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:299)
> > >>>>>       at
> > >>>>
> > >>
> >
> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:164)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle$3.with(CloudStackExtendedLifeCycle.java:114)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.with(CloudStackExtendedLifeCycle.java:153)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.configure(CloudStackExtendedLifeCycle.java:110)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(CloudStackExtendedLifeCycle.java:56)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:167)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:339)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:143)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:108)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:945)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContext(DefaultModuleDefinitionSet.java:145)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet$2.with(DefaultModuleDefinitionSet.java:122)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:245)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:250)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:250)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:233)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContexts(DefaultModuleDefinitionSet.java:117)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.load(DefaultModuleDefinitionSet.java:79)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.factory.ModuleBasedContextFactory.loadModules(ModuleBasedContextFactory.java:37)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.init(CloudStackSpringContext.java:70)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:57)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:61)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener.contextInitialized(CloudStackContextLoaderListener.java:52)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210)
> > >>>>>       at
> > >>>>
> > >>
> > org.apache.catalina.core.StandardContext.start(StandardContext.java:4709)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
> > >>>>>       at
> > >>>>
> > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
> > >>>>>       at
> > >>>>
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
> > >>>>>       at
> > >>>>
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
> > >>>>>       at
> > >>>> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
> > >>>>>       at
> > >>>>
> > >>
> >
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
> > >>>>>       at
> > >>>>
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
> > >>>>>       at
> > >>>> org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
> > >>>>>       at
> > >>>>
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
> > >>>>>       at
> > >>>>
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> > >>>>>       at
> > >>>>
> > org.apache.catalina.core.StandardService.start(StandardService.java:516)
> > >>>>>       at
> > >>>>
> org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> > >>>>>       at
> > org.apache.catalina.startup.Catalina.start(Catalina.java:593)
> > >>>>>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> > >>>>>       at
> > >>>>
> > >>
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > >>>>>       at
> > >>>>
> > >>
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > >>>>>       at java.lang.reflect.Method.invoke(Method.java:606)
> > >>>>>       at
> > >> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
> > >>>>>       at
> > >> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>> --
> > >>>
> > >>> Andrija Panić
> > >>> --------------------------------------
> > >>>   http://admintweets.com
> > >>> --------------------------------------
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >>
> > >> Andrija Panić
> > >> --------------------------------------
> > >>   http://admintweets.com
> > >> --------------------------------------
> > >>
> > >
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message