From users-return-18280-apmail-cloudstack-users-archive=cloudstack.apache.org@cloudstack.apache.org Sat Oct 25 08:58:48 2014 Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 211151767B for ; Sat, 25 Oct 2014 08:58:48 +0000 (UTC) Received: (qmail 2833 invoked by uid 500); 25 Oct 2014 08:58:42 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 2805 invoked by uid 500); 25 Oct 2014 08:58:42 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 2793 invoked by uid 99); 25 Oct 2014 08:58:41 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Oct 2014 08:58:41 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of andrija.panic@gmail.com designates 209.85.213.177 as permitted sender) Received: from [209.85.213.177] (HELO mail-ig0-f177.google.com) (209.85.213.177) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Oct 2014 08:58:15 +0000 Received: by mail-ig0-f177.google.com with SMTP id a13so1757231igq.16 for ; Sat, 25 Oct 2014 01:57:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=mgY74hCFIvkUQaEfDGVkaZT/9TppRZEYS8YVjT6tWv0=; b=A2tmxqoqFEkiogls8X6b2TCAKX81x+5Vk9jFaEGaUvVESoj2XFJZlZ7GEJW/hjYBJ6 06Nkl3zsEZJhnArz6IlIYaC1cN+nVCdC5AC4kzhR0vkucPqHfFwVYkiIZLby+0oTU2cF VzA5md21Z+Onz5dftsYejl9DrVmsoOMeQKoJsbj68fWNnirbCWkYoTkM2N0OfihMp5Gh j9Hyn2YiSOPUiXIpKeb4CMTTqLuRw6ozChd1np0wahvIzR2iyjLFZrG/A071T2C/nJGB aK6oJj9Hj8tI6OOOk4RZOBVVx2Zc0eQ1ngXryRshIUBPId0hdIfK3ftLj/gpwNw8cKHa Z89A== MIME-Version: 1.0 X-Received: by 10.42.190.6 with SMTP id dg6mr7869910icb.13.1414227448828; Sat, 25 Oct 2014 01:57:28 -0700 (PDT) Received: by 10.42.33.136 with HTTP; Sat, 25 Oct 2014 01:57:28 -0700 (PDT) Received: by 10.42.33.136 with HTTP; Sat, 25 Oct 2014 01:57:28 -0700 (PDT) In-Reply-To: References: Date: Sat, 25 Oct 2014 10:57:28 +0200 Message-ID: Subject: Re: Broken update from 4.4 to 4.4.1 From: Andrija Panic To: users@cloudstack.apache.org Content-Type: multipart/alternative; boundary=20cf303e9f10b81b8505063b7c29 X-Virus-Checked: Checked by ClamAV on apache.org --20cf303e9f10b81b8505063b7c29 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable After adjustment, It will not fail at sudo stuff, but does fail for me later for no good reason... Sent from Google Nexus 4 On Oct 25, 2014 5:22 AM, "Matthew Midgett" wrote: > I haven't tried to do the upgrade with the adjustments. Can anyone confir= m > that adding the permissions for the key store to the cloud user will make > it complete. > > > Sent on a Sprint Samsung Galaxy S=C2=AE III > >
-------- Original message --------
From: Ian Duffy < > ian@ianduffy.ie>
Date:10/24/2014 9:06 PM (GMT-05:00) >
To: users@cloudstack.apache.org
Subject: Re: Broken > update from 4.4 to 4.4.1
>
> so I guess CS never updates it, and anyone who > installed a version with a sudo config missing keytool will probably hit > this same problem eventually > > Correct. The modification of the sudoers file isn't done via the binary > package so it will not change on update. > It will only change if cloudstack-setup-management is run. > > Release notes should probably be modified to include this. > > On 25 October 2014 01:20, Kirk Kosinski wrote: > > > Right, it is not ideal, though it was like that for a long time (since > > at least CS 2.x). I see that the sudo config was changed recently to b= e > > more locked down, but it did not include keytool due to CLOUDSTACK-1389= . > > I checked a 4.3 setup which was upgraded from 4.2 and it still has the > > old unrestricted config so I guess CS never updates it, and anyone who > > installed a version with a sudo config missing keytool will probably hi= t > > this same problem eventually (whenever keytool is run). > > > > Best regards, > > Kirk > > > > > > On 10/24/2014 03:06 PM, Ian Duffy wrote: > > >> cloud ALL =3DNOPASSWD : ALL > > > > > > This is dangerous advice. It grants the cloud user full sudo access > > without > > > the requirement of a password. > > > > > > The following gives more limited access and should allow cloudstack t= o > > > function accordingly: > > > > > > cloud ALL =3DNOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, > > > /bin/umount, /usr/bin/keytool > > > > > > On 24 October 2014 18:44, Andrija Panic > wrote: > > > > > >> Just did quick management server ACS 4.4.1 installation on free > server: > > >> cloud ALL =3DNOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, > > >> /bin/umount, /usr/bin/keytool > > >> > > >> that is what it looks like in ACS 4.4.1 > > >> clean install of ACS 4.4.1 works... > > >> > > >> On 24 October 2014 19:35, Andrija Panic > > wrote: > > >> > > >>> like this: > > >>> > > >>> Defaults:cloud !requiretty > > >>> cloud ALL =3DNOPASSWD : ALL > > >>> > > >>> and let us know if the upgtade still fails - it does fail for me wi= th > > no > > >>> understandable error... > > >>> thx > > >>> > > >>> On 24 October 2014 19:28, Matthew Midgett < > > >>> cloudstck@trick-solutions.com.invalid> wrote: > > >>> > > >>>> This is what is in my sudoers file > > >>>> > > >>>> cloud ALL =3DNOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/moun= t, > > >>>> /bin/umount > > >>>> > > >>>> Should I change it? > > >>>> > > >>>> -----Original Message----- > > >>>> From: Kirk Kosinski [mailto:kirkkosinski@gmail.com] > > >>>> Sent: Friday, October 24, 2014 5:23 AM > > >>>> To: users@cloudstack.apache.org > > >>>> Subject: Re: Broken update from 4.4 to 4.4.1 > > >>>> > > >>>> Hi, the error below indicates a problem with the sudo config. Mak= e > > sure > > >>>> /etc/sudoers has a line like: > > >>>> > > >>>> cloud ALL =3DNOPASSWD : ALL > > >>>> > > >>>> Best regards, > > >>>> Kirk > > >>>> > > >>>> On 10/23/2014 01:05 PM, Matthew Midgett wrote: > > >>>>> 2014-10-23 15:21:52,943 INFO [c.c.s.ConfigurationServerImpl] > > >>>>> (main:null) Processing updateSSLKeyStore > > >>>>> 2014-10-23 15:21:52,948 INFO [c.c.s.ConfigurationServerImpl] > > >>>>> (main:null) SSL keystore located at > > >>>>> /etc/cloudstack/management/cloud.keystore > > >>>>> 2014-10-23 15:21:52,951 DEBUG [c.c.u.s.Script] (main:null) > Executing: > > >>>> sudo keytool -genkey -keystore > > /etc/cloudstack/management/cloud.keystore > > >>>> -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650 > > >>>> -dname cn=3D"Cloudstack User",ou=3D"chlt.charlottecolo.com",o=3D" > > >>>> chlt.charlottecolo.com",c=3D"Unknown" > > >>>>> 2014-10-23 15:21:52,988 DEBUG [c.c.u.s.Script] (main:null) Exit > value > > >>>>> is 1 > > >>>>> 2014-10-23 15:21:52,989 DEBUG [c.c.u.s.Script] (main:null) sudo: = no > > >>>>> tty present and no askpass program specified > > >>>>> 2014-10-23 15:21:52,991 WARN [c.c.s.ConfigurationServerImpl] > > >>>> (main:null) Would use fail-safe keystore to continue. > > >>>>> java.io.IOException: Fail to generate certificate!: sudo: no tty > > >>>> present and no askpass program specified > > >>>>> at > > >>>> > > >> > > > com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(Configur= ationServerImpl.java:595) > > >>>>> at > > >>>> > > >> > > > com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationS= erverImpl.java:623) > > >>>>> at > > >>>> > > >> > > > com.cloud.server.ConfigurationServerImpl.persistDefaultValues(Configurati= onServerImpl.java:299) > > >>>>> at > > >>>> > > >> > > > com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImp= l.java:164) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle$3.with= (CloudStackExtendedLifeCycle.java:114) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.with(C= loudStackExtendedLifeCycle.java:153) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.config= ure(CloudStackExtendedLifeCycle.java:110) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(= CloudStackExtendedLifeCycle.java:56) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor.doStart(Def= aultLifecycleProcessor.java:167) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor.access$200(= DefaultLifecycleProcessor.java:51) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGr= oup.start(DefaultLifecycleProcessor.java:339) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor.startBeans(= DefaultLifecycleProcessor.java:143) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(D= efaultLifecycleProcessor.java:108) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.AbstractApplicationContext.finishRefr= esh(AbstractApplicationContext.java:945) > > >>>>> at > > >>>> > > >> > > > org.springframework.context.support.AbstractApplicationContext.refresh(Ab= stractApplicationContext.java:482) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet= .loadContext(DefaultModuleDefinitionSet.java:145) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet= $2.with(DefaultModuleDefinitionSet.java:122) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet= .withModule(DefaultModuleDefinitionSet.java:245) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet= .withModule(DefaultModuleDefinitionSet.java:250) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet= .withModule(DefaultModuleDefinitionSet.java:250) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet= .withModule(DefaultModuleDefinitionSet.java:233) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet= .loadContexts(DefaultModuleDefinitionSet.java:117) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet= .load(DefaultModuleDefinitionSet.java:79) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.factory.ModuleBasedContextFactory.loa= dModules(ModuleBasedContextFactory.java:37) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.init(= CloudStackSpringContext.java:70) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.(CloudStackSpringContext.java:57) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.(CloudStackSpringContext.java:61) > > >>>>> at > > >>>> > > >> > > > org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener.c= ontextInitialized(CloudStackContextLoaderListener.java:52) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.ja= va:4210) > > >>>>> at > > >>>> > > >> > > org.apache.catalina.core.StandardContext.start(StandardContext.java:470= 9) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.jav= a:791) > > >>>>> at > > >>>> > > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) > > >>>>> at > > >>>> > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:10= 41) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:= 964) > > >>>>> at > > >>>> > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502) > > >>>>> at > > >>>> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321= ) > > >>>>> at > > >>>> > > >> > > > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSup= port.java:142) > > >>>>> at > > >>>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) > > >>>>> at > > >>>> org.apache.catalina.core.StandardHost.start(StandardHost.java:722) > > >>>>> at > > >>>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) > > >>>>> at > > >>>> > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) > > >>>>> at > > >>>> > > org.apache.catalina.core.StandardService.start(StandardService.java:516= ) > > >>>>> at > > >>>> > org.apache.catalina.core.StandardServer.start(StandardServer.java:710) > > >>>>> at > > org.apache.catalina.startup.Catalina.start(Catalina.java:593) > > >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > >>>>> at > > >>>> > > >> > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java= :57) > > >>>>> at > > >>>> > > >> > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI= mpl.java:43) > > >>>>> at java.lang.reflect.Method.invoke(Method.java:606) > > >>>>> at > > >> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > > >>>>> at > > >> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > > >>>> > > >>>> > > >>> > > >>> > > >>> -- > > >>> > > >>> Andrija Pani=C4=87 > > >>> -------------------------------------- > > >>> http://admintweets.com > > >>> -------------------------------------- > > >>> > > >> > > >> > > >> > > >> -- > > >> > > >> Andrija Pani=C4=87 > > >> -------------------------------------- > > >> http://admintweets.com > > >> -------------------------------------- > > >> > > > > > > > > --20cf303e9f10b81b8505063b7c29--