cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: SSVM and CPVM agent unable to start after console proxy SSL certificate update
Date Thu, 31 Dec 2020 11:38:27 GMT
The issue, most probably, is due to different SSL provider or different
names used for the certificates - I've seen this in past.

I would *strongly* suggest, removing all relevant records from the
cloud.keystore table (all records related to the domain you are using -
that probably means indeed ALL records from the table...)
Then upload the SSL and it's intermediate/Root certificates again, i.e.
from scratch.
restart mgmt, and ensure SSVM/CPVM are destroyed

Best,



On Mon, 28 Dec 2020 at 11:43, Rohit Yadav <rohit.yadav@shapeblue.com> wrote:

> Hi,
>
> Can you try to manually start the cloud service, for example: "service
> cloud start" and tail/share the logs which may explain why the java process
> is not running.
> If that does not work, you may also try to validate/verify the
> certificates (including any chain/intermediate certificates) you've
> uploaded and destroy the old CPVM/SSVM.
>
> For more information on SSL certificate setup, you may read this
> 4.11-specific blog
> https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ which
> I think is applicable for 4.9 as well.
>
>
> Regards.
>
> ________________________________
> From: Cloud List <cloud-list@sg.or.id>
> Sent: Saturday, December 26, 2020 09:42
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>; dev <
> dev@cloudstack.apache.org>
> Subject: SSVM and CPVM agent unable to start after console proxy SSL
> certificate update
>
> Hi,
>
> Merry Christmas to all.
>
> We are using Cloudstack with KVM hypervisor. Since our console proxy SSL
> certificate has expired, we updated our new SSL certificate using below
> method:
>
>
> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.9/systemvm.html#using-a-ssl-certificate-for-the-console-proxy
>
> We have done the above method in the past years without any issues, however
> this time round, both the SSVM and CPVM agents are not able to start after
> the update.
>
> The state for both VMs are up but agents are in "disconnected" state. We
> are still able to login to the SSVM, and found out that the cloud service
> is not running.
>
> root@s-4200-VM:~# service cloud status
> CloudStack cloud service is not running
>
> Tried to start the service:
>
> root@s-4200-VM:~# service cloud start
> Starting CloudStack cloud service (type=secstorage) Success
>
> But the service is not started:
>
> root@s-4200-VM:~# service cloud status
> CloudStack cloud service is not running
>
> Below is the logs from /var/log/cloud.log:
>
> =====
> Sat Dec 26 03:45:04 UTC 2020 Executing cloud-early-config
> Sat Dec 26 03:45:04 UTC 2020 Detected that we are running inside kvm guest
> Sat Dec 26 03:45:04 UTC 2020 Found a non empty cmdline file. Will now exit
> the loop and proceed with configuration.
> Sat Dec 26 03:45:04 UTC 2020 Patching  cloud service
> Sat Dec 26 03:45:10 UTC 2020 Updating log4j-cloud.xml
> Sat Dec 26 03:45:10 UTC 2020 Setting up secondary storage system vm
> Sat Dec 26 03:45:10 UTC 2020 checking that eth0 has IP
> Sat Dec 26 03:45:11 UTC 2020 waiting for eth0 interface setup with ip
> timer=0
> Sat Dec 26 03:45:11 UTC 2020 checking that eth1 has IP
> Sat Dec 26 03:45:11 UTC 2020 checking that eth2 has IP
> Sat Dec 26 03:45:20 UTC 2020 checking that eth3 has IP
> Sat Dec 26 03:45:20 UTC 2020 Successfully setup storage network with
> STORAGE_IP:10.19.22.67, STORAGE_NETMASK:255.255.240.0, STORAGE_CIDR:
> Sat Dec 26 03:45:20 UTC 2020 Setting up route of RFC1918 space to
> 10.19.16.1
> Sat Dec 26 03:45:20 UTC 2020 Setting up apache web server
> Sat Dec 26 03:45:20 UTC 2020 setting up apache2 for post upload of
> volume/template
> Sat Dec 26 03:45:20 UTC 2020 rewrite rules already exist in file
> /etc/apache2/sites-available/default-ssl
> Sat Dec 26 03:45:20 UTC 2020 adding cors rules to file:
> /etc/apache2/sites-available/default-ssl
> Sat Dec 26 03:45:21 UTC 2020 cloud: disable rp_filter
> Sat Dec 26 03:45:21 UTC 2020 disable rpfilter
> Sat Dec 26 03:45:21 UTC 2020 cloud: enable_fwding = 0
> Sat Dec 26 03:45:21 UTC 2020 enable_fwding = 0
> Sat Dec 26 03:45:21 UTC 2020 Enable service haproxy = 0
> Sat Dec 26 03:45:21 UTC 2020 Processors = 1  Enable service  = 0
> Sat Dec 26 03:45:21 UTC 2020 Enable service dnsmasq = 0
> Sat Dec 26 03:45:21 UTC 2020 Enable service cloud-passwd-srvr = 0
> Sat Dec 26 03:45:21 UTC 2020 Enable service cloud = 1
> =====
>
> Result of /usr/local/cloud/systemvm/ssvm-check.sh:
>
> =====
> root@s-4200-VM:/var/log# /usr/local/cloud/systemvm/ssvm-check.sh
> ================================================
> First DNS server is  8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 48 data bytes
> 56 bytes from 8.8.8.8: icmp_seq=0 ttl=122 time=0.531 ms
> 56 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=0.676 ms
> --- 8.8.8.8 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 0.531/0.604/0.676/0.073 ms
> Good: Can ping DNS server
> ================================================
> Good: DNS resolves download.cloud.com
> ================================================
> ERROR: NFS is not currently mounted
> Try manually mounting from inside the VM
> NFS server is  X.X.201.1
> PING X.X.201.1 (X.X.201.1): 48 data bytes
> 56 bytes from X.X.201.1: icmp_seq=0 ttl=255 time=0.463 ms
> 56 bytes from X.X.201.1: icmp_seq=1 ttl=255 time=0.482 ms
> --- X.X.201.1 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 0.463/0.473/0.482/0.000 ms
> Good: Can ping nfs server
> ================================================
> Management server is 10.237.3.8. Checking connectivity.
> Good: Can connect to management server port 8250
> ================================================
> ERROR: Java process not running.  Try restarting the SSVM.
> root@s-4200-VM:/var/log#
> =====
>
> The result is OK except the NFS test, but we checked the IP address is not
> correct (X.X.201.1 which is the public IP address of the gateway rather
> than the actual NFS server IP). We tested mounting to the actual NFS server
> and it works fine.
>
> Have tried stopping and starting back the SSVM and the issue still
> persists.
>
> Anyone can help to advice how we can resolve the problem?
>
> Looking forward to your reply, thank you.
>
> -ip-
>
> <
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> >
> Virus-free.
> www.avg.com<http://www.avg.com>
> <
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> >
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
> @shapeblue
>
>
>
>

-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message