osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL authentication failure


Swastik - does your KVM host have ipmi capabilities, please refer to admin docs on using out-of-band management for host. You'll need to configure oobm configuration for a host in order to use them.



- Rohit

<https://cloudstack.apache.org>



________________________________
From: Swastik Mittal <mittal.swastik@xxxxxxxxx>
Sent: Tuesday, April 3, 2018 12:24:26 PM
To: users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: SSL authentication failure

Forget to mention. On issuing an action for out of band management I get:

Out-of-band Management action (RESET) on host
(b7a92936-1ce9-4c90-aca3-6ea492bf028d) failed with error: Get Auth
Capabilities error Error issuing Get Channel Authentication Capabilies
request Error: Unable to establish IPMI v2 / RMCP+ session

On 4/3/18, Swastik Mittal <mittal.swastik@xxxxxxxxx> wrote:
> Hey Rohit,
>
> (in one-way ssl mode)
>
> The host has been added but the power state is disabled as out of band
> management is disabled. On enabling I get unknown state, but system vm's
> still show status running and agent state is marked by '-'.
>
> Where are the system VM's running if no agent state is detected?
>
> Also my console does not run but I can ssh into my ssvm. There is no
> ssvm-check file available. I think it is because system VM's are not
> correctly configured. So how do I power ON my host so that I get an agent
> state in system VM?
>
> regards
> Swastik
>
> On Tue, Apr 3, 2018 at 10:32 AM, Swastik Mittal <mittal.swastik@xxxxxxxxx>
> wrote:
>
>> Hey Rohit,
>>
>> I set my ca.plugin.root.auth.strictness to false and restarted all the
>> services and one way ssl works fine. But how do I solve the bug in case I
>> need to enable two way ssl.
>>
>> regards
>> Swastik
>>
>> On Tue, Apr 3, 2018 at 9:21 AM, Swastik Mittal <mittal.swastik@xxxxxxxxx>
>> wrote:
>>
>>> Hey Rohit
>>>
>>> I was installing a fresh enviroment. Added the host through command
>>> cloudstack-setup-agent, here it mentions everything done correctly but
>>> the host doesn't get added. (KVM host)
>>>
>>> Agent log file gives:
>>>
>>> 2018-04-03 09:12:14,584 INFO  [cloud.agent.Agent] (main:null) (logid:)
>>> Connecting to host:localhost
>>> 2018-04-03 09:12:14,584 INFO  [utils.nio.NioClient] (main:null)
>>> (logid:) Connecting to localhost:8250
>>> 2018-04-03 09:12:14,585 INFO  [utils.nio.Link] (main:null) (logid:)
>>> Conf file found: /etc/cloudstack/agent/agent.properties
>>> 2018-04-03 09:12:14,585 WARN  [utils.nio.Link] (main:null) (logid:)
>>> Failed to load keystore, using trust all manager
>>> 2018-04-03 09:12:14,589 ERROR [utils.nio.Link] (main:null) (logid:)
>>> SSL error caught during unwrap data: Unrecognized SSL message,
>>> plaintext connection?, for local address=/127.0.0.1:39863, remote
>>> address=localhost/127.0.0.1:8250. The client may have invalid
>>> ca-certificates.
>>> 2018-04-03 09:12:14,589 ERROR [utils.nio.NioClient] (main:null)
>>> (logid:) SSL Handshake failed while connecting to host: localhost
>>> port: 8250
>>> 2018-04-03 09:12:14,589 ERROR [utils.nio.NioConnection] (main:null)
>>> (logid:) Unable to initialize the threads.
>>> java.io.IOException: SSL Handshake failed while connecting to host:
>>> localhost port: 8250
>>>         at com.cloud.utils.nio.NioClient.init(NioClient.java:67)
>>>         at
>>> com.cloud.utils.nio.NioConnection.start(NioConnection.java:95)
>>>         at com.cloud.agent.Agent.start(Agent.java:263)
>>>         at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:410)
>>>         at com.cloud.agent.AgentShell.launchAgentFromClassInfo(AgentShe
>>> ll.java:378)
>>>         at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:362)
>>>         at com.cloud.agent.AgentShell.start(AgentShell.java:467)
>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>> ssorImpl.java:62)
>>>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>> thodAccessorImpl.java:43)
>>>         at java.lang.reflect.Method.invoke(Method.java:498)
>>>         at org.apache.commons.daemon.support.DaemonLoader.start(DaemonL
>>> oader.java:243)
>>> 2018-04-03 09:12:14,590 INFO  [utils.exception.CSExceptionErrorCode]
>>> (main:null) (logid:) Could not find exception:
>>> com.cloud.utils.exception.NioConnectionException in error code list
>>> for exceptions
>>> 2018-04-03 09:12:14,590 WARN  [cloud.agent.Agent] (main:null) (logid:)
>>> NIO Connection Exception
>>> com.cloud.utils.exception.NioConnectionException: SSL Handshake failed
>>> while connecting to host: localhost port: 8250
>>> 2018-04-03 09:12:14,590 INFO  [cloud.agent.Agent] (main:null) (logid:)
>>> Attempted to connect to the server, but received an unexpected
>>> exception, trying again...
>>>
>>> While connecting through UI it gives authentication error.
>>>
>>> I also set ssh and sshd ports to 8250 and was able to ssh into
>>> management from host through it but still getting the same error while
>>> adding it in cloudstack. Management generates a key(.pem) file in the
>>> UI, do we need to add that file in the host settings for connection?
>>>
>>> Also my ca.plugin.root.auth.strictness settings was set to true. On
>>> setting it to false gives the same.
>>>
>>> Regards
>>> Swastik
>>>
>>> On 4/2/18, Rohit Yadav <rohit.yadav@xxxxxxxxxxxxx> wrote:
>>> > Swastik,
>>> >
>>> > Did you try to upgrade the env or installed a fresh env? How did you
>>> add the
>>> > host? Was it a kvm host or something else? Instead of localhost, can
>>> you use
>>> > an IP for the mgmt server? Also check and share your ca auth
>>> > strictness
>>> > global setting. Setting that to false will enforce legacy behavior.
>>> >
>>> > Regards.
>>> >
>>> > Get Outlook for Android<https://aka.ms/ghei36>
>>> >
>>> >
>>> >
>>> > From: Swastik Mittal
>>> > Sent: Monday, 2 April, 4:58 PM
>>> > Subject: SSL authentication failure
>>> > To: users@xxxxxxxxxxxxxxxxxxxxx
>>> >
>>> >
>>> > Hey, I was using cloudstack version 4.6 earlier and was able to
>>> > configure/add host to my datacenter. On installing version 4.11 on
>>> setting
>>> > up host, host is unable to connect to management on port 8250 because
>>> > management immediately closes the connection and does not allow
>>> connection
>>> > on that port. (Getting this error in agent log) The management server
>>> log
>>> > gives, SSL error caught during wrap data: null cert chain, for local
>>> > address=/127.0.0.1:8250, remote address=/127.0.0.1:46029. I was also
>>> not
>>> > able to ssh into management on port 8250 even though setting SSHD to
>>> all in
>>> > hosts.allow. I also tried allowing policies on port 8250 through ufw
>>> command
>>> > but it din't work. How do I update policies in 4.11? Any help? Reagrds
>>> > Swastik
>>> >
>>> >
>>> > rohit.yadav@xxxxxxxxxxxxx
>>> > www.shapeblue.com<http://www.shapeblue.com>
>>> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>>> > @shapeblue
>>> >
>>> >
>>> >
>>> >
>>>
>>
>>
>

rohit.yadav@xxxxxxxxxxxxx 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue