<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>hello</div><div>&nbsp;&nbsp;&nbsp; If we add a new node, we generate vdsm certs and scp them to node, then we add it to .truststore in [1], so that our engine can connect to vdsm.</div><div>so If .truststore changed, "getSslStompReactor" still use the old .truststore and connect failed. I made a mistake, changed certs is .truststore rather than engine.p12<br></div><div><br></div><div><br></div><div>[1]<br></div><div>&nbsp;&nbsp;&nbsp; openssl genrsa \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -out client/vdsmkey.pem 2048<br><br>&nbsp;&nbsp;&nbsp; openssl req \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -new \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -out requests/$1.req \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -key client/vdsmkey.pem \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -subj "${subject}"<br><br>&nbsp;&nbsp;&nbsp; openssl ca \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -batch \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -config openssl.conf \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -extfile cacert2.conf \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -extensions v3_ca \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -in requests/$1.req \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -out certs/$1.cer \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -keyfile private/ca.pem \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -subj /O=Linx/CN=$1 \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -utf8 \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -days "3650" \<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -startdate "$(date --utc --date "now -1 days" +"%y%m%d%H%M%SZ")"<br><br>&nbsp;&nbsp;&nbsp; cp ca.pem client/cacert.pem<br>&nbsp;&nbsp;&nbsp; cp certs/$1.cer client/vdsmcert.pem<br>&nbsp;&nbsp;&nbsp; cp install.sh client<br><br><span style="color: rgb(255, 0, 0);">&nbsp;&nbsp;&nbsp; keytool -import -noprompt -trustcacerts -alias $1$(date --utc --date "now +1 days" +"%y%m%d%H%M%SZ")$(cat /dev/urandom | head -n 10 | md5sum | head -c 10) -keypass mypass -file certs/$1.cer -keystore .truststore -storepass mypass</span><br><br></div><br><br><br><br><div style="position:relative;zoom:1"></div><div id="divNeteaseMailCard"></div><br>At 2017-12-26 16:37:33, "Irit Goihman" &lt;igoihman@redhat.com&gt; wrote:<br> <blockquote id="isReplyContent" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><div dir="ltr">Hi,<div>Can you explain your question?</div><div>Why engine certs are changed?</div><div><br></div><div>Thanks,</div><div>Irit</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 25, 2017 at 3:26 AM, pengyixiang <span dir="ltr">&lt;<a href="mailto:yxpengi386@163.com" target="_blank">yxpengi386@163.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>hello, everyone!</div><div>&nbsp;&nbsp;&nbsp;&nbsp; I use ScenarioClient to call vdsm-jsonrpc-client, but I find after my engine connected to one node, I new a node, then the certs(engine.p12) is changed, <br></div><div>but engine can not connected to new node, at last, I find the problem in there [1],&nbsp; and I think rpc's certs to node that is still old, so I try to changed code to [2],</div><div> then repeat the test way, it works well, the ovirt's engine doesn't meet the trouble and how did you do? client is created like this [3].<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>[1]&nbsp;&nbsp; <a href="https://github.com/oVirt/vdsm-jsonrpc-java/blob/078233e60c24f8b8525b3bf5fb1c5ab9f1c4e0f4/client/src/main/java/org/ovirt/vdsm/jsonrpc/client/reactors/ReactorFactory.java#L76" target="_blank">https://github.com/oVirt/vdsm-<wbr></wbr>jsonrpc-java/blob/<wbr></wbr>078233e60c24f8b8525b3bf5fb1c5a<wbr></wbr>b9f1c4e0f4/client/src/main/<wbr></wbr>java/org/ovirt/vdsm/jsonrpc/<wbr></wbr>client/reactors/<wbr></wbr>ReactorFactory.java#L76</a><br></div><div><br></div><div>[2]&nbsp;&nbsp; <br></div><div><pre style="background-color:#ffffff;color:#000000;font-family:'DejaVu Sans Mono';font-size:11.3pt">    <span style="color:#000080;font-weight:bold">private static </span>Reactor getSslStompReactor(<wbr></wbr>ManagerProvider provider) <span style="color:#000080;font-weight:bold">throws </span>ClientConnectionException {<br><span style="color:#808080;font-style:italic">//        if (sslStompReactor != null) {<br></span><span style="color:#808080;font-style:italic">//            return sslStompReactor;<br></span><span style="color:#808080;font-style:italic">//        }<br></span><span style="color:#808080;font-style:italic">        </span><span style="color:#000080;font-weight:bold">synchronized </span>(ReactorFactory.<span style="color:#000080;font-weight:bold">class</span>) {<br><span style="color:#808080;font-style:italic">//            if (sslStompReactor != null) {<br></span><span style="color:#808080;font-style:italic">//                return sslStompReactor;<br></span><span style="color:#808080;font-style:italic">//            }<br></span><span style="color:#808080;font-style:italic">            </span><span style="color:#000080;font-weight:bold">try </span>{<br>                <span style="color:#660e7a;font-style:italic">sslStompReactor </span>= <span style="color:#000080;font-weight:bold">new </span>SSLStompReactor(provider.<wbr></wbr>getSSLContext());<br>            } <span style="color:#000080;font-weight:bold">catch </span>(IOException | GeneralSecurityException e) {<br>                <span style="color:#000080;font-weight:bold">throw new </span>ClientConnectionException(e);<br>            }<br>        }<br>        <span style="color:#000080;font-weight:bold">return </span><span style="color:#660e7a;font-style:italic">sslStompReactor</span>;<br>    }<br><br>[3] <br><span style="color:#000080;font-weight:bold">public </span>ScenarioClient(String hostname, <span style="color:#000080;font-weight:bold">int </span>port) <span style="color:#000080;font-weight:bold">throws </span>ClientConnectionException {<br>    <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">reactor </span>= ReactorFactory.<span style="font-style:italic">getReactor</span>(<wbr></wbr>ProviderFactory.<span style="font-style:italic">getProvider</span>(), ReactorType.<span style="color:#660e7a;font-weight:bold;font-style:italic">STOMP</span>);<br>    <span style="color:#000080;font-weight:bold">final </span>ReactorClient client = <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">reactor</span>.createClient(<wbr></wbr>hostname, port);<br>    client.setClientPolicy(<span style="color:#000080;font-weight:bold">new </span>DefaultStompConnectionPolicy()<wbr></wbr>);<br>    <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">worker </span>= ReactorFactory.<span style="font-style:italic">getWorker</span>(<span style="color:#660e7a;font-weight:bold;font-style:italic">PARAL<wbr></wbr>LELISM</span>);<br>    <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">jsonClient </span>= <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">worker</span>.register(client);<br>    <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">jsonClient</span>.<wbr></wbr>setRetryPolicy(<span style="color:#000080;font-weight:bold">new </span>DefaultStompClientPolicy());<br>}</pre></div></div><br><br><span title="neteasefooter"><p>&nbsp;</p></span><br>______________________________<wbr></wbr>_________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr></wbr>mailman/listinfo/devel</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:uppercase"><span>IRIT</span>&nbsp;<span>GOIHMAN</span></p><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px;margin:0px 0px 4px;text-transform:uppercase"><span>SOFTWARE ENGINEER</span></p><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px;margin:0px 0px 4px;text-transform:uppercase"><span>EMEA VIRTUALIZATION R&amp;D</span></p><p style="font-family:overpass,sans-serif;margin:0px;font-size:10px;color:rgb(153,153,153)"><a href="https://www.redhat.com/" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat&nbsp;<span>EMEA</span></a></p><p style="font-family:overpass,sans-serif;margin:0px 0px 6px;font-size:10px;color:rgb(153,153,153)"></p><table style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:medium" border="0"><tbody><tr><td width="100px"><a href="https://red.ht/sig" target="_blank"><img src="https://www.redhat.com/files/brand/email/sig-redhat.png" width="90" height="auto"></a></td><td style="font-size:10px"><div><a href="https://redhat.com/trusted" style="color:rgb(204,0,0);font-weight:bold" target="_blank">TRIED. TESTED. TRUSTED.</a></div></td></tr></tbody></table><div style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px"><div style="color:rgb(153,153,153)"><a href="https://twitter.com/redhatnews" title="twitter" style="background:url(&quot;https://www.redhat.com/files/brand/email/sm-twitter.png&quot;) 0px 50%/16px no-repeat transparent;height:20px;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">@redhatnews</a>&nbsp;&nbsp;&nbsp;<a href="https://www.linkedin.com/company/red-hat" title="LinkedIn" style="background:url(&quot;https://www.redhat.com/files/brand/email/sm-linkedin.png&quot;) 0px 50%/16px no-repeat transparent;height:20px;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">Red Hat</a>&nbsp;&nbsp;&nbsp;<a href="https://www.facebook.com/RedHatInc" title="Facebook" style="background:url(&quot;https://www.redhat.com/files/brand/email/sm-facebook.png&quot;) 0px 50%/16px no-repeat transparent;height:20px;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">Red Hat</a></div></div><div style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px"></div></div></div></div></div>
</div>
</blockquote></div><br><br><span title="neteasefooter"><p>&nbsp;</p></span>