<div dir="ltr">Hello,<div><br></div><div>One instance of a reactor was done by design. Can you please provide steps how do you use the code and why do you need to change .truststore? </div><div><br></div><div>Thanks,</div><div>Piotr</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Dec 27, 2017 at 2:16 AM, pengyixiang <span dir="ltr"><<a href="mailto:yxpengi386@163.com" target="_blank">yxpengi386@163.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>hello</div><div> If we add a new node, we generate vdsm certs and scp them to node, then we add it to .truststore in [1], so that our engine can connect to vdsm.</div><div>so If .truststore changed, "getSslStompReactor" still use the old .truststore and connect failed. I made a mistake, changed certs is .truststore rather than engine.p12<br></div><div><br></div><div><br></div><div>[1]<br></div><div> openssl genrsa \<br> -out client/vdsmkey.pem 2048<br><br> openssl req \<br> -new \<br> -out requests/$1.req \<br> -key client/vdsmkey.pem \<br> -subj "${subject}"<br><br> openssl ca \<br> -batch \<br> -config openssl.conf \<br> -extfile cacert2.conf \<br> -extensions v3_ca \<br> -in requests/$1.req \<br> -out certs/$1.cer \<br> -keyfile private/ca.pem \<br> -subj /O=Linx/CN=$1 \<br> -utf8 \<br> -days "3650" \<br> -startdate "$(date --utc --date "now -1 days" +"%y%m%d%H%M%SZ")"<br><br> cp ca.pem client/cacert.pem<br> cp certs/$1.cer client/vdsmcert.pem<br> cp install.sh client<br><br><span style="color:rgb(255,0,0)"> keytool -import -noprompt -trustcacerts -alias $1$(date --utc --date "now +1 days" +"%y%m%d%H%M%SZ")$(cat /dev/urandom | head -n 10 | md5sum | head -c 10) -keypass mypass -file certs/$1.cer -keystore .truststore -storepass mypass</span><br><br></div><div><div class="h5"><br><br><br><br><div style="zoom:1"></div><div id="m_-391239543442414119divNeteaseMailCard"></div><br>At 2017-12-26 16:37:33, "Irit Goihman" <<a href="mailto:igoihman@redhat.com" target="_blank">igoihman@redhat.com</a>> wrote:<br> <blockquote id="m_-391239543442414119isReplyContent" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid"><div dir="ltr">Hi,<div>Can you explain your question?</div><div>Why engine certs are changed?</div><div><br></div><div>Thanks,</div><div>Irit</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 25, 2017 at 3:26 AM, pengyixiang <span dir="ltr"><<a href="mailto:yxpengi386@163.com" target="_blank">yxpengi386@163.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>hello, everyone!</div><div> I use ScenarioClient to call vdsm-jsonrpc-client, but I find after my engine connected to one node, I new a node, then the certs(engine.p12) is changed, <br></div><div>but engine can not connected to new node, at last, I find the problem in there [1], and I think rpc's certs to node that is still old, so I try to changed code to [2],</div><div> then repeat the test way, it works well, the ovirt's engine doesn't meet the trouble and how did you do? client is created like this [3].<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>[1] <a href="https://github.com/oVirt/vdsm-jsonrpc-java/blob/078233e60c24f8b8525b3bf5fb1c5ab9f1c4e0f4/client/src/main/java/org/ovirt/vdsm/jsonrpc/client/reactors/ReactorFactory.java#L76" target="_blank">https://github.com/oVirt/vdsm-<wbr>jsonrpc-java/blob/078233e60c24<wbr>f8b8525b3bf5fb1c5ab9f1c4e0f4/<wbr>client/src/main/java/org/<wbr>ovirt/vdsm/jsonrpc/client/<wbr>reactors/ReactorFactory.java#<wbr>L76</a><br></div><div><br></div><div>[2] <br></div><div><pre style="background-color:#ffffff;color:#000000;font-family:'DejaVu Sans Mono';font-size:11.3pt"> <span style="color:#000080;font-weight:bold">private static </span>Reactor getSslStompReactor(ManagerProv<wbr>ider provider) <span style="color:#000080;font-weight:bold">throws </span>ClientConnectionException {<br><span style="color:#808080;font-style:italic">// if (sslStompReactor != null) {<br></span><span style="color:#808080;font-style:italic">// return sslStompReactor;<br></span><span style="color:#808080;font-style:italic">// }<br></span><span style="color:#808080;font-style:italic"> </span><span style="color:#000080;font-weight:bold">synchronized </span>(ReactorFactory.<span style="color:#000080;font-weight:bold">class</span>) {<br><span style="color:#808080;font-style:italic">// if (sslStompReactor != null) {<br></span><span style="color:#808080;font-style:italic">// return sslStompReactor;<br></span><span style="color:#808080;font-style:italic">// }<br></span><span style="color:#808080;font-style:italic"> </span><span style="color:#000080;font-weight:bold">try </span>{<br> <span style="color:#660e7a;font-style:italic">sslStompReactor </span>= <span style="color:#000080;font-weight:bold">new </span>SSLStompReactor(provider.getSS<wbr>LContext());<br> } <span style="color:#000080;font-weight:bold">catch </span>(IOException | GeneralSecurityException e) {<br> <span style="color:#000080;font-weight:bold">throw new </span>ClientConnectionException(e);<br> }<br> }<br> <span style="color:#000080;font-weight:bold">return </span><span style="color:#660e7a;font-style:italic">sslStompReactor</span>;<br> }<br><br>[3] <br><span style="color:#000080;font-weight:bold">public </span>ScenarioClient(String hostname, <span style="color:#000080;font-weight:bold">int </span>port) <span style="color:#000080;font-weight:bold">throws </span>ClientConnectionException {<br> <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">reactor </span>= ReactorFactory.<span style="font-style:italic">getReactor</span>(Prov<wbr>iderFactory.<span style="font-style:italic">getProvider</span>(), ReactorType.<span style="color:#660e7a;font-weight:bold;font-style:italic">STOMP</span>);<br> <span style="color:#000080;font-weight:bold">final </span>ReactorClient client = <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">reactor</span>.createClient(host<wbr>name, port);<br> client.setClientPolicy(<span style="color:#000080;font-weight:bold">new </span>DefaultStompConnectionPolicy()<wbr>);<br> <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">worker </span>= ReactorFactory.<span style="font-style:italic">getWorker</span>(<span style="color:#660e7a;font-weight:bold;font-style:italic">PARAL<wbr>LELISM</span>);<br> <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">jsonClient </span>= <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">worker</span>.register(client);<br> <span style="color:#000080;font-weight:bold">this</span>.<span style="color:#660e7a;font-weight:bold">jsonClient</span>.setRetryPolicy<wbr>(<span style="color:#000080;font-weight:bold">new </span>DefaultStompClientPolicy());<br>}</pre></div></div><br><br><span title="neteasefooter"><p> </p></span><br>______________________________<wbr>_________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org" target="_blank">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/devel</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_-391239543442414119gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:uppercase"><span>IRIT</span> <span>GOIHMAN</span></p><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px;margin:0px 0px 4px;text-transform:uppercase"><span>SOFTWARE ENGINEER</span></p><p style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px;margin:0px 0px 4px;text-transform:uppercase"><span>EMEA VIRTUALIZATION R&D</span></p><p style="font-family:overpass,sans-serif;margin:0px;font-size:10px;color:rgb(153,153,153)"><a href="https://www.redhat.com/" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat <span>EMEA</span></a></p><p style="font-family:overpass,sans-serif;margin:0px 0px 6px;font-size:10px;color:rgb(153,153,153)"></p><table style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:medium" border="0"><tbody><tr><td width="100px"><a href="https://red.ht/sig" target="_blank"><img src="https://www.redhat.com/files/brand/email/sig-redhat.png" width="90" height="auto"></a></td><td style="font-size:10px"><div><a href="https://redhat.com/trusted" style="color:rgb(204,0,0);font-weight:bold" target="_blank">TRIED. TESTED. TRUSTED.</a></div></td></tr></tbody></table><div style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px"><div style="color:rgb(153,153,153)"><a href="https://twitter.com/redhatnews" title="twitter" style="background:url("https://www.redhat.com/files/brand/email/sm-twitter.png") 0px 50%/16px no-repeat transparent;height:20px;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">@redhatnews</a> <a href="https://www.linkedin.com/company/red-hat" title="LinkedIn" style="background:url("https://www.redhat.com/files/brand/email/sm-linkedin.png") 0px 50%/16px no-repeat transparent;height:20px;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">Red Hat</a> <a href="https://www.facebook.com/RedHatInc" title="Facebook" style="background:url("https://www.redhat.com/files/brand/email/sm-facebook.png") 0px 50%/16px no-repeat transparent;height:20px;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">Red Hat</a></div></div><div style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px"></div></div></div></div></div>
</div>
</blockquote></div></div></div><br><br><span title="neteasefooter"><p> </p></span><br>______________________________<wbr>_________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/devel</a><br></blockquote></div><br></div>