Hello, One instance of a reactor was done by design. Can you please provide steps how do you use the code and why do you need to change .truststore? Thanks, Piotr On Wed, Dec 27, 2017 at 2:16 AM, pengyixiang <yxpengi386@163.com> wrote:
hello If we add a new node, we generate vdsm certs and scp them to node, then we add it to .truststore in [1], so that our engine can connect to vdsm. so If .truststore changed, "getSslStompReactor" still use the old .truststore and connect failed. I made a mistake, changed certs is .truststore rather than engine.p12
[1] openssl genrsa \ -out client/vdsmkey.pem 2048
openssl req \ -new \ -out requests/$1.req \ -key client/vdsmkey.pem \ -subj "${subject}"
openssl ca \ -batch \ -config openssl.conf \ -extfile cacert2.conf \ -extensions v3_ca \ -in requests/$1.req \ -out certs/$1.cer \ -keyfile private/ca.pem \ -subj /O=Linx/CN=$1 \ -utf8 \ -days "3650" \ -startdate "$(date --utc --date "now -1 days" +"%y%m%d%H%M%SZ")"
cp ca.pem client/cacert.pem cp certs/$1.cer client/vdsmcert.pem cp install.sh client
keytool -import -noprompt -trustcacerts -alias $1$(date --utc --date "now +1 days" +"%y%m%d%H%M%SZ")$(cat /dev/urandom | head -n 10 | md5sum | head -c 10) -keypass mypass -file certs/$1.cer -keystore .truststore -storepass mypass
At 2017-12-26 16:37:33, "Irit Goihman" <igoihman@redhat.com> wrote:
Hi, Can you explain your question? Why engine certs are changed?
Thanks, Irit
On Mon, Dec 25, 2017 at 3:26 AM, pengyixiang <yxpengi386@163.com> wrote:
hello, everyone! I use ScenarioClient to call vdsm-jsonrpc-client, but I find after my engine connected to one node, I new a node, then the certs(engine.p12) is changed, but engine can not connected to new node, at last, I find the problem in there [1], and I think rpc's certs to node that is still old, so I try to changed code to [2], then repeat the test way, it works well, the ovirt's engine doesn't meet the trouble and how did you do? client is created like this [3].
[1] https://github.com/oVirt/vdsm-jsonrpc-java/blob/078233e60c24 f8b8525b3bf5fb1c5ab9f1c4e0f4/client/src/main/java/org/ ovirt/vdsm/jsonrpc/client/reactors/ReactorFactory.java#L76
[2]
private static Reactor getSslStompReactor(ManagerProvider provider) throws ClientConnectionException { // if (sslStompReactor != null) { // return sslStompReactor; // } synchronized (ReactorFactory.class) { // if (sslStompReactor != null) { // return sslStompReactor; // } try { sslStompReactor = new SSLStompReactor(provider.getSSLContext()); } catch (IOException | GeneralSecurityException e) { throw new ClientConnectionException(e); } } return sslStompReactor; }
[3] public ScenarioClient(String hostname, int port) throws ClientConnectionException { this.reactor = ReactorFactory.getReactor(ProviderFactory.getProvider(), ReactorType.STOMP); final ReactorClient client = this.reactor.createClient(hostname, port); client.setClientPolicy(new DefaultStompConnectionPolicy()); this.worker = ReactorFactory.getWorker(PARALLELISM); this.jsonClient = this.worker.register(client); this.jsonClient.setRetryPolicy(new DefaultStompClientPolicy()); }
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
--
IRIT GOIHMAN
SOFTWARE ENGINEER
EMEA VIRTUALIZATION R&D
Red Hat EMEA <https://www.redhat.com/>
<https://red.ht/sig> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> @redhatnews <https://twitter.com/redhatnews> Red Hat <https://www.linkedin.com/company/red-hat> Red Hat <https://www.facebook.com/RedHatInc>
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel