Hello,

One instance of a reactor was done by design. Can you please provide steps how do you use the code and why do you need to change .truststore? 

Thanks,
Piotr

On Wed, Dec 27, 2017 at 2:16 AM, pengyixiang <yxpengi386@163.com> wrote:
hello
    If we add a new node, we generate vdsm certs and scp them to node, then we add it to .truststore in [1], so that our engine can connect to vdsm.
so If .truststore changed, "getSslStompReactor" still use the old .truststore and connect failed. I made a mistake, changed certs is .truststore rather than engine.p12


[1]
    openssl genrsa \
        -out client/vdsmkey.pem 2048

    openssl req \
        -new \
        -out requests/$1.req \
        -key client/vdsmkey.pem \
        -subj "${subject}"

    openssl ca \
            -batch \
            -config openssl.conf \
            -extfile cacert2.conf \
            -extensions v3_ca \
            -in requests/$1.req \
            -out certs/$1.cer \
            -keyfile private/ca.pem \
            -subj /O=Linx/CN=$1 \
            -utf8 \
            -days "3650" \
            -startdate "$(date --utc --date "now -1 days" +"%y%m%d%H%M%SZ")"

    cp ca.pem client/cacert.pem
    cp certs/$1.cer client/vdsmcert.pem
    cp install.sh client

    keytool -import -noprompt -trustcacerts -alias $1$(date --utc --date "now +1 days" +"%y%m%d%H%M%SZ")$(cat /dev/urandom | head -n 10 | md5sum | head -c 10) -keypass mypass -file certs/$1.cer -keystore .truststore -storepass mypass






At 2017-12-26 16:37:33, "Irit Goihman" <igoihman@redhat.com> wrote:
Hi,
Can you explain your question?
Why engine certs are changed?

Thanks,
Irit

On Mon, Dec 25, 2017 at 3:26 AM, pengyixiang <yxpengi386@163.com> wrote:
hello, everyone!
     I use ScenarioClient to call vdsm-jsonrpc-client, but I find after my engine connected to one node, I new a node, then the certs(engine.p12) is changed,
but engine can not connected to new node, at last, I find the problem in there [1],  and I think rpc's certs to node that is still old, so I try to changed code to [2],
then repeat the test way, it works well, the ovirt's engine doesn't meet the trouble and how did you do? client is created like this [3].





[2]   
    private static Reactor getSslStompReactor(ManagerProvider provider) throws ClientConnectionException {
//        if (sslStompReactor != null) {
//            return sslStompReactor;
//        }
        synchronized (ReactorFactory.class) {
//            if (sslStompReactor != null) {
//                return sslStompReactor;
//            }
            try {
                sslStompReactor = new SSLStompReactor(provider.getSSLContext());
            } catch (IOException | GeneralSecurityException e) {
                throw new ClientConnectionException(e);
            }
        }
        return sslStompReactor;
    }

[3] 
public ScenarioClient(String hostname, int port) throws ClientConnectionException {
    this.reactor = ReactorFactory.getReactor(ProviderFactory.getProvider(), ReactorType.STOMP);
    final ReactorClient client = this.reactor.createClient(hostname, port);
    client.setClientPolicy(new DefaultStompConnectionPolicy());
    this.worker = ReactorFactory.getWorker(PARALLELISM);
    this.jsonClient = this.worker.register(client);
    this.jsonClient.setRetryPolicy(new DefaultStompClientPolicy());
}


 


_______________________________________________
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel



--

IRIT GOIHMAN

SOFTWARE ENGINEER

EMEA VIRTUALIZATION R&D

Red Hat EMEA



 


_______________________________________________
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel