Skip to content

keystore: don't restart systemvm cloud.service post cert import#3134

Merged
yadvr merged 2 commits into
apache:4.11from
shapeblue:agent-reconnect-fix
Jan 16, 2019
Merged

keystore: don't restart systemvm cloud.service post cert import#3134
yadvr merged 2 commits into
apache:4.11from
shapeblue:agent-reconnect-fix

Conversation

@yadvr
Copy link
Copy Markdown
Member

@yadvr yadvr commented Jan 16, 2019
edited
Loading

This ensures that the systemvm agent (cloud.service) is not restarted
on certificate import. The agent has an inbuilt logic to attempt reconnection.
If the old certificates/keystore is invalid agent will attempt reconnection.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)

How Has This Been Tested?

Deployed a CPU-bound environment (hypervisor host with limited CPU and 1core), saw that previously irrespective of keystore setup the restart logic would cause agent to restart (sig.kill is the reason seen in logs) and on management server side it would seem agent connects, then disconnects, then connects and is finally in Up state. With this fix, the reconnection attempt won't be observed on the management server side. The agent will keep attempting reconnection when certificates are invalid, the cert import script does not need to restart cloud service manually.

yadvr added 2 commits January 16, 2019 13:31
@yadvr
keystore: restart systemvm cloud.service only when old keystore exist
658dae4 
This ensures that the systemvm agent (cloud.service) is not restarted
when old keystore does not exist. However, on subsequent reboots of
systemvm this will try to restart cloud.service after importing X509
certificates.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
@yadvr
restart logic is not necessary, the agent will attempt reconnect when…
919bb39 
… old ks/certs are invalid

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
@yadvr yadvr changed the title keystore: restart systemvm cloud.service only when old keystore exist keystore: don't restart systemvm cloud.service post cert import Jan 16, 2019
@yadvr yadvr added this to the 4.11.3.0 milestone Jan 16, 2019
@yadvr
Copy link
Copy Markdown
Member Author

yadvr commented Jan 16, 2019

@blueorangutan package

@blueorangutan
Copy link
Copy Markdown

blueorangutan commented Jan 16, 2019

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

wido
wido approved these changes Jan 16, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@wido wido left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes, good catch! LGTM

@blueorangutan
Copy link
Copy Markdown

blueorangutan commented Jan 16, 2019

Packaging result: ✔centos6 ✔centos7 ✖debian. JID-2541

@yadvr
Copy link
Copy Markdown
Member Author

yadvr commented Jan 16, 2019

@blueorangutan test

@blueorangutan
Copy link
Copy Markdown

blueorangutan commented Jan 16, 2019

@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

GabrielBrascher
GabrielBrascher approved these changes Jan 16, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@GabrielBrascher GabrielBrascher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM, thanks @rhtyd!

@blueorangutan
Copy link
Copy Markdown

blueorangutan commented Jan 16, 2019

Trillian test result (tid-3325)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 22755 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3134-t3325-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Smoke tests completed. 68 look OK, 0 have error(s)
Only failed tests results shown below:

Test Result Time (s) Test File

@yadvr
Copy link
Copy Markdown
Member Author

yadvr commented Jan 16, 2019

Tests LGTM.

@yadvr yadvr merged commit 53ec27c into apache:4.11 Jan 16, 2019
GabrielBrascher pushed a commit to GabrielBrascher/cloudstack that referenced this pull request Feb 4, 2019
@yadvr
scripts: don't restart systemvm cloud.service post cert import (apach…
6f9b826 
…e#3134)

This ensures that the systemvm agent (cloud.service) is not restarted
on certificate import. The agent has an inbuilt logic to attempt
reconnection.
If the old certificates/keystore is invalid agent will attempt
reconnection.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
nvazquez pushed a commit to shapeblue/cloudstack that referenced this pull request Jul 24, 2019
@yadvr
scripts: don't restart systemvm cloud.service post cert import (apach…
6f24732 
…e#3134)

This ensures that the systemvm agent (cloud.service) is not restarted
on certificate import. The agent has an inbuilt logic to attempt reconnection.
If the old certificates/keystore is invalid agent will attempt reconnection.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 53ec27c)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wido wido wido approved these changes

@GabrielBrascher GabrielBrascher GabrielBrascher approved these changes

@PaulAngus PaulAngus Awaiting requested review from PaulAngus

@rafaelweingartner rafaelweingartner Awaiting requested review from rafaelweingartner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.11.3.0

Development

Successfully merging this pull request may close these issues.

4 participants

@yadvr @blueorangutan @wido @GabrielBrascher