Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: after gateway installation the REST API test fails due to non-validated certificate #48

Open
coulof opened this issue Mar 26, 2024 · 2 comments
Open

[BUG]: after gateway installation the REST API test fails due to non-validated certificate #48

coulof opened this issue Mar 26, 2024 · 2 comments
Labels
needs-triage Triage required type/bug Something isn't working

Comments

@coulof
Copy link
Collaborator

coulof commented Mar 26, 2024

Describe the bug
After the gateway installation of the PowerFlex Gateway the REST API test fails due to non-validated certificate.

From the Catalina logs we have the error:

2024-03-25 11:09:39,361 [https-jsse-nio-443-exec-7] ERROR c.e.s.s.w.s.ScaleIOSecurityUtils - Password can't be empty
org.springframework.security.authentication.BadCredentialsException: Not Authenticated

To Reproduce
Install the PowerFlex Gateway and try the REST API

Below are the steps and fix

pflex.gateway.failure.and.fix.mp4

Expected behavior
MDM certificate must be auto-validated by the playbook instead of requesting a manual validation

System Information (please complete the following information):

  • OS/Version: SLES 15.4
  • Ansible Version: 4.x
  • Python Version: 3.6
@coulof coulof added type/bug Something isn't working needs-triage Triage required labels Mar 26, 2024
@anupamaloke
Copy link
Collaborator

@coulof , thank you for submitting this request. We will prioritize this and will add support in future releases.

@Bhavneet-Sharma
Copy link
Collaborator

Bhavneet-Sharma commented Nov 26, 2024
edited
Loading

We're able to reproduce the issue for PowerFlex 3.6.x. and working this fix to include in the collection asap. Bases on the investigation, the possible fix for issue are as following:

Method 1: GW API to upload the certs

  1. Get token:

gw_ip=<gw_IP>; mdm_pass='<mdm_pass>';token=curl -k -u admin:$mdm_pass https://$gw_ip/api/login| sed 's/\"//g'

  1. Pull remote MDM cert:

mdm_ip=<mdm_ip>; curl -k -u admin:$token https://$gw_ip/api/getHostCertificate/Mdm?host=$mdm_ip > /tmp/mdm.cer

  1. Upload MDM cert to GW trust:

curl -k -u admin:$token -F "file=@/tmp/mdm.cer" https://$gw_ip/api/trustHostCertificate/Mdm

Method 2: SCP/Keytool upload

1). From the GW, SCP the MDM cert to the GW and upload it to the trust:

mdm_ip1=<mdm_ip>; scp root@$mdm_ip1:/opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem /tmp/ ; openssl x509 outform der -in /tmp/mdm_management_certificate.pem -out /tmp/mdm.der ; keytool -import -trustcacerts -alias "ou=asd, o=emc, c=us, st=massachusetts, l=hopkinton, cn=scaleio$mdm_ip1, givenname=$primarymdmname" -file /tmp/mdm.der -keystore /opt/emc/scaleio/gateway/webapps/ROOT/WEB-INF/classes/certificates/truststore.jks -storepass changeit

2). Restart GW:

service scaleio-gateway restart

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-triage Triage required type/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@anupamaloke @coulof @Bhavneet-Sharma