XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    sdn certs module

    Xen Orchestra
    3
    15
    759
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BenjiReisB
      BenjiReis Vates πŸͺ XCP-ng Team πŸš€
      last edited by

      Hello,

      There's 2 ways to use the SDN controller as for the certificates:

      • You can provide the vertificate yourself, if you arleardy have certificates, in this case you need to provide a path to the certificate directory in the plugin configuration and make sure that there is client-cert.pem, client-key.pem and ca-cert.pem in the directory
      • If you don't have certificates, the SDN controller can create them, but they will be self signed. To do so you just leave the certificate configuration path empty.

      Is that clear?

      Regards,
      Benjamin

      1 Reply Last reply Reply Quote 0
      • A
        adriangabura
        last edited by

        Well the autogenerator dosn't work when you build from source. Apparently it lacks the said module. So how do I install the node-openssl-cert module so it works in yarn?

        1 Reply Last reply Reply Quote 0
        • BenjiReisB
          BenjiReis Vates πŸͺ XCP-ng Team πŸš€
          last edited by

          That's strange, did you follow the official guide to build xen-orchestra from sources?
          All dependencies should be installed.

          1 Reply Last reply Reply Quote 0
          • BenjiReisB
            BenjiReis Vates πŸͺ XCP-ng Team πŸš€
            last edited by

            I've just tried locally from sources and everything went fine.

            Can you try to call yarn and then yarn build at the root of xen-orchestra repository?

            Thanks

            1 Reply Last reply Reply Quote 0
            • A
              adriangabura
              last edited by

              Ok, I'll try later today, thanks for the answers!

              1 Reply Last reply Reply Quote 0
              • A
                adriangabura
                last edited by adriangabura

                Ok, I tried again, same thing. So I run sudo yarn start in xo-server directory. And I watch the logs while I try to use the certs autogenerator. This is what I get:

                2019-07-29T18:20:46.778Z - xo:xo-server:sdn-controller - [DEBUG] No cert-dir provided, using default self-signed certificates
                2019-07-29T18:20:46.780Z - xo:xo-server:sdn-controller - [DEBUG] No default self-signed certificates exists, creating them
                2019-07-29T18:20:47.611Z - xo:xo-server:sdn-controller - [ERROR] Error while generating CA private key
                { error: false }
                
                

                As I said it's not a problem per se, I'm just trying to figure out out of curiosity why it doesn't work.

                1 Reply Last reply Reply Quote 0
                • olivierlambertO
                  olivierlambert Vates πŸͺ Co-Founder🦸 CEO πŸ§‘β€πŸ’Ό
                  last edited by

                  It could be something linked to your environment because it works on our side πŸ˜•

                  But why? Hard to tell. That's exactly the main reason why we do pro support only on a controlled environment (XOA, Xen Orchestra virtual Appliance), because otherwise you could have tons of external factors that make it fails.

                  Double check you are on latest master commit, ideally clone it from scratch and rebuild everything. Check your Node and npm version.

                  1 Reply Last reply Reply Quote 0
                  • BenjiReisB
                    BenjiReis Vates πŸͺ XCP-ng Team πŸš€
                    last edited by

                    Hi,

                    I've managed to reproduce you're error. It's not a build issue.
                    A fix is coming right away, I'll post it here once it's merged into master so you can get it. πŸ™‚

                    Thanks for the report.
                    Regards

                    1 Reply Last reply Reply Quote 0
                    • olivierlambertO
                      olivierlambert Vates πŸͺ Co-Founder🦸 CEO πŸ§‘β€πŸ’Ό
                      last edited by

                      @BenjiReis do you know the problematic commit in question?

                      1 Reply Last reply Reply Quote 0
                      • BenjiReisB
                        BenjiReis Vates πŸͺ XCP-ng Team πŸš€
                        last edited by

                        Yes it's 5396b90695fbe2c7a5f56d72a94a208517b2d517 but its not its only modification so it can't just be reverted.
                        This is a really quick fix I can push a branch today and it can be used waiting for the merge.

                        1 Reply Last reply Reply Quote 1
                        • BenjiReisB
                          BenjiReis Vates πŸͺ XCP-ng Team πŸš€
                          last edited by

                          Hi!

                          The fix is available on master. πŸ™‚
                          You should be able to generate certificate now.

                          1 Reply Last reply Reply Quote 1
                          • olivierlambertO
                            olivierlambert Vates πŸͺ Co-Founder🦸 CEO πŸ§‘β€πŸ’Ό
                            last edited by

                            Well done πŸ™‚

                            1 Reply Last reply Reply Quote 0
                            • A
                              adriangabura
                              last edited by

                              Great! Your team proves just how legendary it is once again! Thank you!

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post