Cloudstack agent for KVM

[kricud]

ISSUE TYPE

• Bug Report

COMPONENT NAME

Cloudstack agent for KVM

CLOUDSTACK VERSION

4.15.2.0

CONFIGURATION

OS / ENVIRONMENT

Ubuntu 18.04.6 LTS

SUMMARY

/usr/share/cloudstack-common/scripts/util/keystore-setup
This script is not excluding fe80 / link-local address and cloudstack agent certificate contains 300+ fe80 san names in it.

From:
ip address | grep inet | awk '{print $2}' | sed 's//.*//g' | grep -v '^169.254.' | grep -v '^127.0.0.1' | grep -v '^::1' | sed 's/^/ip:/g' | tr '\r\n' ','

To:
ip address | grep inet | awk '{print $2}' | sed 's//.*//g' | grep -v '^169.254.' | grep -v '^127.0.0.1' | egrep -v '^::1|^fe80' | sed 's/^/ip:/g' | tr '\r\n' ','

STEPS TO REPRODUCE

IPv6 must be enabled on host

EXPECTED RESULTS

Cloudstack agent for KVM certificate SAN contains only routable IPs

ACTUAL RESULTS

Cloudstack agent for KVM certificate SAN contains fe80/link-local IPs

[yadvr]

@harikrishna-patnala pl discuss with @nvazquez or @Pearl1594 if needed, this is related to how certificates are generated for agent.

[harikrishna-patnala]

Hi @kricud, I've tried to fix this as part of the PR #6530.

Can you please help me verify it.

[kricud]

@harikrishna-patnala

It works as expected:

acs@kvm05-dev:~$ ip address | grep inet | awk '{print $2}' | sed 's/\/.*//g' | grep -v '^169.254.' | grep -v '^127.0.0.1' | egrep -v '^::1|^fe80' | grep -v '^::1' | sed 's/^/ip:/g' | tr '\r\n' ','
ip:10.170.1.14,ip:10.170.0.14,
acs@kvm05-dev:~$ ip address | grep inet | awk '{print $2}' | sed 's/\/.*//g' | grep -v '^169.254.' | grep -v '^127.0.0.1' | grep -v '^::1' | sed 's/^/ip:/g' | tr '\r\n' ','
ip:10.170.1.14,ip:fe80::c4af:5cff:fe86:e7b1,ip:10.170.0.14,ip:fe80::e8d0:1bff:fe72:a9b7,

[yadvr]

Fixed in #6530