KVM hosts fail to connect if there is more than one IP address on the host #2530
Description
The secure hosts feature appears to detect the IP address that it uses to identify itself. if there is more than one IP address associated with the host, then it often returns the incorrect IP.
The mgmt log would show:
2018-03-14 18:13:10,020 DEBUG [o.a.c.c.p.RootCACustomTrustManager] (pool-77-thread-1:null) (logid:) A client/agent attempting connection from address=10.0.0.19 has presented these certificate(s):
Certificate [1] :
Serial: 7dc845e9c253e9fc
Not Before:Wed Mar 14 06:06:39 UTC 2018
Not After:Thu Mar 14 18:06:39 UTC 2019
Signature Algorithm:SHA256withRSA
Version:3
Subject DN:C=cloudstack, O=cloudstack, OU=cloudstack, CN=PhysHost2
Issuer DN:CN=ca.cloudstack.apache.org
Alternative Names:[[7, 10.5.2.12], [2, 10.5.2.12]]
Certificate [2] :
Serial: 9498673f271fef0e
Not Before:Wed Mar 14 05:40:42 UTC 2018
Not After:Fri Mar 06 17:40:42 UTC 2048
Signature Algorithm:SHA256withRSA
Version:3
Subject DN:CN=ca.cloudstack.apache.org
Issuer DN:CN=ca.cloudstack.apache.org
Alternative Names:null
2018-03-14 18:13:10,022 ERROR [o.a.c.c.p.RootCACustomTrustManager] (pool-77-thread-1:null) (logid:) Certificate ownership verification failed for client: 10.0.0.19
2018-03-14 18:13:10,022 ERROR [c.c.u.n.Link] (AgentManager-SSLHandshakeHandler-1:null) (logid:) SSL error caught during wrap data: General SSLEngine problem, for local address=/10.2.2.96:8250, remote address=/10.0.0.19:45810.
10.0.0.19 is a unrelated monitoring interface
I believe that the client should identify itself using the IP or hostname which was passed when adding the KVM host to CloudStack.