directdownload: fix keytool importcert

[weizhouapache]

This fixes #11112

the command does not work on oraclelinux 8, which causes registration of direct download with https failed.

$ /usr/bin/keytool -importcert file /etc/cloudstack/agent/CSCERTIFICATE-full -keystore /etc/cloudstack/agent/cloud.jks -alias full -storepass DAWsfkJeeGrmhta6
Illegal option:  file
keytool -importcert [OPTION]...

Imports a certificate or a certificate chain

Options:

 -noprompt               do not prompt
 -trustcacerts           trust certificates from cacerts
 -protected              password through protected mechanism
 -alias <alias>          alias name of the entry to process
 -file <file>            input file name
 -keypass <arg>          key password
 -keystore <keystore>    keystore name
 -cacerts                access the cacerts keystore
 -storepass <arg>        keystore password
 -storetype <type>       keystore type
 -providername <name>    provider name
 -addprovider <name>     add security provider by name (e.g. SunPKCS11)
   [-providerarg <arg>]    configure argument for -addprovider
 -providerclass <class>  add security provider by fully-qualified class name
   [-providerarg <arg>]    configure argument for -providerclass
 -providerpath <list>    provider classpath
 -v                      verbose output

Use "keytool -?, -h, or --help" for this help message

Description

This PR...

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 5 lines in your changes missing coverage. Please review.

Project coverage is 15.18%. Comparing base (cbd2b5a) to head (e5326d7).
Report is 2 commits behind head on 4.19.

Files with missing lines	Patch %	Lines
...direct/download/HttpsDirectTemplateDownloader.java	0.00%	4 Missing ⚠️
...tSetupDirectDownloadCertificateCommandWrapper.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##               4.19   #11113   +/-   ##
=========================================
  Coverage     15.17%   15.18%           
+ Complexity    11363    11362    -1     
=========================================
  Files          5416     5415    -1     
  Lines        475911   475860   -51     
  Branches      58096    58093    -3     
=========================================
+ Hits          72241    72266   +25     
+ Misses       395584   395506   -78     
- Partials       8086     8088    +2     

Flag	Coverage Δ
uitests	4.28% <ø> (ø)
unittests	15.91% <0.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[kiranchavala]

@blueorangutan package

[blueorangutan]

@kiranchavala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✔️ debian ✖️ suse15. SL-JID 13975

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13979

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14005

[weizhouapache]

@blueorangutan test

[blueorangutan]

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-13669)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 49062 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11113-t13669-kvm-ol8.zip
Smoke tests completed. 133 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[sureshanaparti]

clgtm

[kiranchavala]

LGTM

Tested with ol8 and direct download template registration works fine after the API is executed

https://cloudstack.apache.org/api/apidocs-4.20/apis/uploadTemplateDirectDownloadCertificate.html

Steps

1. Execute the command

openssl s_client -showcerts -servername download.cloudstack.org -connect download.cloudstack.org:443 </dev/null 2>/dev/null | awk '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/{ print }' > cloudstack.pem

2. Upload to cloudstack

cmk upload templatedirectdownloadcertificate certificate="$(cat cloudstack.pem)" hypervisor=kvm name=cloudstackdownload zoneid=6732a2ff-b30d-4f4b-b520-c8f5809d693e

3. Login to the kvm host to verify if the certificate got uploaded

keytool -list -keystore /etc/cloudstack/agent/cloud.jks -storepass $(grep keystore.passphrase /etc/cloudstack/agent//agent.properties |cut -d "=" -f2)

[weizhouapache]

Merged based on approvals and manual test by @kiranchavala
thanks @sureshanaparti @kiranchavala