cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kishan Kavala (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CLOUDSTACK-447) When setting system.vm.random.password to true in the global configuration CS management fails to start
Date Thu, 08 Nov 2012 19:04:12 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kishan Kavala resolved CLOUDSTACK-447.
--------------------------------------

    Resolution: Not A Problem

Sander,
  Few config params are encrypted (configs with category Hidden and Secure).  So when the
config value was modified with unencrypted data MS failed to decrypt this value.

You should instead encrypt the value and update the DB using the command below:

java -classpath /usr/share/java/cloud-jasypt-1.8.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI
encrypt.sh input=<clearText> password=<secretKey> verbose=false

for more info: http://wiki.cloudstack.org/display/DesignDocs/Security+Enhancements

                
> When setting system.vm.random.password to true in the global configuration CS management
fails to start
> -------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-447
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-447
>             Project: CloudStack
>          Issue Type: Bug
>          Components: Management Server
>    Affects Versions: 4.0.0
>         Environment: centos 6.3 - cloudstack global configuration
>            Reporter: Roeland Kuipers
>            Assignee: Kishan Kavala
>
> When setting system.vm.random.password to true in the global configuration  CS management
fails to start. (stacktrace below)
> When this value is set an additional row (hidden) is being created:
> 'Hidden', 'DEFAULT', 'management-server', 'system.vm.password', 'w7jPXth2', 'randmon
password generated each management server starts for system vm'
> When removing this row from the config table and setting system.vm.random.password to
false, CS mgmt service starts agains.
> When looking at the stacktrace it appears it expects some sort of encryption of this
value. (assumption)
> STACKTRACE:
> 2012-11-06 11:08:02,982 DEBUG [utils.crypt.DBEncryptionUtil] (main:null) Error while
decrypting: w7jPXth2
> 2012-11-06 11:08:02,983 ERROR [utils.component.ComponentLocator] (main:null) Unable to
load configuration for management-server from components.xml
> net.sf.cglib.core.CodeGenerationException: org.jasypt.exceptions.EncryptionOperationNotPossibleException-->null
>         at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:235)
>         at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:220)
>         at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:216)
>         at net.sf.cglib.proxy.Enhancer.createUsingReflection(Enhancer.java:643)
>         at net.sf.cglib.proxy.Enhancer.firstInstance(Enhancer.java:538)
>         at net.sf.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:225)
>         at net.sf.cglib.proxy.Enhancer.createHelper(Enhancer.java:377)
>         at net.sf.cglib.proxy.Enhancer.create(Enhancer.java:285)
>         at com.cloud.utils.component.ComponentLocator.createInstance(ComponentLocator.java:343)
>         at com.cloud.utils.component.ComponentLocator.parse(ComponentLocator.java:250)
>         at com.cloud.utils.component.ComponentLocator.getLocatorInternal(ComponentLocator.java:836)
>         at com.cloud.utils.component.ComponentLocator.getLocator(ComponentLocator.java:874)
>         at com.cloud.servlet.CloudStartupServlet.init(CloudStartupServlet.java:48)
>         at javax.servlet.GenericServlet.init(GenericServlet.java:212)
>         at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)
>         at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
>         at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4187)
>         at org.apache.catalina.core.StandardContext.start(StandardContext.java:4496)
>         at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
>         at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
>         at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
>         at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
>         at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
>         at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
>         at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
>         at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
>         at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
>         at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
>         at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
>         at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
>         at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>         at org.apache.catalina.core.StandardService.start(StandardService.java:516)
>         at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
>         at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
> Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException
>         at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:918)
>         at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
>         at com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:65)
>         at com.cloud.configuration.ConfigurationVO.getValue(ConfigurationVO.java:92)
>         at com.cloud.configuration.dao.ConfigurationDaoImpl.getConfiguration(ConfigurationDaoImpl.java:74)
>         at com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:34)
>         at com.cloud.configuration.dao.ConfigurationDaoImpl.getConfiguration(ConfigurationDaoImpl.java:104)
>         at com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:34)
>         at com.cloud.server.ManagementServerImpl.<init>(ManagementServerImpl.java:376)
>         at com.cloud.server.ManagementServerExtImpl.<init>(ManagementServerExtImpl.java:55)
>         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>         at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>         at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>         at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
>         at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:228)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message