cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kishan Kavala (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CLOUDSTACK-1792) AWS Regions - RuntimeException while executing listAccounts() , when the encryption keys are set to different values between regions.
Date Mon, 25 Mar 2013 13:17:15 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-1792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kishan Kavala resolved CLOUDSTACK-1792.
---------------------------------------

    Resolution: Fixed

Updated spec. Database secret key should be same across regions.
                
> AWS Regions - RuntimeException while executing listAccounts() , when the encryption keys
are set to different values between regions. 
> --------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-1792
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1792
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.1.0
>         Environment: Latest build from 4.1
>            Reporter: Sangeetha Hariharan
>            Assignee: Kishan Kavala
>             Fix For: 4.1.0
>
>
> Steps to reproduce the problem:
> Install a 1 management server.
> Use cloud-setup-databases cloud:<dbpassword>@localhost --deploy-as=root:<password>

> Note - I did not provide any management_server_key/database_key.
> Follow these steps to install 2nd region:
> 1. Install a 2nd CS instance.
> 2. While installing database set region_id using -r option in cloud-setup-databases script.
> cloud-setup-databases cloud:<dbpassword>@localhost --deploy-as=root:<password>
-e <encryption_type> -m <management_server_key> -k <database_key> -r <region_id>
> Note I provided "region3" as the management_server_key and database_key
> 3. Start mgmt server
> 4. Using addRegion API, add region 1 to region 2 and also region 2 to region 1.
> 5. copy account/user/domain tables from Region1 DB to Region2 DB:
>     mysqldump -u cloud -p -h <region1_db_host> cloud account user domain > region1.sql
>     mysql -u cloud -p -h <region2_db_host> cloud < region1.sql      
> 6. Remove project accounts after copying: 
>     mysql> delete from account where type = 5; 
> 7. Set default zone as null 
>     mysql> update account set default_zone_id = null; 
> 8. Restart mgmt servers in region 2
> Log in to UI as admin.
> Try to list accounts. We see a JDBC error being presented to the user.
> Following exception seen in management server logs:
> 2013-03-22 13:35:46,421 ERROR [cloud.api.ApiServer] (catalina-exec-12:null) unhandled
exception executing api com
> mand: listAccounts
> com.cloud.utils.exception.CloudRuntimeException: Caught: com.mysql.jdbc.JDBC4PreparedStatement@2ae0c389:
SELECT u
> ser_view.id, user_view.uuid, user_view.username, user_view.password, user_view.firstname,
user_view.lastname, use
> r_view.email, user_view.state, user_view.api_key, user_view.secret_key, user_view.created,
user_view.removed, use
> r_view.timezone, user_view.registration_token, user_view.is_registered, user_view.incorrect_login_attempts,
user_
> view.account_id, user_view.account_uuid, user_view.account_name, user_view.account_type,
user_view.domain_id, use
> r_view.domain_uuid, user_view.domain_name, user_view.domain_path, user_view.job_id, user_view.job_uuid,
user_view
> .job_status FROM user_view WHERE user_view.account_id = 4
>         at com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:417)
>         at com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:350)
>         at com.cloud.api.query.dao.UserAccountJoinDaoImpl.searchByAccountId(UserAccountJoinDaoImpl.java:120)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocatio
> n.java:183)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:1
> 50)
>         at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceeding
> JoinPoint.java:80)
>         at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:39)
>         at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJA
> dvice.java:621)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:61
> 0)
>         at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:1
> 72)
>         at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.jav
> a:90)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:1
> 72)
>         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
>         at $Proxy91.searchByAccountId(Unknown Source)
>         at com.cloud.api.ApiDBUtils.findUserViewByAccountId(ApiDBUtils.java:1394)
>         at com.cloud.api.query.dao.AccountJoinDaoImpl.newAccountResponse(AccountJoinDaoImpl.java:161)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
>         at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
>         at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:39)
>         at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
>         at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
>         at $Proxy391.newAccountResponse(Unknown Source)
>         at com.cloud.api.ApiDBUtils.newAccountResponse(ApiDBUtils.java:1452)
>         at com.cloud.api.query.ViewResponseHelper.createAccountResponse(ViewResponseHelper.java:270)
>         at com.cloud.api.query.QueryManagerImpl.searchForAccounts(QueryManagerImpl.java:1613)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
>         at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
>         at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:45)
>         at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
>         at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
>         at $Proxy394.searchForAccounts(Unknown Source)
>         at org.apache.cloudstack.api.command.user.account.ListAccountsCmd.execute(ListAccountsCmd.java:88)
>         at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
>         at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>         at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:689)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
>         at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
>         at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:45)
>         at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
>         at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:622)
>         at com.cloud.api.ApiServer.queueCommand(ApiServer.java:500)
>         at com.cloud.api.ApiServer.handleRequest(ApiServer.java:349)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
>         at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
>         at com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:45)
>         at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
>         at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
>         at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
>         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
>         at $Proxy380.handleRequest(Unknown Source)
>         at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:302)
>         at com.cloud.api.ApiServlet.doGet(ApiServlet.java:66)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>         at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
>         at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:889)
>         at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:721)
>         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2268)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
>         at java.lang.Thread.run(Thread.java:679)
> Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException
>         at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:981)
>         at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
>         at com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:65)
>         at com.cloud.utils.db.GenericDaoBase.setField(GenericDaoBase.java:512)
>         at com.cloud.utils.db.GenericDaoBase.setField(GenericDaoBase.java:1686)
>         at com.cloud.utils.db.GenericDaoBase.toEntityBean(GenericDaoBase.java:1566)
>         at com.cloud.utils.db.GenericDaoBase.toEntityBean(GenericDaoBase.java:1527)
>         at com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:411)
>         ... 127 more
> 2013-03-22 13:29:17,145 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) ===END===
 10.217.252.128 -- GET  command=listAccounts&response=json&sessionkey=YGp7ORG9gLBFiIn2%2BotEJf4HZtQ%3D&listAll=true&page=1&pagesize=20&_=1363984186964
> apilog.log:
> 2013-03-22 13:29:17,144 INFO  [cloud.api.ApiServer] (catalina-exec-8:null) (userId=2
accountId=2 sessionId=7FD66EA2621EAB9FF722953E1619A5DB) 10.217.252.128 -- GET command=listAccounts&response=json&sessionkey=YGp7ORG9gLBFiIn2%2BotEJf4HZtQ%3D&listAll=true&page=1&pagesize=20&_=1363984186964
530 Caught: com.mysql.jdbc.JDBC4PreparedStatement@4e2f40f4: SELECT user_view.id, user_view.uuid,
user_view.username, user_view.password, user_view.firstname, user_view.lastname, user_view.email,
user_view.state, user_view.api_key, user_view.secret_key, user_view.created, user_view.removed,
user_view.timezone, user_view.registration_token, user_view.is_registered, user_view.incorrect_login_attempts,
user_view.account_id, user_view.account_uuid, user_view.account_name, user_view.account_type,
user_view.domain_id, user_view.domain_uuid, user_view.domain_name, user_view.domain_path,
user_view.job_id, user_view.job_uuid, user_view.job_status FROM user_view WHERE user_view.account_id
= 4

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message