cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicolas Lamirault (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-2194) Upgrade from 2.2.14 to 4.1.0 failed due to encryption error
Date Thu, 25 Apr 2013 16:02:16 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-2194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13641912#comment-13641912
] 

Nicolas Lamirault commented on CLOUDSTACK-2194:
-----------------------------------------------

According to file "server/src/com/cloud/upgrade/dao/Upgrade2214to30.java",  there is a method
which is responsible for data encryption :

private void encryptConfigValues(Connection conn) {
        s_logger.debug("Encrypting Config values");
        PreparedStatement pstmt = null;
        ResultSet rs = null;
        try {
            pstmt = conn.prepareStatement("select name, value from `cloud`.`configuration`
where category in ('Hidden', 'Secure')");
            rs = pstmt.executeQuery();
            while (rs.next()) {
                String name = rs.getString(1);
                String value = rs.getString(2);
                if (value == null) {
                    continue;
                }
                String encryptedValue = DBEncryptionUtil.encrypt(value);
                pstmt = conn.prepareStatement("update `cloud`.`configuration` set value=?
where name=?");
                pstmt.setBytes(1, encryptedValue.getBytes("UTF-8"));
                pstmt.setString(2, name);
                pstmt.executeUpdate();
            }
        } catch (SQLException e) {
            throw new CloudRuntimeException("Unable encrypt configuration values ", e);
        } catch (UnsupportedEncodingException e) {
            throw new CloudRuntimeException("Unable encrypt configuration values ", e);
        } finally {
            try {
                if (rs != null) {
                    rs.close();
                }

                if (pstmt != null) {
                    pstmt.close();
                }
            } catch (SQLException e) {
            }
        }
        s_logger.debug("Done encrypting Config values");
    }


But before database upgrade process, CS try to read configuration. And all entries which have
category=hidden aren't encrypted.
                
> Upgrade from 2.2.14 to 4.1.0 failed due to encryption error
> -----------------------------------------------------------
>
>                 Key: CLOUDSTACK-2194
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2194
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.1.0
>            Reporter: Nicolas Lamirault
>            Priority: Blocker
>             Fix For: 4.1.0
>
>
> i'm trying to upgrade from 2.2.14 to 4.1.0.
> After setting encryption like that : 
> $> cloud-setup-encryption -m cloudstackprp -k cloudstackprp
> Preparing /etc/cloud/management/db.properties                                    [ OK
]
> Processing encryption ...                                                           
        [ OK ]
> Finalizing setup ...                                                                
             [ OK ]
> CloudStack has successfully setup Encryption
> I start Cloudstack. Output logs are here : http://pastebin.com/ZE99v90D
> db.properties content is :
>  $> grep -v "#" /etc/cloudstack/management/db.properties|sort
> cluster.node.IP=127.0.0.1
> cluster.servlet.port=9090
> db.awsapi.host=cloud-sql01-prp.cloud
> db.awsapi.name=cloudbridge
> db.awsapi.password=cloudstackprp
> db.awsapi.port=3306
> db.awsapi.username=cloudstackprp
> db.cloud.autoReconnect=true
> db.cloud.encryption.type=file
> db.cloud.encrypt.secret=ENC(dKaV+o5+JqtVi2tfo9xVn6eyUatFXwfZ)
> db.cloud.host=cloud-sql01-prp.cloud
> db.cloud.keyStore=
> db.cloud.keyStorePassword=
> db.cloud.maxActive=250
> db.cloud.maxIdle=30
> db.cloud.maxWait=10000
> db.cloud.minEvictableIdleTimeMillis=240000
> db.cloud.name=cloud
> db.cloud.password=ENC(IhnVBWyQT2ES/YNjPleAz6GXHoGrVsvq)
> db.cloud.poolPreparedStatements=false
> db.cloud.port=3306
> db.cloud.testOnBorrow=true
> db.cloud.testWhileIdle=true
> db.cloud.timeBetweenEvictionRunsMillis=40000
> db.cloud.trustStore=
> db.cloud.trustStorePassword=
> db.cloud.url.params=prepStmtCacheSize=517&cachePrepStmts=true
> db.cloud.username=cloudstackprp
> db.cloud.useSSL=false
> db.cloud.validationQuery=SELECT 1
> db.simulator.autoReconnect=true
> db.simulator.host=cloud-sql01-prp.cloud
> db.simulator.maxActive=250
> db.simulator.maxIdle=30
> db.simulator.maxWait=10000
> db.simulator.name=simulator
> db.simulator.password=cloudstackprp
> db.simulator.port=3306
> db.simulator.username=cloudstackprp
> db.usage.autoReconnect=true
> db.usage.host=cloud-sql01-prp.cloud
> db.usage.maxActive=100
> db.usage.maxIdle=30
> db.usage.maxWait=10000
> db.usage.name=cloud_usage
> db.usage.password=ENC(K57vTmW5CYCKY5P0B4NoeUchMwBPb1Z3)
> db.usage.port=3306
> db.usage.username=cloudstackprp
> region.id=1

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message