cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kishan Kavala (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-4115) [upgrade][2.2.14 to 4.2]After upgrade the ESX 4.1 host ends up in disconnected state with EncryptionOperationNotPossibleException
Date Wed, 07 Aug 2013 11:47:47 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-4115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13731898#comment-13731898
] 

Kishan Kavala commented on CLOUDSTACK-4115:
-------------------------------------------

Following is the workaround:
In cluster_details table value column is encrypted when name is password in an earlier release
but upgrade code to encrypt the existing entries was missed. As result DB might have few values
in plain text.

The solution is to replace that plain text password with an encrypted equivalent.

1. Encrypt the password for the vCenter account used by CloudStack and make note of the resulting
ciphertext:
java -classpath /usr/share/java/cloud-jasypt-1.8.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI
encrypt.sh input="_your_vCenter_password_" password="`cat /etc/cloud/management/key`" verbose=false
2. Back up the database:
mysqldump -u root -p cloud > cloud_backup.sql
3. Find the id of the correct row of cluster_details to update... i.e. the row with the plain
text password:
select * from cluster_details;
4. Update the plain text password with the encrypted one (be very careful to update the correct
row):
update cluster_details set value = '_ciphertext_from_step_1_' where id = _id_from_step_3_;
5. Check the table again to confirm it looks good:
select * from cluster_details;

Once that is done, try adding the host again.
                
> [upgrade][2.2.14 to 4.2]After upgrade the ESX 4.1 host ends up in disconnected state
with EncryptionOperationNotPossibleException
> ---------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-4115
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4115
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Upgrade, VMware
>    Affects Versions: 4.2.0
>         Environment: upgrade from 2.2.14 to 4.2 on CentOS 5.6 management srver
> ESX 4.1 host
>            Reporter: Abhinav Roy
>            Assignee: Kishan Kavala
>            Priority: Blocker
>             Fix For: 4.2.0
>
>         Attachments: DB_DUMP_Cloud_after_upgrade.dmp, DB_DUMP_Cloud_before_upgrade.dmp,
management-server-after_upgrade.log, management-server-before_upgrade.log
>
>
> Steps :
> ================
> 1. Deploy a CS advanced zone setup with CS 2.2.14
> 2. Do some configurations.
> 3. upgrade to 4.2, then run cloudstack-setup-encryption and start management server
> Expected behaviour:
> ===============
> The upgrade should go through and the host should stay connected 
> Observed behaviour :
> ===============
> The host ends up in disconnected state after upgrade .
> 2013-08-06 21:37:01,972 DEBUG [agent.manager.ClusteredAgentManagerImpl] (ClusteredAgentManager
Timer:null) Loading directly connected host 1(10.102.192.17)
> 2013-08-06 21:37:02,060 DEBUG [utils.crypt.DBEncryptionUtil] (ClusteredAgentManager Timer:null)
Error while decrypting: freebsd*123
> 2013-08-06 21:37:02,061 DEBUG [cloud.host.Status] (ClusteredAgentManager Timer:null)
Transition:[Resource state = Enabled, Agent event = AgentDisconnected, Host id = 1, name =
10.102.192.17]
> 2013-08-06 21:37:02,071 DEBUG [cloud.host.Status] (ClusteredAgentManager Timer:null)
Agent status update: [id = 1; name = 10.102.192.17; old status = Disconnected; event = AgentDisconnected;
new status = Disconnected; old update count = 4; new update count = 5]
> 2013-08-06 21:37:02,071 WARN  [agent.manager.ClusteredAgentManagerImpl] (ClusteredAgentManager
Timer:null)  can not load directly connected host 1(10.102.192.17) due to
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
>         at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:918)
>         at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
>         at com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:65)
>         at com.cloud.dc.ClusterDetailsDaoImpl.findDetails(ClusterDetailsDaoImpl.java:81)
>         at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
>         at com.cloud.hypervisor.vmware.VmwareServerDiscoverer.buildConfigParams(VmwareServerDiscoverer.java:730)
>         at com.cloud.hypervisor.vmware.VmwareServerDiscoverer.reloadResource(VmwareServerDiscoverer.java:760)
>         at com.cloud.agent.manager.AgentManagerImpl.loadDirectlyConnectedHost(AgentManagerImpl.java:743)
>         at com.cloud.agent.manager.ClusteredAgentManagerImpl.scanDirectAgentToLoad(ClusteredAgentManagerImpl.java:209)
>         at com.cloud.agent.manager.ClusteredAgentManagerImpl.runDirectAgentScanTimerTask(ClusteredAgentManagerImpl.java:175)
>         at com.cloud.agent.manager.ClusteredAgentManagerImpl.access$100(ClusteredAgentManagerImpl.java:93)
>         at com.cloud.agent.manager.ClusteredAgentManagerImpl$DirectAgentScanTimerTask.run(ClusteredAgentManagerImpl.java:225)
>         at java.util.TimerThread.mainLoop(Timer.java:534)
>         at java.util.TimerThread.run(Timer.java:484)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message