cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kishan Kavala <Kishan.Kav...@citrix.com>
Subject RE: Upgrade to 3.0.2 Encrypt password
Date Tue, 12 Jun 2012 07:14:23 GMT
Facundo,
  Password in host_details should be encrypted. Please encrypt the password before inserting
into host_details table.

1. Encrypt kvm host password using the below command
	java -classpath /usr/share/java/cloud-jasypt-1.8.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI
encrypt.sh input=<kvm-host-password> password=<db-secret-key> verbose=false
2. Insert encrypted password(output of step #1) into host_details table instead of plain password
(If the password is already inserted, update the existing password instead of inserting again)
	insert into cloud.host_details (host_id, name, value) VALUES (the-id-of-host,"password",
encrypted- password)

db-secret-key in step # 1 is the DB secret key provided to cloud-setup-databases/cloud-setup-encryption
during installation/upgrade with -k flag. Default secret key is password.

Please file a bug for this issue at http://bugs.cloudstack.org

~kishan

> -----Original Message-----
> From: Facundo Guerrero [mailto:fguerrero@ipaddress.com.ar]
> Sent: Tuesday, 12 June 2012 3:37 AM
> To: cloudstack-users@incubator.apache.org
> Subject: Upgrade to 3.0.2 Encrypt password
> 
> I'm updateting my cloudstack 3.0.1 to 3.0.2 i use KVM as hypervisor, in the
> release notes says that i need to run this 2 inserts into the mysql server
> 
> insert into cloud.host_details (host_id, name, value) VALUES (the-id-of-
> host,"username", the-actual-host-user-name) insert into cloud.host_details
> (host_id, name, value) VALUES (the-id-of-host,"password", the-actual-host-
> password)
> 
> When i add this i see a error in the management server that says that can't
> decrypt the password. http://paste.cloudstack.org/rkdd/
> 
> Which is the correct metod to add this password ?
> 
> 
> 
> Thanks.
> 


Mime
View raw message