[
https://issues.apache.org/jira/browse/CLOUDSTACK-447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kishan Kavala resolved CLOUDSTACK-447.
--------------------------------------
Resolution: Not A Problem
Sander,
Few config params are encrypted (configs with category Hidden and Secure).
So when the config value was modified with unencrypted data MS failed to
decrypt this value.
You should instead encrypt the value and update the DB using the command below:
java -classpath /usr/share/java/cloud-jasypt-1.8.jar
org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh input=<clearText>
password=<secretKey> verbose=false
for more info:
http://wiki.cloudstack.org/display/DesignDocs/Security+Enhancements
> When setting system.vm.random.password to true in the global configuration CS
> management fails to start
> -------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-447
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-447
> Project: CloudStack
> Issue Type: Bug
> Components: Management Server
> Affects Versions: 4.0.0
> Environment: centos 6.3 - cloudstack global configuration
> Reporter: Roeland Kuipers
> Assignee: Kishan Kavala
>
> When setting system.vm.random.password to true in the global configuration
> CS management fails to start. (stacktrace below)
> When this value is set an additional row (hidden) is being created:
> 'Hidden', 'DEFAULT', 'management-server', 'system.vm.password', 'w7jPXth2',
> 'randmon password generated each management server starts for system vm'
> When removing this row from the config table and setting
> system.vm.random.password to false, CS mgmt service starts agains.
> When looking at the stacktrace it appears it expects some sort of encryption
> of this value. (assumption)
> STACKTRACE:
> 2012-11-06 11:08:02,982 DEBUG [utils.crypt.DBEncryptionUtil] (main:null)
> Error while decrypting: w7jPXth2
> 2012-11-06 11:08:02,983 ERROR [utils.component.ComponentLocator] (main:null)
> Unable to load configuration for management-server from components.xml
> net.sf.cglib.core.CodeGenerationException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException-->null
> at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:235)
> at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:220)
> at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:216)
> at
> net.sf.cglib.proxy.Enhancer.createUsingReflection(Enhancer.java:643)
> at net.sf.cglib.proxy.Enhancer.firstInstance(Enhancer.java:538)
> at
> net.sf.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:225)
> at net.sf.cglib.proxy.Enhancer.createHelper(Enhancer.java:377)
> at net.sf.cglib.proxy.Enhancer.create(Enhancer.java:285)
> at
> com.cloud.utils.component.ComponentLocator.createInstance(ComponentLocator.java:343)
> at
> com.cloud.utils.component.ComponentLocator.parse(ComponentLocator.java:250)
> at
> com.cloud.utils.component.ComponentLocator.getLocatorInternal(ComponentLocator.java:836)
> at
> com.cloud.utils.component.ComponentLocator.getLocator(ComponentLocator.java:874)
> at
> com.cloud.servlet.CloudStartupServlet.init(CloudStartupServlet.java:48)
> at javax.servlet.GenericServlet.init(GenericServlet.java:212)
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)
> at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
> at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4187)
> at
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4496)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
> at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
> at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
> at
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
> at
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
> at
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
> at
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
> at
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
> at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
> at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
> at
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:516)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
> Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:918)
> at
> org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
> at
> com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:65)
> at
> com.cloud.configuration.ConfigurationVO.getValue(ConfigurationVO.java:92)
> at
> com.cloud.configuration.dao.ConfigurationDaoImpl.getConfiguration(ConfigurationDaoImpl.java:74)
> at
> com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:34)
> at
> com.cloud.configuration.dao.ConfigurationDaoImpl.getConfiguration(ConfigurationDaoImpl.java:104)
> at
> com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:34)
> at
> com.cloud.server.ManagementServerImpl.<init>(ManagementServerImpl.java:376)
> at
> com.cloud.server.ManagementServerExtImpl.<init>(ManagementServerExtImpl.java:55)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
> at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:228)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
