[
https://issues.apache.org/jira/browse/CLOUDSTACK-1792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan reopened CLOUDSTACK-1792:
---------------------------------------------
Reopening this issue to get the following confirmation:
FS is updated for Database key to the be same across resgion.
Wanted to know about the “management_server_key” ? How is this being used ? Is
there a need for it to be the same as well across regions?
> AWS Regions - RuntimeException while executing listAccounts() , when the
> encryption keys are set to different values between regions.
> --------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-1792
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1792
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: 4.1.0
> Environment: Latest build from 4.1
> Reporter: Sangeetha Hariharan
> Assignee: Kishan Kavala
> Fix For: 4.1.0
>
>
> Steps to reproduce the problem:
> Install a 1 management server.
> Use cloud-setup-databases cloud:<dbpassword>@localhost
> --deploy-as=root:<password>
> Note - I did not provide any management_server_key/database_key.
> Follow these steps to install 2nd region:
> 1. Install a 2nd CS instance.
> 2. While installing database set region_id using -r option in
> cloud-setup-databases script.
> cloud-setup-databases cloud:<dbpassword>@localhost
> --deploy-as=root:<password> -e <encryption_type> -m <management_server_key>
> -k <database_key> -r <region_id>
> Note I provided "region3" as the management_server_key and database_key
> 3. Start mgmt server
> 4. Using addRegion API, add region 1 to region 2 and also region 2 to region
> 1.
> 5. copy account/user/domain tables from Region1 DB to Region2 DB:
> mysqldump -u cloud -p -h <region1_db_host> cloud account user domain >
> region1.sql
> mysql -u cloud -p -h <region2_db_host> cloud < region1.sql
> 6. Remove project accounts after copying:
> mysql> delete from account where type = 5;
> 7. Set default zone as null
> mysql> update account set default_zone_id = null;
> 8. Restart mgmt servers in region 2
> Log in to UI as admin.
> Try to list accounts. We see a JDBC error being presented to the user.
> Following exception seen in management server logs:
> 2013-03-22 13:35:46,421 ERROR [cloud.api.ApiServer] (catalina-exec-12:null)
> unhandled exception executing api com
> mand: listAccounts
> com.cloud.utils.exception.CloudRuntimeException: Caught:
> com.mysql.jdbc.JDBC4PreparedStatement@2ae0c389: SELECT u
> ser_view.id, user_view.uuid, user_view.username, user_view.password,
> user_view.firstname, user_view.lastname, use
> r_view.email, user_view.state, user_view.api_key, user_view.secret_key,
> user_view.created, user_view.removed, use
> r_view.timezone, user_view.registration_token, user_view.is_registered,
> user_view.incorrect_login_attempts, user_
> view.account_id, user_view.account_uuid, user_view.account_name,
> user_view.account_type, user_view.domain_id, use
> r_view.domain_uuid, user_view.domain_name, user_view.domain_path,
> user_view.job_id, user_view.job_uuid, user_view
> .job_status FROM user_view WHERE user_view.account_id = 4
> at
> com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:417)
> at
> com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:350)
> at
> com.cloud.api.query.dao.UserAccountJoinDaoImpl.searchByAccountId(UserAccountJoinDaoImpl.java:120)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocatio
> n.java:183)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:1
> 50)
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceeding
> JoinPoint.java:80)
> at
> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:39)
> at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJA
> dvice.java:621)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:61
> 0)
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:1
> 72)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.jav
> a:90)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:1
> 72)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
> at $Proxy91.searchByAccountId(Unknown Source)
> at
> com.cloud.api.ApiDBUtils.findUserViewByAccountId(ApiDBUtils.java:1394)
> at
> com.cloud.api.query.dao.AccountJoinDaoImpl.newAccountResponse(AccountJoinDaoImpl.java:161)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
> at
> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:39)
> at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
> at $Proxy391.newAccountResponse(Unknown Source)
> at com.cloud.api.ApiDBUtils.newAccountResponse(ApiDBUtils.java:1452)
> at
> com.cloud.api.query.ViewResponseHelper.createAccountResponse(ViewResponseHelper.java:270)
> at
> com.cloud.api.query.QueryManagerImpl.searchForAccounts(QueryManagerImpl.java:1613)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
> at
> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:45)
> at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
> at $Proxy394.searchForAccounts(Unknown Source)
> at
> org.apache.cloudstack.api.command.user.account.ListAccountsCmd.execute(ListAccountsCmd.java:88)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
> at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at
> org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:689)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
> at
> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:45)
> at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:622)
> at com.cloud.api.ApiServer.queueCommand(ApiServer.java:500)
> at com.cloud.api.ApiServer.handleRequest(ApiServer.java:349)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
> at
> com.cloud.utils.db.TransactionContextBuilder.AroundAnyMethod(TransactionContextBuilder.java:45)
> at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
> at $Proxy380.handleRequest(Unknown Source)
> at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:302)
> at com.cloud.api.ApiServlet.doGet(ApiServlet.java:66)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> at
> org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:889)
> at
> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:721)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2268)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException
> at
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:981)
> at
> org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
> at
> com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:65)
> at com.cloud.utils.db.GenericDaoBase.setField(GenericDaoBase.java:512)
> at
> com.cloud.utils.db.GenericDaoBase.setField(GenericDaoBase.java:1686)
> at
> com.cloud.utils.db.GenericDaoBase.toEntityBean(GenericDaoBase.java:1566)
> at
> com.cloud.utils.db.GenericDaoBase.toEntityBean(GenericDaoBase.java:1527)
> at
> com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:411)
> ... 127 more
> 2013-03-22 13:29:17,145 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null)
> ===END=== 10.217.252.128 -- GET
> command=listAccounts&response=json&sessionkey=YGp7ORG9gLBFiIn2%2BotEJf4HZtQ%3D&listAll=true&page=1&pagesize=20&_=1363984186964
> apilog.log:
> 2013-03-22 13:29:17,144 INFO [cloud.api.ApiServer] (catalina-exec-8:null)
> (userId=2 accountId=2 sessionId=7FD66EA2621EAB9FF722953E1619A5DB)
> 10.217.252.128 -- GET
> command=listAccounts&response=json&sessionkey=YGp7ORG9gLBFiIn2%2BotEJf4HZtQ%3D&listAll=true&page=1&pagesize=20&_=1363984186964
> 530 Caught: com.mysql.jdbc.JDBC4PreparedStatement@4e2f40f4: SELECT
> user_view.id, user_view.uuid, user_view.username, user_view.password,
> user_view.firstname, user_view.lastname, user_view.email, user_view.state,
> user_view.api_key, user_view.secret_key, user_view.created,
> user_view.removed, user_view.timezone, user_view.registration_token,
> user_view.is_registered, user_view.incorrect_login_attempts,
> user_view.account_id, user_view.account_uuid, user_view.account_name,
> user_view.account_type, user_view.domain_id, user_view.domain_uuid,
> user_view.domain_name, user_view.domain_path, user_view.job_id,
> user_view.job_uuid, user_view.job_status FROM user_view WHERE
> user_view.account_id = 4
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
