[jira] [Commented] (CLOUDSTACK-4115) [upgrade][2.2.14 to 4.2]After upgrade the ESX 4.1 host ends up in disconnected state with EncryptionOperationNotPossibleException

[Kishan Kavala (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-4115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13731898#comment-13731898
 ] 

Kishan Kavala commented on CLOUDSTACK-4115:
-------------------------------------------

Following is the workaround:
In cluster_details table value column is encrypted when name is password in an 
earlier release but upgrade code to encrypt the existing entries was missed. As 
result DB might have few values in plain text.

The solution is to replace that plain text password with an encrypted 
equivalent.

1. Encrypt the password for the vCenter account used by CloudStack and make 
note of the resulting ciphertext:
java -classpath /usr/share/java/cloud-jasypt-1.8.jar 
org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh 
input="_your_vCenter_password_" password="`cat /etc/cloud/management/key`" 
verbose=false
2. Back up the database:
mysqldump -u root -p cloud > cloud_backup.sql
3. Find the id of the correct row of cluster_details to update... i.e. the row 
with the plain text password:
select * from cluster_details;
4. Update the plain text password with the encrypted one (be very careful to 
update the correct row):
update cluster_details set value = '_ciphertext_from_step_1_' where id = 
_id_from_step_3_;
5. Check the table again to confirm it looks good:
select * from cluster_details;

Once that is done, try adding the host again.
                
> [upgrade][2.2.14 to 4.2]After upgrade the ESX 4.1 host ends up in 
> disconnected state with EncryptionOperationNotPossibleException
> ---------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-4115
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4115
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Upgrade, VMware
>    Affects Versions: 4.2.0
>         Environment: upgrade from 2.2.14 to 4.2 on CentOS 5.6 management srver
> ESX 4.1 host
>            Reporter: Abhinav Roy
>            Assignee: Kishan Kavala
>            Priority: Blocker
>             Fix For: 4.2.0
>
>         Attachments: DB_DUMP_Cloud_after_upgrade.dmp, 
> DB_DUMP_Cloud_before_upgrade.dmp, management-server-after_upgrade.log, 
> management-server-before_upgrade.log
>
>
> Steps :
> ================
> 1. Deploy a CS advanced zone setup with CS 2.2.14
> 2. Do some configurations.
> 3. upgrade to 4.2, then run cloudstack-setup-encryption and start management 
> server
> Expected behaviour:
> ===============
> The upgrade should go through and the host should stay connected 
> Observed behaviour :
> ===============
> The host ends up in disconnected state after upgrade .
> 2013-08-06 21:37:01,972 DEBUG [agent.manager.ClusteredAgentManagerImpl] 
> (ClusteredAgentManager Timer:null) Loading directly connected host 
> 1(10.102.192.17)
> 2013-08-06 21:37:02,060 DEBUG [utils.crypt.DBEncryptionUtil] 
> (ClusteredAgentManager Timer:null) Error while decrypting: freebsd*123
> 2013-08-06 21:37:02,061 DEBUG [cloud.host.Status] (ClusteredAgentManager 
> Timer:null) Transition:[Resource state = Enabled, Agent event = 
> AgentDisconnected, Host id = 1, name = 10.102.192.17]
> 2013-08-06 21:37:02,071 DEBUG [cloud.host.Status] (ClusteredAgentManager 
> Timer:null) Agent status update: [id = 1; name = 10.102.192.17; old status = 
> Disconnected; event = AgentDisconnected; new status = Disconnected; old 
> update count = 4; new update count = 5]
> 2013-08-06 21:37:02,071 WARN  [agent.manager.ClusteredAgentManagerImpl] 
> (ClusteredAgentManager Timer:null)  can not load directly connected host 
> 1(10.102.192.17) due to
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
>         at 
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:918)
>         at 
> org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
>         at 
> com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:65)
>         at 
> com.cloud.dc.ClusterDetailsDaoImpl.findDetails(ClusterDetailsDaoImpl.java:81)
>         at 
> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
>         at 
> com.cloud.hypervisor.vmware.VmwareServerDiscoverer.buildConfigParams(VmwareServerDiscoverer.java:730)
>         at 
> com.cloud.hypervisor.vmware.VmwareServerDiscoverer.reloadResource(VmwareServerDiscoverer.java:760)
>         at 
> com.cloud.agent.manager.AgentManagerImpl.loadDirectlyConnectedHost(AgentManagerImpl.java:743)
>         at 
> com.cloud.agent.manager.ClusteredAgentManagerImpl.scanDirectAgentToLoad(ClusteredAgentManagerImpl.java:209)
>         at 
> com.cloud.agent.manager.ClusteredAgentManagerImpl.runDirectAgentScanTimerTask(ClusteredAgentManagerImpl.java:175)
>         at 
> com.cloud.agent.manager.ClusteredAgentManagerImpl.access$100(ClusteredAgentManagerImpl.java:93)
>         at 
> com.cloud.agent.manager.ClusteredAgentManagerImpl$DirectAgentScanTimerTask.run(ClusteredAgentManagerImpl.java:225)
>         at java.util.TimerThread.mainLoop(Timer.java:534)
>         at java.util.TimerThread.run(Timer.java:484)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira