You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Fernando Guillén Camba <fe...@usc.es> on 2013/09/04 17:37:45 UTC

Change host passwd

Hi all.

I had to change the root password on the CS hosts and discovered that 
the documentation is not right (as of 4.1.1, there is also a bug opened: 
https://issues.apache.org/jira/browse/CLOUDSTACK-3990 ) I finally did it 
and thought of sharing it. This is how I did in CS 4.1.1 and Centos 6.4:

(All values that have to be changed to fit your personal case are 
enclosed by < >)
Just to be on the safe side I did it one host at a time, first enabling 
maintenance mode, then changing the password and finally canceling the 
maintenance mode.

You have to access the database and get the id of each of the hosts:
mysql>select id from cloud.host where name like '%name_of_your_host%';

The actual passwords are stored in the cloud.host_details table. If you 
do a

mysql>select * from cloud.host_details where name = 'password' and 
host_id = <host_id_as_noted_before>;

You'll see the actual password of the host. If it's encrypted as in my 
case you have to do a few things before changing it, if not you can jump 
directly to the mysql command at the end.

First ou need to know the database key. It seems that this key is 
created during install when you run the  cloudstack-setup-databases 
script, but I couldn' remember it. The default is "password" but anyway 
it is written in the db.properties file:

grep db.cloud.encrypt.secret /etc/cloudstack/management/db.properties
db.cloud.encrypt.secret=ENC(<encrypted_database_key_here>)

You'll also need the management server key, which happens to default to 
"password" also. It is written in:

cat /etc/cloudstack/management/key

Now we can decrypt the database key :
java -classpath /usr/share/cloudstack-common/lib/jasypt-1.9.0.jar 
org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI encrypt.sh 
input="<encrypted_database_key_here>" password="<management_server_key>" 
verbose=false

With the database key we can now encrypt the new root password to change 
it on the database:
java -classpath /usr/share/cloudstack-common/lib/jasypt-1.9.0.jar 
org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh 
input="<new_root_passwd>" password="<database_key_obtained_before>" 
verbose=false

This gives us the encrypted root passwd that we can use in the database:
mysql> update cloud.host_details set value='<encrypted_root_password>' 
where host_id=<id_of_host_to change> and name like 'password';

And its done, hope it helps someone.

(Most of this came from the fourth post of 
http://forums.citrix.com/thread.jspa?threadID=316364.)











-- 
Fernando Guillén Camba
Unidade de Xestión de Infraestruturas TIC
Centro de Investigación en Tecnoloxías da Información (CITIUS)
Teléfono: 8818 16409
Correo: citius.tic@usc.es