You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by "Kishan Kavala (JIRA)" <ji...@apache.org> on 2012/11/08 20:04:12 UTC

[jira] [Resolved] (CLOUDSTACK-447) When setting system.vm.random.password to true in the global configuration CS management fails to start

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kishan Kavala resolved CLOUDSTACK-447.
--------------------------------------

    Resolution: Not A Problem

Sander,
  Few config params are encrypted (configs with category Hidden and Secure).  So when the config value was modified with unencrypted data MS failed to decrypt this value.

You should instead encrypt the value and update the DB using the command below:

java -classpath /usr/share/java/cloud-jasypt-1.8.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh input=<clearText> password=<secretKey> verbose=false

for more info: http://wiki.cloudstack.org/display/DesignDocs/Security+Enhancements

                
> When setting system.vm.random.password to true in the global configuration CS management fails to start
> -------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-447
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-447
>             Project: CloudStack
>          Issue Type: Bug
>          Components: Management Server
>    Affects Versions: 4.0.0
>         Environment: centos 6.3 - cloudstack global configuration
>            Reporter: Roeland Kuipers
>            Assignee: Kishan Kavala
>
> When setting system.vm.random.password to true in the global configuration  CS management fails to start. (stacktrace below)
> When this value is set an additional row (hidden) is being created:
> 'Hidden', 'DEFAULT', 'management-server', 'system.vm.password', 'w7jPXth2', 'randmon password generated each management server starts for system vm'
> When removing this row from the config table and setting system.vm.random.password to false, CS mgmt service starts agains.
> When looking at the stacktrace it appears it expects some sort of encryption of this value. (assumption)
> STACKTRACE:
> 2012-11-06 11:08:02,982 DEBUG [utils.crypt.DBEncryptionUtil] (main:null) Error while decrypting: w7jPXth2
> 2012-11-06 11:08:02,983 ERROR [utils.component.ComponentLocator] (main:null) Unable to load configuration for management-server from components.xml
> net.sf.cglib.core.CodeGenerationException: org.jasypt.exceptions.EncryptionOperationNotPossibleException-->null
>         at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:235)
>         at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:220)
>         at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:216)
>         at net.sf.cglib.proxy.Enhancer.createUsingReflection(Enhancer.java:643)
>         at net.sf.cglib.proxy.Enhancer.firstInstance(Enhancer.java:538)
>         at net.sf.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:225)
>         at net.sf.cglib.proxy.Enhancer.createHelper(Enhancer.java:377)
>         at net.sf.cglib.proxy.Enhancer.create(Enhancer.java:285)
>         at com.cloud.utils.component.ComponentLocator.createInstance(ComponentLocator.java:343)
>         at com.cloud.utils.component.ComponentLocator.parse(ComponentLocator.java:250)
>         at com.cloud.utils.component.ComponentLocator.getLocatorInternal(ComponentLocator.java:836)
>         at com.cloud.utils.component.ComponentLocator.getLocator(ComponentLocator.java:874)
>         at com.cloud.servlet.CloudStartupServlet.init(CloudStartupServlet.java:48)
>         at javax.servlet.GenericServlet.init(GenericServlet.java:212)
>         at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)
>         at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
>         at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4187)
>         at org.apache.catalina.core.StandardContext.start(StandardContext.java:4496)
>         at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
>         at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
>         at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
>         at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
>         at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
>         at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
>         at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
>         at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
>         at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
>         at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
>         at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
>         at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
>         at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>         at org.apache.catalina.core.StandardService.start(StandardService.java:516)
>         at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
>         at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
> Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException
>         at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:918)
>         at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
>         at com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:65)
>         at com.cloud.configuration.ConfigurationVO.getValue(ConfigurationVO.java:92)
>         at com.cloud.configuration.dao.ConfigurationDaoImpl.getConfiguration(ConfigurationDaoImpl.java:74)
>         at com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:34)
>         at com.cloud.configuration.dao.ConfigurationDaoImpl.getConfiguration(ConfigurationDaoImpl.java:104)
>         at com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:34)
>         at com.cloud.server.ManagementServerImpl.<init>(ManagementServerImpl.java:376)
>         at com.cloud.server.ManagementServerExtImpl.<init>(ManagementServerExtImpl.java:55)
>         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>         at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>         at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>         at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
>         at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:228)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira