You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "sadhu suresh (JIRA)" <ji...@apache.org> on 2014/07/15 08:10:08 UTC
[jira] [Comment Edited] (CLOUDSTACK-7043) Management server fails
to load due to DB Decryption failure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14061734#comment-14061734 ]
sadhu suresh edited comment on CLOUDSTACK-7043 at 7/15/14 6:09 AM:
-------------------------------------------------------------------
I still noticed the same behavior i.e CPVM still in alert state and failing due to decrypt errors
23:59:59,583 DEBUG [c.c.a.m.AgentManagerImpl] (AgentConnectTaskPool-1383:ctx-2bd21508) Sending Connect to listener: ConsoleProxyListener
2014-07-14 23:59:59,591 DEBUG [c.c.u.c.DBEncryptionUtil] (AgentConnectTaskPool-1383:ctx-2bd21508) Error while decrypting: sc20X2B-SzHp1nU3FYc-AA
2014-07-14 23:59:59,591 ERROR [c.c.a.m.AgentManagerImpl] (AgentConnectTaskPool-1383:ctx-2bd21508) Monitor ConsoleProxyListener says there is an error in the connect process for 2 due to null
org.jasypt.exceptions.EncryptionOperationNotPossibleException
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:981)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
at com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:63)
at org.apache.cloudstack.framework.config.impl.ConfigurationVO.getValue(ConfigurationVO.java:125)
at org.apache.cloudstack.framework.config.ConfigKey.value(ConfigKey.java:136)
at org.apache.cloudstack.framework.security.keys.KeysManagerImpl.getEncryptionKey(KeysManagerImpl.java:72)
at com.cloud.consoleproxy.AgentHookBase.getEncryptorPassword(AgentHookBase.java:232)
at com.cloud.consoleproxy.AgentHookBase.startAgentHttpHandlerInVM(AgentHookBase.java:198)
at com.cloud.consoleproxy.ConsoleProxyListener.processConnect(ConsoleProxyListener.java:71)
at com.cloud.agent.manager.AgentManagerImpl.notifyMonitorsOfConnection(AgentManagerImpl.java:539)
at com.cloud.agent.manager.AgentManagerImpl.handleConnectedAgent(AgentManagerImpl.java:1047)
at com.cloud.agent.manager.AgentManagerImpl.access$000(AgentManagerImpl.java:119)
at com.cloud.agent.manager.AgentManagerImpl$HandleAgentConnectTask.runInContext(AgentManagerImpl.java:1131)
at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
was (Author: sadhu):
I still noticed the same behavior i.e CPVM still in alert state and failing due to decrypy errors
23:59:59,583 DEBUG [c.c.a.m.AgentManagerImpl] (AgentConnectTaskPool-1383:ctx-2bd21508) Sending Connect to listener: ConsoleProxyListener
2014-07-14 23:59:59,591 DEBUG [c.c.u.c.DBEncryptionUtil] (AgentConnectTaskPool-1383:ctx-2bd21508) Error while decrypting: sc20X2B-SzHp1nU3FYc-AA
2014-07-14 23:59:59,591 ERROR [c.c.a.m.AgentManagerImpl] (AgentConnectTaskPool-1383:ctx-2bd21508) Monitor ConsoleProxyListener says there is an error in the connect process for 2 due to null
org.jasypt.exceptions.EncryptionOperationNotPossibleException
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:981)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
at com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:63)
at org.apache.cloudstack.framework.config.impl.ConfigurationVO.getValue(ConfigurationVO.java:125)
at org.apache.cloudstack.framework.config.ConfigKey.value(ConfigKey.java:136)
at org.apache.cloudstack.framework.security.keys.KeysManagerImpl.getEncryptionKey(KeysManagerImpl.java:72)
at com.cloud.consoleproxy.AgentHookBase.getEncryptorPassword(AgentHookBase.java:232)
at com.cloud.consoleproxy.AgentHookBase.startAgentHttpHandlerInVM(AgentHookBase.java:198)
at com.cloud.consoleproxy.ConsoleProxyListener.processConnect(ConsoleProxyListener.java:71)
at com.cloud.agent.manager.AgentManagerImpl.notifyMonitorsOfConnection(AgentManagerImpl.java:539)
at com.cloud.agent.manager.AgentManagerImpl.handleConnectedAgent(AgentManagerImpl.java:1047)
at com.cloud.agent.manager.AgentManagerImpl.access$000(AgentManagerImpl.java:119)
at com.cloud.agent.manager.AgentManagerImpl$HandleAgentConnectTask.runInContext(AgentManagerImpl.java:1131)
at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
> Management server fails to load due to DB Decryption failure
> ------------------------------------------------------------
>
> Key: CLOUDSTACK-7043
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7043
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Management Server
> Affects Versions: 4.5.0
> Reporter: Chandan Purushothama
> Priority: Blocker
> Fix For: 4.5.0
>
> Attachments: management-server.zip
>
>
> The following bug is hit after starting the 4.5.0 Management Server
> ==================
> Error while decrypting:
> ==================
> 2014-07-02 10:08:29,533 INFO [c.c.s.ConfigurationServerImpl] (main:null) Processing updateKeyPairs
> 2014-07-02 10:08:29,533 INFO [c.c.s.ConfigurationServerImpl] (main:null) Keypairs already in database, updating local copy
> 2014-07-02 10:08:29,587 INFO [c.c.s.ConfigurationServerImpl] (main:null) Going to update systemvm iso with generated keypairs if needed
> 2014-07-02 10:08:29,587 INFO [c.c.s.ConfigurationServerImpl] (main:null) Trying to inject public and private keys into systemvm iso
> 2014-07-02 10:08:29,587 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in the classpath
> 2014-07-02 10:08:29,587 DEBUG [c.c.u.s.Script] (main:null) System resource: null
> 2014-07-02 10:08:29,589 DEBUG [c.c.u.s.Script] (main:null) Classpath resource: null
> 2014-07-02 10:08:29,589 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,589 DEBUG [c.c.u.s.Script] (main:null) Current binaries reside at /usr/share/cloudstack-management/webapps/client/WEB-INF/lib
> 2014-07-02 10:08:29,590 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/client/WEB-INF/scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/client/scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/webapps/scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-management/scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Searching in environment.properties
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) environment.properties says scripts should be in /usr/share/cloudstack-common
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for scripts/vm/systemvm/injectkeys.sh in /usr/share/cloudstack-common/scripts/vm/systemvm/injectkeys.sh
> 2014-07-02 10:08:29,591 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in the classpath
> 2014-07-02 10:08:29,592 DEBUG [c.c.u.s.Script] (main:null) System resource: null
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Classpath resource: null
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Current binaries reside at /usr/share/cloudstack-management/webapps/client/WEB-INF/lib
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /usr/share/cloudstack-management/webapps/client/WEB-INF/lib/vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /usr/share/cloudstack-management/webapps/client/WEB-INF/vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /usr/share/cloudstack-management/webapps/client/vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /usr/share/cloudstack-management/webapps/vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /usr/share/cloudstack-management/vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /usr/share/vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /usr/vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /vms/systemvm.iso
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) Searching in environment.properties
> 2014-07-02 10:08:29,593 DEBUG [c.c.u.s.Script] (main:null) environment.properties says scripts should be in /usr/share/cloudstack-common
> 2014-07-02 10:08:29,594 DEBUG [c.c.u.s.Script] (main:null) Looking for vms/systemvm.iso in /usr/share/cloudstack-common/vms/systemvm.iso
> 2014-07-02 10:08:29,595 DEBUG [c.c.s.ConfigurationServerImpl] (main:null) Executing: /bin/bash /usr/share/cloudstack-common/scripts/vm/systemvm/injectkeys.sh /var/cloudstack/management/.ssh/id_rsa.pub /var/cloudstack/management/.ssh/id_rsa /usr/share/cloudstack-common/vms/systemvm.iso
> 2014-07-02 10:08:29,689 DEBUG [c.c.s.ConfigurationServerImpl] (main:null) Execution is successful.
> 2014-07-02 10:08:29,689 INFO [c.c.s.ConfigurationServerImpl] (main:null) Injected public and private keys into systemvm iso with result : null
> 2014-07-02 10:08:29,765 INFO [c.c.c.ClusterManagerImpl] (main:null) Start configuring cluster manager : ClusterManagerImpl
> 2014-07-02 10:08:29,765 INFO [c.c.c.ClusterManagerImpl] (main:null) Cluster node IP : 10.223.130.79
> 2014-07-02 10:08:29,791 INFO [c.c.c.ClusterManagerImpl] (main:null) Cluster manager is configured.
> 2014-07-02 10:08:30,251 DEBUG [c.c.u.c.DBEncryptionUtil] (main:null) Error while decrypting: ZXc_-8u2x0AFV__uuk5y5g
> 2014-07-02 10:08:40,930 INFO [c.c.u.c.ComponentContext] (main:null) Configuring com.cloud.bridge.persist.dao.CloudStackAccountDaoImpl_EnhancerByCloudStack_fa268a96
--
This message was sent by Atlassian JIRA
(v6.2#6252)