Commentaire officiel
Good to know Z.
Can you please mark this thread as answered.
Somesh Naidu
CITRIX EMPLOYEES
Actions pour les commentaires
Community
Other links
CloudPlatform 3.x
Can't create volume from snapshot as domain-admin
Can't create volume from snapshot as domain-admin
Having to backup some data before doing some changes for a customer VMs, we created the snapshots, then we tried to create volumes from the existing snapshots. As domain admin, the operation fails every time with the following error:
\2013-02-11 16:28:12,453 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-140:job-2311) Executing com.cloud.api.commands.CreateVolumeCmd for job-2311
2013-02-11 16:28:12,474 DEBUG [utils.crypt.DBEncryptionUtil] (Job-Executor-140:job-2311) Error while decrypting: bd2d2fe00a1956db
2013-02-11 16:28:12,480 ERROR [cloud.api.ApiDispatcher] (Job-Executor-140:job-2311) Exception while executing CreateVolumeCmd:
com.cloud.utils.exception.CloudRuntimeException: Caught: com.mysql.jdbc.JDBC4PreparedStatement@78e3fbdd: SELECT vm_instance.id, vm_instance.name, vm_instance.vnc_password, vm_instance.proxy_id,vm_instance.proxy_assign_time, vm_instance.state, vm_instance.private_ip_address, vm_instance.instance_name, vm_instance.vm_template_id, vm_instance.guest_os_id, vm_instance.host_id, vm_instance.last_host_id, vm_instance.pod_id, vm_instance.private_mac_address, vm_instance.data_center_id, vm_instance.vm_type, vm_instance.ha_enabled, vm_instance.limit_cpu_use, vm_instance.update_count,vm_instance.created, vm_instance.removed, vm_instance.update_time, vm_instance.domain_id, vm_instance.account_id, vm_instance.service_offering_id, vm_instance.reservation_id, vm_instance.hypervisor_type, vm_instance.uuid, user_vm.iso_id, user_vm.user_data, user_vm.display_name, user_vm.update_parameters FROM user_vm INNER JOIN vm_instance ON user_vm.id=vm_instance.id WHERE vm_instance.type='User' AND vm_instance.account_id = 37 AND vm_instance.pod_id = 3
at com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:406)
at com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:30)
at com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:340)
at com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:30)
at com.cloud.utils.db.GenericDaoBase.listIncludingRemovedBy(GenericDaoBase.java:890)
at com.cloud.utils.db.GenericDaoBase.listIncludingRemovedBy(GenericDaoBase.java:895)
at com.cloud.vm.dao.UserVmDaoImpl.listByAccountAndPod(UserVmDaoImpl.java:208)
at com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:30)
at com.cloud.agent.manager.allocator.impl.UserConcentratedAllocator.allocateTo(UserConcentratedAllocator.java:132)
at com.cloud.resource.ResourceManagerImpl.findPod(ResourceManagerImpl.java:2341)
at com.cloud.storage.StorageManagerImpl.createVolumeFromSnapshot(StorageManagerImpl.java:571)
at com.cloud.utils.db.DatabaseCallback.intercept(DatabaseCallback.java:30)
at com.cloud.storage.StorageManagerImpl.createVolumeFromSnapshot(StorageManagerImpl.java:664)
at com.cloud.storage.StorageManagerImpl.createVolume(StorageManagerImpl.java:2071)
at com.cloud.utils.component.ComponentLocator$InterceptorDispatcher.intercept(ComponentLocator.java:1185)
at com.cloud.storage.StorageManagerImpl.createVolume(StorageManagerImpl.java:210)
at com.cloud.api.commands.CreateVolumeCmd.execute(CreateVolumeCmd.java:160)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:263)
at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:430)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)
Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:981)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:717)
at com.cloud.utils.crypt.DBEncryptionUtil.decrypt(DBEncryptionUtil.java:61)
at com.cloud.utils.db.GenericDaoBase.setField(GenericDaoBase.java:500)
at com.cloud.utils.db.GenericDaoBase.setField(GenericDaoBase.java:1629)
at com.cloud.utils.db.GenericDaoBase.toEntityBean(GenericDaoBase.java:1516)
at com.cloud.utils.db.GenericDaoBase.toEntityBean(GenericDaoBase.java:1499)
at com.cloud.utils.db.GenericDaoBase.searchIncludingRemoved(GenericDaoBase.java:400)
... 44 more
2013-02-11 16:28:12,482 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-140:job-2311) Complete async job-2311, jobStatus: 2, resultCode: 530, result: Error Code: 530 Error text: Internal error executing command, please contact your system administrator
We tried the same operation as global admin and it works, however the created volume can't be attached to any running VM (the combo box that supposed to return the list of the VMs is empty).
CloudPlatform version is 3.0.6 and Xen Server is 6.0.2. Does anyone have seen such error before?
Thanks.
Daniel Hertanu
MEMBERS
Previous 11 commentaires
Can't create volume from snapshot as domain-admin
CloudStack clearly fails on this SQL query:
SELECT vm_instance.id, vm_instance.name, vm_instance.vnc_password, vm_instance.proxy_id,vm_instance.proxy_assign_time, vm_instance.state, vm_instance.private_ip_address, vm_instance.instance_name, vm_instance.vm_template_id, vm_instance.guest_os_id, vm_instance.host_id, vm_instance.last_host_id, vm_instance.pod_id, vm_instance.private_mac_address, vm_instance.data_center_id, vm_instance.vm_type, vm_instance.ha_enabled, vm_instance.limit_cpu_use, vm_instance.update_count,vm_instance.created, vm_instance.removed, vm_instance.update_time, vm_instance.domain_id, vm_instance.account_id, vm_instance.service_offering_id, vm_instance.reservation_id, vm_instance.hypervisor_type, vm_instance.uuid, user_vm.iso_id, user_vm.user_data, user_vm.display_name, user_vm.update_parameters FROM user_vm INNER JOIN vm_instance ON user_vm.id=vm_instance.id WHERE vm_instance.type='User' AND vm_instance.account_id = 37 AND vm_instance.pod_id = 3
try login to database and execute this query on db. What's the output?
Radek.
Radoslaw Smigielski
CITRIX EMPLOYEES
Actions pour les commentaires
Hello Radek
The query returns a list of 232 VMs.
Terry Whiffing
MEMBERS
Actions pour les commentaires
I just noticed that I answered from another account we have with Citrix. Just wanted to clarify that's not someone else's joke. So yes, the query returns those 232 rows.
Daniel Hertanu
MEMBERS
Actions pour les commentaires
Hmmmm maybe this error is just en effect of some other problem. Would be good to have a look on full mgmt server log. Can you share it somehow?
Radek.
Radoslaw Smigielski
CITRIX EMPLOYEES
Actions pour les commentaires
Hi,
Can you run the query again (with a slight modification this time, see below) and share the output:
SELECT vm_instance.id, vm_instance.name, vm_instance.vnc_password, vm_instance.removed FROM user_vm INNER JOIN vm_instance ON user_vm.id=vm_instance.id WHERE vm_instance.type='User' AND vm_instance.account_id = 37 AND vm_instance.pod_id = 3 and vm_instance.removedd is not null;
What I am suspecting is that the VMs returned in the above result have the vnc_password in plain text as opposed to encrypted. The jasypt library that we use for encryption and decryption is failing because of the wrong input parameter.
You can quickly verify this by running the following (provide the correct value for secret key):
java -classpath /usr/share/java/cloud-jasypt-1.8.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI decrypt.sh input="bd2d2fe00a1956db" password=<SECRET_KEY> verbose=true
This command should return the same/similar error message that you see in the management server logs.
If this is indeed the case then a simple workaround would be to set the vnc_password field to NULL. This shouldn't have any adverse effect as these VMs are already removed and not of any further use.
Regards,
Somesh
Somesh Naidu
CITRIX EMPLOYEES
Actions pour les commentaires
Hello Somesh
The query returned a number of VMs with the VNC passwords having the following formats:
- a few similar to this one: bd2d2fe00a1956db
- a few similar to this one: gSVJbPJXPvd9abnKbGmPqyQ1SAgbvNNJ
- most of them similar with this one: S8+iAl4IGvi/C1Y2VMQEL0i6kCSWA0h1W3jC+sMDMEA=
I verified the command you've sent me and it actually works fine (I replaced the input with one of the hosts encrypted password).
Thanks.
Daniel Hertanu
MEMBERS
Actions pour les commentaires
>I verified the command you've sent me and it actually works fine (I replaced the input with one of the hosts encrypted password).
I needed you to run the command with input='bd2d2fe00a1956db' because that is the value the management server is complaining about.
What is the output?
Somesh Naidu
CITRIX EMPLOYEES
Actions pour les commentaires
Here it is:
----ERROR-----------------------
Operation not possible (Bad input or parameters)
Daniel Hertanu
MEMBERS
Actions pour les commentaires
As I suspected and expected. This is the same error you see in the management server logs.
You need to mark all these passwords as null in the DB. This shouldn't have any impact as all these VMs are removed, right?
Once this is done, you should be able to create volumes from snapshot using a domain-admin account.
Somesh Naidu
CITRIX EMPLOYEES
Actions pour les commentaires
That worked, thank you very much for your help.
Z
Daniel Hertanu
MEMBERS
Actions pour les commentaires
Participate
Ask, Discuss, Answer