Harikrishna Patnala created CLOUDSTACK-3208: -----------------------------------------------
Summary: showing xenhost username and password details in plain text in logs when we pefrom removehost from CS Key: CLOUDSTACK-3208 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3208 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.2.0 Reporter: Harikrishna Patnala Assignee: Harikrishna Patnala Fix For: 4.2.0 we are showing Xen username and password in plain text in management log when we perform remove host operation from CS 1.Install and configure Advance zone ,xen cluster with 2 host (first add xencluster with one host later add another host) 2.deploy few vms and make sure both hosts has some vms running on it 3.perform host maintenance on host2 4.Perform remove host on host2 and observe the logs(management log) Actual results: **************** When we prform removehost operation host2 was removed from cs with exception and log shows Xen host user name and password in plain text. Expected result: *************** Passwords should not be displayed in plain text. LOG: WARN (DirectAgent-241:null) Unable to get current status com.cloud.utils.exception.CloudRuntimeException: Host(18e16e37-9fb4-43eb-967f-ce116ebf5b9c) doesn't belong to pool(5fce5d52-55ba-909d-4307-17cb55255b85), please execute 'xe pool-join master-address=10.147.40.19 master-username=root master-password=[password] at com.cloud.hypervisor.xen.resource.XenServerConnectionPool.connect(XenServerConnectionPool.java:553) at com.cloud.hypervisor.xen.resource.CitrixResourceBase.getConnection(CitrixResourceBase.java:5314) at com.cloud.hypervisor.xen.resource.CitrixResourceBase.getCurrentStatus(CitrixResourceBase.java:4202) at com.cloud.agent.manager.DirectAgentAttache$PingTask.run(DirectAgentAttache.java:138) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:351) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:178) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:165) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:267) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:679) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira