[ https://issues.apache.org/jira/browse/CLOUDSTACK-3208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harikrishna Patnala closed CLOUDSTACK-3208. ------------------------------------------- > showing xenhost username and password details in plain text in logs when we > pefrom removehost from CS > ------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-3208 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3208 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server > Affects Versions: 4.2.0 > Reporter: Harikrishna Patnala > Assignee: Harikrishna Patnala > Fix For: 4.2.0 > > > we are showing Xen username and password in plain text in management log when > we perform remove host operation from CS > 1.Install and configure Advance zone ,xen cluster with 2 host (first add > xencluster with one host later add another host) > 2.deploy few vms and make sure both hosts has some vms running on it > 3.perform host maintenance on host2 > 4.Perform remove host on host2 and observe the logs(management log) > Actual results: > **************** > When we prform removehost operation host2 was removed from cs with exception > and log shows Xen host user name and password in plain text. > Expected result: > *************** > Passwords should not be displayed in plain text. > LOG: > WARN (DirectAgent-241:null) Unable to get current status > com.cloud.utils.exception.CloudRuntimeException: > Host(18e16e37-9fb4-43eb-967f-ce116ebf5b9c) doesn't belong to > pool(5fce5d52-55ba-909d-4307-17cb55255b85), please execute 'xe pool-join > master-address=10.147.40.19 master-username=root master-password=[password] > at > com.cloud.hypervisor.xen.resource.XenServerConnectionPool.connect(XenServerConnectionPool.java:553) > at > com.cloud.hypervisor.xen.resource.CitrixResourceBase.getConnection(CitrixResourceBase.java:5314) > at > com.cloud.hypervisor.xen.resource.CitrixResourceBase.getCurrentStatus(CitrixResourceBase.java:4202) > at > com.cloud.agent.manager.DirectAgentAttache$PingTask.run(DirectAgentAttache.java:138) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at > java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:351) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:178) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:165) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:267) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) > at java.lang.Thread.run(Thread.java:679) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira