Hi all.
I had to change the root password on the CS hosts and discovered that
the documentation is not right (as of 4.1.1, there is also a bug opened:
https://issues.apache.org/jira/browse/CLOUDSTACK-3990 ) I finally did it
and thought of sharing it. This is how I did in CS 4.1.1 and Centos 6.4:
(All values that have to be changed to fit your personal case are
enclosed by < >)
Just to be on the safe side I did it one host at a time, first enabling
maintenance mode, then changing the password and finally canceling the
maintenance mode.
You have to access the database and get the id of each of the hosts:
mysql>select id from cloud.host where name like '%name_of_your_host%';
The actual passwords are stored in the cloud.host_details table. If you
do a
mysql>select * from cloud.host_details where name = 'password' and
host_id = <host_id_as_noted_before>;
You'll see the actual password of the host. If it's encrypted as in my
case you have to do a few things before changing it, if not you can jump
directly to the mysql command at the end.
First ou need to know the database key. It seems that this key is
created during install when you run the cloudstack-setup-databases
script, but I couldn' remember it. The default is "password" but anyway
it is written in the db.properties file:
grep db.cloud.encrypt.secret /etc/cloudstack/management/db.properties
db.cloud.encrypt.secret=ENC(<encrypted_database_key_here>)
You'll also need the management server key, which happens to default to
"password" also. It is written in:
cat /etc/cloudstack/management/key
Now we can decrypt the database key :
java -classpath /usr/share/cloudstack-common/lib/jasypt-1.9.0.jar
org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI encrypt.sh
input="<encrypted_database_key_here>" password="<management_server_key>"
verbose=false
With the database key we can now encrypt the new root password to change
it on the database:
java -classpath /usr/share/cloudstack-common/lib/jasypt-1.9.0.jar
org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh
input="<new_root_passwd>" password="<database_key_obtained_before>"
verbose=false
This gives us the encrypted root passwd that we can use in the database:
mysql> update cloud.host_details set value='<encrypted_root_password>'
where host_id=<id_of_host_to change> and name like 'password';
And its done, hope it helps someone.
(Most of this came from the fourth post of
http://forums.citrix.com/thread.jspa?threadID=316364.)
--
Fernando Guillén Camba
Unidade de Xestión de Infraestruturas TIC
Centro de Investigación en Tecnoloxías da Información (CITIUS)
Teléfono: 8818 16409
Correo: citius....@usc.es
