OK, lets run through the database tables and steps involved and changing your CloudStack vCenter username and/or password. I generally like to stop cloud-management service before changing like this.
Tables involved
- cloud.host
- cloud.host_details
- cloud.cluster_details
Log into your CloudStack management node and encrypt the new password ‘dave-says-hi’
Good to note that everytime you run the encryption command the output will be different. Don’t worry thought, it always decrypts back to the original plaintext.
|
1 2 3 |
java -classpath /usr/share/java/cloud-jasypt-1.8.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh input="dave-says-hi" password="$(cat /etc/cloud/management/key)" verbose=false Y3ZfBKd1/0b8Vu9hjDwCIldiJpULLG5v |
You don’t need to but it’s good to test decrypting to make sure everything works
|
1 2 3 |
java -classpath /usr/share/java/cloud-jasypt-1.8.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI decrypt.sh input="Y3ZfBKd1/0b8Vu9hjDwCIldiJpULLG5v" password="$(cat /etc/cloud/management/key)" verbose=false dave-says-hi |
Good we’ve got our new vCenter password.
2. Change the vCenter password
Now over to the database.
This query will list all your VMware host ID’s, their names and the current vCenter password. The passwords appear different but if you run them through the decrypt command above, you should get the same existing vCenter password everytime.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
use cloud; SELECT host.id,host.name,host_details.value FROM host_details JOIN host WHERE host_details.host_id=host.id AND host.hypervisor_type='VMware' AND host_details.name='password'; +----+----------------+----------+----------------------------------+ | id | name | name | value | +----+----------------+----------+----------------------------------+ | 19 | esx4.lab.local | password | sQOEj7HhWj+appljwerFiNS6Hm+2T8d5 | | 20 | esx3.lab.local | password | XdjtInUr6zD1hmfNSLuVYjIdhrmjdf2l | +----+----------------+----------+----------------------------------+ |
So now we have the host ID’s, we need to change the “value” field where the name=’password’ and host_id=(19 and 20 in this example)
|
1 2 3 4 5 |
UPDATE cloud.host_details SET value='Y3ZfBKd1/0b8Vu9hjDwCIldiJpULLG5v' WHERE name='password' AND host_id=19 OR host_id=20; |
Now there’s another table in the mix, cluster_details, which has the password in plaintext. Honestly, I don’t know where it’s used but it should be changed to be consistent.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
use cloud; SELECT * FROM cluster_details WHERE name='username' or name='password'; +----+------------+----------+--------------------+ | id | cluster_id | name | value | +----+------------+----------+--------------------+ | 16 | 3 | username | Administrator | | 17 | 3 | password | P@ssW0rd123 | | 43 | 5 | username | Administrator | | 44 | 5 | password | P@ssW0rd123 | +----+------------+----------+--------------------+ |
Notice we’re noting using host ID’s here, we’re just using the id of the cluster_details table for the rows with name=’password’.
|
1 2 3 4 |
UPDATE cloud.cluster_details SET value='dave-says-hi' WHERE id='17' OR id='44'; |
3. Change the vCenter username
Changing the vCenter username is the same procedure modified a little.
Lets see the query to give us the existing username for vCenter
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
use cloud; SELECT host.id,host.name,host_details.value FROM host_details JOIN host WHERE host_details.host_id=host.id AND host.hypervisor_type='VMware' AND host_details.name='username'; +----+----------------+----------+---------------+ | id | name | name | value | +----+----------------+----------+---------------+ | 19 | esx4.lab.local | username | Administrator | | 20 | esx3.lab.local | username | Administrator | +----+----------------+----------+---------------+ |
So here’s the update to change the username
|
1 2 3 4 5 |
UPDATE cloud.host_details SET value='vcenteruser' WHERE name='username' AND host_id=19 OR host_id=20; |
And finally we’ll update the cluster_details table too.
Lets have another look at that table
|
1 2 3 4 5 6 7 8 9 10 11 12 |
use cloud; SELECT * FROM cluster_details WHERE name='username' or name='password'; +----+------------+----------+--------------------+ | id | cluster_id | name | value | +----+------------+----------+--------------------+ | 16 | 3 | username | Administrator | | 17 | 3 | password | P@ssW0rd123 | | 43 | 5 | username | Administrator | | 44 | 5 | password | P@ssW0rd123 | +----+------------+----------+--------------------+ |
Don’t forget we’re using the id’s for the rows which have the name=’username’
|
1 2 3 4 |
UPDATE cloud.cluster_details SET value='vmware-service-user' WHERE id='16' OR id='43'; |
Hi,
When i follow your article i hit below error in the start it sefl (while generating the password)
Exception in thread “main” java.lang.NoClassDefFoundError: org/jasypt/intf/cli/JasyptPBEStringEncryptionCLI
Caused by: java.lang.ClassNotFoundException: org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI
at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
Could not find the main class: org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI. Program will exit.
I am citrix cloudstack. Do you have any suggestion ?