Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
4.2.0
-
None
-
Security Level: Public (Anyone can view this level - this is the default.)
-
None
Description
When initializing a new ACS database, the database key is not being properly escaped when passed back to shell commands. I haven't tested the other keys passed into this command, yet.
(Passwords below are not real, but the < character and resulting error is what was encountered)
root@acsmgmt01 ACS# cloudstack-setup-databases cloud:jpiasfadf324234jcW@localhost --deploy-as=root:lkjeroiuwer -e file -m 'asdflkjasdflkjwer' -k 'sfsd<Cugasdfsdf' -i 10.100.10.10
Mysql user name:cloud [ OK ]
Mysql user password:jpiasfadf324234jcW [ OK ]
Mysql server ip:localhost [ OK ]
Mysql server port:3306 [ OK ]
Mysql root user name:root [ OK ]
Mysql root user password:lkjeroiuwer [ OK ]
Using specified cluster management server node IP 10.100.10.10 [ OK ]
Checking Cloud database files ... [ OK ]
Checking local machine hostname ... [ OK ]
Checking SELinux setup ... WARNING: We detected that your SELinux is not configured in permissive. to make sure cloudstack won't block by SELinux after system reboot, we strongly suggest you setting it in permissive in /etc/selinux/config, then reboot the machine.
[ OK ]
Preparing /etc/cloudstack/management/db.properties [ OK ]
Applying /usr/share/cloudstack-management/setup/create-database.sql [ OK ]
Applying /usr/share/cloudstack-management/setup/create-schema.sql [ OK ]
Applying /usr/share/cloudstack-management/setup/create-database-premium.sql [ OK ]
Applying /usr/share/cloudstack-management/setup/create-schema-premium.sql [ OK ]
Applying /usr/share/cloudstack-management/setup/server-setup.sql [ OK ]
Applying /usr/share/cloudstack-management/setup/templates.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_db.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_schema.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_index.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart_alter.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_bucketpolicy.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_policy_alter.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering_alter.sql [ OK ]
Processing encryption ... Traceback (most recent call last):
File "/usr/bin/cloudstack-setup-databases", line 607, in <module>
o.run()
File "/usr/bin/cloudstack-setup-databases", line 596, in run
self.processEncryptionStuff()
File "/usr/bin/cloudstack-setup-databases", line 433, in processEncryptionStuff
encryptDBSecretKey()
File "/usr/bin/cloudstack-setup-databases", line 417, in encryptDBSecretKey
self.putDbProperty('db.cloud.encrypt.secret', formatEncryptResult(encrypt(self.dbsecretkey)))
File "/usr/bin/cloudstack-setup-databases", line 407, in encrypt
return runCmd(cmd).strip('\n')
File "/usr/bin/cloudstack-setup-databases", line 51, in runCmd
raise Exception(stderr)
Exception: /bin/sh: Cugasdfsdf: No such file or directory
Looks like this is caused by no escaping at line 406 in cloudstack-setup-databases.