Uploaded image for project: 'CloudStack'
  1. CloudStack
  2. CLOUDSTACK-9309

Adding primary storage pool (basic rbd/DefaultPrimary) doesn't work if the rados secret contains slashes or possibly other special symbols

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 4.8.0
    • None
    • Management Server
    • Security Level: Public (Anyone can view this level - this is the default.)
    • CentOS 7, Ceph 0.87 from official repo

    Description

      Adding ceph pirmary storage fails with sql error if the rados secret contains slashes (and plus signs in our case)

      Original parameters entered

      Scope: Zone Wide
Hypervisor: KVM
*Zone: Office Test
*Name: test
*Protocol: RBD
*Provider: DefaultPrimary
RADOS Monitor: test
RADOS Pool: test
RADOS User: test
RADOS Secret: AQDw/+ZWCaxqFxAAYV/Ey1jjtNxEG2H7uF0tGg==
Storage Tags: <none>

      Api call sent:

      command:createStoragePool
scope:zone
zoneid:6f7b029b-0926-4e2e-9666-519cc228ce9b
hypervisor:KVM
name:test
provider:DefaultPrimary
url:rbd://test:AQDw_-ZWCaxqFxAAYV/Ey1jjtNxEG2H7uF0tGg==@test/test
response:json
_:1458132946658

      Interface displays a dialog with the following:

      Failed to add data store: DB Exception on: com.mysql.jdbc.JDBC4PreparedStatement@512efc4: INSERT INTO storage_pool (storage_pool.id, storage_pool.name, storage_pool.uuid, storage_pool.pool_type, storage_pool.created, storage_pool.update_time, storage_pool.data_center_id, storage_pool.pod_id, storage_pool.used_bytes, storage_pool.capacity_bytes, storage_pool.status, storage_pool.storage_provider_name, storage_pool.host_address, storage_pool.path, storage_pool.port, storage_pool.user_info, storage_pool.cluster_id, storage_pool.scope, storage_pool.managed, storage_pool.capacity_iops, storage_pool.hypervisor) VALUES (0, _binary'test', _binary'4d682827-ab95-363b-8d77-8f883c2c8de0', 'RBD', '2016-03-16 12:56:42', null, 2, null, 0, 0, 'Initialized', _binary'DefaultPrimary', null, _binary'Ey1jjtNxEG2H7uF0tGg==@test/test', 6789, null, null, null, 0, null, null)

      Notice that in the displayed error, the secret as would-be-inserted is Ey1jjtNxEG2H7uF0tGg== (the beggining is cut off to the second slash)

      Also the API call itself seems to have the secret mangled already, where the first slash and plus sign would be.

      We regenerated the secret to contain no special symbols (well equal sign is present) and it went through.

      Attachments

        Activity

          People

            Unassigned Unassigned
            linas-h1p Linas Žilinskas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: