[Rundeck 4.7.0] Error "org.jasypt.exceptions.EncryptionOperationNotPossibleException" on UI

194 views
Skip to first unread message

Jeremy Bouchet

unread,
Oct 10, 2022, 10:32:50 AM10/10/22
to rundeck-discuss
Hello,

on my Rundeck infra in version 4.7.0 I just rebuilt the ec2 instance to update the AMI.
On the the new ec2 instance Rundeck has been reinstalled but when I connect to the user interface I encounters the below errors :

`Java.io.IOException: Decryption failed`
`org.jasypt.exceptions.EncryptionOperationNotPossibleException`

You can see my "/etc/rundeck/rundeck-config.properties" file :

"
# Encryption for key storage
rundeck.storage.provider.1.type=db
rundeck.storage.provider.1.path=keys

rundeck.storage.converter.1.type=jasypt-encryption
rundeck.storage.converter.1.path=keys
rundeck.storage.converter.1.config.encryptorType=custom
rundeck.storage.converter.1.config.password=PASSWORD
rundeck.storage.converter.1.config.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC
rundeck.storage.converter.1.config.provider=BC

# Encryption for project config storage
rundeck.projectsStorageType=db

rundeck.config.storage.converter.1.type=jasypt-encryption
rundeck.config.storage.converter.1.path=projects
rundeck.config.storage.converter.1.config.password=PASSWORD
rundeck.config.storage.converter.1.config.encryptorType=custom
rundeck.config.storage.converter.1.config.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC
rundeck.config.storage.converter.1.config.provider=BC

rundeck.feature.repository.enabled=true
"

Rundeck stores alls the config and jobs into a MariaDB database, this one hadn't been rebuild, it always ran and continue to run well.
It seems that the problem come from the password.

I tried to stop the rundeck service, change the password (for key storage and for project config storage) and then restart it but I always encounter the same errors.

What are the actions to do to fix this issue ?

regards,

This e-mail, any attachments and the information contained therein ("this message") are confidential and intended solely for the use of the addressee(s). If you have received this message in error please send it back to the sender and delete it. Unauthorized publication, use, dissemination or disclosure of this message, either in whole or in part is strictly prohibited.

Ce message électronique et tous les fichiers joints ainsi que les informations contenues dans ce message (ci-après "le message") sont confidentiels et destinés exclusivement à l'usage de la personne à laquelle ils sont adressés. Si vous avez reçu ce message par erreur, merci de le renvoyer à son émetteur et de le détruire. Toute diffusion, publication, totale ou partielle ou divulgation sous quelque forme que ce soit non expressément autorisée de ce message, est interdite.

2022-10-10_14h41_29.jpg

rac...@rundeck.com

unread,
Oct 11, 2022, 8:57:28 AM10/11/22
to rundeck-discuss

Hi!

That’s because the database was encrypted with a different password by a previous instance, you need to set the correct password to access it or just use a fresh database to use the password defined in your current rundeck-config.properties file.

Regards!

Jeremy Bouchet

unread,
Oct 13, 2022, 3:31:40 AM10/13/22
to rundeck-discuss
The previous ec2 instance was replaced by new one because we implemented a new AMI.
I will see with my colleagues in the next days if we will deploy a fresh database.
thanks

Jeremy Bouchet

unread,
Oct 31, 2022, 4:11:34 AM10/31/22
to rundeck-discuss
To communicate about the actions we had done to fix this issue :
By chance my colleague had keep the password which was defined in the file `rundeck-config.properties`.
So we implemented this one in the `user_data` of the ec2 instance (aws) and now when we will update the AMI of the ec2 instance of Rundeck we willn't encounter this issue.

Reply all
Reply to author
Forward
0 new messages