Rundeck Enterprise dies at startup with "java.io.IOException: Decryption failed."

28 views
Skip to first unread message

Xavier Humbert

unread,
Mar 25, 2022, 1:00:34 PM3/25/22
to rundeck-discuss
Hi,

We are in touch with PagerDuty in order to evaluate Rundeck Enterprise.
This is 3.4.10 on RHEL8

Immadiately after startup, Rundeck crashes with is stacktrace :

--------------------------------------------------------------------------------------------------------------------------------------
[2022-03-25T17:53:48,433] INFO  rundeckapp.Application - Started
Application in 71.168569121 seconds (JVM running for 94.153)
Grails application running at http://localhost:4440 in environment:
production
[2022-03-25T17:53:51,472] ERROR events.EventSubscriberTrigger - Error
triggering event [rdpro.bootstrap] for subscriber
[grails.events.subscriber.MethodSubscriber(public void
rundeckpro.nodehealthcheck.HealthCheckService.initialCheck() throws
java.lang.Exception)]: null
java.lang.reflect.UndeclaredThrowableException: null
        at
org.springframework.util.ReflectionUtils.rethrowRuntimeException(ReflectionUtils.java:147)
~[spring-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
...
Caused by: java.io.IOException: Decryption failed.
        at
org.rundeck.plugin.encryption.JasyptEncryptionConverterPlugin$DecryptStream.getInputStream(JasyptEncryptionConverterPlugin.java:452)
~[?:?]

My rundeck-config.properties file is consistent with the Community
Edition we have actually in production :

--------------------------------------------------------------------------------------------------------------------------------------
# Database
dataSource.dbCreate=update

dataSource.url=jdbc:mysql://dbserver.foobar/rdpro?serverTimezone=Europe/Paris?autoReconnect=true&useSSL=false
dataSource.username=rdprotest
dataSource.password=rundeck
dataSource.driverClassName=org.mariadb.jdbc.Driver
dataSource.properties.autoReconnect=true
dataSource.properties.useSSL=false
dataSource.properties.maxActive=200
dataSource.properties.maxWait=10000
dataSource.properties.validationInterval=15000
dataSource.properties.testOnBorrow=true
dataSource.properties.testWhileIdle=true
dataSource.properties.testOnReturn=false
dataSource.properties.minIdle=10
dataSource.properties.maxIdle=25
dataSource.properties.maxAge=600000
dataSource.properties.logValidationErrors=true

# Encryption for key storage
rundeck.storage.provider.1.type=db
rundeck.storage.provider.1.path=keys

rundeck.storage.converter.1.type=jasypt-encryption
rundeck.storage.converter.1.path=keys
rundeck.storage.converter.1.config.encryptorType=custom
rundeck.storage.converter.1.config.password=*******************
rundeck.storage.converter.1.config.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC
rundeck.storage.converter.1.config.provider=BC

# Encryption for project config storage
rundeck.projectsStorageType=db

rundeck.config.storage.converter.1.type=jasypt-encryption
rundeck.config.storage.converter.1.path=projects
rundeck.config.storage.converter.1.config.password=******************
rundeck.config.storage.converter.1.config.encryptorType=custom
rundeck.config.storage.converter.1.config.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC
rundeck.config.storage.converter.1.config.provider=BC

rundeck.feature.repository.enabled=true

rundeck.clusterMode.enabled=true
--------------------------------------------------------------------------------------------------------------------------------------

The three instance of the cluster crash with the same error.

What is the cause of this problem ?

Thanks, cheers,

Xavier

--
Xavier Humbert
CRT Supervision et Exploitation de Niveau 1
Rectorat de Nancy-Metz
03 83 86 27 39

OpenPGP_0x90B78A89BCC49C10.asc
OpenPGP_signature

rac...@rundeck.com

unread,
Mar 25, 2022, 1:59:02 PM3/25/22
to rundeck-discuss

Hi Xavier,

This occurs because the database is encrypted with another encryption key instance (lines rundeck.storage.converter.1.config.password and rundeck.config.storage.converter.1.config.password on the rundeck-config properties file).

For Rundeck Enterprise (now called PagerDuty Process Automation On-Prem) please use a brand-new database, internally Rundeck Community and Process Automation On-Prem backends are different. Also, make sure that all cluster members have the same database configuration/encryption on the rundeck-config.properties file.

Important: If you’re using/trying Rundeck Enterprise/Process Automation On-Prem please contact the dedicated support team, they help you ASAP :-)

Greetings!

Xavier Humbert

unread,
Mar 28, 2022, 3:01:31 AM3/28/22
to rundeck...@googlegroups.com

Hi Rainer,

I fixed the error by

* setting the same password in the 3 rundeck-config.properties
* dropping and recreating the database
* relaunching the 3 instances

Unfortunately, the problem persists 😭

Cheers,

Xavier

Le 3/25/22 18:59, rac...@rundeck.com a écrit :
--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/5d0c9687-3208-433c-8688-6761ec5fa43cn%40googlegroups.com.
OpenPGP_0x90B78A89BCC49C10.asc
OpenPGP_signature

Xavier Humbert

unread,
Mar 28, 2022, 8:15:50 AM3/28/22
to rundeck...@googlegroups.com

Hi,

Don't mind, I reinstalled the whole stuff, everything is OK now

Cheers,

Xavier

Le 3/28/22 09:01, 'Xavier Humbert' via rundeck-discuss a écrit :
OpenPGP_0x90B78A89BCC49C10.asc
OpenPGP_signature
Reply all
Reply to author
Forward
0 new messages