CLOUDSTACK-3990: add password encryption

commit: 2e9e68ec90d5c400adff01432ff23c83992926dd [log] [tgz]
author: Pierre-Luc Dion <pdion891@apache.org> Sun Mar 08 00:39:10 2015 -0500
committer: Pierre-Luc Dion <pdion891@apache.org> Sun Mar 08 00:39:10 2015 -0500
tree: c5a466204187350722d9c020bcd4c3913c961553
parent: 1f35778d3fc9c13ee1f454a697950a1ff67f4d54 [diff]
diff --git a/source/hosts.rst b/source/hosts.rst
index 2150ce6..21f0a0e 100644
--- a/source/hosts.rst
+++ b/source/hosts.rst

@@ -226,6 +226,17 @@
    the host and the password known to CloudStack will not match.
    Operations on the cluster will fail until the two passwords match.
 
+#. if the password in the database is encrypted, it is (likely) necessary to
+   encrypt the new password using the database key before adding it to the database.
+
+   .. code:: bash
+
+      java -classpath /usr/share/cloudstack-common/lib/jasypt-1.9.0.jar \
+      org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI \
+      encrypt.sh input="newrootpassword" \
+      password="databasekey" \
+      verbose=false
+
 #. Get the list of host IDs for the host in the cluster where you are
    changing the password. You will need to access the database to
    determine these host IDs. For each hostname "h" (or vSphere cluster)
commit	2e9e68ec90d5c400adff01432ff23c83992926dd	[log] [tgz]
author	Pierre-Luc Dion <pdion891@apache.org>	Sun Mar 08 00:39:10 2015 -0500
committer	Pierre-Luc Dion <pdion891@apache.org>	Sun Mar 08 00:39:10 2015 -0500
tree	c5a466204187350722d9c020bcd4c3913c961553
parent	1f35778d3fc9c13ee1f454a697950a1ff67f4d54 [diff]