Bamboo Server fails to start after replacing the Crowd instance with a new one
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Bamboo fails to start after replacing the Atlassian Crowd instance being used for external user directory with a new Crowd instance. This happens when a modification was done on a particular database table followed by a Bamboo startup or restart.
Environment
Solution has been tested on Bamboo 8 and 9 but should work on all supported versions of Bamboo.
Diagnosis
Bamboo is failing to start after changing the Crowd instance. The below error message is seen on the <bamboo-home>/logs/atlassian-bamboo.log file.
2023-11-17 13:26:58,433 INFO [main] [SecretEncryptionServiceImpl] Can't decrypt data. It's possible data was encrypted by different cipher. Run Bamboo with system property -Dbamboo.security.decryption.ignore.errors=true to ignore this error
2023-11-17 13:26:58,448 FATAL [main] [BambooContainer] Cannot start Bamboo
java.lang.IllegalStateException: Could not transition server from 'SETUP' to 'STARTING'
Caused by: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.IllegalArgumentException: Unknown encrypted data format: [new_application_password]
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2055) ~[guava-31.0.1-jre.jar:?]
at com.google.common.cache.LocalCache.get(LocalCache.java:3966) ~[guava-31.0.1-jre.jar:?]
at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4863) ~[guava-31.0.1-jre.jar:?]
at com.atlassian.crowd.directory.LazyAttributesEvaluationDirectory.getValue(LazyAttributesEvaluationDirectory.java:53) ~[crowd-persistence-5.0.2.jar:?]
at com.atlassian.crowd.directory.LazyAttributesEvaluationDirectory.lambda$getAttributes$0(LazyAttributesEvaluationDirectory.java:66) ~[crowd-persistence-5.0.2.jar:?]Cause
CWD_DIRECTORY_ATTRIBUTE table in Bamboo contains the required attributes required to connect with Crowd. Any incorrect property here will fail the connection between Bamboo and Crowd.
In this particular example application.password's value in the CWD_DIRECTORY_ATTRIBUTE table was modified with an unencrypted value.
Solution
The application.password's value should be encrypted before modifying the CWD_DIRECTORY_ATTRIBUTE's table.
This should be done using Bamboo Specs encryption. Steps are listed below
- From the top navigation bar, select Specs > Sensitive data encryption.
- Paste the content you want to encrypt in the text box.
- Click Encrypt.
Note: Ensure that a backup of the database is taken before proceeding with the steps below:
- Update the CWD_DIRECTORY_ATTRIBUTE table with the encrypted value as shown below;
# UPDATE CWD_DIRECTORY_ATTRIBUTE SET ATTRIBUTE_VALUE = 'new_application_password' WHERE ATTRIBUTE_VALUE = 'BAMSCRT@0@0@+5pSXYxi51kRcokvYa4+AWrA7OG7CxQdYeEJSloICWU=';
- View the CWD_DIRECTORY_ATTRIBUTE to see the modification of the application.password's value.
#SELECT * from CWD_DIRECTORY_ATTRIBUTE;
directory_id | attribute_name | attribute_value
--------------+----------------------------------------------------------------+--------------------------------------------
65537 | user_encryption_method | atlassian-security
1015809 | crowd.sync.incremental.enabled | true
1015809 | crowd.server.url | <CROWD_URL>
1015809 | crowd.server.http.timeout | 5000
1015809 | crowd.server.http.max.connections | 20
1015809 | crowd.sync.group.membership.after.successful.user.auth.enabled | true
1015809 | directory.cache.synchronise.interval | 3600
1015809 | useNestedGroups | false
1015809 | application.name | <crowd_application_name>
1015809 | application.password | BAMSCRT@0@0@+5pSXYxi51kRcokvYa4+AWrA7OG7CxQdYeEJSloICWU=
(10 rows)
Now the application starts successfully.