cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Klein (RSI)" <rkl...@rsitex.com>
Subject RE: Cloudstack 4.7 password reset issue.
Date Mon, 04 Apr 2016 19:17:20 GMT
Thanks for the reply and sorry for the delay.  You know how it is on Monday's.

I checked the VR password file as suggested after the password reset via the GUI but before
powering on the VM.  I did see the password reset there as expected.  I powered on the VM
and the password was reset as expected.  The test VM is built from a CentOS7 template with
password enabled.  I checked the /var/log/messages and you can see from the client perspective
the change went as expected.  Below is "snippet1" from the message log on the VM (there are
no SSH key so it fails as expected):

Apr  4 13:45:35 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-sshkey...
Apr  4 13:45:35 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-password...
Apr  4 13:45:35 rsi-test-c7 cloud: Unable to determine the password server, falling back to
data-server
Apr  4 13:45:35 rsi-test-c7 cloud: Could not find ssh key server IP in /var/lib/dhclient/dhclient.leases
Apr  4 13:45:36 rsi-test-c7 cloud: Unable to determine the password server, falling back to
data-server
Apr  4 13:45:36 rsi-test-c7 cloud: Sending request to password server at data-server
Apr  4 13:45:36 rsi-test-c7 cloud: Sending request to ssh key server at data-server
Apr  4 13:45:36 rsi-test-c7 cloud: Got response from server at data-server
Apr  4 13:45:36 rsi-test-c7 cloud: Did not receive any keys from any server
Apr  4 13:45:36 rsi-test-c7 systemd: cloud-set-guest-sshkey.service: control process exited,
code=exited status=1
Apr  4 13:45:36 rsi-test-c7 systemd: Failed to start LSB: cloud-set-guest-sshkey.
Apr  4 13:45:36 rsi-test-c7 systemd: Unit cloud-set-guest-sshkey.service entered failed state.
Apr  4 13:45:36 rsi-test-c7 systemd: cloud-set-guest-sshkey.service failed.
Apr  4 13:45:36 rsi-test-c7 cloud: Got response from server at data-server
Apr  4 13:45:36 rsi-test-c7 cloud: VM got a valid password from server at data-server
Apr  4 13:45:36 rsi-test-c7 cloud: Changing password for user root
Apr  4 13:45:36 rsi-test-c7 cloud: Sending acknowledgment to password server at data-server
Apr  4 13:45:36 rsi-test-c7 cloud-set-guest-password: saved_password
Apr  4 13:45:36 rsi-test-c7 systemd: Started LSB: cloud-set-guest-password.
Apr  4 13:45:36 rsi-test-c7 systemd: Starting Initial cloud-init job (metadata service crawler)...
Apr  4 13:45:37 rsi-test-c7 systemd: Started Initial cloud-init job (metadata service crawler).
Apr  4 13:45:37 rsi-test-c7 systemd: Starting Apply the settings specified in cloud-config...
Apr  4 13:45:37 rsi-test-c7 systemd: Started Apply the settings specified in cloud-config.
Apr  4 13:45:37 rsi-test-c7 systemd: Starting Execute cloud user/final scripts...
Apr  4 13:45:37 rsi-test-c7 systemd: Started Execute cloud user/final scripts.

I checked the password file on the VR and it was empty now.  I then manually reset the password
on the VM console only (not CS GUI) and performed an OS reboot from the console.  I could
log in with the password I change with the console.  Below is the system messages "snippet2":

Apr  4 13:36:27 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-sshkey...
Apr  4 13:36:27 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-password...
Apr  4 13:36:27 rsi-test-c7 cloud: Could not find ssh key server IP in /var/lib/dhclient/dhclient.leases
Apr  4 13:36:27 rsi-test-c7 cloud: Unable to determine the password server, falling back to
data-server
Apr  4 13:36:27 rsi-test-c7 cloud: Unable to determine the password server, falling back to
data-server
Apr  4 13:36:27 rsi-test-c7 cloud: Sending request to password server at data-server
Apr  4 13:36:27 rsi-test-c7 cloud: Sending request to ssh key server at data-server
Apr  4 13:36:27 rsi-test-c7 cloud: Got response from server at data-server
Apr  4 13:36:27 rsi-test-c7 cloud: Did not receive any keys from any server
Apr  4 13:36:27 rsi-test-c7 systemd: cloud-set-guest-sshkey.service: control process exited,
code=exited status=1
Apr  4 13:36:27 rsi-test-c7 systemd: Failed to start LSB: cloud-set-guest-sshkey.
Apr  4 13:36:27 rsi-test-c7 systemd: Unit cloud-set-guest-sshkey.service entered failed state.
Apr  4 13:36:27 rsi-test-c7 systemd: cloud-set-guest-sshkey.service failed.
Apr  4 13:36:27 rsi-test-c7 cloud: Got response from server at data-server
Apr  4 13:36:27 rsi-test-c7 cloud: VM has already saved a password from the password server
at data-server
Apr  4 13:36:27 rsi-test-c7 cloud: Did not need to change password.
Apr  4 13:36:27 rsi-test-c7 systemd: Started LSB: cloud-set-guest-password.

I then powered off the VM and powered it back on without changing any passwords.  The password
was set to the last change password via the GUI.  The logs behave as if the password reset
was performed from the GUI again (snippet1).  I checked the password file on the VR and it
was empty.  I also monitored the VR /var/log/cloud.log messages and discovered something interesting.
 As expected there was a flurry of activity but the following 2 messages stood out to me:

2016-04-04 18:45:06,937  merge.py save:72 {u'id': u'dhcpentry', u'10.1.1.39': {u'default_gateway':
u'10.1.1.1', u'ipv6_duid': u'00:03:00:01:
02:00:26:c0:00:07', u'default_entry': True, u'ipv4_adress': u'10.1.1.39', u'host_name': u'rsi-test-c7',
u'mac_address': u'02:00:26:c0:00:07'
, u'type': u'dhcpentry', u'dns_adresses': u'10.1.1.1'}}

2016-04-04 18:45:07,006  CsHelper.py execute:160 Executing: curl --header "DomU_Request: save_password"
"http://10.1.1.1:8080/" -F "ip=10.1.1.39" -F "password=a8Q7Bs" -F "token=ae199529efcd26f7811f36ae7c0807b1"
>/dev/null 2>/dev/null &

The VM I powered on IP address is 10.1.1.39 and it appears to me that the CsHelper.py curl
command is setting the password again?  Making an educated guess it looks like the management
process is sending the reset password again to the VR after the power up?

Please let me know what you think or if you need further information just let me know.  Thanks.

----
Richard KleinĀ  <rklein@rsitex.com> 
RSI 
5426 Guadalupe, Suite 100 
Austin TX 78751 



>-----Original Message-----
>From: Suresh Sadhu [mailto:suresh.sadhu@accelerite.com] 
>Sent: Monday, April 04, 2016 5:21 AM
>To: users@cloudstack.apache.org
>Subject: RE: Cloudstack 4.7 password reset issue.
>
>This look like an issue, please check the VR password file (/var/cache/cloud/passwords)
and entries look like below: Guest_vm_ip=Password)
>Eg:
>10.1.1.145=sX3qvbstr 		--- here, In this case it  successfully generated the password
 but didn't applied on Guest vm
>10.1.1.135=saved_password 	 -- if it  applied successfully on VM  then it will show as
 guest_vm_ip=Saved_password.) 
>
>So please check you entries as well check your logs for any errors. 
>
>Regards
>Sadhu
>Chief Product Engineer, Accelerite
>Suresh.sadhu@accelerite.com


>>-----Original Message-----
>>From: Erik Weber [mailto:terbolous@gmail.com]
>>Sent: Monday, April 4, 2016 11:54 AM
>>To: users@cloudstack.apache.org
>>Subject: Re: Cloudstack 4.7 password reset issue.
>>
>>On Mon, Apr 4, 2016 at 7:28 AM, Shweta Agarwal < shweta.agarwal1@accelerite.com>
wrote:
>>
>> Hi Richard,
>> Cloudstack is working as expected at every steps you mentioned .
>>
>> when your template is password enabled  then every time you reset 
>> password via CS and stop start the VM then router will push new 
>> password to the user VM .
>>

This works, but if you read his example you will see that the password is reset after an additional
reboot, which it should not.

Looks like a bug, but more info is needed to state if it is in CloudStack or the password
reset script.

--
Erik



DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.
Mime
View raw message