cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig Dunn <sendai...@googlemail.com.INVALID>
Subject Re: Cloudstack guest password
Date Tue, 28 Jul 2020 15:58:32 GMT
Hi all,

think i`m getting somewhere with it now.

currently when I try to change the password it says NetworkManager is not
running

Jul 28 11:51:17 centos8-base-m1Dd4 cloud-set-guest-password[886]: Error:
NetworkManager is not running.
Jul 28 11:51:17 centos8-base-m1Dd4 cloud[924]: Unable to determine the
password server, falling back to data-server
Jul 28 11:51:17 centos8-base-m1Dd4 cloud[925]: Sending request to password
server at data-server
Jul 28 11:51:17 centos8-base-m1Dd4 cloud[936]: Failed to send request to
password server at data-server
Jul 28 11:51:17 centos8-base-m1Dd4 cloud[939]: Did not need to change
password.

i`m guessing this means its not running on boot when the script is running
as once i'm logged if I check the service status it says it running,
however I have noticed that under CGroup the is a dhclient line in my
working Centos7 Template which doesnt appear in my new Centos8 Template:

CGroup: /system.slice/NetworkManager.service
           ├─774 /usr/sbin/NetworkManager --no-daemon
           └─903 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf
/var/run/dhclient-eno16777984.pid -lf
/var/lib/NetworkManager/dhclient-dcf53092-0072-3182-bb91-c33e31d619e3-eno16777984.lease
-cf /var/lib/NetworkManager/dhc...

not sure if that is whats wrong at the minute more looking at differences
between working and not working.

On Fri, 24 Jul 2020 at 14:13, Craig Dunn <sendai789@googlemail.com> wrote:

> thanks Andrija,
>
> I`m having vpn trouble atm so cant get onto the VR to check but, if I run
> the wget command manually against the VR I get back the password which was
> shown in the UI.
>
> I`m guessing the VR has done its but its just not being applied to the VM
> itself for some reason.
>
>
>
> On Fri, 24 Jul 2020 at 12:20, Andrija Panic <andrija.panic@gmail.com>
> wrote:
>
>> When you change the password for a VM (while VM is stopped) - ACS will
>> store the password (in readable form) inside the VR in
>> /var/cache/cloud/password-xxxxxxxx - so if you see the password here (as
>> given in the UI) - that means that nobody fetched the password from the VR
>> - but if it's missing (replaced with word "saved") that means that the
>> script/cloud-init already downloaded the password (but it's question if it
>> was applied or not on the OS/VM itself)
>>
>> Hope that helps
>>
>> On Fri, 24 Jul 2020 at 12:34, Craig Dunn <sendai789@googlemail.com
>> .invalid>
>> wrote:
>>
>> > Hey all,
>> >
>> > So, spent yesterday messing around with it, if I run wget -q -t 3 -T 20
>> -O
>> > - --header "DomU_Request: send_my_password" $192.168.81.1:8080. Replace
>> > $PASSWORD_SERVER manually it shows nothing.
>> >
>> > [image: image.png]
>> > but this behaviour seems normal as a working template does not respond
>> > either.
>> >
>> > I have also noticed that the leases file in /var/lib/dhclient doesnt
>> > generate till you run dhclient (this is fine I can figure that out
>> later)
>> > but running reset password from cloudstack doesn't actually change it.
>> Only
>> > only thing I have done is a symbolic link on the script from the init.d
>> > folder to rc0.d folder (I had to do this with ubuntu so assumed I would
>> > here too)
>> >
>> > any troubleshooting tips anyone can offer?
>> >
>> > Thanks
>> >
>> > On Thu, 23 Jul 2020 at 12:27, Andrija Panic <andrija.panic@gmail.com>
>> > wrote:
>> >
>> >> cloud-init has the "plugin" for cloudstack, so it "behaves" well with
>> it.
>> >>
>> >> best,
>> >>
>> >> On Thu, 23 Jul 2020 at 12:48, Craig Dunn <sendai789@googlemail.com
>> >> .invalid>
>> >> wrote:
>> >>
>> >> > Thanks Andrija i`ll have a look into that, does the platform need to
>> >> > support it, or does cloudstack support it by default?
>> >> >
>> >> > @Vivek strangely its generated a lease file in /var/lib/dhclient (not
>> >> sure
>> >> > if I did anything to force it) I have tried resetting both manually
>> and
>> >> via
>> >> > the UI with no changes
>> >> >
>> >> > On Thu, 23 Jul 2020 at 11:22, Andrija Panic <andrija.panic@gmail.com
>> >
>> >> > wrote:
>> >> >
>> >> > > that script used to work only with initd and not systemd, so better
>> >> > invest
>> >> > > some time in cloud-init, and achieve the same thing (and more
if
>> >> needed).
>> >> > > You can i.e. download the
>> http://dl.openvm.eu/cloudstack/macchinina/
>> >> > > template
>> >> > > and see how the cloud-init is configured there (afaik, it uses
>> >> > cloud-init)
>> >> > >
>> >> > > Best,
>> >> > >
>> >> > > On Thu, 23 Jul 2020 at 12:17, Vivek Kumar <vivek.kumar@indiqus.com
>> >> > > .invalid>
>> >> > > wrote:
>> >> > >
>> >> > > > That won’t help because it fetch the password from router
. Can
>> you
>> >> > just
>> >> > > > run “dhclient” and check the lease folder wether you
are getting
>> >> lease
>> >> > > file
>> >> > > > generated or not.
>> >> > > >
>> >> > > > Vivek Kumar
>> >> > > > Manager - Cloud & DevOps
>> >> > > > IndiQus Technologies
>> >> > > > 24*7  O +91 11 4055 1411  |   M +91 7503460090
>> >> > > > www.indiqus.com <http://indiqus.com/>
>> >> > > >
>> >> > > > This message is intended only for the use of the individual
or
>> >> entity
>> >> > to
>> >> > > > which it is addressed and may contain information that is
>> >> confidential
>> >> > > > and/or privileged. If you are not the intended recipient
please
>> >> delete
>> >> > > the
>> >> > > > original message and any copy of it from your computer system.
>> You
>> >> are
>> >> > > > hereby notified that any dissemination, distribution or copying
>> of
>> >> this
>> >> > > > communication is strictly prohibited unless proper authorization
>> has
>> >> > been
>> >> > > > obtained for such action. If you have received this
>> communication in
>> >> > > error,
>> >> > > > please notify the sender immediately. Although IndiQus attempts
>> to
>> >> > sweep
>> >> > > > e-mail and attachments for viruses, it does not guarantee
that
>> both
>> >> are
>> >> > > > virus-free and accepts no liability for any damage sustained
as a
>> >> > result
>> >> > > of
>> >> > > > viruses.
>> >> > > >
>> >> > > > > On 23-Jul-2020, at 3:43 PM, Craig Dunn <
>> sendai789@googlemail.com
>> >> > > .INVALID>
>> >> > > > wrote:
>> >> > > > >
>> >> > > > > Hi,
>> >> > > > >
>> >> > > > > I have found a leases file BUT it only specifies the
IP of the
>> VM
>> >> > > itself
>> >> > > > > and not the gateway (which is where DHCP is served)
>> >> > > > >
>> >> > > > > [root@VM-222c78e8-a8f7-4746-b28b-6f1b66bdf34b NetworkManager]#
>> >> cat
>> >> > > > > internal-3e6e8f47-404a-46a9-9ad2-1b2a9217384a-ens35.lease
>> >> > > > > # This is private data. Do not parse.
>> >> > > > > ADDRESS=192.168.81.40
>> >> > > > >
>> >> > > > > this is in the /var/lib/NetworkManager folder
>> >> > > > >
>> >> > > > > if I run the script manually specifying the IP it doesnt
change
>> >> > > anything
>> >> > > > >
>> >> > > > > Thanks
>> >> > > > >
>> >> > > > > On Thu, 23 Jul 2020 at 10:31, Craig Dunn <
>> >> sendai789@googlemail.com>
>> >> > > > wrote:
>> >> > > > >
>> >> > > > >> Hi Vivek,
>> >> > > > >>
>> >> > > > >> thanks for the response, seems its fallen at the
first hurdle
>> the
>> >> > > > >> /var/lib/dhclient folder is empty so, i`ll look
into why thats
>> >> not
>> >> > > being
>> >> > > > >> generated.
>> >> > > > >>
>> >> > > > >> I have password enabled set on the template, I thought
cloud
>> init
>> >> > and
>> >> > > > the
>> >> > > > >> script were two different ways of achieving the
same thing? Or
>> >> does
>> >> > > the
>> >> > > > >> script actually require it as a prerequisite?
>> >> > > > >>
>> >> > > > >> Thanks
>> >> > > > >>
>> >> > > > >> On Thu, 23 Jul 2020 at 10:03, Vivek Kumar <
>> >> vivek.kumar@indiqus.com
>> >> > > > .invalid>
>> >> > > > >> wrote:
>> >> > > > >>
>> >> > > > >>> Hello Craig,
>> >> > > > >>>
>> >> > > > >>> So setup-password scripts works from inside
of the VM. If you
>> >> just
>> >> > > look
>> >> > > > >>> on the script -
>> >> > > > >>>
>> >> > > > >>> 1- First it finds the DHCP server IP from lease
file. So make
>> >> sure
>> >> > > that
>> >> > > > >>> you are getting you lease file in your any of
the folder
>> >> mentioned
>> >> > in
>> >> > > > >>> script - i.e DHCP_FOLDERS="/var/lib/dhclient/*
>> /var/lib/dhcp3/*
>> >> > > > >>> /var/lib/dhcp/*”. Sometimes it does’t generate
the lease
>> file,
>> >> So
>> >> > you
>> >> > > > have
>> >> > > > >>> to check first why is it got generating the
lease file.
>> >> > > > >>> 2- Now just try to run the manual command to
see wether you
>> are
>> >> > > > receiving
>> >> > > > >>> any password or not i.e 'wget -q -t 3 -T 20
-O - --header
>> >> > > > "DomU_Request:
>> >> > > > >>> send_my_password" $PASSWORD_SERVER_IP:8080.
Replace
>> >> > $PASSWORD_SERVER
>> >> > > > with
>> >> > > > >>> you DHCP serve IP, which you can find in step
-1
>> >> > > > >>> 3- If you are able to get things you wanted
in Step-1 and
>> Step-2
>> >> > then
>> >> > > > run
>> >> > > > >>> the script manually (It should reset the password
by running
>> >> > > manually )
>> >> > > > >>> weather to check if it is running on successfully
on boot or
>> >> not.
>> >> > > > >>> 4- I am assuming that you have already enabled
the password
>> box
>> >> in
>> >> > > your
>> >> > > > >>> templates and cloud-init installed on you template.
>> >> > > > >>>
>> >> > > > >>>
>> >> > > > >>>
>> >> > > > >>> Vivek Kumar
>> >> > > > >>> Manager - Cloud & DevOps
>> >> > > > >>> IndiQus Technologies
>> >> > > > >>> 24*7  O +91 11 4055 1411  |   M +91 7503460090
>> >> > > > >>> www.indiqus.com <http://indiqus.com/>
>> >> > > > >>>
>> >> > > > >>> This message is intended only for the use of
the individual
>> or
>> >> > entity
>> >> > > > to
>> >> > > > >>> which it is addressed and may contain information
that is
>> >> > > confidential
>> >> > > > >>> and/or privileged. If you are not the intended
recipient
>> please
>> >> > > delete
>> >> > > > the
>> >> > > > >>> original message and any copy of it from your
computer
>> system.
>> >> You
>> >> > > are
>> >> > > > >>> hereby notified that any dissemination, distribution
or
>> copying
>> >> of
>> >> > > this
>> >> > > > >>> communication is strictly prohibited unless
proper
>> authorization
>> >> > has
>> >> > > > been
>> >> > > > >>> obtained for such action. If you have received
this
>> >> communication
>> >> > in
>> >> > > > error,
>> >> > > > >>> please notify the sender immediately. Although
IndiQus
>> attempts
>> >> to
>> >> > > > sweep
>> >> > > > >>> e-mail and attachments for viruses, it does
not guarantee
>> that
>> >> both
>> >> > > are
>> >> > > > >>> virus-free and accepts no liability for any
damage sustained
>> as
>> >> a
>> >> > > > result of
>> >> > > > >>> viruses.
>> >> > > > >>>
>> >> > > > >>>> On 23-Jul-2020, at 2:01 PM, Craig Dunn <
>> >> sendai789@googlemail.com
>> >> > > > .INVALID>
>> >> > > > >>> wrote:
>> >> > > > >>>>
>> >> > > > >>>> Hi all,
>> >> > > > >>>>
>> >> > > > >>>> Just subscribed and after some advise. I'm
trying to setup a
>> >> new
>> >> > > > Centos8
>> >> > > > >>>> template for our cloud platform.
>> >> > > > >>>>
>> >> > > > >>>> I want to use the guest password script
so we can deploy
>> and a
>> >> > > > password
>> >> > > > >>> is
>> >> > > > >>>> generated on deployment but I'm having issues
getting it to
>> >> work.
>> >> > > I'm
>> >> > > > >>>> following this guide:
>> >> > > > >>>>
>> >> > > > >>>>
>> >> > > > >>>
>> >> > > >
>> >> > >
>> >> >
>> >>
>> http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/templates/_password.html
>> >> > > > >>>>
>> >> > > > >>>> And it seems straightforward I have got
the script in
>> >> /etc/init.d
>> >> > > and
>> >> > > > >>> made
>> >> > > > >>>> it executable and changed the permissions
and run the
>> chkconfig
>> >> > > > command
>> >> > > > >>> but
>> >> > > > >>>> it still doesn't work, I have tried reverse
engineering one
>> of
>> >> our
>> >> > > > >>> working
>> >> > > > >>>> templates (which I didn't do) but it doesn't
seem obvious
>> how
>> >> it
>> >> > > > >>> working.
>> >> > > > >>>> Can anyone help or advise?
>> >> > > > >>>>
>> >> > > > >>>> Thanks
>> >> > > > >>>
>> >> > > > >>>
>> >> > > >
>> >> > > >
>> >> > >
>> >> > > --
>> >> > >
>> >> > > Andrija Panić
>> >> > >
>> >> >
>> >>
>> >>
>> >> --
>> >>
>> >> Andrija Panić
>> >>
>> >
>>
>> --
>>
>> Andrija Panić
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message