cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Lawley <rich...@richardlawley.com>
Subject Re: Cloudstack guest password
Date Tue, 28 Jul 2020 16:10:50 GMT
Do you have a redundant network (2 VRs)?  If so, you cannot
communicate with the password server on the shared .1 IP - you need to
use the VR's unique IP address (this is why the scripts are trying to
find the DHCP server address - this is the only way to find this IP).

Also note that there's a long-standing bug where ACS only stores the
password on the VR with the lowest ID, rather than the one which is
active, so if you've got v-5-VM and v-6-VM but 6 is master, your
password reset won't work.

On Tue, 28 Jul 2020 at 16:59, Craig Dunn
<sendai789@googlemail.com.invalid> wrote:
>
> Hi all,
>
> think i`m getting somewhere with it now.
>
> currently when I try to change the password it says NetworkManager is not
> running
>
> Jul 28 11:51:17 centos8-base-m1Dd4 cloud-set-guest-password[886]: Error:
> NetworkManager is not running.
> Jul 28 11:51:17 centos8-base-m1Dd4 cloud[924]: Unable to determine the
> password server, falling back to data-server
> Jul 28 11:51:17 centos8-base-m1Dd4 cloud[925]: Sending request to password
> server at data-server
> Jul 28 11:51:17 centos8-base-m1Dd4 cloud[936]: Failed to send request to
> password server at data-server
> Jul 28 11:51:17 centos8-base-m1Dd4 cloud[939]: Did not need to change
> password.
>
> i`m guessing this means its not running on boot when the script is running
> as once i'm logged if I check the service status it says it running,
> however I have noticed that under CGroup the is a dhclient line in my
> working Centos7 Template which doesnt appear in my new Centos8 Template:
>
> CGroup: /system.slice/NetworkManager.service
>            ├─774 /usr/sbin/NetworkManager --no-daemon
>            └─903 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf
> /var/run/dhclient-eno16777984.pid -lf
> /var/lib/NetworkManager/dhclient-dcf53092-0072-3182-bb91-c33e31d619e3-eno16777984.lease
> -cf /var/lib/NetworkManager/dhc...
>
> not sure if that is whats wrong at the minute more looking at differences
> between working and not working.
>
> On Fri, 24 Jul 2020 at 14:13, Craig Dunn <sendai789@googlemail.com> wrote:
>
> > thanks Andrija,
> >
> > I`m having vpn trouble atm so cant get onto the VR to check but, if I run
> > the wget command manually against the VR I get back the password which was
> > shown in the UI.
> >
> > I`m guessing the VR has done its but its just not being applied to the VM
> > itself for some reason.
> >
> >
> >
> > On Fri, 24 Jul 2020 at 12:20, Andrija Panic <andrija.panic@gmail.com>
> > wrote:
> >
> >> When you change the password for a VM (while VM is stopped) - ACS will
> >> store the password (in readable form) inside the VR in
> >> /var/cache/cloud/password-xxxxxxxx - so if you see the password here (as
> >> given in the UI) - that means that nobody fetched the password from the VR
> >> - but if it's missing (replaced with word "saved") that means that the
> >> script/cloud-init already downloaded the password (but it's question if it
> >> was applied or not on the OS/VM itself)
> >>
> >> Hope that helps
> >>
> >> On Fri, 24 Jul 2020 at 12:34, Craig Dunn <sendai789@googlemail.com
> >> .invalid>
> >> wrote:
> >>
> >> > Hey all,
> >> >
> >> > So, spent yesterday messing around with it, if I run wget -q -t 3 -T 20
> >> -O
> >> > - --header "DomU_Request: send_my_password" $192.168.81.1:8080. Replace
> >> > $PASSWORD_SERVER manually it shows nothing.
> >> >
> >> > [image: image.png]
> >> > but this behaviour seems normal as a working template does not respond
> >> > either.
> >> >
> >> > I have also noticed that the leases file in /var/lib/dhclient doesnt
> >> > generate till you run dhclient (this is fine I can figure that out
> >> later)
> >> > but running reset password from cloudstack doesn't actually change it.
> >> Only
> >> > only thing I have done is a symbolic link on the script from the init.d
> >> > folder to rc0.d folder (I had to do this with ubuntu so assumed I would
> >> > here too)
> >> >
> >> > any troubleshooting tips anyone can offer?
> >> >
> >> > Thanks
> >> >
> >> > On Thu, 23 Jul 2020 at 12:27, Andrija Panic <andrija.panic@gmail.com>
> >> > wrote:
> >> >
> >> >> cloud-init has the "plugin" for cloudstack, so it "behaves" well with
> >> it.
> >> >>
> >> >> best,
> >> >>
> >> >> On Thu, 23 Jul 2020 at 12:48, Craig Dunn <sendai789@googlemail.com
> >> >> .invalid>
> >> >> wrote:
> >> >>
> >> >> > Thanks Andrija i`ll have a look into that, does the platform need
to
> >> >> > support it, or does cloudstack support it by default?
> >> >> >
> >> >> > @Vivek strangely its generated a lease file in /var/lib/dhclient
(not
> >> >> sure
> >> >> > if I did anything to force it) I have tried resetting both manually
> >> and
> >> >> via
> >> >> > the UI with no changes
> >> >> >
> >> >> > On Thu, 23 Jul 2020 at 11:22, Andrija Panic <andrija.panic@gmail.com
> >> >
> >> >> > wrote:
> >> >> >
> >> >> > > that script used to work only with initd and not systemd,
so better
> >> >> > invest
> >> >> > > some time in cloud-init, and achieve the same thing (and
more if
> >> >> needed).
> >> >> > > You can i.e. download the
> >> http://dl.openvm.eu/cloudstack/macchinina/
> >> >> > > template
> >> >> > > and see how the cloud-init is configured there (afaik, it
uses
> >> >> > cloud-init)
> >> >> > >
> >> >> > > Best,
> >> >> > >
> >> >> > > On Thu, 23 Jul 2020 at 12:17, Vivek Kumar <vivek.kumar@indiqus.com
> >> >> > > .invalid>
> >> >> > > wrote:
> >> >> > >
> >> >> > > > That won’t help because it fetch the password from
router . Can
> >> you
> >> >> > just
> >> >> > > > run “dhclient” and check the lease folder wether
you are getting
> >> >> lease
> >> >> > > file
> >> >> > > > generated or not.
> >> >> > > >
> >> >> > > > Vivek Kumar
> >> >> > > > Manager - Cloud & DevOps
> >> >> > > > IndiQus Technologies
> >> >> > > > 24*7  O +91 11 4055 1411  |   M +91 7503460090
> >> >> > > > www.indiqus.com <http://indiqus.com/>
> >> >> > > >
> >> >> > > > This message is intended only for the use of the individual
or
> >> >> entity
> >> >> > to
> >> >> > > > which it is addressed and may contain information that
is
> >> >> confidential
> >> >> > > > and/or privileged. If you are not the intended recipient
please
> >> >> delete
> >> >> > > the
> >> >> > > > original message and any copy of it from your computer
system.
> >> You
> >> >> are
> >> >> > > > hereby notified that any dissemination, distribution
or copying
> >> of
> >> >> this
> >> >> > > > communication is strictly prohibited unless proper authorization
> >> has
> >> >> > been
> >> >> > > > obtained for such action. If you have received this
> >> communication in
> >> >> > > error,
> >> >> > > > please notify the sender immediately. Although IndiQus
attempts
> >> to
> >> >> > sweep
> >> >> > > > e-mail and attachments for viruses, it does not guarantee
that
> >> both
> >> >> are
> >> >> > > > virus-free and accepts no liability for any damage sustained
as a
> >> >> > result
> >> >> > > of
> >> >> > > > viruses.
> >> >> > > >
> >> >> > > > > On 23-Jul-2020, at 3:43 PM, Craig Dunn <
> >> sendai789@googlemail.com
> >> >> > > .INVALID>
> >> >> > > > wrote:
> >> >> > > > >
> >> >> > > > > Hi,
> >> >> > > > >
> >> >> > > > > I have found a leases file BUT it only specifies
the IP of the
> >> VM
> >> >> > > itself
> >> >> > > > > and not the gateway (which is where DHCP is served)
> >> >> > > > >
> >> >> > > > > [root@VM-222c78e8-a8f7-4746-b28b-6f1b66bdf34b NetworkManager]#
> >> >> cat
> >> >> > > > > internal-3e6e8f47-404a-46a9-9ad2-1b2a9217384a-ens35.lease
> >> >> > > > > # This is private data. Do not parse.
> >> >> > > > > ADDRESS=192.168.81.40
> >> >> > > > >
> >> >> > > > > this is in the /var/lib/NetworkManager folder
> >> >> > > > >
> >> >> > > > > if I run the script manually specifying the IP
it doesnt change
> >> >> > > anything
> >> >> > > > >
> >> >> > > > > Thanks
> >> >> > > > >
> >> >> > > > > On Thu, 23 Jul 2020 at 10:31, Craig Dunn <
> >> >> sendai789@googlemail.com>
> >> >> > > > wrote:
> >> >> > > > >
> >> >> > > > >> Hi Vivek,
> >> >> > > > >>
> >> >> > > > >> thanks for the response, seems its fallen at
the first hurdle
> >> the
> >> >> > > > >> /var/lib/dhclient folder is empty so, i`ll
look into why thats
> >> >> not
> >> >> > > being
> >> >> > > > >> generated.
> >> >> > > > >>
> >> >> > > > >> I have password enabled set on the template,
I thought cloud
> >> init
> >> >> > and
> >> >> > > > the
> >> >> > > > >> script were two different ways of achieving
the same thing? Or
> >> >> does
> >> >> > > the
> >> >> > > > >> script actually require it as a prerequisite?
> >> >> > > > >>
> >> >> > > > >> Thanks
> >> >> > > > >>
> >> >> > > > >> On Thu, 23 Jul 2020 at 10:03, Vivek Kumar <
> >> >> vivek.kumar@indiqus.com
> >> >> > > > .invalid>
> >> >> > > > >> wrote:
> >> >> > > > >>
> >> >> > > > >>> Hello Craig,
> >> >> > > > >>>
> >> >> > > > >>> So setup-password scripts works from inside
of the VM. If you
> >> >> just
> >> >> > > look
> >> >> > > > >>> on the script -
> >> >> > > > >>>
> >> >> > > > >>> 1- First it finds the DHCP server IP from
lease file. So make
> >> >> sure
> >> >> > > that
> >> >> > > > >>> you are getting you lease file in your
any of the folder
> >> >> mentioned
> >> >> > in
> >> >> > > > >>> script - i.e DHCP_FOLDERS="/var/lib/dhclient/*
> >> /var/lib/dhcp3/*
> >> >> > > > >>> /var/lib/dhcp/*”. Sometimes it does’t
generate the lease
> >> file,
> >> >> So
> >> >> > you
> >> >> > > > have
> >> >> > > > >>> to check first why is it got generating
the lease file.
> >> >> > > > >>> 2- Now just try to run the manual command
to see wether you
> >> are
> >> >> > > > receiving
> >> >> > > > >>> any password or not i.e 'wget -q -t 3 -T
20 -O - --header
> >> >> > > > "DomU_Request:
> >> >> > > > >>> send_my_password" $PASSWORD_SERVER_IP:8080.
Replace
> >> >> > $PASSWORD_SERVER
> >> >> > > > with
> >> >> > > > >>> you DHCP serve IP, which you can find in
step -1
> >> >> > > > >>> 3- If you are able to get things you wanted
in Step-1 and
> >> Step-2
> >> >> > then
> >> >> > > > run
> >> >> > > > >>> the script manually (It should reset the
password by running
> >> >> > > manually )
> >> >> > > > >>> weather to check if it is running on successfully
on boot or
> >> >> not.
> >> >> > > > >>> 4- I am assuming that you have already
enabled the password
> >> box
> >> >> in
> >> >> > > your
> >> >> > > > >>> templates and cloud-init installed on you
template.
> >> >> > > > >>>
> >> >> > > > >>>
> >> >> > > > >>>
> >> >> > > > >>> Vivek Kumar
> >> >> > > > >>> Manager - Cloud & DevOps
> >> >> > > > >>> IndiQus Technologies
> >> >> > > > >>> 24*7  O +91 11 4055 1411  |   M +91 7503460090
> >> >> > > > >>> www.indiqus.com <http://indiqus.com/>
> >> >> > > > >>>
> >> >> > > > >>> This message is intended only for the use
of the individual
> >> or
> >> >> > entity
> >> >> > > > to
> >> >> > > > >>> which it is addressed and may contain information
that is
> >> >> > > confidential
> >> >> > > > >>> and/or privileged. If you are not the intended
recipient
> >> please
> >> >> > > delete
> >> >> > > > the
> >> >> > > > >>> original message and any copy of it from
your computer
> >> system.
> >> >> You
> >> >> > > are
> >> >> > > > >>> hereby notified that any dissemination,
distribution or
> >> copying
> >> >> of
> >> >> > > this
> >> >> > > > >>> communication is strictly prohibited unless
proper
> >> authorization
> >> >> > has
> >> >> > > > been
> >> >> > > > >>> obtained for such action. If you have received
this
> >> >> communication
> >> >> > in
> >> >> > > > error,
> >> >> > > > >>> please notify the sender immediately. Although
IndiQus
> >> attempts
> >> >> to
> >> >> > > > sweep
> >> >> > > > >>> e-mail and attachments for viruses, it
does not guarantee
> >> that
> >> >> both
> >> >> > > are
> >> >> > > > >>> virus-free and accepts no liability for
any damage sustained
> >> as
> >> >> a
> >> >> > > > result of
> >> >> > > > >>> viruses.
> >> >> > > > >>>
> >> >> > > > >>>> On 23-Jul-2020, at 2:01 PM, Craig Dunn
<
> >> >> sendai789@googlemail.com
> >> >> > > > .INVALID>
> >> >> > > > >>> wrote:
> >> >> > > > >>>>
> >> >> > > > >>>> Hi all,
> >> >> > > > >>>>
> >> >> > > > >>>> Just subscribed and after some advise.
I'm trying to setup a
> >> >> new
> >> >> > > > Centos8
> >> >> > > > >>>> template for our cloud platform.
> >> >> > > > >>>>
> >> >> > > > >>>> I want to use the guest password script
so we can deploy
> >> and a
> >> >> > > > password
> >> >> > > > >>> is
> >> >> > > > >>>> generated on deployment but I'm having
issues getting it to
> >> >> work.
> >> >> > > I'm
> >> >> > > > >>>> following this guide:
> >> >> > > > >>>>
> >> >> > > > >>>>
> >> >> > > > >>>
> >> >> > > >
> >> >> > >
> >> >> >
> >> >>
> >> http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/templates/_password.html
> >> >> > > > >>>>
> >> >> > > > >>>> And it seems straightforward I have
got the script in
> >> >> /etc/init.d
> >> >> > > and
> >> >> > > > >>> made
> >> >> > > > >>>> it executable and changed the permissions
and run the
> >> chkconfig
> >> >> > > > command
> >> >> > > > >>> but
> >> >> > > > >>>> it still doesn't work, I have tried
reverse engineering one
> >> of
> >> >> our
> >> >> > > > >>> working
> >> >> > > > >>>> templates (which I didn't do) but it
doesn't seem obvious
> >> how
> >> >> it
> >> >> > > > >>> working.
> >> >> > > > >>>> Can anyone help or advise?
> >> >> > > > >>>>
> >> >> > > > >>>> Thanks
> >> >> > > > >>>
> >> >> > > > >>>
> >> >> > > >
> >> >> > > >
> >> >> > >
> >> >> > > --
> >> >> > >
> >> >> > > Andrija Panić
> >> >> > >
> >> >> >
> >> >>
> >> >>
> >> >> --
> >> >>
> >> >> Andrija Panić
> >> >>
> >> >
> >>
> >> --
> >>
> >> Andrija Panić
> >>
> >

Mime
View raw message