incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prasanna Santhanam <Prasanna.Santha...@citrix.com>
Subject Re: Fail to get password for VM using API
Date Wed, 08 Aug 2012 09:38:37 GMT
On Tue, Aug 07, 2012 at 10:41:23PM -0400, Tommy Aditya Lawanto wrote:
> @Prasanna:
> 
> Sorry, but i'm still at lost here. 
> 
> 1. Does this mean you can only ssh to the vm using private key
> method? I used onapp before, and there are 2 ways to ssh a vm :
> first is using this private key method, the second is just ssh the
> ip address, you will then login using root, and onapp provides
> random password for user "root" which can be reset. Actually, i'm
> trying to find a way to obtain this root password (if cloudstack
> does support this method)
> 
> 2. What is this encrypted password used for? Does it have anything
> to do with the "resetPasswordForVirtualMachine". I notice that the
> string length between "getVmPassword" and
> "resetPasswordForVirtualMachine" is different.

Hi Tommy-

I haven't used onApp but it looks like both these mechanisms exist in
cloudstack.

1. The ssh keypair based mechanism uses the create/register/delete
SSHKeyPair set of APIs. You fetch the ssh metadata as I suggested
using curl and use standard key-pair authentication. So you can ssh
from your client machine to the VM in the cloud which has the
authorized key.

2. CloudStack provides the random passwd mgmt through password enabled
templates. You would need to prepare such a template as per the
instructions in the Admin guide.( "Adding password management to your
templates"). When deploying a virtual machine with such a template the
UI will respond back with the randomly set password. This is NOT
stored in the database. To reset a forgotten passwd on such a template
you use the resetPasswordForVirtualMachine API.

3. Or you use a combination of both the above (this is the
undocumented bit) which is when the randomly set password gets saved
in the DB in encrypted form. You can get this encrypted password using
getVmPassword API. Since the random password is encrypted using the
public key you provided when deploying the VM, you alone will be able
to decrypt it back. Sort of like PGP signing of email. 

I just discovered this last bit from code and appears there is no
documentation available for it. Will post a bug to improve the
documentation.


HTH

-- 
Prasanna.,

> 
> Thank you very much
> ________________________________________
> From: Prasanna Santhanam [Prasanna.Santhanam@citrix.com]
> Sent: Tuesday, July 31, 2012 4:11 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: Fail to get password for VM using API
> 
> On Tue, Jul 31, 2012 at 04:41:03AM -0400, Tommy Aditya Lawanto wrote:
> > Thank you guys for your help. I've successfully deployed a vm using
> > the valid sshkeypair. Also, i am now able to get result from command
> > "getVmPassword", here it is :
> >
> >             [password] => Array
> >                 (
> >                 [encryptedpassword]=>3wvuei3lBc93I9MRxbf1FsRLJjPJSdIzQWR6hd4u4UiZ9l7PZowq+boZrA5Kwwsft5KYbegtmbv1WfuOhO4UrtZtVMst+2hyChCRR0O/IHHmDj8xhhUdTCnhH4/cGnWZ1AJsrh4Z6w+HQ8QQML+M2b5cHjGu/teCiSJq6MTzbmQ=
> >                 )
> >
> > However, i'm still confused about few things :
> >
> > 1. What is this encrypted password for? Can i use this password to
> > login to the vm as root?
> You use your own private key to login to the VM which is the private
> pair of the public key returned here. But you'll have to put the pub
> key into ~/.ssh/authorized_keys of your VM before that.
> 
> Get the pub key into the VM from the user-data available from within
> the VM:
> 
> curl http://10.1.1.1/latest/meta-data/public-keys
> 
> 
> > 2. Is this the password that can be reset using
> > "resetPasswordForVirtualMachine"?
> resetPasswordForVirtualMachine is done when you have a passwd-enabled
> template.
> 
> --
> Prasanna.,
> 
> >
> >
> > ________________________________________
> > From: Likitha Shetty [likitha.shetty@citrix.com]
> > Sent: Tuesday, July 31, 2012 2:47 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: Fail to get password for VM using API
> >
> > Hi Tommy,
> >
> > Try generating a new key-pair using the api, createSSHKeyPair.
> > And then use the key-pair name you supplied for createSSHKeyPair
> > as the value for parameter keypair while deploying the VM. Hope it
> > helps.
> >
> > Thank you,
> > Likitha
> >
> > -----Original Message-----
> > From: Tommy Aditya Lawanto [mailto:tommy@wowrack.com]
> > Sent: Tuesday, July 31, 2012 1:00 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: RE: Fail to get password for VM using API
> >
> > @alena : thank you very much for your help :). I tried to set
> > keypair when deploying a vm, but it returns error message : A key
> > pair with name 'my-generated-string' was not found. Am i supposed
> > to do something first for this ssh keypair ? (i try supplying "ssh
> > keypair" value with my auto-generated-string.
> >
> > Sorry for the noob question, i'm a newbie in the cloud computing
> > environment :)
> >
> > ________________________________________
> > From: Alena Prokharchyk [Alena.Prokharchyk@citrix.com]
> > Sent: Monday, July 30, 2012 11:35 PM
> > To: cloudstack-dev@incubator.apache.org
> > Subject: Re: Fail to get password for VM using API
> >
> > On 7/29/12 9:31 PM, "Tommy Aditya Lawanto" <tommy@wowrack.com<mailto:tommy@wowrack.com>>
wrote:
> >
> > >I'm getting this error when i try to get password from a vm using
> > >password-enabled template (through API) :
> > >
> > >
> > > [error] => No password for VM with id '70' found.
> > >
> > >
> > >I've tried resetting the password using management server, and it works
> > >fine. Right after the operation successful, a message box popped up,
> > >giving me the new password. However, when i try get the password using
> > >API command "getVMPassword", it always fail.
> > >
> > >
> > >How can I fix it?
> > >
> > >
> > >Best Regard !
> > >
> >
> >
> >
> > Tommy,
> >
> > The password is getting stored in the DB only when the user vm is
> > deployed using SshKeyPair. So only in this case you can use
> > getVMPassword api to retrieve the password. I'll make sure the
> > documentation is updated for this command in the future release.
> >
> > In your case, if you forgot the password returned to you on the
> > confirmation box, you can always reset it using
> > resetPasswordForVirtualMachine API
> >
> > -Alena.
> >
> >
> >
> 


Mime
View raw message