cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kirk Kosinski <kirkkosin...@gmail.com>
Subject Re: how does Cloudstack change reset password works?
Date Tue, 01 Oct 2013 03:42:35 GMT
Hi, Rafael.  On the virtual router there is a socat process listening on
8080/tcp.  When a VM sends a valid password request, socat passes the
VM's IP address to the serve_password.sh script. This script checks
/var/cache/cloud/passwords for a password for the VM.  If there is a
password in the cache file, it will return it to the VM and remove it
from the file, otherwise it will return "saved_password" to the VM to
notify the script that there is no new password.  If an invalid password
request is sent, "bad_password" is returned to notify the script that a
bad request was sent.

When you trigger a password update through the CloudStack UI or API, the
save_password_to_domr.sh script will run on the hypervisor running the
virtual router (for virtual routers running on KVM and XS hosts) or the
management server (for vSphere) and update the cache file with the new
password.  I believe the password is saved in the CloudStack database,
but probably only temporarily.  The passwords generated by CloudStack
should probably be treated as temporary passwords, so after you log in
with the new password you should change it again to something you will
remember.

Best regards,
Kirk

On 09/30/2013 06:40 PM, Rafael Weingartner wrote:
> Hey all,
> I was wondering, how does the reset password on CS work?
> 
> I noticed that at the "cloud-set-guest-password" script there is a call to
> the router,
> "wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password"
> $PASSWORD_SERVER_IP:8080"
> 
> What parameter does the router use to determine which password it has to
> respond? The IP address from the server that is making the request?
> Where are the passwords stored? In the database?
> 

Mime
View raw message