cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: Cloudstack guest password
Date Fri, 24 Jul 2020 11:19:40 GMT
When you change the password for a VM (while VM is stopped) - ACS will
store the password (in readable form) inside the VR in
/var/cache/cloud/password-xxxxxxxx - so if you see the password here (as
given in the UI) - that means that nobody fetched the password from the VR
- but if it's missing (replaced with word "saved") that means that the
script/cloud-init already downloaded the password (but it's question if it
was applied or not on the OS/VM itself)

Hope that helps

On Fri, 24 Jul 2020 at 12:34, Craig Dunn <sendai789@googlemail.com.invalid>
wrote:

> Hey all,
>
> So, spent yesterday messing around with it, if I run wget -q -t 3 -T 20 -O
> - --header "DomU_Request: send_my_password" $192.168.81.1:8080. Replace
> $PASSWORD_SERVER manually it shows nothing.
>
> [image: image.png]
> but this behaviour seems normal as a working template does not respond
> either.
>
> I have also noticed that the leases file in /var/lib/dhclient doesnt
> generate till you run dhclient (this is fine I can figure that out later)
> but running reset password from cloudstack doesn't actually change it. Only
> only thing I have done is a symbolic link on the script from the init.d
> folder to rc0.d folder (I had to do this with ubuntu so assumed I would
> here too)
>
> any troubleshooting tips anyone can offer?
>
> Thanks
>
> On Thu, 23 Jul 2020 at 12:27, Andrija Panic <andrija.panic@gmail.com>
> wrote:
>
>> cloud-init has the "plugin" for cloudstack, so it "behaves" well with it.
>>
>> best,
>>
>> On Thu, 23 Jul 2020 at 12:48, Craig Dunn <sendai789@googlemail.com
>> .invalid>
>> wrote:
>>
>> > Thanks Andrija i`ll have a look into that, does the platform need to
>> > support it, or does cloudstack support it by default?
>> >
>> > @Vivek strangely its generated a lease file in /var/lib/dhclient (not
>> sure
>> > if I did anything to force it) I have tried resetting both manually and
>> via
>> > the UI with no changes
>> >
>> > On Thu, 23 Jul 2020 at 11:22, Andrija Panic <andrija.panic@gmail.com>
>> > wrote:
>> >
>> > > that script used to work only with initd and not systemd, so better
>> > invest
>> > > some time in cloud-init, and achieve the same thing (and more if
>> needed).
>> > > You can i.e. download the http://dl.openvm.eu/cloudstack/macchinina/
>> > > template
>> > > and see how the cloud-init is configured there (afaik, it uses
>> > cloud-init)
>> > >
>> > > Best,
>> > >
>> > > On Thu, 23 Jul 2020 at 12:17, Vivek Kumar <vivek.kumar@indiqus.com
>> > > .invalid>
>> > > wrote:
>> > >
>> > > > That won’t help because it fetch the password from router . Can
you
>> > just
>> > > > run “dhclient” and check the lease folder wether you are getting
>> lease
>> > > file
>> > > > generated or not.
>> > > >
>> > > > Vivek Kumar
>> > > > Manager - Cloud & DevOps
>> > > > IndiQus Technologies
>> > > > 24*7  O +91 11 4055 1411  |   M +91 7503460090
>> > > > www.indiqus.com <http://indiqus.com/>
>> > > >
>> > > > This message is intended only for the use of the individual or
>> entity
>> > to
>> > > > which it is addressed and may contain information that is
>> confidential
>> > > > and/or privileged. If you are not the intended recipient please
>> delete
>> > > the
>> > > > original message and any copy of it from your computer system. You
>> are
>> > > > hereby notified that any dissemination, distribution or copying of
>> this
>> > > > communication is strictly prohibited unless proper authorization has
>> > been
>> > > > obtained for such action. If you have received this communication
in
>> > > error,
>> > > > please notify the sender immediately. Although IndiQus attempts to
>> > sweep
>> > > > e-mail and attachments for viruses, it does not guarantee that both
>> are
>> > > > virus-free and accepts no liability for any damage sustained as a
>> > result
>> > > of
>> > > > viruses.
>> > > >
>> > > > > On 23-Jul-2020, at 3:43 PM, Craig Dunn <sendai789@googlemail.com
>> > > .INVALID>
>> > > > wrote:
>> > > > >
>> > > > > Hi,
>> > > > >
>> > > > > I have found a leases file BUT it only specifies the IP of the
VM
>> > > itself
>> > > > > and not the gateway (which is where DHCP is served)
>> > > > >
>> > > > > [root@VM-222c78e8-a8f7-4746-b28b-6f1b66bdf34b NetworkManager]#
>> cat
>> > > > > internal-3e6e8f47-404a-46a9-9ad2-1b2a9217384a-ens35.lease
>> > > > > # This is private data. Do not parse.
>> > > > > ADDRESS=192.168.81.40
>> > > > >
>> > > > > this is in the /var/lib/NetworkManager folder
>> > > > >
>> > > > > if I run the script manually specifying the IP it doesnt change
>> > > anything
>> > > > >
>> > > > > Thanks
>> > > > >
>> > > > > On Thu, 23 Jul 2020 at 10:31, Craig Dunn <
>> sendai789@googlemail.com>
>> > > > wrote:
>> > > > >
>> > > > >> Hi Vivek,
>> > > > >>
>> > > > >> thanks for the response, seems its fallen at the first hurdle
the
>> > > > >> /var/lib/dhclient folder is empty so, i`ll look into why
thats
>> not
>> > > being
>> > > > >> generated.
>> > > > >>
>> > > > >> I have password enabled set on the template, I thought cloud
init
>> > and
>> > > > the
>> > > > >> script were two different ways of achieving the same thing?
Or
>> does
>> > > the
>> > > > >> script actually require it as a prerequisite?
>> > > > >>
>> > > > >> Thanks
>> > > > >>
>> > > > >> On Thu, 23 Jul 2020 at 10:03, Vivek Kumar <
>> vivek.kumar@indiqus.com
>> > > > .invalid>
>> > > > >> wrote:
>> > > > >>
>> > > > >>> Hello Craig,
>> > > > >>>
>> > > > >>> So setup-password scripts works from inside of the VM.
If you
>> just
>> > > look
>> > > > >>> on the script -
>> > > > >>>
>> > > > >>> 1- First it finds the DHCP server IP from lease file.
So make
>> sure
>> > > that
>> > > > >>> you are getting you lease file in your any of the folder
>> mentioned
>> > in
>> > > > >>> script - i.e DHCP_FOLDERS="/var/lib/dhclient/* /var/lib/dhcp3/*
>> > > > >>> /var/lib/dhcp/*”. Sometimes it does’t generate the
lease file,
>> So
>> > you
>> > > > have
>> > > > >>> to check first why is it got generating the lease file.
>> > > > >>> 2- Now just try to run the manual command to see wether
you are
>> > > > receiving
>> > > > >>> any password or not i.e 'wget -q -t 3 -T 20 -O - --header
>> > > > "DomU_Request:
>> > > > >>> send_my_password" $PASSWORD_SERVER_IP:8080. Replace
>> > $PASSWORD_SERVER
>> > > > with
>> > > > >>> you DHCP serve IP, which you can find in step -1
>> > > > >>> 3- If you are able to get things you wanted in Step-1
and Step-2
>> > then
>> > > > run
>> > > > >>> the script manually (It should reset the password by
running
>> > > manually )
>> > > > >>> weather to check if it is running on successfully on
boot or
>> not.
>> > > > >>> 4- I am assuming that you have already enabled the password
box
>> in
>> > > your
>> > > > >>> templates and cloud-init installed on you template.
>> > > > >>>
>> > > > >>>
>> > > > >>>
>> > > > >>> Vivek Kumar
>> > > > >>> Manager - Cloud & DevOps
>> > > > >>> IndiQus Technologies
>> > > > >>> 24*7  O +91 11 4055 1411  |   M +91 7503460090
>> > > > >>> www.indiqus.com <http://indiqus.com/>
>> > > > >>>
>> > > > >>> This message is intended only for the use of the individual
or
>> > entity
>> > > > to
>> > > > >>> which it is addressed and may contain information that
is
>> > > confidential
>> > > > >>> and/or privileged. If you are not the intended recipient
please
>> > > delete
>> > > > the
>> > > > >>> original message and any copy of it from your computer
system.
>> You
>> > > are
>> > > > >>> hereby notified that any dissemination, distribution
or copying
>> of
>> > > this
>> > > > >>> communication is strictly prohibited unless proper authorization
>> > has
>> > > > been
>> > > > >>> obtained for such action. If you have received this
>> communication
>> > in
>> > > > error,
>> > > > >>> please notify the sender immediately. Although IndiQus
attempts
>> to
>> > > > sweep
>> > > > >>> e-mail and attachments for viruses, it does not guarantee
that
>> both
>> > > are
>> > > > >>> virus-free and accepts no liability for any damage sustained
as
>> a
>> > > > result of
>> > > > >>> viruses.
>> > > > >>>
>> > > > >>>> On 23-Jul-2020, at 2:01 PM, Craig Dunn <
>> sendai789@googlemail.com
>> > > > .INVALID>
>> > > > >>> wrote:
>> > > > >>>>
>> > > > >>>> Hi all,
>> > > > >>>>
>> > > > >>>> Just subscribed and after some advise. I'm trying
to setup a
>> new
>> > > > Centos8
>> > > > >>>> template for our cloud platform.
>> > > > >>>>
>> > > > >>>> I want to use the guest password script so we can
deploy and a
>> > > > password
>> > > > >>> is
>> > > > >>>> generated on deployment but I'm having issues getting
it to
>> work.
>> > > I'm
>> > > > >>>> following this guide:
>> > > > >>>>
>> > > > >>>>
>> > > > >>>
>> > > >
>> > >
>> >
>> http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/templates/_password.html
>> > > > >>>>
>> > > > >>>> And it seems straightforward I have got the script
in
>> /etc/init.d
>> > > and
>> > > > >>> made
>> > > > >>>> it executable and changed the permissions and run
the chkconfig
>> > > > command
>> > > > >>> but
>> > > > >>>> it still doesn't work, I have tried reverse engineering
one of
>> our
>> > > > >>> working
>> > > > >>>> templates (which I didn't do) but it doesn't seem
obvious how
>> it
>> > > > >>> working.
>> > > > >>>> Can anyone help or advise?
>> > > > >>>>
>> > > > >>>> Thanks
>> > > > >>>
>> > > > >>>
>> > > >
>> > > >
>> > >
>> > > --
>> > >
>> > > Andrija Panić
>> > >
>> >
>>
>>
>> --
>>
>> Andrija Panić
>>
>

-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message