[jira] [Commented] (CLOUDSTACK-4184) VM password reset works inconsistently

Jayapal Reddy (JIRA) Sun, 11 Aug 2013 08:18:16 -0700

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-4184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13736304#comment-13736304
 ]


Jayapal Reddy commented on CLOUDSTACK-4184:
-------------------------------------------

In vm password set is fail is observed in parallel vm deployment.
When I deploy 10 vms out which 2 vms failed to set the password.

There is no issue with the password script. Because the same password script is 
success for few vms. 
Use the template   
http://nfs1.lab.vmops.com/templates/passwordssh/ssh-password-centos53.vhd.

root@r-104-QA:~# cat /var/cache/cloud/passwords

10.1.1.66=uD4natyqc
10.1.1.81=nB5ydqihw
10.1.1.145=sX3qvbstr
10.1.1.135=saved_password
10.1.1.115=saved_password
10.1.1.155=saved_password
10.1.1.221=saved_password
10.1.1.99=saved_password
10.1.1.10=saved_password
10.1.1.190=saved_password
10.1.1.200=saved_password
10.1.1.74=saved_password

>From the above the vm reset is failed for the 10.1.1.66,81,145
Capture the packets on the router which I will attach here.
For the 66, 81 the connection has been reset by the web server.
For 10.1.1.145 the password sent by the server but connection also reset at the 
end (Please refer the packet capture pass4.pcap)

So I am suspecting the socat process here. The socat process run in loop. It 
restart for every password request.
I am thinking In parallel deployment the socat not able to serve the password 
request during its restart.


. /etc/default/cloud-passwd-srvr
addr=$1;
while [ "$ENABLED" == "1" ]
do
        socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=$addr 
SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""

        rc=$?
        if [ $rc -ne 0 ]
        then
                logger -t cloud "Password server failed with error code $rc. 
Restarting socat..."
                sleep 3
        fi
        . /etc/default/cloud-passwd-srvr
done
                
> VM password reset works inconsistently
> --------------------------------------
>
>                 Key: CLOUDSTACK-4184
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4184
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Virtual Router
>    Affects Versions: 4.2.0
>            Reporter: Jayapal Reddy
>            Priority: Blocker
>             Fix For: 4.2.0
>
>         Attachments: cloud-set-guest-password, pass4.pcap, pass.pcap, 
> passwords, test.log, test.log
>
>
> 1. When password reset fails for one vm then password reset is not working 
> then on.
> 2. In router the password entries are made properly.
> 3. serve password script is giving the password correctly but the vm did not 
> recieved it
> Here are the logs:
> === serve_password.sh debug logs
> + PASSWD_FILE=/var/cache/cloud/passwords
> + ip=10.1.1.143
> + logger -t cloud 'serve_password called to service a request for 10.1.1.143.'
> + read input
> + '[' 'GET / HTTP/1.0' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo GET / HTTP/1.0
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'User-Agent: Wget/1.11.4 Red Hat modified' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo User-Agent: Wget/1.11.4 Red Hat modified
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'Accept: */*' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo Accept: redundant_router/arping_gateways.sh.templ 
> redundant_router/backup.sh.templ redundant_router/check_bumpup.sh 
> redundant_router/check_heartbeat.sh.templ 
> redundant_router/checkrouter.sh.templ redundant_router/conntrackd.conf.templ 
> redundant_router/disable_pubip.sh redundant_router/enable_pubip.sh.templ 
> redundant_router/fault.sh.templ redundant_router/heartbeat.sh.templ 
> redundant_router/keepalived.conf.templ redundant_router/master.sh.templ 
> redundant_router/primary-backup.sh.templ redundant_router/services.sh
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'Host: 10.1.1.1:8080' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo Host: 10.1.1.1:8080
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'Connection: Keep-Alive' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo Connection: Keep-Alive
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'DomU_Request: send_my_password' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo DomU_Request: send_my_password
> + request=send_my_password
> + '[' send_my_password '!=' '' ']'
> + break
> + '[' send_my_password == send_my_password ']'
> ++ get_value /var/cache/cloud/passwords 10.1.1.143
> ++ local filename=/var/cache/cloud/passwords
> ++ local keyname=10.1.1.143
> ++ cut -d= -f2
> ++ grep -i 10.1.1.143= /var/cache/cloud/passwords
> + password=bG9wrskhw
> + '[' bG9wrskhw == '' ']'
> + logger -t cloud 'serve_password sent a password to 10.1.1.143.'
> + echo bG9wrskhw
> bG9wrskhw
> + unlock_exit 0 passwdlock 1
> + releaseLockFile passwdlock 1
> + __LOCKDIR=/tmp
> + __LOCKFILE='/tmp/*-29091-passwdlock.lock'
> + __locked=1
> + '[' 1 == 1 ']'
> + rm /tmp/1375947770244011718-29091-passwdlock.lock
> + exit 0
> ^C
> root@r-36-QA:~# ps aux | grep socat
> root     29139  0.0  0.8   4788  1024 pts/0    S    07:42   0:00 socat -lf 
> /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=10.1.1.1 
> SYSTEM:/opt/cloud/bin/serve_password.sh "$SOCAT_PEERADDR"
> root     29141  0.0  0.6   3796   804 pts/0    S+   07:43   0:00 grep socat
> root@r-36-QA:~#
> ====== Guest vm cloud-set-guest-password script logs
> PASSWORD_SERVER_IP=10.1.1.1
> + '[' -n 10.1.1.1 ']'
> + logger -t cloud 'Found password server IP 10.1.1.1 in 
> /var/lib/dhclient/dhclient-eth0.leases'
> + logger -t cloud 'Sending request to password server at 10.1.1.1'
> ++ wget -q -t 3 -T 20 -O - --header 'DomU_Request: send_my_password' 
> 10.1.1.1:8080
> + password=
> ++ echo
> ++ tr -d '\r'
> + password=
> + '[' 0 -eq 0 ']'
> + logger -t cloud 'Got response from server at 10.1.1.1'
> + case $password in
> + logger -t cloud 'Password server at 10.1.1.1 did not have any password for 
> the VM'
> + continue
> + for DHCP_FILE in '$DHCP_FOLDERS'
> + '[' -f '/var/lib/dhcp3/*' ']'
> + '[' 0 == 0 ']'
> + '[' 0 == 1 ']'
> + logger -t cloud 'Did not need to change password.'
> + exit 0
> [root@v3 init.d]# 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CLOUDSTACK-4184) VM password reset works inconsistently

Reply via email to