Hi, Rafael. On the virtual router there is a socat process listening on 8080/tcp. When a VM sends a valid password request, socat passes the VM's IP address to the serve_password.sh script. This script checks /var/cache/cloud/passwords for a password for the VM. If there is a password in the cache file, it will return it to the VM and remove it from the file, otherwise it will return "saved_password" to the VM to notify the script that there is no new password. If an invalid password request is sent, "bad_password" is returned to notify the script that a bad request was sent.
When you trigger a password update through the CloudStack UI or API, the save_password_to_domr.sh script will run on the hypervisor running the virtual router (for virtual routers running on KVM and XS hosts) or the management server (for vSphere) and update the cache file with the new password. I believe the password is saved in the CloudStack database, but probably only temporarily. The passwords generated by CloudStack should probably be treated as temporary passwords, so after you log in with the new password you should change it again to something you will remember. Best regards, Kirk On 09/30/2013 06:40 PM, Rafael Weingartner wrote: > Hey all, > I was wondering, how does the reset password on CS work? > > I noticed that at the "cloud-set-guest-password" script there is a call to > the router, > "wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password" > $PASSWORD_SERVER_IP:8080" > > What parameter does the router use to determine which password it has to > respond? The IP address from the server that is making the request? > Where are the passwords stored? In the database? >
