Thanks for the reply and sorry for the delay. You know how it is on Monday's.
I checked the VR password file as suggested after the password reset via the
GUI but before powering on the VM. I did see the password reset there as
expected. I powered on the VM and the password was reset as expected. The
test VM is built from a CentOS7 template with password enabled. I checked the
/var/log/messages and you can see from the client perspective the change went
as expected. Below is "snippet1" from the message log on the VM (there are no
SSH key so it fails as expected):
Apr 4 13:45:35 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-sshkey...
Apr 4 13:45:35 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-password...
Apr 4 13:45:35 rsi-test-c7 cloud: Unable to determine the password server,
falling back to data-server
Apr 4 13:45:35 rsi-test-c7 cloud: Could not find ssh key server IP in
/var/lib/dhclient/dhclient.leases
Apr 4 13:45:36 rsi-test-c7 cloud: Unable to determine the password server,
falling back to data-server
Apr 4 13:45:36 rsi-test-c7 cloud: Sending request to password server at
data-server
Apr 4 13:45:36 rsi-test-c7 cloud: Sending request to ssh key server at
data-server
Apr 4 13:45:36 rsi-test-c7 cloud: Got response from server at data-server
Apr 4 13:45:36 rsi-test-c7 cloud: Did not receive any keys from any server
Apr 4 13:45:36 rsi-test-c7 systemd: cloud-set-guest-sshkey.service: control
process exited, code=exited status=1
Apr 4 13:45:36 rsi-test-c7 systemd: Failed to start LSB:
cloud-set-guest-sshkey.
Apr 4 13:45:36 rsi-test-c7 systemd: Unit cloud-set-guest-sshkey.service
entered failed state.
Apr 4 13:45:36 rsi-test-c7 systemd: cloud-set-guest-sshkey.service failed.
Apr 4 13:45:36 rsi-test-c7 cloud: Got response from server at data-server
Apr 4 13:45:36 rsi-test-c7 cloud: VM got a valid password from server at
data-server
Apr 4 13:45:36 rsi-test-c7 cloud: Changing password for user root
Apr 4 13:45:36 rsi-test-c7 cloud: Sending acknowledgment to password server at
data-server
Apr 4 13:45:36 rsi-test-c7 cloud-set-guest-password: saved_password
Apr 4 13:45:36 rsi-test-c7 systemd: Started LSB: cloud-set-guest-password.
Apr 4 13:45:36 rsi-test-c7 systemd: Starting Initial cloud-init job (metadata
service crawler)...
Apr 4 13:45:37 rsi-test-c7 systemd: Started Initial cloud-init job (metadata
service crawler).
Apr 4 13:45:37 rsi-test-c7 systemd: Starting Apply the settings specified in
cloud-config...
Apr 4 13:45:37 rsi-test-c7 systemd: Started Apply the settings specified in
cloud-config.
Apr 4 13:45:37 rsi-test-c7 systemd: Starting Execute cloud user/final
scripts...
Apr 4 13:45:37 rsi-test-c7 systemd: Started Execute cloud user/final scripts.
I checked the password file on the VR and it was empty now. I then manually
reset the password on the VM console only (not CS GUI) and performed an OS
reboot from the console. I could log in with the password I change with the
console. Below is the system messages "snippet2":
Apr 4 13:36:27 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-sshkey...
Apr 4 13:36:27 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-password...
Apr 4 13:36:27 rsi-test-c7 cloud: Could not find ssh key server IP in
/var/lib/dhclient/dhclient.leases
Apr 4 13:36:27 rsi-test-c7 cloud: Unable to determine the password server,
falling back to data-server
Apr 4 13:36:27 rsi-test-c7 cloud: Unable to determine the password server,
falling back to data-server
Apr 4 13:36:27 rsi-test-c7 cloud: Sending request to password server at
data-server
Apr 4 13:36:27 rsi-test-c7 cloud: Sending request to ssh key server at
data-server
Apr 4 13:36:27 rsi-test-c7 cloud: Got response from server at data-server
Apr 4 13:36:27 rsi-test-c7 cloud: Did not receive any keys from any server
Apr 4 13:36:27 rsi-test-c7 systemd: cloud-set-guest-sshkey.service: control
process exited, code=exited status=1
Apr 4 13:36:27 rsi-test-c7 systemd: Failed to start LSB:
cloud-set-guest-sshkey.
Apr 4 13:36:27 rsi-test-c7 systemd: Unit cloud-set-guest-sshkey.service
entered failed state.
Apr 4 13:36:27 rsi-test-c7 systemd: cloud-set-guest-sshkey.service failed.
Apr 4 13:36:27 rsi-test-c7 cloud: Got response from server at data-server
Apr 4 13:36:27 rsi-test-c7 cloud: VM has already saved a password from the
password server at data-server
Apr 4 13:36:27 rsi-test-c7 cloud: Did not need to change password.
Apr 4 13:36:27 rsi-test-c7 systemd: Started LSB: cloud-set-guest-password.
I then powered off the VM and powered it back on without changing any
passwords. The password was set to the last change password via the GUI. The
logs behave as if the password reset was performed from the GUI again
(snippet1). I checked the password file on the VR and it was empty. I also
monitored the VR /var/log/cloud.log messages and discovered something
interesting. As expected there was a flurry of activity but the following 2
messages stood out to me:
2016-04-04 18:45:06,937 merge.py save:72 {u'id': u'dhcpentry', u'10.1.1.39':
{u'default_gateway': u'10.1.1.1', u'ipv6_duid': u'00:03:00:01:
02:00:26:c0:00:07', u'default_entry': True, u'ipv4_adress': u'10.1.1.39',
u'host_name': u'rsi-test-c7', u'mac_address': u'02:00:26:c0:00:07'
, u'type': u'dhcpentry', u'dns_adresses': u'10.1.1.1'}}
2016-04-04 18:45:07,006 CsHelper.py execute:160 Executing: curl --header
"DomU_Request: save_password" "http://10.1.1.1:8080/"; -F "ip=10.1.1.39" -F
"password=a8Q7Bs" -F "token=ae199529efcd26f7811f36ae7c0807b1" >/dev/null
2>/dev/null &
The VM I powered on IP address is 10.1.1.39 and it appears to me that the
CsHelper.py curl command is setting the password again? Making an educated
guess it looks like the management process is sending the reset password again
to the VR after the power up?
Please let me know what you think or if you need further information just let
me know. Thanks.
----
Richard KleinĀ <[email protected]>
RSI
5426 Guadalupe, Suite 100
Austin TX 78751
>-----Original Message-----
>From: Suresh Sadhu [mailto:[email protected]]
>Sent: Monday, April 04, 2016 5:21 AM
>To: [email protected]
>Subject: RE: Cloudstack 4.7 password reset issue.
>
>This look like an issue, please check the VR password file
>(/var/cache/cloud/passwords) and entries look like below: Guest_vm_ip=Password)
>Eg:
>10.1.1.145=sX3qvbstr --- here, In this case it successfully
>generated the password but didn't applied on Guest vm
>10.1.1.135=saved_password -- if it applied successfully on VM then it
>will show as guest_vm_ip=Saved_password.)
>
>So please check you entries as well check your logs for any errors.
>
>Regards
>Sadhu
>Chief Product Engineer, Accelerite
>[email protected]
>>-----Original Message-----
>>From: Erik Weber [mailto:[email protected]]
>>Sent: Monday, April 4, 2016 11:54 AM
>>To: [email protected]
>>Subject: Re: Cloudstack 4.7 password reset issue.
>>
>>On Mon, Apr 4, 2016 at 7:28 AM, Shweta Agarwal <
>>[email protected]> wrote:
>>
>> Hi Richard,
>> Cloudstack is working as expected at every steps you mentioned .
>>
>> when your template is password enabled then every time you reset
>> password via CS and stop start the VM then router will push new
>> password to the user VM .
>>
This works, but if you read his example you will see that the password is reset
after an additional reboot, which it should not.
Looks like a bug, but more info is needed to state if it is in CloudStack or
the password reset script.
--
Erik
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the
property of Accelerite, a Persistent Systems business. It is intended only for
the use of the individual or entity to which it is addressed. If you are not
the intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Accelerite, a Persistent Systems business does not accept any liability for
virus infected mails.
