Hello,
Would you mind if I share a sample line from the log-file containing a password
assigned (you can find similar ones in your log-files as well)?
2017-11-28 10:19:27,981 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-14:ctx-6858662d job-1158151 ctx-1967e9d7) (logid:eed0e79e)
Complete async job-1158151, jobStatus: SUCCEEDED, resultCode: 0, result:
org.apache.cloudstack.api.response.UserVmResponse/virtualmachine/{"id":"57ec4f9a-9f65-46c5-926d-a475bbe5c1d5","name":"VM-57ec4f9a-9f65-46c5-926d-a475bbe5c1d5","displayname":"VM-57ec4f9a-9f65-46c5-926d-a475bbe5c1d5","account":"admin","userid":"b11c5858-5357-497d-93e7-f68db82535e7","username":"admin","domainid":"4d767ff4-8216-4718-8f04-4626eeb5180f","domain":"2017102413000103","created":"2017-10-27T10:57:11+0300","state":"Stopped","haenable":false,"zoneid":"c8d773fa-76ca-4637-8ecf-88656444fc86","zonename":"z2.tucha13.net","templateid":"3b4b2504-9718-407e-8cf2-cdd286a90e52","templatename":"linux-ubuntu-desktop-16.04-x64-20170819","templatedisplaytext":"Linux
Ubuntu 16.04 x64 Desktop version
(rev.20170819)","passwordenabled":true,"serviceofferingid":"5248afa9-f896-4608-bf3b-316262c21b9d","serviceofferingname":"custom-ssd-a1","cpunumber":1,"cpuspeed":2399,"memory":1024,"cpuused":"0.07%","networkkbsread":417369,"networkkbswrite":58495,"diskkbsread":360776,"diskkbswrite":1978872,"memorykbs":1048576,"memoryintfreekbs":1112364,"memorytargetkbs":1048576,"diskioread":11950,"diskiowrite":149126,"guestosid":"ca0edf48-bd31-11e6-b74f-06973a00088a","rootdeviceid":0,"rootdevicetype":"ROOT","securitygroup":[],"password":"*************","nic":[{"id":"677447a3-de67-4477-b3fc-213ab12bf0d6","networkid":"1093f687-0581-4c63-9077-1471a8bfe7fd","networkname":"NET-PUB-193.151.666.666-24","netmask":"255.255.255.0","gateway":"193.151.666.666","ipaddress":"193.151.666.666","isolationuri":"vlan://100","broadcasturi":"vlan://100","traffictype":"Guest","type":"Shared","isdefault":true,"macaddress":"66:66:66:66:66:66","secondaryip":[]},{"id":"3f71910e-cfe5-4d61-b725-e78e1d434cd8","networkid":"3422bda5-f206-4418-8a8a-30372a4f1e4a","networkname":"NET-2017102413000103","netmask":"255.255.255.0","gateway":"192.168.131.254","ipaddress":"192.168.131.154","traffictype":"Guest","type":"Isolated","isdefault":false,"macaddress":"66:66:66:66:66:66","secondaryip":[]}],"hypervisor":"KVM","instancename":"i-6666-6666-VM","affinitygroup":[],"displayvm":true,"isdynamicallyscalable":false,"ostypeid":254,"tags":[]}
^^^ That doesn't seem to be cloudmonkey who adds that to the management
log-file, as we don't use it at all.
But there's a dilemma that needs to be solved, as "fixing" that would mean that
a content-neutral logging module should understand which information is
confidential and shouldn't been logged, not such an easy task to be solved
properly.
With best,
Vlad
On Mon, Nov 27, 2017 at 05:02:00PM -0200, Rafael Weingärtner wrote:
> Ah, thanks Daan ;)
>
> On Mon, Nov 27, 2017 at 4:27 PM, Daan Hoogland <daan.hoogl...@gmail.com>
> wrote:
>
> > it isn't logged, Rafael, not by cloudstack. It is cloudmonkey that logs the
> > API response object. It is the same response the UI uses to display it to
> > the user.
> >
> > On Mon, Nov 27, 2017 at 3:45 PM, Rafael Weingärtner <
> > rafaelweingart...@gmail.com> wrote:
> >
> > > Interesting! I did not know that the password was logged. I thought it
> > was
> > > a one time thing to show the password in the UI.
> > >
> > > On Mon, Nov 27, 2017 at 1:43 PM, Nux! <n...@li.nux.ro> wrote:
> > >
> > > > Ok, so found out some more stuff.
> > > >
> > > > First of all, the password appears in management-server.log and
> > > > apilog.log, so that's one place to grep into.
> > > >
> > > > Second, I could query the jobid and get the password from there. E.g.
> > > from
> > > > cloudmonkey
> > > > query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f | grep
> > > > password\ =
> > > >
> > > > More info here
> > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> > > > CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJobexecution
> > > >
> > > > --
> > > > Sent from the Delta quadrant using Borg technology!
> > > >
> > > > Nux!
> > > > www.nux.ro
> > > >
> > > > ----- Original Message -----
> > > > > From: "Rafael Weingärtner" <rafaelweingart...@gmail.com>
> > > > > To: "users" <users@cloudstack.apache.org>
> > > > > Sent: Monday, 27 November, 2017 15:21:30
> > > > > Subject: Re: Where is the vm root password published?
> > > >
> > > > > Ah, if that is the case, I know it is stored in the VR of the network
> > > > where
> > > > > the VM is connected to.
> > > > >
> > > > > I forgot now the file, but it is something like
> > “/var/usr?/cloud/cache”
> > > > or
> > > > > something that ends in “/cache/cloud”.
> > > > >
> > > > >
> > > > > Do we store these password in ACS database as well?
> > > > >
> > > > > On Mon, Nov 27, 2017 at 1:18 PM, Nux! <n...@li.nux.ro> wrote:
> > > > >
> > > > >> Rafael,
> > > > >>
> > > > >> Yes indeed, sorry if I wasn't clear.
> > > > >>
> > > > >> --
> > > > >> Sent from the Delta quadrant using Borg technology!
> > > > >>
> > > > >> Nux!
> > > > >> www.nux.ro
> > > > >>
> > > > >> ----- Original Message -----
> > > > >> > From: "Rafael Weingärtner" <rafaelweingart...@gmail.com>
> > > > >> > To: "users" <users@cloudstack.apache.org>
> > > > >> > Sent: Monday, 27 November, 2017 14:58:20
> > > > >> > Subject: Re: Where is the vm root password published?
> > > > >>
> > > > >> > Are you talking about the generated passwords to be injected in
> > user
> > > > vms?
> > > > >> > Besides that, we do not have any other password. At least that I
> > > know.
> > > > >> >
> > > > >> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <n...@li.nux.ro> wrote:
> > > > >> >
> > > > >> >> No, I mean the regular user VM instances.
> > > > >> >> I know they are held somewhere temporarily, just don't know
> > where.
> > > :)
> > > > >> >>
> > > > >> >> --
> > > > >> >> Sent from the Delta quadrant using Borg technology!
> > > > >> >>
> > > > >> >> Nux!
> > > > >> >> www.nux.ro
> > > > >> >>
> > > > >> >> ----- Original Message -----
> > > > >> >> > From: "Rafael Weingärtner" <rafaelweingart...@gmail.com>
> > > > >> >> > To: "users" <users@cloudstack.apache.org>
> > > > >> >> > Sent: Monday, 27 November, 2017 12:26:59
> > > > >> >> > Subject: Re: Where is the vm root password published?
> > > > >> >>
> > > > >> >> > If you are talking about the system VMs password.
> > > > >> >> > If you set the parameter "system.vm.random.password" to "true",
> > > > then
> > > > >> you
> > > > >> >> > can see the password at "system.vm.password"
> > > > >> >> >
> > > > >> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <n...@li.nux.ro> wrote:
> > > > >> >> >
> > > > >> >> >> Hello,
> > > > >> >> >>
> > > > >> >> >> I know that the vm root password is temporarily stored
> > somewhere
> > > > in
> > > > >> the
> > > > >> >> >> system. I need to find it out for accessing the console of
> > some
> > > > >> >> instances
> > > > >> >> >> created programmatically.
> > > > >> >> >> Where do I look?
> > > > >> >> >>
> > > > >> >> >> Cheers,
> > > > >> >> >> Lucian
> > > > >> >> >>
> > > > >> >> >> --
> > > > >> >> >> Sent from the Delta quadrant using Borg technology!
> > > > >> >> >>
> > > > >> >> >> Nux!
> > > > >> >> >> www.nux.ro
> > > > >> >> >>
> > > > >> >> >
> > > > >> >> >
> > > > >> >> >
> > > > >> >> > --
> > > > >> >> > Rafael Weingärtner
> > > > >> >>
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >> > --
> > > > >> > Rafael Weingärtner
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Rafael Weingärtner
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
> >
> >
> > --
> > Daan
> >
>
>
>
> --
> Rafael Weingärtner
--
V.Melnik
