NuxRo opened a new issue #4943:
URL: https://github.com/apache/cloudstack/issues/4943
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
cloud-init
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on master
branch.
-->
~~~
4.15
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network,
advanced networking, etc. N/A otherwise
-->
Basiz zone with multiple subnets/CIDR
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
VMware 6.5 (limited access to environment, not "mine")
##### SUMMARY
<!-- Explain the problem/feature briefly -->
The VM password feature of cloud-init Cloudstack datasource attempts
retrieval of the password from "data-server" host if it resolves.
What happens in a multi-CIDR basic zone is that the passwords for the VMs
are stored in separate files, according to their subnet, eg:
/var/cache/cloud/passwords-subnet1IP
/var/cache/cloud/passwords-subnet2IP and so on
The problem arises when Cloudstack adds the "data-server" hostname in
/etc/hosts for dnsmasq to pick up, but because it adds it with subnet1IP, then
requests for a password from a machine in subnet2 or subnet3 will go unanswered.
The Cloudstack datasource does not handle this gracefully, it just fails
setting a password instead of detecting there was no valid response and try to
also ask the "dhcp_identifier" host.
I suggest as a quick workaround to add a button somewhere to disable the
data-server feature altogether. It seems to be Cloudstack specific, grepping
for it in other data sources yielded nothing.
On the VMs right now we have to add "0.0.0.0 data-server" in /etc/hosts to
make the root password work. I guess editing the /etc/hosts on the VR and
remove the data-server entry might also work, until the next restart.
##### STEPS TO REPRODUCE
<!--
For bugs, show exactly how to reproduce the problem, using a minimal
test-case. Use Screenshots if accurate.
For new features, show how the feature would be used.
-->
<!-- Paste example playbooks or commands between quotes below -->
~~~
Deploy basic or adv+SG zone with multiple CIDRs, when asking for a password
from a VM not in the primary CIDR this will fail, password will not be set.
~~~
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
~~~
data-server hostname should return a valid password regardless of which CIDR
the request comes from.
~~~
##### ACTUAL RESULTS
<!-- What actually happened? -->
<!-- Paste verbatim command output between quotes below -->
~~~
Valid password not served.
~~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
