Sanjeev N created CLOUDSTACK-2938:
-------------------------------------

             Summary: [Multiple_IP_Ranges] Password Service does not work in 
case of multiple subnets in a vlan
                 Key: CLOUDSTACK-2938
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2938
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.2.0
         Environment: Basic Zone with xen cluster
Build: Latest build from master
            Reporter: Sanjeev N
            Priority: Critical
             Fix For: 4.2.0


Password Service does not work in case of multiple subnets in a vlan

Steps to Reproduce:
=================
1.Bring up CS in basic zone with xen cluster
2.Add two CIDRs in guest network in the same vlan
3.Deploy a vm with password enabled template with ip address from CIDR1
4.Deploy another vm with the same password enabled template with ip address 
from CIDR2

Expected Behaviour:
=================
Password reset should work for the guest vms deployed with ip addresses from 
both the CIDRs

Actual Behaviour:
==============
Password reset functionality worked only for the guest vm deployed with ip 
address from primary CIDR 

Observations:
============
On the router vm it is observed that password service is running using socat 
process and it is listening only on the Router guest vms primary address.

root@r-25-QA:~# netstat -atnp | grep 8080
tcp        0      0 10.147.43.2:8080        0.0.0.0:*               LISTEN      
4723/socat

root@r-25-QA:~# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
qlen 1000
    link/ether 06:f8:fc:00:00:0b brd ff:ff:ff:ff:ff:ff
    inet 10.147.43.2/25 brd 10.147.43.127 scope global eth0
    inet 10.147.43.131/26 brd 10.147.43.191 scope global eth0:21
    inet6 fe80::4f8:fcff:fe00:b/64 scope link
       valid_lft forever preferred_lft forever

In the above output 10.147.43.131/26 is the alias ip address which got created 
after deploying the vm with the ip address from the second cidr.

Password reset script resides on guest vm would be sending request to alias ip 
on VR to get the password, but would fail since socat process is not listening 
on the alias ip.

Workaround:
===========
Restarting password server process "/etc/init.d/cloud-passwd-srvr" would create 
another socat process listening on alias ip:

root@r-25-QA:~# netstat -atnp | grep 8080
tcp        0      0 10.147.43.131:8080      0.0.0.0:*               LISTEN      
4725/socat
tcp        0      0 10.147.43.2:8080        0.0.0.0:*               LISTEN      
4723/socat


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to