[jira] [Comment Edited] (CLOUDSTACK-4184) VM password reset works inconsistently

[Sheng Yang (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-4184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13734225#comment-13734225
 ] 

Sheng Yang edited comment on CLOUDSTACK-4184 at 8/9/13 1:01 AM:
----------------------------------------------------------------

Shweta, I just tried parallel deploying 30 vms in the my XenServer setup. So 
far I can access all of them use the correct password generated by Cloudstack.

But there is an issue:  for some vms, seems the acknowledge hasn't been 
delivered, so I saw something like:

Starting cloud-set-guest-password:  Changing password for user root.
passwd: all authentication tokens updated successfully.
--2013-08-09 00:01:40--  http://10.1.0.1:8080/
Connecting to 10.1.0.1:8080... failed: Connection refused.
[  OK  ]

In the guest's log. In this case, if guest is reboot, the password would be 
reset again. But the password still works in the setup.

It should due to the too many process try to get the password server at the 
same time.

When this happened, the passwords file in the VR(/var/cache/cloud/passwords) 
won't show "saved_password", it would show original password.


                
      was (Author: yasker):
    Shweta, I just tried parallel deploying 30 vms in the my XenServer setup. 
So far I can access all of them use the correct password generated by 
Cloudstack.

But there is an issue:  for some vms, seems the acknowledge hasn't been 
delivered, so I saw something like:

Starting cloud-set-guest-password:  Changing password for user root.
passwd: all authentication tokens updated successfully.
--2013-08-09 00:01:40--  http://10.1.0.1:8080/
Connecting to 10.1.0.1:8080... failed: Connection refused.
[  OK  ]

In the guest's log. In this case, if guest is reboot, the password would be 
reset again. But the password still works in the setup.

It should due to the too many process try to get the password server at the 
same time.


                  
> VM password reset works inconsistently
> --------------------------------------
>
>                 Key: CLOUDSTACK-4184
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4184
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Virtual Router
>    Affects Versions: 4.2.0
>            Reporter: Jayapal Reddy
>            Priority: Blocker
>             Fix For: 4.2.0
>
>
> 1. When password reset fails for one vm then password reset is not working 
> then on.
> 2. In router the password entries are made properly.
> 3. serve password script is giving the password correctly but the vm did not 
> recieved it
> Here are the logs:
> === serve_password.sh debug logs
> + PASSWD_FILE=/var/cache/cloud/passwords
> + ip=10.1.1.143
> + logger -t cloud 'serve_password called to service a request for 10.1.1.143.'
> + read input
> + '[' 'GET / HTTP/1.0' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo GET / HTTP/1.0
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'User-Agent: Wget/1.11.4 Red Hat modified' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo User-Agent: Wget/1.11.4 Red Hat modified
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'Accept: */*' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo Accept: redundant_router/arping_gateways.sh.templ 
> redundant_router/backup.sh.templ redundant_router/check_bumpup.sh 
> redundant_router/check_heartbeat.sh.templ 
> redundant_router/checkrouter.sh.templ redundant_router/conntrackd.conf.templ 
> redundant_router/disable_pubip.sh redundant_router/enable_pubip.sh.templ 
> redundant_router/fault.sh.templ redundant_router/heartbeat.sh.templ 
> redundant_router/keepalived.conf.templ redundant_router/master.sh.templ 
> redundant_router/primary-backup.sh.templ redundant_router/services.sh
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'Host: 10.1.1.1:8080' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo Host: 10.1.1.1:8080
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'Connection: Keep-Alive' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo Connection: Keep-Alive
> + request=
> + '[' '' '!=' '' ']'
> + read input
> + '[' 'DomU_Request: send_my_password' == '' ']'
> ++ sed 's/^[ \t]*//'
> ++ cut -d: -f2
> ++ grep DomU_Request:
> ++ echo DomU_Request: send_my_password
> + request=send_my_password
> + '[' send_my_password '!=' '' ']'
> + break
> + '[' send_my_password == send_my_password ']'
> ++ get_value /var/cache/cloud/passwords 10.1.1.143
> ++ local filename=/var/cache/cloud/passwords
> ++ local keyname=10.1.1.143
> ++ cut -d= -f2
> ++ grep -i 10.1.1.143= /var/cache/cloud/passwords
> + password=bG9wrskhw
> + '[' bG9wrskhw == '' ']'
> + logger -t cloud 'serve_password sent a password to 10.1.1.143.'
> + echo bG9wrskhw
> bG9wrskhw
> + unlock_exit 0 passwdlock 1
> + releaseLockFile passwdlock 1
> + __LOCKDIR=/tmp
> + __LOCKFILE='/tmp/*-29091-passwdlock.lock'
> + __locked=1
> + '[' 1 == 1 ']'
> + rm /tmp/1375947770244011718-29091-passwdlock.lock
> + exit 0
> ^C
> root@r-36-QA:~# ps aux | grep socat
> root     29139  0.0  0.8   4788  1024 pts/0    S    07:42   0:00 socat -lf 
> /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=10.1.1.1 
> SYSTEM:/opt/cloud/bin/serve_password.sh "$SOCAT_PEERADDR"
> root     29141  0.0  0.6   3796   804 pts/0    S+   07:43   0:00 grep socat
> root@r-36-QA:~#
> ====== Guest vm cloud-set-guest-password script logs
> PASSWORD_SERVER_IP=10.1.1.1
> + '[' -n 10.1.1.1 ']'
> + logger -t cloud 'Found password server IP 10.1.1.1 in 
> /var/lib/dhclient/dhclient-eth0.leases'
> + logger -t cloud 'Sending request to password server at 10.1.1.1'
> ++ wget -q -t 3 -T 20 -O - --header 'DomU_Request: send_my_password' 
> 10.1.1.1:8080
> + password=
> ++ echo
> ++ tr -d '\r'
> + password=
> + '[' 0 -eq 0 ']'
> + logger -t cloud 'Got response from server at 10.1.1.1'
> + case $password in
> + logger -t cloud 'Password server at 10.1.1.1 did not have any password for 
> the VM'
> + continue
> + for DHCP_FILE in '$DHCP_FOLDERS'
> + '[' -f '/var/lib/dhcp3/*' ']'
> + '[' 0 == 0 ']'
> + '[' 0 == 1 ']'
> + logger -t cloud 'Did not need to change password.'
> + exit 0
> [root@v3 init.d]# 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira