[
https://issues.apache.org/jira/browse/CLOUDSTACK-9058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15010685#comment-15010685
]
ASF subversion and git services commented on CLOUDSTACK-9058:
-------------------------------------------------------------
Commit 37cee3309cbb1fc7d6d64ccec7af22aaac9262bc in cloudstack's branch
refs/heads/4.6 from [~remibergsma]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=37cee33 ]
Merge pull request #1079 from dsclose/CLOUDSTACK-9058
CLOUDSTACK-9058 - Respond with "saved_password" if no password is to be
issued.The password server on the virtual router should respond with
"saved_password" if no password is to be issued. This allows for backwards
compatibility with Windows Guest VMs which require the "saved_password"
response.
* pr/1079:
CLOUDSTACK-9058
Signed-off-by: Remi Bergsma <[email protected]>
> Password server causes Windows VMs to switch to blank passwords after each
> reboot
> ---------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-9058
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9058
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: ISO, Virtual Router
> Affects Versions: 4.5.2
> Reporter: dsclose
> Priority: Critical
>
> Previous versions of the systemvm.iso used a shell script to serve passwords.
> In response to a "send_my_password" query, if no password was to be served,
> the /opt/cloud/bin/serve_password.sh script would issue a response with
> "saved_password" in the body.
> The new version of the systemvm.iso supercedes serve_password.sh with a
> python script at /opt/cloud/bin/passwd_server_ip.py. This script's behaviour
> is different to the original serve_password.sh. In response to a
> "send_my_password" query, if no password was to be served, the
> /opt/cloud/bin/passwd_server_ip.py script issues an empty response.
> Linux guests handle this appropriately. The cloud-set-guest-password init
> script uses a case statement to ignore blank responses. I've not been able to
> examine the code for the equivalent Windows guest service but it responds
> very differently.
> If a Windows guest receives a blank response from the password server then it
> assumes that the password needs to be blank. The log on the windows guest
> reports the following:
> [INFO] Need to set new password for this VM. First letter in password :
> [INFO] New password has been set for this VM
> The windows guest expects a "saved_password" response if a password isn't
> being issued. If it receives this response then it logs the following:
> [INFO] No need to set password, because http://10.1.1.1:8080/ said so with
> response saved_password
> Because the password server is queried every time the windows service starts,
> this will result in the guest adopting a blank password every time it is
> rebooted or the service is restarted. It's probably unrealistic to consider
> updating the Windows service in every guest currently running in cloudstack.
> As such it looks like the password server's behaviour needs to be adjusted to
> match the behaviour that guests expect.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
