Thomas created CLOUDSTACK-9360:
----------------------------------
Summary: Set guest passwor not working with redundant routers
Key: CLOUDSTACK-9360
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9360
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server, VPC
Affects Versions: 4.8.0
Environment: Two CentOS7 MGMT Servers, redundant router vms
Reporter: Thomas
Priority: Critical
We got a problem with the set guest password function.
When you spawn a redundant router (VPC or not) the VMs don`t set their password
correctly.
We broke it down to the /opt/cloud/bin/passwd_server_ip.py script which checks
the Client IP for the save password function on the routerVM:
---
if clientAddress not in ['localhost', '127.0.0.1', listeningAddress]:
syslog.syslog('serve_password: non-localhost IP trying to save password:
%s' % clientAddress)
self.send_response(403)
return
---
In the logs we see:
--
Apr 21 09:02:01 r-80-VM passwd_server_ip.py: serve_password: non-localhost IP
trying to save password: 10.0.0.236
--
The routerVMs eth2 config:
--
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 02:00:2c:d7:00:08 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.236/24 brd 10.0.0.255 scope global eth2
inet 10.0.0.1/24 brd 10.0.0.255 scope global secondary eth2
--
So what happens:
The management server triggers the router vm to store a new password for a new
spawned or password reseting guest vm.
The router vm then tries locally to connect to the password python server with
it`s primary eth2 ip, in our example: 10.0.0.236
The python password server then checks the client IP via:
if clientAddress not in ['localhost', '127.0.0.1', listeningAddress]:
and exists with: serve_password: non-localhost IP trying to save password:
10.0.0.236
cause the listeningAddress is filled with: 10.0.0.1
How to fix
First possibility:
Configure the 10.0.0.1 IP as primary IP => maybe not possible cause its managed
by keepalived
Second possibilty:
Adjust the password server if check and check also for the ip 10.0.0.236.
I tried to implement this with a subprocess and grep in
/var/cache/cloud/processed/guest_network.json.* or with a os command and ip a |
grep eth2 | grep -v mtu | cut -d ' ' -f 6 | cut -d '/' -f 1
Maybe someone could support here?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
