[
https://issues.apache.org/jira/browse/CLOUDSTACK-9360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15253627#comment-15253627
]
Thomas commented on CLOUDSTACK-9360:
------------------------------------
Sorry but this is not the fix.
It starts two password servers, one on the secondary and one on the main IP of
eth2:
root 4681 0.0 0.5 17668 1468 ? S 09:25 0:00 /bin/bash
/opt/cloud/bin/passwd_server_ip 10.0.0.1 dummy
root 4683 0.0 3.3 47944 8332 ? S 09:25 0:00 \_ python
/opt/cloud/bin/passwd_server_ip.py 10.0.0.1
root 4692 0.0 0.5 17668 1468 ? S 09:25 0:00 /bin/bash
/opt/cloud/bin/passwd_server_ip 10.0.0.129 dummy
root 4695 0.0 3.3 47944 8332 ? S 09:25 0:00 \_ python
/opt/cloud/bin/passwd_server_ip.py 10.0.0.129
When you try to change reset password vie GUI the local password file doesn`t
get updated and no passwd_server is logging anything to /var/log/messages
It seems to run in a timeout when it executes:
--
curl --header "DomU_Request: save_password" "http://10.0.0.1:8080/"; -F
"ip=10.0.0.104" -F "password=NEWPW" -F "token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
curl: (7) couldn't connect to host
---
> Set guest password not working with redundant routers
> -----------------------------------------------------
>
> Key: CLOUDSTACK-9360
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9360
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server, VPC
> Affects Versions: 4.8.0
> Environment: Two CentOS7 MGMT Servers, redundant router vms
> Reporter: Thomas
> Priority: Critical
>
> We got a problem with the set guest password function.
> When you spawn a redundant router (VPC or not) the VMs don`t set their
> password correctly.
> We broke it down to the /opt/cloud/bin/passwd_server_ip.py script which
> checks the Client IP for the save password function on the routerVM:
> ---
> if clientAddress not in ['localhost', '127.0.0.1', listeningAddress]:
> syslog.syslog('serve_password: non-localhost IP trying to save password:
> %s' % clientAddress)
> self.send_response(403)
> return
> ---
> In the logs we see:
> --
> Apr 21 09:02:01 r-80-VM passwd_server_ip.py: serve_password: non-localhost IP
> trying to save password: 10.0.0.236
> --
> The routerVMs eth2 config:
> --
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 02:00:2c:d7:00:08 brd ff:ff:ff:ff:ff:ff
> inet 10.0.0.236/24 brd 10.0.0.255 scope global eth2
> inet 10.0.0.1/24 brd 10.0.0.255 scope global secondary eth2
> --
> So what happens:
> The management server triggers the router vm to store a new password for a
> new spawned or password reseting guest vm.
> The router vm then tries locally to connect to the password python server
> with it`s primary eth2 ip, in our example: 10.0.0.236
> The python password server then checks the client IP via:
> if clientAddress not in ['localhost', '127.0.0.1', listeningAddress]:
> and exists with: serve_password: non-localhost IP trying to save password:
> 10.0.0.236
> cause the listeningAddress is filled with: 10.0.0.1
> How to fix
> First possibility:
> Configure the 10.0.0.1 IP as primary IP => maybe not possible cause its
> managed by keepalived
> Second possibilty:
> Adjust the password server if check and check also for the ip 10.0.0.236.
> I tried to implement this with a subprocess and grep in
> /var/cache/cloud/processed/guest_network.json.* or with a os command and ip a
> | grep eth2 | grep -v mtu | cut -d ' ' -f 6 | cut -d '/' -f 1
> Maybe someone could support here?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
