[
https://issues.apache.org/jira/browse/CLOUDSTACK-9360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15254602#comment-15254602
]
Wei Zhou commented on CLOUDSTACK-9360:
--------------------------------------
[~disappear]
questions:
1. can the vm get host name ? if not, which might be because of CLOUDSTACK-6975
2. if the vm can get host name, but cannot reach internat or packets are
dopped, which might be because of CLOUDSTACK-9339
3. if the vm can get hostname, but cannot get password, then this ticket.
you can find my patches in the comments. otherwise, you will meet more issues
when you use network with redundant routers.
> Set guest password not working with redundant routers
> -----------------------------------------------------
>
> Key: CLOUDSTACK-9360
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9360
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server, VPC
> Affects Versions: 4.8.0
> Environment: Two CentOS7 MGMT Servers, redundant router vms
> Reporter: Thomas
> Priority: Critical
>
> We got a problem with the set guest password function.
> When you spawn a redundant router (VPC or not) the VMs don`t set their
> password correctly.
> We broke it down to the /opt/cloud/bin/passwd_server_ip.py script which
> checks the Client IP for the save password function on the routerVM:
> ---
> if clientAddress not in ['localhost', '127.0.0.1', listeningAddress]:
> syslog.syslog('serve_password: non-localhost IP trying to save password:
> %s' % clientAddress)
> self.send_response(403)
> return
> ---
> In the logs we see:
> --
> Apr 21 09:02:01 r-80-VM passwd_server_ip.py: serve_password: non-localhost IP
> trying to save password: 10.0.0.236
> --
> The routerVMs eth2 config:
> --
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 02:00:2c:d7:00:08 brd ff:ff:ff:ff:ff:ff
> inet 10.0.0.236/24 brd 10.0.0.255 scope global eth2
> inet 10.0.0.1/24 brd 10.0.0.255 scope global secondary eth2
> --
> So what happens:
> The management server triggers the router vm to store a new password for a
> new spawned or password reseting guest vm.
> The router vm then tries locally to connect to the password python server
> with it`s primary eth2 ip, in our example: 10.0.0.236
> The python password server then checks the client IP via:
> if clientAddress not in ['localhost', '127.0.0.1', listeningAddress]:
> and exists with: serve_password: non-localhost IP trying to save password:
> 10.0.0.236
> cause the listeningAddress is filled with: 10.0.0.1
> How to fix
> First possibility:
> Configure the 10.0.0.1 IP as primary IP => maybe not possible cause its
> managed by keepalived
> Second possibilty:
> Adjust the password server if check and check also for the ip 10.0.0.236.
> I tried to implement this with a subprocess and grep in
> /var/cache/cloud/processed/guest_network.json.* or with a os command and ip a
> | grep eth2 | grep -v mtu | cut -d ' ' -f 6 | cut -d '/' -f 1
> Maybe someone could support here?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
