Hi Richard, This looks like a bug to me. The password should be pushed only first time of VM start and only after User reset password of VM via CS.
Thanks Shweta Principal Product Engineer, CloudPlatform Accelerite ________________________________________ From: Richard Klein (RSI) <rkl...@rsitex.com> Sent: Tuesday, April 5, 2016 12:47 AM To: users@cloudstack.apache.org Subject: RE: Cloudstack 4.7 password reset issue. Thanks for the reply and sorry for the delay. You know how it is on Monday's. I checked the VR password file as suggested after the password reset via the GUI but before powering on the VM. I did see the password reset there as expected. I powered on the VM and the password was reset as expected. The test VM is built from a CentOS7 template with password enabled. I checked the /var/log/messages and you can see from the client perspective the change went as expected. Below is "snippet1" from the message log on the VM (there are no SSH key so it fails as expected): Apr 4 13:45:35 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-sshkey... Apr 4 13:45:35 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-password... Apr 4 13:45:35 rsi-test-c7 cloud: Unable to determine the password server, falling back to data-server Apr 4 13:45:35 rsi-test-c7 cloud: Could not find ssh key server IP in /var/lib/dhclient/dhclient.leases Apr 4 13:45:36 rsi-test-c7 cloud: Unable to determine the password server, falling back to data-server Apr 4 13:45:36 rsi-test-c7 cloud: Sending request to password server at data-server Apr 4 13:45:36 rsi-test-c7 cloud: Sending request to ssh key server at data-server Apr 4 13:45:36 rsi-test-c7 cloud: Got response from server at data-server Apr 4 13:45:36 rsi-test-c7 cloud: Did not receive any keys from any server Apr 4 13:45:36 rsi-test-c7 systemd: cloud-set-guest-sshkey.service: control process exited, code=exited status=1 Apr 4 13:45:36 rsi-test-c7 systemd: Failed to start LSB: cloud-set-guest-sshkey. Apr 4 13:45:36 rsi-test-c7 systemd: Unit cloud-set-guest-sshkey.service entered failed state. Apr 4 13:45:36 rsi-test-c7 systemd: cloud-set-guest-sshkey.service failed. Apr 4 13:45:36 rsi-test-c7 cloud: Got response from server at data-server Apr 4 13:45:36 rsi-test-c7 cloud: VM got a valid password from server at data-server Apr 4 13:45:36 rsi-test-c7 cloud: Changing password for user root Apr 4 13:45:36 rsi-test-c7 cloud: Sending acknowledgment to password server at data-server Apr 4 13:45:36 rsi-test-c7 cloud-set-guest-password: saved_password Apr 4 13:45:36 rsi-test-c7 systemd: Started LSB: cloud-set-guest-password. Apr 4 13:45:36 rsi-test-c7 systemd: Starting Initial cloud-init job (metadata service crawler)... Apr 4 13:45:37 rsi-test-c7 systemd: Started Initial cloud-init job (metadata service crawler). Apr 4 13:45:37 rsi-test-c7 systemd: Starting Apply the settings specified in cloud-config... Apr 4 13:45:37 rsi-test-c7 systemd: Started Apply the settings specified in cloud-config. Apr 4 13:45:37 rsi-test-c7 systemd: Starting Execute cloud user/final scripts... Apr 4 13:45:37 rsi-test-c7 systemd: Started Execute cloud user/final scripts. I checked the password file on the VR and it was empty now. I then manually reset the password on the VM console only (not CS GUI) and performed an OS reboot from the console. I could log in with the password I change with the console. Below is the system messages "snippet2": Apr 4 13:36:27 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-sshkey... Apr 4 13:36:27 rsi-test-c7 systemd: Starting LSB: cloud-set-guest-password... Apr 4 13:36:27 rsi-test-c7 cloud: Could not find ssh key server IP in /var/lib/dhclient/dhclient.leases Apr 4 13:36:27 rsi-test-c7 cloud: Unable to determine the password server, falling back to data-server Apr 4 13:36:27 rsi-test-c7 cloud: Unable to determine the password server, falling back to data-server Apr 4 13:36:27 rsi-test-c7 cloud: Sending request to password server at data-server Apr 4 13:36:27 rsi-test-c7 cloud: Sending request to ssh key server at data-server Apr 4 13:36:27 rsi-test-c7 cloud: Got response from server at data-server Apr 4 13:36:27 rsi-test-c7 cloud: Did not receive any keys from any server Apr 4 13:36:27 rsi-test-c7 systemd: cloud-set-guest-sshkey.service: control process exited, code=exited status=1 Apr 4 13:36:27 rsi-test-c7 systemd: Failed to start LSB: cloud-set-guest-sshkey. Apr 4 13:36:27 rsi-test-c7 systemd: Unit cloud-set-guest-sshkey.service entered failed state. Apr 4 13:36:27 rsi-test-c7 systemd: cloud-set-guest-sshkey.service failed. Apr 4 13:36:27 rsi-test-c7 cloud: Got response from server at data-server Apr 4 13:36:27 rsi-test-c7 cloud: VM has already saved a password from the password server at data-server Apr 4 13:36:27 rsi-test-c7 cloud: Did not need to change password. Apr 4 13:36:27 rsi-test-c7 systemd: Started LSB: cloud-set-guest-password. I then powered off the VM and powered it back on without changing any passwords. The password was set to the last change password via the GUI. The logs behave as if the password reset was performed from the GUI again (snippet1). I checked the password file on the VR and it was empty. I also monitored the VR /var/log/cloud.log messages and discovered something interesting. As expected there was a flurry of activity but the following 2 messages stood out to me: 2016-04-04 18:45:06,937 merge.py save:72 {u'id': u'dhcpentry', u'10.1.1.39': {u'default_gateway': u'10.1.1.1', u'ipv6_duid': u'00:03:00:01: 02:00:26:c0:00:07', u'default_entry': True, u'ipv4_adress': u'10.1.1.39', u'host_name': u'rsi-test-c7', u'mac_address': u'02:00:26:c0:00:07' , u'type': u'dhcpentry', u'dns_adresses': u'10.1.1.1'}} 2016-04-04 18:45:07,006 CsHelper.py execute:160 Executing: curl --header "DomU_Request: save_password" "http://10.1.1.1:8080/" -F "ip=10.1.1.39" -F "password=a8Q7Bs" -F "token=ae199529efcd26f7811f36ae7c0807b1" >/dev/null 2>/dev/null & The VM I powered on IP address is 10.1.1.39 and it appears to me that the CsHelper.py curl command is setting the password again? Making an educated guess it looks like the management process is sending the reset password again to the VR after the power up? Please let me know what you think or if you need further information just let me know. Thanks. ---- Richard Klein <rkl...@rsitex.com> RSI 5426 Guadalupe, Suite 100 Austin TX 78751 >-----Original Message----- >From: Suresh Sadhu [mailto:suresh.sa...@accelerite.com] >Sent: Monday, April 04, 2016 5:21 AM >To: users@cloudstack.apache.org >Subject: RE: Cloudstack 4.7 password reset issue. > >This look like an issue, please check the VR password file >(/var/cache/cloud/passwords) and entries look like below: Guest_vm_ip=Password) >Eg: >10.1.1.145=sX3qvbstr --- here, In this case it successfully >generated the password but didn't applied on Guest vm >10.1.1.135=saved_password -- if it applied successfully on VM then it >will show as guest_vm_ip=Saved_password.) > >So please check you entries as well check your logs for any errors. > >Regards >Sadhu >Chief Product Engineer, Accelerite >suresh.sa...@accelerite.com >>-----Original Message----- >>From: Erik Weber [mailto:terbol...@gmail.com] >>Sent: Monday, April 4, 2016 11:54 AM >>To: users@cloudstack.apache.org >>Subject: Re: Cloudstack 4.7 password reset issue. >> >>On Mon, Apr 4, 2016 at 7:28 AM, Shweta Agarwal < >>shweta.agarw...@accelerite.com> wrote: >> >> Hi Richard, >> Cloudstack is working as expected at every steps you mentioned . >> >> when your template is password enabled then every time you reset >> password via CS and stop start the VM then router will push new >> password to the user VM . >> This works, but if you read his example you will see that the password is reset after an additional reboot, which it should not. Looks like a bug, but more info is needed to state if it is in CloudStack or the password reset script. -- Erik DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.