Do you have a redundant network (2 VRs)? If so, you cannot communicate with the password server on the shared .1 IP - you need to use the VR's unique IP address (this is why the scripts are trying to find the DHCP server address - this is the only way to find this IP).
Also note that there's a long-standing bug where ACS only stores the password on the VR with the lowest ID, rather than the one which is active, so if you've got v-5-VM and v-6-VM but 6 is master, your password reset won't work. On Tue, 28 Jul 2020 at 16:59, Craig Dunn <sendai...@googlemail.com.invalid> wrote: > > Hi all, > > think i`m getting somewhere with it now. > > currently when I try to change the password it says NetworkManager is not > running > > Jul 28 11:51:17 centos8-base-m1Dd4 cloud-set-guest-password[886]: Error: > NetworkManager is not running. > Jul 28 11:51:17 centos8-base-m1Dd4 cloud[924]: Unable to determine the > password server, falling back to data-server > Jul 28 11:51:17 centos8-base-m1Dd4 cloud[925]: Sending request to password > server at data-server > Jul 28 11:51:17 centos8-base-m1Dd4 cloud[936]: Failed to send request to > password server at data-server > Jul 28 11:51:17 centos8-base-m1Dd4 cloud[939]: Did not need to change > password. > > i`m guessing this means its not running on boot when the script is running > as once i'm logged if I check the service status it says it running, > however I have noticed that under CGroup the is a dhclient line in my > working Centos7 Template which doesnt appear in my new Centos8 Template: > > CGroup: /system.slice/NetworkManager.service > ├─774 /usr/sbin/NetworkManager --no-daemon > └─903 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf > /var/run/dhclient-eno16777984.pid -lf > /var/lib/NetworkManager/dhclient-dcf53092-0072-3182-bb91-c33e31d619e3-eno16777984.lease > -cf /var/lib/NetworkManager/dhc... > > not sure if that is whats wrong at the minute more looking at differences > between working and not working. > > On Fri, 24 Jul 2020 at 14:13, Craig Dunn <sendai...@googlemail.com> wrote: > > > thanks Andrija, > > > > I`m having vpn trouble atm so cant get onto the VR to check but, if I run > > the wget command manually against the VR I get back the password which was > > shown in the UI. > > > > I`m guessing the VR has done its but its just not being applied to the VM > > itself for some reason. > > > > > > > > On Fri, 24 Jul 2020 at 12:20, Andrija Panic <andrija.pa...@gmail.com> > > wrote: > > > >> When you change the password for a VM (while VM is stopped) - ACS will > >> store the password (in readable form) inside the VR in > >> /var/cache/cloud/password-xxxxxxxx - so if you see the password here (as > >> given in the UI) - that means that nobody fetched the password from the VR > >> - but if it's missing (replaced with word "saved") that means that the > >> script/cloud-init already downloaded the password (but it's question if it > >> was applied or not on the OS/VM itself) > >> > >> Hope that helps > >> > >> On Fri, 24 Jul 2020 at 12:34, Craig Dunn <sendai...@googlemail.com > >> .invalid> > >> wrote: > >> > >> > Hey all, > >> > > >> > So, spent yesterday messing around with it, if I run wget -q -t 3 -T 20 > >> -O > >> > - --header "DomU_Request: send_my_password" $192.168.81.1:8080. Replace > >> > $PASSWORD_SERVER manually it shows nothing. > >> > > >> > [image: image.png] > >> > but this behaviour seems normal as a working template does not respond > >> > either. > >> > > >> > I have also noticed that the leases file in /var/lib/dhclient doesnt > >> > generate till you run dhclient (this is fine I can figure that out > >> later) > >> > but running reset password from cloudstack doesn't actually change it. > >> Only > >> > only thing I have done is a symbolic link on the script from the init.d > >> > folder to rc0.d folder (I had to do this with ubuntu so assumed I would > >> > here too) > >> > > >> > any troubleshooting tips anyone can offer? > >> > > >> > Thanks > >> > > >> > On Thu, 23 Jul 2020 at 12:27, Andrija Panic <andrija.pa...@gmail.com> > >> > wrote: > >> > > >> >> cloud-init has the "plugin" for cloudstack, so it "behaves" well with > >> it. > >> >> > >> >> best, > >> >> > >> >> On Thu, 23 Jul 2020 at 12:48, Craig Dunn <sendai...@googlemail.com > >> >> .invalid> > >> >> wrote: > >> >> > >> >> > Thanks Andrija i`ll have a look into that, does the platform need to > >> >> > support it, or does cloudstack support it by default? > >> >> > > >> >> > @Vivek strangely its generated a lease file in /var/lib/dhclient (not > >> >> sure > >> >> > if I did anything to force it) I have tried resetting both manually > >> and > >> >> via > >> >> > the UI with no changes > >> >> > > >> >> > On Thu, 23 Jul 2020 at 11:22, Andrija Panic <andrija.pa...@gmail.com > >> > > >> >> > wrote: > >> >> > > >> >> > > that script used to work only with initd and not systemd, so better > >> >> > invest > >> >> > > some time in cloud-init, and achieve the same thing (and more if > >> >> needed). > >> >> > > You can i.e. download the > >> http://dl.openvm.eu/cloudstack/macchinina/ > >> >> > > template > >> >> > > and see how the cloud-init is configured there (afaik, it uses > >> >> > cloud-init) > >> >> > > > >> >> > > Best, > >> >> > > > >> >> > > On Thu, 23 Jul 2020 at 12:17, Vivek Kumar <vivek.ku...@indiqus.com > >> >> > > .invalid> > >> >> > > wrote: > >> >> > > > >> >> > > > That won’t help because it fetch the password from router . Can > >> you > >> >> > just > >> >> > > > run “dhclient” and check the lease folder wether you are getting > >> >> lease > >> >> > > file > >> >> > > > generated or not. > >> >> > > > > >> >> > > > Vivek Kumar > >> >> > > > Manager - Cloud & DevOps > >> >> > > > IndiQus Technologies > >> >> > > > 24*7 O +91 11 4055 1411 | M +91 7503460090 > >> >> > > > www.indiqus.com <http://indiqus.com/> > >> >> > > > > >> >> > > > This message is intended only for the use of the individual or > >> >> entity > >> >> > to > >> >> > > > which it is addressed and may contain information that is > >> >> confidential > >> >> > > > and/or privileged. If you are not the intended recipient please > >> >> delete > >> >> > > the > >> >> > > > original message and any copy of it from your computer system. > >> You > >> >> are > >> >> > > > hereby notified that any dissemination, distribution or copying > >> of > >> >> this > >> >> > > > communication is strictly prohibited unless proper authorization > >> has > >> >> > been > >> >> > > > obtained for such action. If you have received this > >> communication in > >> >> > > error, > >> >> > > > please notify the sender immediately. Although IndiQus attempts > >> to > >> >> > sweep > >> >> > > > e-mail and attachments for viruses, it does not guarantee that > >> both > >> >> are > >> >> > > > virus-free and accepts no liability for any damage sustained as a > >> >> > result > >> >> > > of > >> >> > > > viruses. > >> >> > > > > >> >> > > > > On 23-Jul-2020, at 3:43 PM, Craig Dunn < > >> sendai...@googlemail.com > >> >> > > .INVALID> > >> >> > > > wrote: > >> >> > > > > > >> >> > > > > Hi, > >> >> > > > > > >> >> > > > > I have found a leases file BUT it only specifies the IP of the > >> VM > >> >> > > itself > >> >> > > > > and not the gateway (which is where DHCP is served) > >> >> > > > > > >> >> > > > > [root@VM-222c78e8-a8f7-4746-b28b-6f1b66bdf34b NetworkManager]# > >> >> cat > >> >> > > > > internal-3e6e8f47-404a-46a9-9ad2-1b2a9217384a-ens35.lease > >> >> > > > > # This is private data. Do not parse. > >> >> > > > > ADDRESS=192.168.81.40 > >> >> > > > > > >> >> > > > > this is in the /var/lib/NetworkManager folder > >> >> > > > > > >> >> > > > > if I run the script manually specifying the IP it doesnt change > >> >> > > anything > >> >> > > > > > >> >> > > > > Thanks > >> >> > > > > > >> >> > > > > On Thu, 23 Jul 2020 at 10:31, Craig Dunn < > >> >> sendai...@googlemail.com> > >> >> > > > wrote: > >> >> > > > > > >> >> > > > >> Hi Vivek, > >> >> > > > >> > >> >> > > > >> thanks for the response, seems its fallen at the first hurdle > >> the > >> >> > > > >> /var/lib/dhclient folder is empty so, i`ll look into why thats > >> >> not > >> >> > > being > >> >> > > > >> generated. > >> >> > > > >> > >> >> > > > >> I have password enabled set on the template, I thought cloud > >> init > >> >> > and > >> >> > > > the > >> >> > > > >> script were two different ways of achieving the same thing? Or > >> >> does > >> >> > > the > >> >> > > > >> script actually require it as a prerequisite? > >> >> > > > >> > >> >> > > > >> Thanks > >> >> > > > >> > >> >> > > > >> On Thu, 23 Jul 2020 at 10:03, Vivek Kumar < > >> >> vivek.ku...@indiqus.com > >> >> > > > .invalid> > >> >> > > > >> wrote: > >> >> > > > >> > >> >> > > > >>> Hello Craig, > >> >> > > > >>> > >> >> > > > >>> So setup-password scripts works from inside of the VM. If you > >> >> just > >> >> > > look > >> >> > > > >>> on the script - > >> >> > > > >>> > >> >> > > > >>> 1- First it finds the DHCP server IP from lease file. So make > >> >> sure > >> >> > > that > >> >> > > > >>> you are getting you lease file in your any of the folder > >> >> mentioned > >> >> > in > >> >> > > > >>> script - i.e DHCP_FOLDERS="/var/lib/dhclient/* > >> /var/lib/dhcp3/* > >> >> > > > >>> /var/lib/dhcp/*”. Sometimes it does’t generate the lease > >> file, > >> >> So > >> >> > you > >> >> > > > have > >> >> > > > >>> to check first why is it got generating the lease file. > >> >> > > > >>> 2- Now just try to run the manual command to see wether you > >> are > >> >> > > > receiving > >> >> > > > >>> any password or not i.e 'wget -q -t 3 -T 20 -O - --header > >> >> > > > "DomU_Request: > >> >> > > > >>> send_my_password" $PASSWORD_SERVER_IP:8080. Replace > >> >> > $PASSWORD_SERVER > >> >> > > > with > >> >> > > > >>> you DHCP serve IP, which you can find in step -1 > >> >> > > > >>> 3- If you are able to get things you wanted in Step-1 and > >> Step-2 > >> >> > then > >> >> > > > run > >> >> > > > >>> the script manually (It should reset the password by running > >> >> > > manually ) > >> >> > > > >>> weather to check if it is running on successfully on boot or > >> >> not. > >> >> > > > >>> 4- I am assuming that you have already enabled the password > >> box > >> >> in > >> >> > > your > >> >> > > > >>> templates and cloud-init installed on you template. > >> >> > > > >>> > >> >> > > > >>> > >> >> > > > >>> > >> >> > > > >>> Vivek Kumar > >> >> > > > >>> Manager - Cloud & DevOps > >> >> > > > >>> IndiQus Technologies > >> >> > > > >>> 24*7 O +91 11 4055 1411 | M +91 7503460090 > >> >> > > > >>> www.indiqus.com <http://indiqus.com/> > >> >> > > > >>> > >> >> > > > >>> This message is intended only for the use of the individual > >> or > >> >> > entity > >> >> > > > to > >> >> > > > >>> which it is addressed and may contain information that is > >> >> > > confidential > >> >> > > > >>> and/or privileged. If you are not the intended recipient > >> please > >> >> > > delete > >> >> > > > the > >> >> > > > >>> original message and any copy of it from your computer > >> system. > >> >> You > >> >> > > are > >> >> > > > >>> hereby notified that any dissemination, distribution or > >> copying > >> >> of > >> >> > > this > >> >> > > > >>> communication is strictly prohibited unless proper > >> authorization > >> >> > has > >> >> > > > been > >> >> > > > >>> obtained for such action. If you have received this > >> >> communication > >> >> > in > >> >> > > > error, > >> >> > > > >>> please notify the sender immediately. Although IndiQus > >> attempts > >> >> to > >> >> > > > sweep > >> >> > > > >>> e-mail and attachments for viruses, it does not guarantee > >> that > >> >> both > >> >> > > are > >> >> > > > >>> virus-free and accepts no liability for any damage sustained > >> as > >> >> a > >> >> > > > result of > >> >> > > > >>> viruses. > >> >> > > > >>> > >> >> > > > >>>> On 23-Jul-2020, at 2:01 PM, Craig Dunn < > >> >> sendai...@googlemail.com > >> >> > > > .INVALID> > >> >> > > > >>> wrote: > >> >> > > > >>>> > >> >> > > > >>>> Hi all, > >> >> > > > >>>> > >> >> > > > >>>> Just subscribed and after some advise. I'm trying to setup a > >> >> new > >> >> > > > Centos8 > >> >> > > > >>>> template for our cloud platform. > >> >> > > > >>>> > >> >> > > > >>>> I want to use the guest password script so we can deploy > >> and a > >> >> > > > password > >> >> > > > >>> is > >> >> > > > >>>> generated on deployment but I'm having issues getting it to > >> >> work. > >> >> > > I'm > >> >> > > > >>>> following this guide: > >> >> > > > >>>> > >> >> > > > >>>> > >> >> > > > >>> > >> >> > > > > >> >> > > > >> >> > > >> >> > >> http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration/en/latest/templates/_password.html > >> >> > > > >>>> > >> >> > > > >>>> And it seems straightforward I have got the script in > >> >> /etc/init.d > >> >> > > and > >> >> > > > >>> made > >> >> > > > >>>> it executable and changed the permissions and run the > >> chkconfig > >> >> > > > command > >> >> > > > >>> but > >> >> > > > >>>> it still doesn't work, I have tried reverse engineering one > >> of > >> >> our > >> >> > > > >>> working > >> >> > > > >>>> templates (which I didn't do) but it doesn't seem obvious > >> how > >> >> it > >> >> > > > >>> working. > >> >> > > > >>>> Can anyone help or advise? > >> >> > > > >>>> > >> >> > > > >>>> Thanks > >> >> > > > >>> > >> >> > > > >>> > >> >> > > > > >> >> > > > > >> >> > > > >> >> > > -- > >> >> > > > >> >> > > Andrija Panić > >> >> > > > >> >> > > >> >> > >> >> > >> >> -- > >> >> > >> >> Andrija Panić > >> >> > >> > > >> > >> -- > >> > >> Andrija Panić > >> > >
