Hi Jorge, Thanks for the reporting and the analysis. Ubuntu 22.04 is not officially released, it is not tested and officially supported in cloudstack for now.
I have noticed the issue many years ago that only the first 8 chars in vnc password is effective. The fix in libvirt does not make sense to me. Anyway, I have created a pull request to truncate the vnc password to 8 chars: https://github.com/apache/cloudstack/pull/6244 . I will test it. It would -Wei On Mon, 11 Apr 2022 at 15:51, Jorge Luiz Correa <jorge.l.cor...@embrapa.br.invalid> wrote: > Just to confirm the incompatibility. When Zone was enabled, the CS manager > started to try to launch some system VMs like s-NNNN-VM and v-NNNN-VM. At > hypervisors, all attempts were failing because the libvirtd didn't accept a > vnc_password bigger than 8 chars. > > libvirtd[44140]: unsupported configuration: VNC password is 22 characters > long, only 8 permitted > > Then, I changed the vnc_passwords directly in the database. > > In manager, generate the string for password 12345678: > > java -cp /usr/share/cloudstack-common/lib/jasypt-1.9.3.jar > org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="12345678" > password="DATABASE_KEY" > > ----OUTPUT---------------------- > ohM+JhNfT0xFJC3HtveMGTI5CJCjkcN5 > > In database, update to new value: > update vm_instance set vnc_password = "ohM+JhNfT0xFJC3HtveMGTI5CJCjkcN5=" > where name like "s-%" or name like "v-%"; > > After that, using an 8 chars password, all system VMs started fine! > > In https://qemu-project.gitlab.io/qemu/system/vnc-security.html we can > see: > > *The VNC protocol has limited support for password based authentication. > Since the protocol limits passwords to 8 characters it should not be > considered to provide high security.* > > Before my tests with Libvirt 8 I was using Libvirt 6 with Ubuntu 20.04. It > looks like Libvirt 6 just drops what is after 8 chars in passwords. So, > sending a bigger password does not increase the security because the > protocol has the limitation, right? > > In Libvirt 8 some modification is generating a Warning/Error. This shows > something about that modification: > > https://www.mail-archive.com/libvir-list@redhat.com/msg224586.html > > That warning/error is causing System VMs to not start! So, to use Libvirt 8 > with CloudStack I think vnc_password length needs to be 8 in some way > because Libvirt 8 is not dropping anymore what is bigger than that. > > Thanks! > :) > > -- > __________________________ > Aviso de confidencialidade > > Esta mensagem da > Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica > federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro > de 1972, e enviada exclusivamente a seu destinatario e pode conter > informacoes confidenciais, protegidas por sigilo profissional. Sua > utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei. > Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao > emitente, esclarecendo o equivoco. > > Confidentiality note > > This message from > Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government > company established under Brazilian law (5.851/72), is directed > exclusively to its addressee and may contain confidential data, > protected under professional secrecy rules. Its unauthorized use is > illegal and may subject the transgressor to the law's penalties. If you > are not the addressee, please send it back, elucidating the failure. >
