Can you try to pass an empty password to cmk, when calling addHost API. For example, see this: https://github.com/rohityadavcloud/c8k.in/blob/main/install.sh#L289
Regards. ________________________________ From: jordan j <[email protected]> Sent: Tuesday, August 6, 2024 09:18 To: [email protected] <[email protected]> Subject: Re: Join KVM host from CLI using only user and certificate Forgot to add the error, may be helpful: Could not add host at [http://x.x.x.x] with zone[1], pod[1] and cluster [60] due to: [can't setup agent, due to com.cloud.utils.exception.CloudRuntimeException: Unable to persist the host details key: password for host id: 123123 Regards, Jordan On Tue, Aug 6, 2024 at 6:38 AM jordan j <[email protected]> wrote: > Hello Rohit, > > Yes, the GUI clearly shows that but I was exploring doing it from the > command line with Cloudmonkey. > > Rodrigo, I did some tests today and it works. However the command reports > an error state even though the host is joined properly - no error in agent > logs, host is visible in CS and it is NOT in unsecure state. > > Regards, > Jordan > > On Tue, Aug 6, 2024 at 5:57 AM Rohit Yadav <[email protected]> > wrote: > >> Jordan, >> >> In 4.18/4.19 the add host form clearly shows passwordless mechanism to >> add a KVM host. This is done via mgmt server’s ssh public key to be added >> to the root user on the kvm host. >> >> Regards. >> >> Regards. >> >> >> >> ________________________________ >> From: jordan j <[email protected]> >> Sent: Monday, August 5, 2024 8:42:46 PM >> To: [email protected] <[email protected]> >> Subject: Re: Join KVM host from CLI using only user and certificate >> >> Thank you for the advice, I will test tomorrow! >> >> Best regards, >> Jordan >> >> On Mon, Aug 5, 2024 at 6:07 PM Alex Dietrich <[email protected] >> .invalid> >> wrote: >> >> > Hi Rodrigo, >> > >> > It may be worth updating the CloudStack API documentation as it says the >> > password is indeed required for hypervisors other than VMWare. >> > >> > “the password for the host; required to be passed for hypervisors other >> > than VMWare” - >> > https://cloudstack.apache.org/api/apidocs-4.19/apis/addHost.html >> > >> > >> > * Alex >> > >> > [photo]<http://www.ussignal.com/> >> > >> > Alex Dietrich >> > Senior Network Engineer, US Signal >> > >> > 616-233-5094<tel:616-233-5094> | >> > www.ussignal.com<<<http://www.ussignal.com<<> >> http://www.ussignal.com<> >> > https://www.ussignal.com> | [email protected]<mailto: >> > [email protected]> >> > >> > 201 Ionia Ave SW, Grand Rapids, MI 49503< >> > >> https://maps.google.com/?q=201%20Ionia%20Ave%20SW,%20Grand%20Rapids,%20MI%2049503 >> > > >> > >> > [linkedin]<https://www.linkedin.com/company/us-signal/> >> > >> > [facebook]<https://www.facebook.com/ussignalcom/> >> > >> > [youtube]<https://www.youtube.com/channel/UCaFBGFfXmHziWGTFqjGzaWw> >> > >> > IMPORTANT: The contents of this email are confidential. Information is >> > intended for the named recipient(s) only. If you have received this >> email >> > by mistake, please notify the sender immediately and do not disclose the >> > contents to anyone or make copies thereof. >> > >> > [__tpx__] >> > From: Rodrigo D. Lopez <[email protected]> >> > Date: Monday, August 5, 2024 at 10:58 AM >> > To: [email protected] <[email protected]> >> > Subject: Re: Join KVM host from CLI using only user and certificate >> > EXTERNAL >> > >> > Hello, Jordan >> > >> > In ACS, it is possible to add a host using a username and a certificate >> by >> > executing the addHost API without specifying the password attribute. >> This >> > way, CloudStack will attempt to connect to the host using the >> dynamically >> > created certificate available at: /var/lib/cloudstack/management/.ssh/. >> It >> > is necessary to configure the host in advance to accept connections >> using >> > this certificate. >> > >> > Best regards, >> > Rodrigo >> > >> > Em seg., 5 de ago. de 2024 às 11:50, jordan j <[email protected]> >> > escreveu: >> > >> > > Hey Alex, >> > > >> > > Yes that is correct, I see the option in the GUI and when used all >> works >> > > but I fail to find the command line alternative. >> > > >> > > Regards, >> > > Jordan >> > > >> > > On Mon, Aug 5, 2024 at 5:37 PM Alex Dietrich <[email protected] >> > > .invalid> >> > > wrote: >> > > >> > > > Rohit, >> > > > >> > > > I think Jordan is referring to the KVM Host add process. Per the API >> > > > documentation for addHost, it requires username and password and >> does >> > not >> > > > appear to support using SSH keys. >> > > > >> > > > Am I correct in my understanding of your question Jordan? >> > > > >> > > > Thanks, >> > > > Alex >> > > > >> > > > [photo]<http://www.ussignal.com/> >> > > > >> > > > Alex Dietrich >> > > > Senior Network Engineer, US Signal >> > > > >> > > > 616-233-5094<tel:616-233-5094> | http://www.ussignal.com<< >> > http://www.ussignal.com%3c> >> > > > https://www.ussignal.com><https://www.ussignal.com%3e> | >> > [email protected]<mailto: >> > > > [email protected]> >> > > > >> > > > 201 Ionia Ave SW, Grand Rapids, MI 49503< >> > > > >> > > >> > >> https://urldefense.com/v3/__https://maps.google.com/?q=201*20Ionia*20Ave*20SW,*20Grand*20Rapids,*20MI*2049503__;JSUlJSUlJQ!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzla3sD1rI$ >> > < >> > >> https://urldefense.com/v3/__https:/maps.google.com/?q=201*20Ionia*20Ave*20SW,*20Grand*20Rapids,*20MI*2049503__;JSUlJSUlJQ!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzla3sD1rI$ >> > > >> > > > > >> > > > >> > > > [linkedin]< >> > >> https://urldefense.com/v3/__https://www.linkedin.com/company/us-signal/__;!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzlhzOH-1Q$ >> > > >> > > > >> > > > [facebook]< >> > >> https://urldefense.com/v3/__https://www.facebook.com/ussignalcom/__;!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzl5C1FKKM$ >> > > >> > > > >> > > > [youtube]< >> > >> https://urldefense.com/v3/__https://www.youtube.com/channel/UCaFBGFfXmHziWGTFqjGzaWw__;!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzlrl2jX4U$ >> > > >> > > > >> > > > IMPORTANT: The contents of this email are confidential. Information >> is >> > > > intended for the named recipient(s) only. If you have received this >> > email >> > > > by mistake, please notify the sender immediately and do not disclose >> > the >> > > > contents to anyone or make copies thereof. >> > > > >> > > > [__tpx__] >> > > > From: Rohit Yadav <[email protected]> >> > > > Date: Monday, August 5, 2024 at 10:34 AM >> > > > To: [email protected] <[email protected]> >> > > > Subject: Re: Join KVM host from CLI using only user and certificate >> > > > EXTERNAL >> > > > >> > > > Hi Jordan, >> > > > >> > > > For the CLI (cmk), we support either username-password based >> > > > authentication or API-secret key based authentication. >> > > > >> > > > Certificate-based (mtls) authentication feature is unavailable. >> > > > >> > > > >> > > > Regards. >> > > > >> > > > >> > > > >> > > > >> > > > ________________________________ >> > > > From: jordan j <[email protected]> >> > > > Sent: Monday, August 5, 2024 19:42 >> > > > To: [email protected] <[email protected]> >> > > > Subject: Join KVM host from CLI using only user and certificate >> > > > >> > > > Hello everyone, >> > > > >> > > > I was exploring the host section of the CMK API reference but could >> not >> > > > find a way to add a host (KVM one) to Cloudstack using user + >> > certificate >> > > > instead of user + password. Is such feature available? >> > > > >> > > > Best regards, >> > > > Jordan >> > > > >> > > >> > >> >
