CloudStack
  1. CloudStack
  2. CLOUDSTACK-4482

getVMPassword() API call does not retuen password for Vms that are deployed with password enabled templates.

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.2.0
    • Fix Version/s: 4.2.1
    • Component/s: Management Server
    • Security Level: Public (Anyone can view this level - this is the default.)
    • Labels:
      None

      Description

      Steps to reproduce the problem:

      Provision a VM with password enabled templates.

      Use getVMPassword() to get the password for this use VM.

      We get the following error message - "No password for VM with specified id found"

      http://10.223.131.169:8080/client/api?command=getVMPassword&id=a974c8ab-e779-4de6-a1d1-26ac5c9c39cd&response=json&sessionkey=ciq%2FaAgf6%2Br1BiuGeyU2%2Fjic23s%3D&_=1377293331315

      { "getvmpasswordresponse" : {"uuidList":[

      {"uuid":"a974c8ab-e779-4de6-a1d1-26ac5c9c39cd","description":"vmId"}

      ],"errorcode":431,"cserrorcode":4350,"errortext":"No password for VM with specified id found."} }

      Management server logs:

      2013-08-23 14:18:03,240 DEBUG [cloud.api.ApiServlet] (catalina-exec-25:null) ===START=== 10.215.3.9 – GET command=getVMPassword&id=a974c8ab-e779-4de6-a1d1-26ac5c9c39cd&response=json&sessionkey=ciq%2FaAgf6%2Br1BiuGeyU2%2Fjic23s%3D&_=1377293331315
      2013-08-23 14:18:03,251 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-25:null) Access to VM[User|pass-2] granted to Acct[806a5eea-3861-4224-bfc4-59f0fc46a1af-tan] by DomainChecker_EnhancerByCloudStack_be12c9e3
      2013-08-23 14:18:03,253 INFO [cloud.api.ApiServer] (catalina-exec-25:null) No password for VM with specified id found.
      2013-08-23 14:18:03,253 DEBUG [cloud.api.ApiServlet] (catalina-exec-25:null) ===END=== 10.215.3.9 – GET command=getVMPassword&id=a974c8ab-e779-4de6-a1d1-26ac5c9c39cd&response=json&sessionkey=ciq%2FaAgf6%2Br1BiuGeyU2%2Fjic23s%3D&_=1377293331315

      Response when deploying the Vm has password field which I am able to use successfully to log into the Vm:

      org.apache.cloudstack.api.response.UserVmResponse/virtualmachine/ {"id":"a974c8ab-e779-4de6-a1d1-26ac5c9c39cd","name":"pass-2","displayname":"pass-2","account":"tan","domainid":"1e424c36-0b6e-11e3-bc0b-067150000428","domain":"ROOT","created":"2013-08-23T11:17:08-0700","state":"Running","haenable":false,"zoneid":"93368e7c-db1b-4344-8777-2a6e0507c2ba","zonename":"zone1","templateid":"dd5c6bb5-602a-4cc4-9328-a26096294cf7","templatename":"password-template","templatedisplaytext":"password-template","passwordenabled":true,"serviceofferingid":"e83c2f9a-cbdc-46dc-8743-c76f3c270e99","serviceofferingname":"tiny1","cpunumber":1,"cpuspeed":50,"memory":124,"guestosid":"1e4bb9ce-0b6e-11e3-bc0b-067150000428","rootdeviceid":0,"rootdevicetype":"ROOT","securitygroup":[],"password":"rJ3aivjax","nic":[{"id":"e9ed3363-1573-4f59-b2cb-a32c8a3c023d","networkid":"95528f66-22f8-4932-86b6-96b1183d5693","networkname":"tan","netmask":"255.255.255.0","gateway":"10.1.1.1","ipaddress":"10.1.1.149","isolationuri":"vlan://2309","broadcasturi":"vlan://2309","traffictype":"Guest","type":"Isolated","isdefault":true,"macaddress":"02:00:4e:ad:00:28"}],"hypervisor":"VMware","tags":[],"affinitygroup":[],"displayvm":true,"isdynamicallyscalable":false,"jobid":"850e7775-be7a-4216-b515-dcfc320b2260","jobstatus":0}

        Activity

        Hide
        Prachi Damle added a comment - - edited

        There is a workaround for this usecase where one can call the resetPasswordForVirtualMachine API and get a new password to access the VM.

        I think this issue seems to be a Major, since a workaround exists.

        Show
        Prachi Damle added a comment - - edited There is a workaround for this usecase where one can call the resetPasswordForVirtualMachine API and get a new password to access the VM. I think this issue seems to be a Major, since a workaround exists.
        Hide
        Harikrishna Patnala added a comment -

        This is expected behavior.
        We save the encrypted password only if the VM got assigned with a SSH public key.
        The password is encrypted with ssh public key and stored in the DB. When getVMPassword API is called it gets the encrypted password and user needs to decrypt that with ssh private key.

        We may need to improve the error message in this case.

        Show
        Harikrishna Patnala added a comment - This is expected behavior. We save the encrypted password only if the VM got assigned with a SSH public key. The password is encrypted with ssh public key and stored in the DB. When getVMPassword API is called it gets the encrypted password and user needs to decrypt that with ssh private key. We may need to improve the error message in this case.
        Hide
        ASF subversion and git services added a comment -

        Commit 37d500d2a6b71c267af20a83208eb6049157f95f in branch refs/heads/4.2-forward from Harikrishna Patnala
        [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=37d500d ]

        CLOUDSTACK-4482: getVMPassword() API call does not return password for Vms that are deployed with password enabled templates.

        Improving the error message saying no ssh key pair is assinged to VM to get the encrypted password and included a check for password enabled template

        Signed-off-by: Koushik Das <koushik@apache.org>

        Show
        ASF subversion and git services added a comment - Commit 37d500d2a6b71c267af20a83208eb6049157f95f in branch refs/heads/4.2-forward from Harikrishna Patnala [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=37d500d ] CLOUDSTACK-4482 : getVMPassword() API call does not return password for Vms that are deployed with password enabled templates. Improving the error message saying no ssh key pair is assinged to VM to get the encrypted password and included a check for password enabled template Signed-off-by: Koushik Das <koushik@apache.org>
        Hide
        ASF subversion and git services added a comment -

        Commit 81938c68acd3a049aa0fcb0c5ea8bc4a822d3200 in branch refs/heads/master from Harikrishna Patnala
        [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=81938c6 ]

        CLOUDSTACK-4482: getVMPassword() API call does not return password for Vms that are deployed with password enabled templates.

        Improving the error message saying ssh key pair should be assinged to VM to get the encrypted password.

        Signed-off-by: Koushik Das <koushik@apache.org>

        Show
        ASF subversion and git services added a comment - Commit 81938c68acd3a049aa0fcb0c5ea8bc4a822d3200 in branch refs/heads/master from Harikrishna Patnala [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=81938c6 ] CLOUDSTACK-4482 : getVMPassword() API call does not return password for Vms that are deployed with password enabled templates. Improving the error message saying ssh key pair should be assinged to VM to get the encrypted password. Signed-off-by: Koushik Das <koushik@apache.org>
        Hide
        Sangeetha Hariharan added a comment -

        Closing this issue.

        With latest build , when I try to get Vm password for a Vm that was deployed with password enabled template but with no ssh key , we get the following error message:
        { "getvmpasswordresponse" : {"uuidList":[

        {"uuid":"40099005-6cc8-4598-b52a-1b29b75a6af2","description":"vmId"}

        ],"errorcode":431,"cserrorcode":4350,"errortext":"No password for VM with specified id found. If VM is created from password enabled template and SSH keypair is assigned to VM then only password can be retrieved."} }

        Show
        Sangeetha Hariharan added a comment - Closing this issue. With latest build , when I try to get Vm password for a Vm that was deployed with password enabled template but with no ssh key , we get the following error message: { "getvmpasswordresponse" : {"uuidList":[ {"uuid":"40099005-6cc8-4598-b52a-1b29b75a6af2","description":"vmId"} ],"errorcode":431,"cserrorcode":4350,"errortext":"No password for VM with specified id found. If VM is created from password enabled template and SSH keypair is assigned to VM then only password can be retrieved."} }

          People

          • Assignee:
            Harikrishna Patnala
            Reporter:
            Sangeetha Hariharan
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development