Uploaded image for project: 'CloudStack'
  1. CloudStack
  2. CLOUDSTACK-9360

Set guest password not working with redundant routers

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 4.8.0
    • Fix Version/s: None
    • Component/s: Management Server, VPC
    • Security Level: Public (Anyone can view this level - this is the default.)
    • Labels:
      None
    • Environment:
      Two CentOS7 MGMT Servers, redundant router vms

      Description

      We got a problem with the set guest password function.
      When you spawn a redundant router (VPC or not) the VMs don`t set their password correctly.

      We broke it down to the /opt/cloud/bin/passwd_server_ip.py script which checks the Client IP for the save password function on the routerVM:

      if clientAddress not in ['localhost', '127.0.0.1', listeningAddress]:
      syslog.syslog('serve_password: non-localhost IP trying to save password: %s' % clientAddress)
      self.send_response(403)
      return

      In the logs we see:

      Apr 21 09:02:01 r-80-VM passwd_server_ip.py: serve_password: non-localhost IP trying to save password: 10.0.0.236

      The routerVMs eth2 config:

      4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
      link/ether 02:00:2c:d7:00:08 brd ff:ff:ff:ff:ff:ff
      inet 10.0.0.236/24 brd 10.0.0.255 scope global eth2
      inet 10.0.0.1/24 brd 10.0.0.255 scope global secondary eth2

      So what happens:
      The management server triggers the router vm to store a new password for a new spawned or password reseting guest vm.
      The router vm then tries locally to connect to the password python server with it`s primary eth2 ip, in our example: 10.0.0.236
      The python password server then checks the client IP via:
      if clientAddress not in ['localhost', '127.0.0.1', listeningAddress]:
      and exists with: serve_password: non-localhost IP trying to save password: 10.0.0.236
      cause the listeningAddress is filled with: 10.0.0.1

      How to fix
      First possibility:
      Configure the 10.0.0.1 IP as primary IP => maybe not possible cause its managed by keepalived

      Second possibilty:
      Adjust the password server if check and check also for the ip 10.0.0.236.
      I tried to implement this with a subprocess and grep in /var/cache/cloud/processed/guest_network.json.* or with a os command and ip a | grep eth2 | grep -v mtu | cut -d ' ' -f 6 | cut -d '/' -f 1

      Maybe someone could support here?

        Attachments

          Activity

            People

            • Assignee:
              bhaisaab Rohit Yadav
              Reporter:
              disappear Thomas
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: