ISSUE TYPE
COMPONENT NAME
VM password (for cloud-init)
CLOUDSTACK VERSION
CONFIGURATION
Basiz zone with multiple subnets/CIDR
OS / ENVIRONMENT
VMware 6.5 (limited access to environment, not "mine")
SUMMARY
The VM password feature of cloud-init Cloudstack datasource attempts retrieval of the password from "data-server" host if it resolves.
What happens in a multi-CIDR basic zone is that the passwords for the VMs are stored in separate files, according to their subnet, eg:
/var/cache/cloud/passwords-subnet1IP
/var/cache/cloud/passwords-subnet2IP and so on
The problem arises when Cloudstack adds the "data-server" hostname in /etc/hosts for dnsmasq to pick up, but because it adds it with subnet1IP, then requests for a password from a machine in subnet2 or subnet3 will go unanswered.
The Cloudstack datasource does not handle this gracefully, it just fails setting a password instead of detecting there was no valid response and try to also ask the "dhcp_identifier" host.
I suggest as a quick workaround to add a button somewhere to disable the data-server feature altogether. It seems to be Cloudstack specific, grepping for it in other data sources yielded nothing.
On the VMs right now we have to add "0.0.0.0 data-server" in /etc/hosts to make the root password work. I guess editing the /etc/hosts on the VR and remove the data-server entry might also work, until the next restart.
STEPS TO REPRODUCE
Deploy basic or adv+SG zone with multiple CIDRs,
when asking for a password from a VM not in the primary CIDR this will fail, password will not be set.
EXPECTED RESULTS
data-server hostname should return a valid password regardless of which CIDR the request comes from.
ACTUAL RESULTS
Valid password not served.
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
Basiz zone with multiple subnets/CIDR
OS / ENVIRONMENT
VMware 6.5 (limited access to environment, not "mine")
SUMMARY
The VM password feature of cloud-init Cloudstack datasource attempts retrieval of the password from "data-server" host if it resolves.
What happens in a multi-CIDR basic zone is that the passwords for the VMs are stored in separate files, according to their subnet, eg:
/var/cache/cloud/passwords-subnet1IP
/var/cache/cloud/passwords-subnet2IP and so on
The problem arises when Cloudstack adds the "data-server" hostname in /etc/hosts for dnsmasq to pick up, but because it adds it with subnet1IP, then requests for a password from a machine in subnet2 or subnet3 will go unanswered.
The Cloudstack datasource does not handle this gracefully, it just fails setting a password instead of detecting there was no valid response and try to also ask the "dhcp_identifier" host.
I suggest as a quick workaround to add a button somewhere to disable the data-server feature altogether. It seems to be Cloudstack specific, grepping for it in other data sources yielded nothing.
On the VMs right now we have to add "0.0.0.0 data-server" in /etc/hosts to make the root password work. I guess editing the /etc/hosts on the VR and remove the data-server entry might also work, until the next restart.
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS