[
https://issues.apache.org/jira/browse/CLOUDSTACK-9058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15001827#comment-15001827
]
dsclose commented on CLOUDSTACK-9058:
-------------------------------------
Solved the issue with a minor change to the /opt/cloud/bin/passwd_server_ip.py
Created pull request at https://github.com/apache/cloudstack/pull/1062
> Password server causes Windows VMs to switch to blank passwords after each
> reboot
> ---------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-9058
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9058
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: ISO, Virtual Router
> Affects Versions: 4.5.2
> Reporter: dsclose
> Priority: Critical
>
> Previous versions of the systemvm.iso used a shell script to serve passwords.
> In response to a "send_my_password" query, if no password was to be served,
> the /opt/cloud/bin/serve_password.sh script would issue a response with
> "saved_password" in the body.
> The new version of the systemvm.iso supercedes serve_password.sh with a
> python script at /opt/cloud/bin/passwd_server_ip.py. This script's behaviour
> is different to the original serve_password.sh. In response to a
> "send_my_password" query, if no password was to be served, the
> /opt/cloud/bin/passwd_server_ip.py script issues an empty response.
> Linux guests handle this appropriately. The cloud-set-guest-password init
> script uses a case statement to ignore blank responses. I've not been able to
> examine the code for the equivalent Windows guest service but it responds
> very differently.
> If a Windows guest receives a blank response from the password server then it
> assumes that the password needs to be blank. The log on the windows guest
> reports the following:
> [INFO] Need to set new password for this VM. First letter in password :
> [INFO] New password has been set for this VM
> The windows guest expects a "saved_password" response if a password isn't
> being issued. If it receives this response then it logs the following:
> [INFO] No need to set password, because http://10.1.1.1:8080/ said so with
> response saved_password
> Because the password server is queried every time the windows service starts,
> this will result in the guest adopting a blank password every time it is
> rebooted or the service is restarted. It's probably unrealistic to consider
> updating the Windows service in every guest currently running in cloudstack.
> As such it looks like the password server's behaviour needs to be adjusted to
> match the behaviour that guests expect.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
