Joining a host with a certificate is successful when password arg is omitted, even though the task is reported as failed.
Despite the success I think the command is unstable, if hosttags argument is specified it is not taken under account and no tags are assigned to the joined KVM host. It may be possible for other arguments to fail as well. Can someone verify this? here is an example command: cmk add host zoneid=<zone-id> podid=<pod-id> clustername=my-cluster hypervisor=KVM url=http://<x.x.x.x> username=root hosttags=test-tag allocationstate=enabled Regards, Jordan On Tue, Aug 6, 2024 at 9:13 AM jordan j <[email protected]> wrote: > Using password= or password='' both prompt "failed to authenticate, please > check credentials" error with the task being canceled. > > Regards, > Jordan > > On Tue, Aug 6, 2024 at 7:14 AM Rohit Yadav <[email protected]> > wrote: > >> Can you try to pass an empty password to cmk, when calling addHost API. >> >> For example, see this: >> https://github.com/rohityadavcloud/c8k.in/blob/main/install.sh#L289 >> >> >> Regards. >> >> >> >> >> ________________________________ >> From: jordan j <[email protected]> >> Sent: Tuesday, August 6, 2024 09:18 >> To: [email protected] <[email protected]> >> Subject: Re: Join KVM host from CLI using only user and certificate >> >> Forgot to add the error, may be helpful: >> >> Could not add host at [http://x.x.x.x] with zone[1], pod[1] and cluster >> [60] due to: [can't setup agent, due to >> com.cloud.utils.exception.CloudRuntimeException: Unable to persist the >> host >> details key: password for host id: 123123 >> >> Regards, >> Jordan >> >> On Tue, Aug 6, 2024 at 6:38 AM jordan j <[email protected]> wrote: >> >> > Hello Rohit, >> > >> > Yes, the GUI clearly shows that but I was exploring doing it from the >> > command line with Cloudmonkey. >> > >> > Rodrigo, I did some tests today and it works. However the command >> reports >> > an error state even though the host is joined properly - no error in >> agent >> > logs, host is visible in CS and it is NOT in unsecure state. >> > >> > Regards, >> > Jordan >> > >> > On Tue, Aug 6, 2024 at 5:57 AM Rohit Yadav <[email protected]> >> > wrote: >> > >> >> Jordan, >> >> >> >> In 4.18/4.19 the add host form clearly shows passwordless mechanism to >> >> add a KVM host. This is done via mgmt server’s ssh public key to be >> added >> >> to the root user on the kvm host. >> >> >> >> Regards. >> >> >> >> Regards. >> >> >> >> >> >> >> >> ________________________________ >> >> From: jordan j <[email protected]> >> >> Sent: Monday, August 5, 2024 8:42:46 PM >> >> To: [email protected] <[email protected]> >> >> Subject: Re: Join KVM host from CLI using only user and certificate >> >> >> >> Thank you for the advice, I will test tomorrow! >> >> >> >> Best regards, >> >> Jordan >> >> >> >> On Mon, Aug 5, 2024 at 6:07 PM Alex Dietrich <[email protected] >> >> .invalid> >> >> wrote: >> >> >> >> > Hi Rodrigo, >> >> > >> >> > It may be worth updating the CloudStack API documentation as it says >> the >> >> > password is indeed required for hypervisors other than VMWare. >> >> > >> >> > “the password for the host; required to be passed for hypervisors >> other >> >> > than VMWare” - >> >> > https://cloudstack.apache.org/api/apidocs-4.19/apis/addHost.html >> >> > >> >> > >> >> > * Alex >> >> > >> >> > [photo]<http://www.ussignal.com/> >> >> > >> >> > Alex Dietrich >> >> > Senior Network Engineer, US Signal >> >> > >> >> > 616-233-5094<tel:616-233-5094> | www.ussignal.com<<< >> http://www.ussignal.com<<> >> >> http://www.ussignal.com<> >> >> > https://www.ussignal.com> | [email protected]<mailto: >> >> > [email protected]> >> >> > >> >> > 201 Ionia Ave SW, Grand Rapids, MI 49503< >> >> > >> >> >> https://maps.google.com/?q=201%20Ionia%20Ave%20SW,%20Grand%20Rapids,%20MI%2049503 >> >> > > >> >> > >> >> > [linkedin]<https://www.linkedin.com/company/us-signal/> >> >> > >> >> > [facebook]<https://www.facebook.com/ussignalcom/> >> >> > >> >> > [youtube]<https://www.youtube.com/channel/UCaFBGFfXmHziWGTFqjGzaWw> >> >> > >> >> > IMPORTANT: The contents of this email are confidential. Information >> is >> >> > intended for the named recipient(s) only. If you have received this >> >> email >> >> > by mistake, please notify the sender immediately and do not disclose >> the >> >> > contents to anyone or make copies thereof. >> >> > >> >> > [__tpx__] >> >> > From: Rodrigo D. Lopez <[email protected]> >> >> > Date: Monday, August 5, 2024 at 10:58 AM >> >> > To: [email protected] <[email protected]> >> >> > Subject: Re: Join KVM host from CLI using only user and certificate >> >> > EXTERNAL >> >> > >> >> > Hello, Jordan >> >> > >> >> > In ACS, it is possible to add a host using a username and a >> certificate >> >> by >> >> > executing the addHost API without specifying the password attribute. >> >> This >> >> > way, CloudStack will attempt to connect to the host using the >> >> dynamically >> >> > created certificate available at: >> /var/lib/cloudstack/management/.ssh/. >> >> It >> >> > is necessary to configure the host in advance to accept connections >> >> using >> >> > this certificate. >> >> > >> >> > Best regards, >> >> > Rodrigo >> >> > >> >> > Em seg., 5 de ago. de 2024 às 11:50, jordan j <[email protected]> >> >> > escreveu: >> >> > >> >> > > Hey Alex, >> >> > > >> >> > > Yes that is correct, I see the option in the GUI and when used all >> >> works >> >> > > but I fail to find the command line alternative. >> >> > > >> >> > > Regards, >> >> > > Jordan >> >> > > >> >> > > On Mon, Aug 5, 2024 at 5:37 PM Alex Dietrich < >> [email protected] >> >> > > .invalid> >> >> > > wrote: >> >> > > >> >> > > > Rohit, >> >> > > > >> >> > > > I think Jordan is referring to the KVM Host add process. Per the >> API >> >> > > > documentation for addHost, it requires username and password and >> >> does >> >> > not >> >> > > > appear to support using SSH keys. >> >> > > > >> >> > > > Am I correct in my understanding of your question Jordan? >> >> > > > >> >> > > > Thanks, >> >> > > > Alex >> >> > > > >> >> > > > [photo]<http://www.ussignal.com/> >> >> > > > >> >> > > > Alex Dietrich >> >> > > > Senior Network Engineer, US Signal >> >> > > > >> >> > > > 616-233-5094<tel:616-233-5094> | http://www.ussignal.com<< >> >> > http://www.ussignal.com%3c> >> >> > > > https://www.ussignal.com><https://www.ussignal.com%3e> | >> >> > [email protected]<mailto: >> >> > > > [email protected]> >> >> > > > >> >> > > > 201 Ionia Ave SW, Grand Rapids, MI 49503< >> >> > > > >> >> > > >> >> > >> >> >> https://urldefense.com/v3/__https://maps.google.com/?q=201*20Ionia*20Ave*20SW,*20Grand*20Rapids,*20MI*2049503__;JSUlJSUlJQ!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzla3sD1rI$ >> >> > < >> >> > >> >> >> https://urldefense.com/v3/__https:/maps.google.com/?q=201*20Ionia*20Ave*20SW,*20Grand*20Rapids,*20MI*2049503__;JSUlJSUlJQ!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzla3sD1rI$ >> >> > > >> >> > > > > >> >> > > > >> >> > > > [linkedin]< >> >> > >> >> >> https://urldefense.com/v3/__https://www.linkedin.com/company/us-signal/__;!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzlhzOH-1Q$ >> >> > > >> >> > > > >> >> > > > [facebook]< >> >> > >> >> >> https://urldefense.com/v3/__https://www.facebook.com/ussignalcom/__;!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzl5C1FKKM$ >> >> > > >> >> > > > >> >> > > > [youtube]< >> >> > >> >> >> https://urldefense.com/v3/__https://www.youtube.com/channel/UCaFBGFfXmHziWGTFqjGzaWw__;!!P9cq_d3Gyw!jOl0naQokNmcX3wCSYLQVNGsgtqdAQx5xlYUOMDsn1h2OAEyrTYxJTUaGfGAH1GuD4Cnb4oFX7S-_bjoOUzlrl2jX4U$ >> >> > > >> >> > > > >> >> > > > IMPORTANT: The contents of this email are confidential. >> Information >> >> is >> >> > > > intended for the named recipient(s) only. If you have received >> this >> >> > email >> >> > > > by mistake, please notify the sender immediately and do not >> disclose >> >> > the >> >> > > > contents to anyone or make copies thereof. >> >> > > > >> >> > > > [__tpx__] >> >> > > > From: Rohit Yadav <[email protected]> >> >> > > > Date: Monday, August 5, 2024 at 10:34 AM >> >> > > > To: [email protected] <[email protected]> >> >> > > > Subject: Re: Join KVM host from CLI using only user and >> certificate >> >> > > > EXTERNAL >> >> > > > >> >> > > > Hi Jordan, >> >> > > > >> >> > > > For the CLI (cmk), we support either username-password based >> >> > > > authentication or API-secret key based authentication. >> >> > > > >> >> > > > Certificate-based (mtls) authentication feature is unavailable. >> >> > > > >> >> > > > >> >> > > > Regards. >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > ________________________________ >> >> > > > From: jordan j <[email protected]> >> >> > > > Sent: Monday, August 5, 2024 19:42 >> >> > > > To: [email protected] <[email protected]> >> >> > > > Subject: Join KVM host from CLI using only user and certificate >> >> > > > >> >> > > > Hello everyone, >> >> > > > >> >> > > > I was exploring the host section of the CMK API reference but >> could >> >> not >> >> > > > find a way to add a host (KVM one) to Cloudstack using user + >> >> > certificate >> >> > > > instead of user + password. Is such feature available? >> >> > > > >> >> > > > Best regards, >> >> > > > Jordan >> >> > > > >> >> > > >> >> > >> >> >> > >> >
