You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Nux! <nu...@li.nux.ro> on 2017/11/27 12:24:47 UTC
Where is the vm root password published?
Hello,
I know that the vm root password is temporarily stored somewhere in the system. I need to find it out for accessing the console of some instances created programmatically.
Where do I look?
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Re: Where is the vm root password published?
Posted by Vladimir Melnik <v....@uplink.ua>.
On the other side, it would mean that you've got to have this key installed on each of your API-client (even to the web-client), as without this key the frontend app couldn't decrypt the password that is being sent when a client deploys a new VM or changes the VM's password. :-)
On Tue, Nov 28, 2017 at 02:18:03PM +0200, Vladimir Melnik wrote:
> Aye, should be cool to have them encrypted by some RSA-key that would be installed to the VM's template.
>
> Though at this moment one should keep an eye on the systems where these logs are stored.
>
> On Tue, Nov 28, 2017 at 03:39:55PM +0530, Makrand wrote:
> > Assuming all the passwords appearing in logs must be masked (kind of
> > encrypted) How does one decrypt those password from logs?
> >
> > BTW, if passwords are just logged as plain text (even for temp amount of
> > time), or stored as plain text over VR, then that's not a very secure
> > thing, is it??
> >
> > --
> > Makrand
> >
> >
> > On Tue, Nov 28, 2017 at 2:58 PM, Vladimir Melnik <v....@uplink.ua> wrote:
> >
> > > Hello,
> > >
> > > Would you mind if I share a sample line from the log-file containing a
> > > password assigned (you can find similar ones in your log-files as well)?
> > >
> > > 2017-11-28 10:19:27,981 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> > > (API-Job-Executor-14:ctx-6858662d job-1158151 ctx-1967e9d7)
> > > (logid:eed0e79e) Complete async job-1158151, jobStatus: SUCCEEDED,
> > > resultCode: 0, result: org.apache.cloudstack.api.resp
> > > onse.UserVmResponse/virtualmachine/{"id":"57ec4f9a-9f65-
> > > 46c5-926d-a475bbe5c1d5","name":"VM-57ec4f9a-9f65-46c5-926d-a
> > > 475bbe5c1d5","displayname":"VM-57ec4f9a-9f65-46c5-926d-a475b
> > > be5c1d5","account":"admin","userid":"b11c5858-5357-497d-
> > > 93e7-f68db82535e7","username":"admin","domainid":"4d767ff4-
> > > 8216-4718-8f04-4626eeb5180f","domain":"2017102413000103","
> > > created":"2017-10-27T10:57:11+0300","state":"Stopped","
> > > haenable":false,"zoneid":"c8d773fa-76ca-4637-8ecf-
> > > 88656444fc86","zonename":"z2.tucha13.net","templateid":"
> > > 3b4b2504-9718-407e-8cf2-cdd286a90e52","templatename":"
> > > linux-ubuntu-desktop-16.04-x64-20170819","templatedisplaytext":"Linux
> > > Ubuntu 16.04 x64 Desktop version (rev.20170819)","passwordenabl
> > > ed":true,"serviceofferingid":"5248afa9-f896-4608-bf3b-
> > > 316262c21b9d","serviceofferingname":"custom-ssd-a1","
> > > cpunumber":1,"cpuspeed":2399,"memory":1024,"cpuused":"0.07%"
> > > ,"networkkbsread":417369,"networkkbswrite":58495,"diskkbsrea
> > > d":360776,"diskkbswrite":1978872,"memorykbs":1048576,"m
> > > emoryintfreekbs":1112364,"memorytargetkbs":1048576,"diskiore
> > > ad":11950,"diskiowrite":149126,"guestosid":"ca0edf48-
> > > bd31-11e6-b74f-06973a00088a","rootdeviceid":0,"rootdevicetyp
> > > e":"ROOT","securitygroup":[],"password":"*************","
> > > nic":[{"id":"677447a3-de67-4477-b3fc-213ab12bf0d6","
> > > networkid":"1093f687-0581-4c63-9077-1471a8bfe7fd","
> > > networkname":"NET-PUB-193.151.666.666-24","netmask":"255.
> > > 255.255.0","gateway":"193.151.666.666","ipaddress":"193.151.
> > > 666.666","isolationuri":"vlan://100","broadcasturi":"vlan://
> > > 100","traffictype":"Guest","type":"Shared","isdefault":
> > > true,"macaddress":"66:66:66:66:66:66","secondaryip":[]},{"
> > > id":"3f71910e-cfe5-4d61-b725-e78e1d434cd8","networkid":"3422
> > > bda5-f206-4418-8a8a-30372a4f1e4a","networkname":"NET-
> > > 2017102413000103","netmask":"255.255.255.0","gateway":"192.
> > > 168.131.254","ipaddress":"192.168.131.154","traffictype":"
> > > Guest","type":"Isolated","isdefault":false,"macaddress":
> > > "66:66:66:66:66:66","secondaryip":[]}],"hypervisor"
> > > :"KVM","instancename":"i-6666-6666-VM","affinitygroup":[],"d
> > > isplayvm":true,"isdynamicallyscalable":false,"ostypeid":254,"tags":[]}
> > >
> > > ^^^ That doesn't seem to be cloudmonkey who adds that to the management
> > > log-file, as we don't use it at all.
> > >
> > > But there's a dilemma that needs to be solved, as "fixing" that would mean
> > > that a content-neutral logging module should understand which information
> > > is confidential and shouldn't been logged, not such an easy task to be
> > > solved properly.
> > >
> > > With best,
> > > Vlad
> > >
> > >
> > >
> > > On Mon, Nov 27, 2017 at 05:02:00PM -0200, Rafael Weingärtner wrote:
> > > > Ah, thanks Daan ;)
> > > >
> > > > On Mon, Nov 27, 2017 at 4:27 PM, Daan Hoogland <da...@gmail.com>
> > > > wrote:
> > > >
> > > > > it isn't logged, Rafael, not by cloudstack. It is cloudmonkey that
> > > logs the
> > > > > API response object. It is the same response the UI uses to display it
> > > to
> > > > > the user.
> > > > >
> > > > > On Mon, Nov 27, 2017 at 3:45 PM, Rafael Weingärtner <
> > > > > rafaelweingartner@gmail.com> wrote:
> > > > >
> > > > > > Interesting! I did not know that the password was logged. I thought
> > > it
> > > > > was
> > > > > > a one time thing to show the password in the UI.
> > > > > >
> > > > > > On Mon, Nov 27, 2017 at 1:43 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > > >
> > > > > > > Ok, so found out some more stuff.
> > > > > > >
> > > > > > > First of all, the password appears in management-server.log and
> > > > > > > apilog.log, so that's one place to grep into.
> > > > > > >
> > > > > > > Second, I could query the jobid and get the password from there.
> > > E.g.
> > > > > > from
> > > > > > > cloudmonkey
> > > > > > > query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f |
> > > grep
> > > > > > > password\ =
> > > > > > >
> > > > > > > More info here
> > > > > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> > > > > > > CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJob
> > > execution
> > > > > > >
> > > > > > > --
> > > > > > > Sent from the Delta quadrant using Borg technology!
> > > > > > >
> > > > > > > Nux!
> > > > > > > www.nux.ro
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > > > > To: "users" <us...@cloudstack.apache.org>
> > > > > > > > Sent: Monday, 27 November, 2017 15:21:30
> > > > > > > > Subject: Re: Where is the vm root password published?
> > > > > > >
> > > > > > > > Ah, if that is the case, I know it is stored in the VR of the
> > > network
> > > > > > > where
> > > > > > > > the VM is connected to.
> > > > > > > >
> > > > > > > > I forgot now the file, but it is something like
> > > > > “/var/usr?/cloud/cache”
> > > > > > > or
> > > > > > > > something that ends in “/cache/cloud”.
> > > > > > > >
> > > > > > > >
> > > > > > > > Do we store these password in ACS database as well?
> > > > > > > >
> > > > > > > > On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > > > > >
> > > > > > > >> Rafael,
> > > > > > > >>
> > > > > > > >> Yes indeed, sorry if I wasn't clear.
> > > > > > > >>
> > > > > > > >> --
> > > > > > > >> Sent from the Delta quadrant using Borg technology!
> > > > > > > >>
> > > > > > > >> Nux!
> > > > > > > >> www.nux.ro
> > > > > > > >>
> > > > > > > >> ----- Original Message -----
> > > > > > > >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > > > >> > To: "users" <us...@cloudstack.apache.org>
> > > > > > > >> > Sent: Monday, 27 November, 2017 14:58:20
> > > > > > > >> > Subject: Re: Where is the vm root password published?
> > > > > > > >>
> > > > > > > >> > Are you talking about the generated passwords to be injected
> > > in
> > > > > user
> > > > > > > vms?
> > > > > > > >> > Besides that, we do not have any other password. At least
> > > that I
> > > > > > know.
> > > > > > > >> >
> > > > > > > >> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > > > > >> >
> > > > > > > >> >> No, I mean the regular user VM instances.
> > > > > > > >> >> I know they are held somewhere temporarily, just don't know
> > > > > where.
> > > > > > :)
> > > > > > > >> >>
> > > > > > > >> >> --
> > > > > > > >> >> Sent from the Delta quadrant using Borg technology!
> > > > > > > >> >>
> > > > > > > >> >> Nux!
> > > > > > > >> >> www.nux.ro
> > > > > > > >> >>
> > > > > > > >> >> ----- Original Message -----
> > > > > > > >> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > > > >> >> > To: "users" <us...@cloudstack.apache.org>
> > > > > > > >> >> > Sent: Monday, 27 November, 2017 12:26:59
> > > > > > > >> >> > Subject: Re: Where is the vm root password published?
> > > > > > > >> >>
> > > > > > > >> >> > If you are talking about the system VMs password.
> > > > > > > >> >> > If you set the parameter "system.vm.random.password" to
> > > "true",
> > > > > > > then
> > > > > > > >> you
> > > > > > > >> >> > can see the password at "system.vm.password"
> > > > > > > >> >> >
> > > > > > > >> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro>
> > > wrote:
> > > > > > > >> >> >
> > > > > > > >> >> >> Hello,
> > > > > > > >> >> >>
> > > > > > > >> >> >> I know that the vm root password is temporarily stored
> > > > > somewhere
> > > > > > > in
> > > > > > > >> the
> > > > > > > >> >> >> system. I need to find it out for accessing the console of
> > > > > some
> > > > > > > >> >> instances
> > > > > > > >> >> >> created programmatically.
> > > > > > > >> >> >> Where do I look?
> > > > > > > >> >> >>
> > > > > > > >> >> >> Cheers,
> > > > > > > >> >> >> Lucian
> > > > > > > >> >> >>
> > > > > > > >> >> >> --
> > > > > > > >> >> >> Sent from the Delta quadrant using Borg technology!
> > > > > > > >> >> >>
> > > > > > > >> >> >> Nux!
> > > > > > > >> >> >> www.nux.ro
> > > > > > > >> >> >>
> > > > > > > >> >> >
> > > > > > > >> >> >
> > > > > > > >> >> >
> > > > > > > >> >> > --
> > > > > > > >> >> > Rafael Weingärtner
> > > > > > > >> >>
> > > > > > > >> >
> > > > > > > >> >
> > > > > > > >> >
> > > > > > > >> > --
> > > > > > > >> > Rafael Weingärtner
> > > > > > > >>
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Rafael Weingärtner
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Rafael Weingärtner
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Daan
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > >
> > > --
> > > V.Melnik
> > >
>
> --
> V.Melnik
--
V.Melnik
Re: Where is the vm root password published?
Posted by Rafael Weingärtner <ra...@gmail.com>.
Yes. this has already been discussed in the security mailing list. However,
we already have a similar feature if you use SSH keys.
If we want real security we would have to use a key of the user to encrypt
the password stored in the VR, and then inject in the VM. Threfore, it
seems more naturel (IMO) to use SSH keys directly. Then, if the user wants
to enable password login, he/she can do so.
On Tue, Nov 28, 2017 at 10:18 AM, Vladimir Melnik <v....@uplink.ua>
wrote:
> Aye, should be cool to have them encrypted by some RSA-key that would be
> installed to the VM's template.
>
> Though at this moment one should keep an eye on the systems where these
> logs are stored.
>
> On Tue, Nov 28, 2017 at 03:39:55PM +0530, Makrand wrote:
> > Assuming all the passwords appearing in logs must be masked (kind of
> > encrypted) How does one decrypt those password from logs?
> >
> > BTW, if passwords are just logged as plain text (even for temp amount of
> > time), or stored as plain text over VR, then that's not a very secure
> > thing, is it??
> >
> > --
> > Makrand
> >
> >
> > On Tue, Nov 28, 2017 at 2:58 PM, Vladimir Melnik <v....@uplink.ua>
> wrote:
> >
> > > Hello,
> > >
> > > Would you mind if I share a sample line from the log-file containing a
> > > password assigned (you can find similar ones in your log-files as
> well)?
> > >
> > > 2017-11-28 10:19:27,981 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> > > (API-Job-Executor-14:ctx-6858662d job-1158151 ctx-1967e9d7)
> > > (logid:eed0e79e) Complete async job-1158151, jobStatus: SUCCEEDED,
> > > resultCode: 0, result: org.apache.cloudstack.api.resp
> > > onse.UserVmResponse/virtualmachine/{"id":"57ec4f9a-9f65-
> > > 46c5-926d-a475bbe5c1d5","name":"VM-57ec4f9a-9f65-46c5-926d-a
> > > 475bbe5c1d5","displayname":"VM-57ec4f9a-9f65-46c5-926d-a475b
> > > be5c1d5","account":"admin","userid":"b11c5858-5357-497d-
> > > 93e7-f68db82535e7","username":"admin","domainid":"4d767ff4-
> > > 8216-4718-8f04-4626eeb5180f","domain":"2017102413000103","
> > > created":"2017-10-27T10:57:11+0300","state":"Stopped","
> > > haenable":false,"zoneid":"c8d773fa-76ca-4637-8ecf-
> > > 88656444fc86","zonename":"z2.tucha13.net","templateid":"
> > > 3b4b2504-9718-407e-8cf2-cdd286a90e52","templatename":"
> > > linux-ubuntu-desktop-16.04-x64-20170819","templatedisplaytext":"Linux
> > > Ubuntu 16.04 x64 Desktop version (rev.20170819)","passwordenabl
> > > ed":true,"serviceofferingid":"5248afa9-f896-4608-bf3b-
> > > 316262c21b9d","serviceofferingname":"custom-ssd-a1","
> > > cpunumber":1,"cpuspeed":2399,"memory":1024,"cpuused":"0.07%"
> > > ,"networkkbsread":417369,"networkkbswrite":58495,"diskkbsrea
> > > d":360776,"diskkbswrite":1978872,"memorykbs":1048576,"m
> > > emoryintfreekbs":1112364,"memorytargetkbs":1048576,"diskiore
> > > ad":11950,"diskiowrite":149126,"guestosid":"ca0edf48-
> > > bd31-11e6-b74f-06973a00088a","rootdeviceid":0,"rootdevicetyp
> > > e":"ROOT","securitygroup":[],"password":"*************","
> > > nic":[{"id":"677447a3-de67-4477-b3fc-213ab12bf0d6","
> > > networkid":"1093f687-0581-4c63-9077-1471a8bfe7fd","
> > > networkname":"NET-PUB-193.151.666.666-24","netmask":"255.
> > > 255.255.0","gateway":"193.151.666.666","ipaddress":"193.151.
> > > 666.666","isolationuri":"vlan://100","broadcasturi":"vlan://
> > > 100","traffictype":"Guest","type":"Shared","isdefault":
> > > true,"macaddress":"66:66:66:66:66:66","secondaryip":[]},{"
> > > id":"3f71910e-cfe5-4d61-b725-e78e1d434cd8","networkid":"3422
> > > bda5-f206-4418-8a8a-30372a4f1e4a","networkname":"NET-
> > > 2017102413000103","netmask":"255.255.255.0","gateway":"192.
> > > 168.131.254","ipaddress":"192.168.131.154","traffictype":"
> > > Guest","type":"Isolated","isdefault":false,"macaddress":
> > > "66:66:66:66:66:66","secondaryip":[]}],"hypervisor"
> > > :"KVM","instancename":"i-6666-6666-VM","affinitygroup":[],"d
> > > isplayvm":true,"isdynamicallyscalable":false,"ostypeid":254,"tags":[]}
> > >
> > > ^^^ That doesn't seem to be cloudmonkey who adds that to the management
> > > log-file, as we don't use it at all.
> > >
> > > But there's a dilemma that needs to be solved, as "fixing" that would
> mean
> > > that a content-neutral logging module should understand which
> information
> > > is confidential and shouldn't been logged, not such an easy task to be
> > > solved properly.
> > >
> > > With best,
> > > Vlad
> > >
> > >
> > >
> > > On Mon, Nov 27, 2017 at 05:02:00PM -0200, Rafael Weingärtner wrote:
> > > > Ah, thanks Daan ;)
> > > >
> > > > On Mon, Nov 27, 2017 at 4:27 PM, Daan Hoogland <
> daan.hoogland@gmail.com>
> > > > wrote:
> > > >
> > > > > it isn't logged, Rafael, not by cloudstack. It is cloudmonkey that
> > > logs the
> > > > > API response object. It is the same response the UI uses to
> display it
> > > to
> > > > > the user.
> > > > >
> > > > > On Mon, Nov 27, 2017 at 3:45 PM, Rafael Weingärtner <
> > > > > rafaelweingartner@gmail.com> wrote:
> > > > >
> > > > > > Interesting! I did not know that the password was logged. I
> thought
> > > it
> > > > > was
> > > > > > a one time thing to show the password in the UI.
> > > > > >
> > > > > > On Mon, Nov 27, 2017 at 1:43 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > > >
> > > > > > > Ok, so found out some more stuff.
> > > > > > >
> > > > > > > First of all, the password appears in management-server.log and
> > > > > > > apilog.log, so that's one place to grep into.
> > > > > > >
> > > > > > > Second, I could query the jobid and get the password from
> there.
> > > E.g.
> > > > > > from
> > > > > > > cloudmonkey
> > > > > > > query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f
> |
> > > grep
> > > > > > > password\ =
> > > > > > >
> > > > > > > More info here
> > > > > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> > > > > > > CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJob
> > > execution
> > > > > > >
> > > > > > > --
> > > > > > > Sent from the Delta quadrant using Borg technology!
> > > > > > >
> > > > > > > Nux!
> > > > > > > www.nux.ro
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > > > > To: "users" <us...@cloudstack.apache.org>
> > > > > > > > Sent: Monday, 27 November, 2017 15:21:30
> > > > > > > > Subject: Re: Where is the vm root password published?
> > > > > > >
> > > > > > > > Ah, if that is the case, I know it is stored in the VR of the
> > > network
> > > > > > > where
> > > > > > > > the VM is connected to.
> > > > > > > >
> > > > > > > > I forgot now the file, but it is something like
> > > > > “/var/usr?/cloud/cache”
> > > > > > > or
> > > > > > > > something that ends in “/cache/cloud”.
> > > > > > > >
> > > > > > > >
> > > > > > > > Do we store these password in ACS database as well?
> > > > > > > >
> > > > > > > > On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > > > > >
> > > > > > > >> Rafael,
> > > > > > > >>
> > > > > > > >> Yes indeed, sorry if I wasn't clear.
> > > > > > > >>
> > > > > > > >> --
> > > > > > > >> Sent from the Delta quadrant using Borg technology!
> > > > > > > >>
> > > > > > > >> Nux!
> > > > > > > >> www.nux.ro
> > > > > > > >>
> > > > > > > >> ----- Original Message -----
> > > > > > > >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > > > >> > To: "users" <us...@cloudstack.apache.org>
> > > > > > > >> > Sent: Monday, 27 November, 2017 14:58:20
> > > > > > > >> > Subject: Re: Where is the vm root password published?
> > > > > > > >>
> > > > > > > >> > Are you talking about the generated passwords to be
> injected
> > > in
> > > > > user
> > > > > > > vms?
> > > > > > > >> > Besides that, we do not have any other password. At least
> > > that I
> > > > > > know.
> > > > > > > >> >
> > > > > > > >> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro>
> wrote:
> > > > > > > >> >
> > > > > > > >> >> No, I mean the regular user VM instances.
> > > > > > > >> >> I know they are held somewhere temporarily, just don't
> know
> > > > > where.
> > > > > > :)
> > > > > > > >> >>
> > > > > > > >> >> --
> > > > > > > >> >> Sent from the Delta quadrant using Borg technology!
> > > > > > > >> >>
> > > > > > > >> >> Nux!
> > > > > > > >> >> www.nux.ro
> > > > > > > >> >>
> > > > > > > >> >> ----- Original Message -----
> > > > > > > >> >> > From: "Rafael Weingärtner" <
> rafaelweingartner@gmail.com>
> > > > > > > >> >> > To: "users" <us...@cloudstack.apache.org>
> > > > > > > >> >> > Sent: Monday, 27 November, 2017 12:26:59
> > > > > > > >> >> > Subject: Re: Where is the vm root password published?
> > > > > > > >> >>
> > > > > > > >> >> > If you are talking about the system VMs password.
> > > > > > > >> >> > If you set the parameter "system.vm.random.password" to
> > > "true",
> > > > > > > then
> > > > > > > >> you
> > > > > > > >> >> > can see the password at "system.vm.password"
> > > > > > > >> >> >
> > > > > > > >> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro>
> > > wrote:
> > > > > > > >> >> >
> > > > > > > >> >> >> Hello,
> > > > > > > >> >> >>
> > > > > > > >> >> >> I know that the vm root password is temporarily stored
> > > > > somewhere
> > > > > > > in
> > > > > > > >> the
> > > > > > > >> >> >> system. I need to find it out for accessing the
> console of
> > > > > some
> > > > > > > >> >> instances
> > > > > > > >> >> >> created programmatically.
> > > > > > > >> >> >> Where do I look?
> > > > > > > >> >> >>
> > > > > > > >> >> >> Cheers,
> > > > > > > >> >> >> Lucian
> > > > > > > >> >> >>
> > > > > > > >> >> >> --
> > > > > > > >> >> >> Sent from the Delta quadrant using Borg technology!
> > > > > > > >> >> >>
> > > > > > > >> >> >> Nux!
> > > > > > > >> >> >> www.nux.ro
> > > > > > > >> >> >>
> > > > > > > >> >> >
> > > > > > > >> >> >
> > > > > > > >> >> >
> > > > > > > >> >> > --
> > > > > > > >> >> > Rafael Weingärtner
> > > > > > > >> >>
> > > > > > > >> >
> > > > > > > >> >
> > > > > > > >> >
> > > > > > > >> > --
> > > > > > > >> > Rafael Weingärtner
> > > > > > > >>
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Rafael Weingärtner
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Rafael Weingärtner
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Daan
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > >
> > > --
> > > V.Melnik
> > >
>
> --
> V.Melnik
>
--
Rafael Weingärtner
Re: Where is the vm root password published?
Posted by Vladimir Melnik <v....@uplink.ua>.
Aye, should be cool to have them encrypted by some RSA-key that would be installed to the VM's template.
Though at this moment one should keep an eye on the systems where these logs are stored.
On Tue, Nov 28, 2017 at 03:39:55PM +0530, Makrand wrote:
> Assuming all the passwords appearing in logs must be masked (kind of
> encrypted) How does one decrypt those password from logs?
>
> BTW, if passwords are just logged as plain text (even for temp amount of
> time), or stored as plain text over VR, then that's not a very secure
> thing, is it??
>
> --
> Makrand
>
>
> On Tue, Nov 28, 2017 at 2:58 PM, Vladimir Melnik <v....@uplink.ua> wrote:
>
> > Hello,
> >
> > Would you mind if I share a sample line from the log-file containing a
> > password assigned (you can find similar ones in your log-files as well)?
> >
> > 2017-11-28 10:19:27,981 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> > (API-Job-Executor-14:ctx-6858662d job-1158151 ctx-1967e9d7)
> > (logid:eed0e79e) Complete async job-1158151, jobStatus: SUCCEEDED,
> > resultCode: 0, result: org.apache.cloudstack.api.resp
> > onse.UserVmResponse/virtualmachine/{"id":"57ec4f9a-9f65-
> > 46c5-926d-a475bbe5c1d5","name":"VM-57ec4f9a-9f65-46c5-926d-a
> > 475bbe5c1d5","displayname":"VM-57ec4f9a-9f65-46c5-926d-a475b
> > be5c1d5","account":"admin","userid":"b11c5858-5357-497d-
> > 93e7-f68db82535e7","username":"admin","domainid":"4d767ff4-
> > 8216-4718-8f04-4626eeb5180f","domain":"2017102413000103","
> > created":"2017-10-27T10:57:11+0300","state":"Stopped","
> > haenable":false,"zoneid":"c8d773fa-76ca-4637-8ecf-
> > 88656444fc86","zonename":"z2.tucha13.net","templateid":"
> > 3b4b2504-9718-407e-8cf2-cdd286a90e52","templatename":"
> > linux-ubuntu-desktop-16.04-x64-20170819","templatedisplaytext":"Linux
> > Ubuntu 16.04 x64 Desktop version (rev.20170819)","passwordenabl
> > ed":true,"serviceofferingid":"5248afa9-f896-4608-bf3b-
> > 316262c21b9d","serviceofferingname":"custom-ssd-a1","
> > cpunumber":1,"cpuspeed":2399,"memory":1024,"cpuused":"0.07%"
> > ,"networkkbsread":417369,"networkkbswrite":58495,"diskkbsrea
> > d":360776,"diskkbswrite":1978872,"memorykbs":1048576,"m
> > emoryintfreekbs":1112364,"memorytargetkbs":1048576,"diskiore
> > ad":11950,"diskiowrite":149126,"guestosid":"ca0edf48-
> > bd31-11e6-b74f-06973a00088a","rootdeviceid":0,"rootdevicetyp
> > e":"ROOT","securitygroup":[],"password":"*************","
> > nic":[{"id":"677447a3-de67-4477-b3fc-213ab12bf0d6","
> > networkid":"1093f687-0581-4c63-9077-1471a8bfe7fd","
> > networkname":"NET-PUB-193.151.666.666-24","netmask":"255.
> > 255.255.0","gateway":"193.151.666.666","ipaddress":"193.151.
> > 666.666","isolationuri":"vlan://100","broadcasturi":"vlan://
> > 100","traffictype":"Guest","type":"Shared","isdefault":
> > true,"macaddress":"66:66:66:66:66:66","secondaryip":[]},{"
> > id":"3f71910e-cfe5-4d61-b725-e78e1d434cd8","networkid":"3422
> > bda5-f206-4418-8a8a-30372a4f1e4a","networkname":"NET-
> > 2017102413000103","netmask":"255.255.255.0","gateway":"192.
> > 168.131.254","ipaddress":"192.168.131.154","traffictype":"
> > Guest","type":"Isolated","isdefault":false,"macaddress":
> > "66:66:66:66:66:66","secondaryip":[]}],"hypervisor"
> > :"KVM","instancename":"i-6666-6666-VM","affinitygroup":[],"d
> > isplayvm":true,"isdynamicallyscalable":false,"ostypeid":254,"tags":[]}
> >
> > ^^^ That doesn't seem to be cloudmonkey who adds that to the management
> > log-file, as we don't use it at all.
> >
> > But there's a dilemma that needs to be solved, as "fixing" that would mean
> > that a content-neutral logging module should understand which information
> > is confidential and shouldn't been logged, not such an easy task to be
> > solved properly.
> >
> > With best,
> > Vlad
> >
> >
> >
> > On Mon, Nov 27, 2017 at 05:02:00PM -0200, Rafael Weingärtner wrote:
> > > Ah, thanks Daan ;)
> > >
> > > On Mon, Nov 27, 2017 at 4:27 PM, Daan Hoogland <da...@gmail.com>
> > > wrote:
> > >
> > > > it isn't logged, Rafael, not by cloudstack. It is cloudmonkey that
> > logs the
> > > > API response object. It is the same response the UI uses to display it
> > to
> > > > the user.
> > > >
> > > > On Mon, Nov 27, 2017 at 3:45 PM, Rafael Weingärtner <
> > > > rafaelweingartner@gmail.com> wrote:
> > > >
> > > > > Interesting! I did not know that the password was logged. I thought
> > it
> > > > was
> > > > > a one time thing to show the password in the UI.
> > > > >
> > > > > On Mon, Nov 27, 2017 at 1:43 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > >
> > > > > > Ok, so found out some more stuff.
> > > > > >
> > > > > > First of all, the password appears in management-server.log and
> > > > > > apilog.log, so that's one place to grep into.
> > > > > >
> > > > > > Second, I could query the jobid and get the password from there.
> > E.g.
> > > > > from
> > > > > > cloudmonkey
> > > > > > query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f |
> > grep
> > > > > > password\ =
> > > > > >
> > > > > > More info here
> > > > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> > > > > > CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJob
> > execution
> > > > > >
> > > > > > --
> > > > > > Sent from the Delta quadrant using Borg technology!
> > > > > >
> > > > > > Nux!
> > > > > > www.nux.ro
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > > > To: "users" <us...@cloudstack.apache.org>
> > > > > > > Sent: Monday, 27 November, 2017 15:21:30
> > > > > > > Subject: Re: Where is the vm root password published?
> > > > > >
> > > > > > > Ah, if that is the case, I know it is stored in the VR of the
> > network
> > > > > > where
> > > > > > > the VM is connected to.
> > > > > > >
> > > > > > > I forgot now the file, but it is something like
> > > > “/var/usr?/cloud/cache”
> > > > > > or
> > > > > > > something that ends in “/cache/cloud”.
> > > > > > >
> > > > > > >
> > > > > > > Do we store these password in ACS database as well?
> > > > > > >
> > > > > > > On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > > > >
> > > > > > >> Rafael,
> > > > > > >>
> > > > > > >> Yes indeed, sorry if I wasn't clear.
> > > > > > >>
> > > > > > >> --
> > > > > > >> Sent from the Delta quadrant using Borg technology!
> > > > > > >>
> > > > > > >> Nux!
> > > > > > >> www.nux.ro
> > > > > > >>
> > > > > > >> ----- Original Message -----
> > > > > > >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > > >> > To: "users" <us...@cloudstack.apache.org>
> > > > > > >> > Sent: Monday, 27 November, 2017 14:58:20
> > > > > > >> > Subject: Re: Where is the vm root password published?
> > > > > > >>
> > > > > > >> > Are you talking about the generated passwords to be injected
> > in
> > > > user
> > > > > > vms?
> > > > > > >> > Besides that, we do not have any other password. At least
> > that I
> > > > > know.
> > > > > > >> >
> > > > > > >> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > > > >> >
> > > > > > >> >> No, I mean the regular user VM instances.
> > > > > > >> >> I know they are held somewhere temporarily, just don't know
> > > > where.
> > > > > :)
> > > > > > >> >>
> > > > > > >> >> --
> > > > > > >> >> Sent from the Delta quadrant using Borg technology!
> > > > > > >> >>
> > > > > > >> >> Nux!
> > > > > > >> >> www.nux.ro
> > > > > > >> >>
> > > > > > >> >> ----- Original Message -----
> > > > > > >> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > > >> >> > To: "users" <us...@cloudstack.apache.org>
> > > > > > >> >> > Sent: Monday, 27 November, 2017 12:26:59
> > > > > > >> >> > Subject: Re: Where is the vm root password published?
> > > > > > >> >>
> > > > > > >> >> > If you are talking about the system VMs password.
> > > > > > >> >> > If you set the parameter "system.vm.random.password" to
> > "true",
> > > > > > then
> > > > > > >> you
> > > > > > >> >> > can see the password at "system.vm.password"
> > > > > > >> >> >
> > > > > > >> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro>
> > wrote:
> > > > > > >> >> >
> > > > > > >> >> >> Hello,
> > > > > > >> >> >>
> > > > > > >> >> >> I know that the vm root password is temporarily stored
> > > > somewhere
> > > > > > in
> > > > > > >> the
> > > > > > >> >> >> system. I need to find it out for accessing the console of
> > > > some
> > > > > > >> >> instances
> > > > > > >> >> >> created programmatically.
> > > > > > >> >> >> Where do I look?
> > > > > > >> >> >>
> > > > > > >> >> >> Cheers,
> > > > > > >> >> >> Lucian
> > > > > > >> >> >>
> > > > > > >> >> >> --
> > > > > > >> >> >> Sent from the Delta quadrant using Borg technology!
> > > > > > >> >> >>
> > > > > > >> >> >> Nux!
> > > > > > >> >> >> www.nux.ro
> > > > > > >> >> >>
> > > > > > >> >> >
> > > > > > >> >> >
> > > > > > >> >> >
> > > > > > >> >> > --
> > > > > > >> >> > Rafael Weingärtner
> > > > > > >> >>
> > > > > > >> >
> > > > > > >> >
> > > > > > >> >
> > > > > > >> > --
> > > > > > >> > Rafael Weingärtner
> > > > > > >>
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Rafael Weingärtner
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Rafael Weingärtner
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Daan
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> >
> > --
> > V.Melnik
> >
--
V.Melnik
Re: Where is the vm root password published?
Posted by Makrand <ma...@gmail.com>.
Assuming all the passwords appearing in logs must be masked (kind of
encrypted) How does one decrypt those password from logs?
BTW, if passwords are just logged as plain text (even for temp amount of
time), or stored as plain text over VR, then that's not a very secure
thing, is it??
--
Makrand
On Tue, Nov 28, 2017 at 2:58 PM, Vladimir Melnik <v....@uplink.ua> wrote:
> Hello,
>
> Would you mind if I share a sample line from the log-file containing a
> password assigned (you can find similar ones in your log-files as well)?
>
> 2017-11-28 10:19:27,981 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (API-Job-Executor-14:ctx-6858662d job-1158151 ctx-1967e9d7)
> (logid:eed0e79e) Complete async job-1158151, jobStatus: SUCCEEDED,
> resultCode: 0, result: org.apache.cloudstack.api.resp
> onse.UserVmResponse/virtualmachine/{"id":"57ec4f9a-9f65-
> 46c5-926d-a475bbe5c1d5","name":"VM-57ec4f9a-9f65-46c5-926d-a
> 475bbe5c1d5","displayname":"VM-57ec4f9a-9f65-46c5-926d-a475b
> be5c1d5","account":"admin","userid":"b11c5858-5357-497d-
> 93e7-f68db82535e7","username":"admin","domainid":"4d767ff4-
> 8216-4718-8f04-4626eeb5180f","domain":"2017102413000103","
> created":"2017-10-27T10:57:11+0300","state":"Stopped","
> haenable":false,"zoneid":"c8d773fa-76ca-4637-8ecf-
> 88656444fc86","zonename":"z2.tucha13.net","templateid":"
> 3b4b2504-9718-407e-8cf2-cdd286a90e52","templatename":"
> linux-ubuntu-desktop-16.04-x64-20170819","templatedisplaytext":"Linux
> Ubuntu 16.04 x64 Desktop version (rev.20170819)","passwordenabl
> ed":true,"serviceofferingid":"5248afa9-f896-4608-bf3b-
> 316262c21b9d","serviceofferingname":"custom-ssd-a1","
> cpunumber":1,"cpuspeed":2399,"memory":1024,"cpuused":"0.07%"
> ,"networkkbsread":417369,"networkkbswrite":58495,"diskkbsrea
> d":360776,"diskkbswrite":1978872,"memorykbs":1048576,"m
> emoryintfreekbs":1112364,"memorytargetkbs":1048576,"diskiore
> ad":11950,"diskiowrite":149126,"guestosid":"ca0edf48-
> bd31-11e6-b74f-06973a00088a","rootdeviceid":0,"rootdevicetyp
> e":"ROOT","securitygroup":[],"password":"*************","
> nic":[{"id":"677447a3-de67-4477-b3fc-213ab12bf0d6","
> networkid":"1093f687-0581-4c63-9077-1471a8bfe7fd","
> networkname":"NET-PUB-193.151.666.666-24","netmask":"255.
> 255.255.0","gateway":"193.151.666.666","ipaddress":"193.151.
> 666.666","isolationuri":"vlan://100","broadcasturi":"vlan://
> 100","traffictype":"Guest","type":"Shared","isdefault":
> true,"macaddress":"66:66:66:66:66:66","secondaryip":[]},{"
> id":"3f71910e-cfe5-4d61-b725-e78e1d434cd8","networkid":"3422
> bda5-f206-4418-8a8a-30372a4f1e4a","networkname":"NET-
> 2017102413000103","netmask":"255.255.255.0","gateway":"192.
> 168.131.254","ipaddress":"192.168.131.154","traffictype":"
> Guest","type":"Isolated","isdefault":false,"macaddress":
> "66:66:66:66:66:66","secondaryip":[]}],"hypervisor"
> :"KVM","instancename":"i-6666-6666-VM","affinitygroup":[],"d
> isplayvm":true,"isdynamicallyscalable":false,"ostypeid":254,"tags":[]}
>
> ^^^ That doesn't seem to be cloudmonkey who adds that to the management
> log-file, as we don't use it at all.
>
> But there's a dilemma that needs to be solved, as "fixing" that would mean
> that a content-neutral logging module should understand which information
> is confidential and shouldn't been logged, not such an easy task to be
> solved properly.
>
> With best,
> Vlad
>
>
>
> On Mon, Nov 27, 2017 at 05:02:00PM -0200, Rafael Weingärtner wrote:
> > Ah, thanks Daan ;)
> >
> > On Mon, Nov 27, 2017 at 4:27 PM, Daan Hoogland <da...@gmail.com>
> > wrote:
> >
> > > it isn't logged, Rafael, not by cloudstack. It is cloudmonkey that
> logs the
> > > API response object. It is the same response the UI uses to display it
> to
> > > the user.
> > >
> > > On Mon, Nov 27, 2017 at 3:45 PM, Rafael Weingärtner <
> > > rafaelweingartner@gmail.com> wrote:
> > >
> > > > Interesting! I did not know that the password was logged. I thought
> it
> > > was
> > > > a one time thing to show the password in the UI.
> > > >
> > > > On Mon, Nov 27, 2017 at 1:43 PM, Nux! <nu...@li.nux.ro> wrote:
> > > >
> > > > > Ok, so found out some more stuff.
> > > > >
> > > > > First of all, the password appears in management-server.log and
> > > > > apilog.log, so that's one place to grep into.
> > > > >
> > > > > Second, I could query the jobid and get the password from there.
> E.g.
> > > > from
> > > > > cloudmonkey
> > > > > query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f |
> grep
> > > > > password\ =
> > > > >
> > > > > More info here
> > > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> > > > > CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJob
> execution
> > > > >
> > > > > --
> > > > > Sent from the Delta quadrant using Borg technology!
> > > > >
> > > > > Nux!
> > > > > www.nux.ro
> > > > >
> > > > > ----- Original Message -----
> > > > > > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > > To: "users" <us...@cloudstack.apache.org>
> > > > > > Sent: Monday, 27 November, 2017 15:21:30
> > > > > > Subject: Re: Where is the vm root password published?
> > > > >
> > > > > > Ah, if that is the case, I know it is stored in the VR of the
> network
> > > > > where
> > > > > > the VM is connected to.
> > > > > >
> > > > > > I forgot now the file, but it is something like
> > > “/var/usr?/cloud/cache”
> > > > > or
> > > > > > something that ends in “/cache/cloud”.
> > > > > >
> > > > > >
> > > > > > Do we store these password in ACS database as well?
> > > > > >
> > > > > > On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > > >
> > > > > >> Rafael,
> > > > > >>
> > > > > >> Yes indeed, sorry if I wasn't clear.
> > > > > >>
> > > > > >> --
> > > > > >> Sent from the Delta quadrant using Borg technology!
> > > > > >>
> > > > > >> Nux!
> > > > > >> www.nux.ro
> > > > > >>
> > > > > >> ----- Original Message -----
> > > > > >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > >> > To: "users" <us...@cloudstack.apache.org>
> > > > > >> > Sent: Monday, 27 November, 2017 14:58:20
> > > > > >> > Subject: Re: Where is the vm root password published?
> > > > > >>
> > > > > >> > Are you talking about the generated passwords to be injected
> in
> > > user
> > > > > vms?
> > > > > >> > Besides that, we do not have any other password. At least
> that I
> > > > know.
> > > > > >> >
> > > > > >> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > > >> >
> > > > > >> >> No, I mean the regular user VM instances.
> > > > > >> >> I know they are held somewhere temporarily, just don't know
> > > where.
> > > > :)
> > > > > >> >>
> > > > > >> >> --
> > > > > >> >> Sent from the Delta quadrant using Borg technology!
> > > > > >> >>
> > > > > >> >> Nux!
> > > > > >> >> www.nux.ro
> > > > > >> >>
> > > > > >> >> ----- Original Message -----
> > > > > >> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > >> >> > To: "users" <us...@cloudstack.apache.org>
> > > > > >> >> > Sent: Monday, 27 November, 2017 12:26:59
> > > > > >> >> > Subject: Re: Where is the vm root password published?
> > > > > >> >>
> > > > > >> >> > If you are talking about the system VMs password.
> > > > > >> >> > If you set the parameter "system.vm.random.password" to
> "true",
> > > > > then
> > > > > >> you
> > > > > >> >> > can see the password at "system.vm.password"
> > > > > >> >> >
> > > > > >> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro>
> wrote:
> > > > > >> >> >
> > > > > >> >> >> Hello,
> > > > > >> >> >>
> > > > > >> >> >> I know that the vm root password is temporarily stored
> > > somewhere
> > > > > in
> > > > > >> the
> > > > > >> >> >> system. I need to find it out for accessing the console of
> > > some
> > > > > >> >> instances
> > > > > >> >> >> created programmatically.
> > > > > >> >> >> Where do I look?
> > > > > >> >> >>
> > > > > >> >> >> Cheers,
> > > > > >> >> >> Lucian
> > > > > >> >> >>
> > > > > >> >> >> --
> > > > > >> >> >> Sent from the Delta quadrant using Borg technology!
> > > > > >> >> >>
> > > > > >> >> >> Nux!
> > > > > >> >> >> www.nux.ro
> > > > > >> >> >>
> > > > > >> >> >
> > > > > >> >> >
> > > > > >> >> >
> > > > > >> >> > --
> > > > > >> >> > Rafael Weingärtner
> > > > > >> >>
> > > > > >> >
> > > > > >> >
> > > > > >> >
> > > > > >> > --
> > > > > >> > Rafael Weingärtner
> > > > > >>
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Rafael Weingärtner
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > > >
> > >
> > >
> > >
> > > --
> > > Daan
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
>
> --
> V.Melnik
>
Re: Where is the vm root password published?
Posted by Vladimir Melnik <v....@uplink.ua>.
Hello,
Would you mind if I share a sample line from the log-file containing a password assigned (you can find similar ones in your log-files as well)?
2017-11-28 10:19:27,981 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-14:ctx-6858662d job-1158151 ctx-1967e9d7) (logid:eed0e79e) Complete async job-1158151, jobStatus: SUCCEEDED, resultCode: 0, result: org.apache.cloudstack.api.response.UserVmResponse/virtualmachine/{"id":"57ec4f9a-9f65-46c5-926d-a475bbe5c1d5","name":"VM-57ec4f9a-9f65-46c5-926d-a475bbe5c1d5","displayname":"VM-57ec4f9a-9f65-46c5-926d-a475bbe5c1d5","account":"admin","userid":"b11c5858-5357-497d-93e7-f68db82535e7","username":"admin","domainid":"4d767ff4-8216-4718-8f04-4626eeb5180f","domain":"2017102413000103","created":"2017-10-27T10:57:11+0300","state":"Stopped","haenable":false,"zoneid":"c8d773fa-76ca-4637-8ecf-88656444fc86","zonename":"z2.tucha13.net","templateid":"3b4b2504-9718-407e-8cf2-cdd286a90e52","templatename":"linux-ubuntu-desktop-16.04-x64-20170819","templatedisplaytext":"Linux Ubuntu 16.04 x64 Desktop version (rev.20170819)","passwordenabled":true,"serviceofferingid":"5248afa9-f896-4608-bf3b-316262c21b9d","serviceofferingname":"custom-ssd-a1","cpunumber":1,"cpuspeed":2399,"memory":1024,"cpuused":"0.07%","networkkbsread":417369,"networkkbswrite":58495,"diskkbsread":360776,"diskkbswrite":1978872,"memorykbs":1048576,"memoryintfreekbs":1112364,"memorytargetkbs":1048576,"diskioread":11950,"diskiowrite":149126,"guestosid":"ca0edf48-bd31-11e6-b74f-06973a00088a","rootdeviceid":0,"rootdevicetype":"ROOT","securitygroup":[],"password":"*************","nic":[{"id":"677447a3-de67-4477-b3fc-213ab12bf0d6","networkid":"1093f687-0581-4c63-9077-1471a8bfe7fd","networkname":"NET-PUB-193.151.666.666-24","netmask":"255.255.255.0","gateway":"193.151.666.666","ipaddress":"193.151.666.666","isolationuri":"vlan://100","broadcasturi":"vlan://100","traffictype":"Guest","type":"Shared","isdefault":true,"macaddress":"66:66:66:66:66:66","secondaryip":[]},{"id":"3f71910e-cfe5-4d61-b725-e78e1d434cd8","networkid":"3422bda5-f206-4418-8a8a-30372a4f1e4a","networkname":"NET-2017102413000103","netmask":"255.255.255.0","gateway":"192.168.131.254","ipaddress":"192.168.131.154","traffictype":"Guest","type":"Isolated","isdefault":false,"macaddress":"66:66:66:66:66:66","secondaryip":[]}],"hypervisor":"KVM","instancename":"i-6666-6666-VM","affinitygroup":[],"displayvm":true,"isdynamicallyscalable":false,"ostypeid":254,"tags":[]}
^^^ That doesn't seem to be cloudmonkey who adds that to the management log-file, as we don't use it at all.
But there's a dilemma that needs to be solved, as "fixing" that would mean that a content-neutral logging module should understand which information is confidential and shouldn't been logged, not such an easy task to be solved properly.
With best,
Vlad
On Mon, Nov 27, 2017 at 05:02:00PM -0200, Rafael Weingärtner wrote:
> Ah, thanks Daan ;)
>
> On Mon, Nov 27, 2017 at 4:27 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
> > it isn't logged, Rafael, not by cloudstack. It is cloudmonkey that logs the
> > API response object. It is the same response the UI uses to display it to
> > the user.
> >
> > On Mon, Nov 27, 2017 at 3:45 PM, Rafael Weingärtner <
> > rafaelweingartner@gmail.com> wrote:
> >
> > > Interesting! I did not know that the password was logged. I thought it
> > was
> > > a one time thing to show the password in the UI.
> > >
> > > On Mon, Nov 27, 2017 at 1:43 PM, Nux! <nu...@li.nux.ro> wrote:
> > >
> > > > Ok, so found out some more stuff.
> > > >
> > > > First of all, the password appears in management-server.log and
> > > > apilog.log, so that's one place to grep into.
> > > >
> > > > Second, I could query the jobid and get the password from there. E.g.
> > > from
> > > > cloudmonkey
> > > > query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f | grep
> > > > password\ =
> > > >
> > > > More info here
> > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> > > > CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJobexecution
> > > >
> > > > --
> > > > Sent from the Delta quadrant using Borg technology!
> > > >
> > > > Nux!
> > > > www.nux.ro
> > > >
> > > > ----- Original Message -----
> > > > > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > > To: "users" <us...@cloudstack.apache.org>
> > > > > Sent: Monday, 27 November, 2017 15:21:30
> > > > > Subject: Re: Where is the vm root password published?
> > > >
> > > > > Ah, if that is the case, I know it is stored in the VR of the network
> > > > where
> > > > > the VM is connected to.
> > > > >
> > > > > I forgot now the file, but it is something like
> > “/var/usr?/cloud/cache”
> > > > or
> > > > > something that ends in “/cache/cloud”.
> > > > >
> > > > >
> > > > > Do we store these password in ACS database as well?
> > > > >
> > > > > On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > >
> > > > >> Rafael,
> > > > >>
> > > > >> Yes indeed, sorry if I wasn't clear.
> > > > >>
> > > > >> --
> > > > >> Sent from the Delta quadrant using Borg technology!
> > > > >>
> > > > >> Nux!
> > > > >> www.nux.ro
> > > > >>
> > > > >> ----- Original Message -----
> > > > >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > >> > To: "users" <us...@cloudstack.apache.org>
> > > > >> > Sent: Monday, 27 November, 2017 14:58:20
> > > > >> > Subject: Re: Where is the vm root password published?
> > > > >>
> > > > >> > Are you talking about the generated passwords to be injected in
> > user
> > > > vms?
> > > > >> > Besides that, we do not have any other password. At least that I
> > > know.
> > > > >> >
> > > > >> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
> > > > >> >
> > > > >> >> No, I mean the regular user VM instances.
> > > > >> >> I know they are held somewhere temporarily, just don't know
> > where.
> > > :)
> > > > >> >>
> > > > >> >> --
> > > > >> >> Sent from the Delta quadrant using Borg technology!
> > > > >> >>
> > > > >> >> Nux!
> > > > >> >> www.nux.ro
> > > > >> >>
> > > > >> >> ----- Original Message -----
> > > > >> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > >> >> > To: "users" <us...@cloudstack.apache.org>
> > > > >> >> > Sent: Monday, 27 November, 2017 12:26:59
> > > > >> >> > Subject: Re: Where is the vm root password published?
> > > > >> >>
> > > > >> >> > If you are talking about the system VMs password.
> > > > >> >> > If you set the parameter "system.vm.random.password" to "true",
> > > > then
> > > > >> you
> > > > >> >> > can see the password at "system.vm.password"
> > > > >> >> >
> > > > >> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
> > > > >> >> >
> > > > >> >> >> Hello,
> > > > >> >> >>
> > > > >> >> >> I know that the vm root password is temporarily stored
> > somewhere
> > > > in
> > > > >> the
> > > > >> >> >> system. I need to find it out for accessing the console of
> > some
> > > > >> >> instances
> > > > >> >> >> created programmatically.
> > > > >> >> >> Where do I look?
> > > > >> >> >>
> > > > >> >> >> Cheers,
> > > > >> >> >> Lucian
> > > > >> >> >>
> > > > >> >> >> --
> > > > >> >> >> Sent from the Delta quadrant using Borg technology!
> > > > >> >> >>
> > > > >> >> >> Nux!
> > > > >> >> >> www.nux.ro
> > > > >> >> >>
> > > > >> >> >
> > > > >> >> >
> > > > >> >> >
> > > > >> >> > --
> > > > >> >> > Rafael Weingärtner
> > > > >> >>
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >> > --
> > > > >> > Rafael Weingärtner
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Rafael Weingärtner
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
> >
> >
> > --
> > Daan
> >
>
>
>
> --
> Rafael Weingärtner
--
V.Melnik
Re: Where is the vm root password published?
Posted by Rafael Weingärtner <ra...@gmail.com>.
Ah, thanks Daan ;)
On Mon, Nov 27, 2017 at 4:27 PM, Daan Hoogland <da...@gmail.com>
wrote:
> it isn't logged, Rafael, not by cloudstack. It is cloudmonkey that logs the
> API response object. It is the same response the UI uses to display it to
> the user.
>
> On Mon, Nov 27, 2017 at 3:45 PM, Rafael Weingärtner <
> rafaelweingartner@gmail.com> wrote:
>
> > Interesting! I did not know that the password was logged. I thought it
> was
> > a one time thing to show the password in the UI.
> >
> > On Mon, Nov 27, 2017 at 1:43 PM, Nux! <nu...@li.nux.ro> wrote:
> >
> > > Ok, so found out some more stuff.
> > >
> > > First of all, the password appears in management-server.log and
> > > apilog.log, so that's one place to grep into.
> > >
> > > Second, I could query the jobid and get the password from there. E.g.
> > from
> > > cloudmonkey
> > > query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f | grep
> > > password\ =
> > >
> > > More info here
> > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> > > CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJobexecution
> > >
> > > --
> > > Sent from the Delta quadrant using Borg technology!
> > >
> > > Nux!
> > > www.nux.ro
> > >
> > > ----- Original Message -----
> > > > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > > To: "users" <us...@cloudstack.apache.org>
> > > > Sent: Monday, 27 November, 2017 15:21:30
> > > > Subject: Re: Where is the vm root password published?
> > >
> > > > Ah, if that is the case, I know it is stored in the VR of the network
> > > where
> > > > the VM is connected to.
> > > >
> > > > I forgot now the file, but it is something like
> “/var/usr?/cloud/cache”
> > > or
> > > > something that ends in “/cache/cloud”.
> > > >
> > > >
> > > > Do we store these password in ACS database as well?
> > > >
> > > > On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
> > > >
> > > >> Rafael,
> > > >>
> > > >> Yes indeed, sorry if I wasn't clear.
> > > >>
> > > >> --
> > > >> Sent from the Delta quadrant using Borg technology!
> > > >>
> > > >> Nux!
> > > >> www.nux.ro
> > > >>
> > > >> ----- Original Message -----
> > > >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > >> > To: "users" <us...@cloudstack.apache.org>
> > > >> > Sent: Monday, 27 November, 2017 14:58:20
> > > >> > Subject: Re: Where is the vm root password published?
> > > >>
> > > >> > Are you talking about the generated passwords to be injected in
> user
> > > vms?
> > > >> > Besides that, we do not have any other password. At least that I
> > know.
> > > >> >
> > > >> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
> > > >> >
> > > >> >> No, I mean the regular user VM instances.
> > > >> >> I know they are held somewhere temporarily, just don't know
> where.
> > :)
> > > >> >>
> > > >> >> --
> > > >> >> Sent from the Delta quadrant using Borg technology!
> > > >> >>
> > > >> >> Nux!
> > > >> >> www.nux.ro
> > > >> >>
> > > >> >> ----- Original Message -----
> > > >> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > >> >> > To: "users" <us...@cloudstack.apache.org>
> > > >> >> > Sent: Monday, 27 November, 2017 12:26:59
> > > >> >> > Subject: Re: Where is the vm root password published?
> > > >> >>
> > > >> >> > If you are talking about the system VMs password.
> > > >> >> > If you set the parameter "system.vm.random.password" to "true",
> > > then
> > > >> you
> > > >> >> > can see the password at "system.vm.password"
> > > >> >> >
> > > >> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
> > > >> >> >
> > > >> >> >> Hello,
> > > >> >> >>
> > > >> >> >> I know that the vm root password is temporarily stored
> somewhere
> > > in
> > > >> the
> > > >> >> >> system. I need to find it out for accessing the console of
> some
> > > >> >> instances
> > > >> >> >> created programmatically.
> > > >> >> >> Where do I look?
> > > >> >> >>
> > > >> >> >> Cheers,
> > > >> >> >> Lucian
> > > >> >> >>
> > > >> >> >> --
> > > >> >> >> Sent from the Delta quadrant using Borg technology!
> > > >> >> >>
> > > >> >> >> Nux!
> > > >> >> >> www.nux.ro
> > > >> >> >>
> > > >> >> >
> > > >> >> >
> > > >> >> >
> > > >> >> > --
> > > >> >> > Rafael Weingärtner
> > > >> >>
> > > >> >
> > > >> >
> > > >> >
> > > >> > --
> > > >> > Rafael Weingärtner
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
>
>
> --
> Daan
>
--
Rafael Weingärtner
Re: Where is the vm root password published?
Posted by Daan Hoogland <da...@gmail.com>.
it isn't logged, Rafael, not by cloudstack. It is cloudmonkey that logs the
API response object. It is the same response the UI uses to display it to
the user.
On Mon, Nov 27, 2017 at 3:45 PM, Rafael Weingärtner <
rafaelweingartner@gmail.com> wrote:
> Interesting! I did not know that the password was logged. I thought it was
> a one time thing to show the password in the UI.
>
> On Mon, Nov 27, 2017 at 1:43 PM, Nux! <nu...@li.nux.ro> wrote:
>
> > Ok, so found out some more stuff.
> >
> > First of all, the password appears in management-server.log and
> > apilog.log, so that's one place to grep into.
> >
> > Second, I could query the jobid and get the password from there. E.g.
> from
> > cloudmonkey
> > query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f | grep
> > password\ =
> >
> > More info here
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> > CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJobexecution
> >
> > --
> > Sent from the Delta quadrant using Borg technology!
> >
> > Nux!
> > www.nux.ro
> >
> > ----- Original Message -----
> > > From: "Rafael Weingärtner" <ra...@gmail.com>
> > > To: "users" <us...@cloudstack.apache.org>
> > > Sent: Monday, 27 November, 2017 15:21:30
> > > Subject: Re: Where is the vm root password published?
> >
> > > Ah, if that is the case, I know it is stored in the VR of the network
> > where
> > > the VM is connected to.
> > >
> > > I forgot now the file, but it is something like “/var/usr?/cloud/cache”
> > or
> > > something that ends in “/cache/cloud”.
> > >
> > >
> > > Do we store these password in ACS database as well?
> > >
> > > On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
> > >
> > >> Rafael,
> > >>
> > >> Yes indeed, sorry if I wasn't clear.
> > >>
> > >> --
> > >> Sent from the Delta quadrant using Borg technology!
> > >>
> > >> Nux!
> > >> www.nux.ro
> > >>
> > >> ----- Original Message -----
> > >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > >> > To: "users" <us...@cloudstack.apache.org>
> > >> > Sent: Monday, 27 November, 2017 14:58:20
> > >> > Subject: Re: Where is the vm root password published?
> > >>
> > >> > Are you talking about the generated passwords to be injected in user
> > vms?
> > >> > Besides that, we do not have any other password. At least that I
> know.
> > >> >
> > >> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
> > >> >
> > >> >> No, I mean the regular user VM instances.
> > >> >> I know they are held somewhere temporarily, just don't know where.
> :)
> > >> >>
> > >> >> --
> > >> >> Sent from the Delta quadrant using Borg technology!
> > >> >>
> > >> >> Nux!
> > >> >> www.nux.ro
> > >> >>
> > >> >> ----- Original Message -----
> > >> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > >> >> > To: "users" <us...@cloudstack.apache.org>
> > >> >> > Sent: Monday, 27 November, 2017 12:26:59
> > >> >> > Subject: Re: Where is the vm root password published?
> > >> >>
> > >> >> > If you are talking about the system VMs password.
> > >> >> > If you set the parameter "system.vm.random.password" to "true",
> > then
> > >> you
> > >> >> > can see the password at "system.vm.password"
> > >> >> >
> > >> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
> > >> >> >
> > >> >> >> Hello,
> > >> >> >>
> > >> >> >> I know that the vm root password is temporarily stored somewhere
> > in
> > >> the
> > >> >> >> system. I need to find it out for accessing the console of some
> > >> >> instances
> > >> >> >> created programmatically.
> > >> >> >> Where do I look?
> > >> >> >>
> > >> >> >> Cheers,
> > >> >> >> Lucian
> > >> >> >>
> > >> >> >> --
> > >> >> >> Sent from the Delta quadrant using Borg technology!
> > >> >> >>
> > >> >> >> Nux!
> > >> >> >> www.nux.ro
> > >> >> >>
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> > --
> > >> >> > Rafael Weingärtner
> > >> >>
> > >> >
> > >> >
> > >> >
> > >> > --
> > >> > Rafael Weingärtner
> > >>
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> >
>
>
>
> --
> Rafael Weingärtner
>
--
Daan
Re: Where is the vm root password published?
Posted by Rafael Weingärtner <ra...@gmail.com>.
Interesting! I did not know that the password was logged. I thought it was
a one time thing to show the password in the UI.
On Mon, Nov 27, 2017 at 1:43 PM, Nux! <nu...@li.nux.ro> wrote:
> Ok, so found out some more stuff.
>
> First of all, the password appears in management-server.log and
> apilog.log, so that's one place to grep into.
>
> Second, I could query the jobid and get the password from there. E.g. from
> cloudmonkey
> query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f | grep
> password\ =
>
> More info here
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJobexecution
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> ----- Original Message -----
> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > To: "users" <us...@cloudstack.apache.org>
> > Sent: Monday, 27 November, 2017 15:21:30
> > Subject: Re: Where is the vm root password published?
>
> > Ah, if that is the case, I know it is stored in the VR of the network
> where
> > the VM is connected to.
> >
> > I forgot now the file, but it is something like “/var/usr?/cloud/cache”
> or
> > something that ends in “/cache/cloud”.
> >
> >
> > Do we store these password in ACS database as well?
> >
> > On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
> >
> >> Rafael,
> >>
> >> Yes indeed, sorry if I wasn't clear.
> >>
> >> --
> >> Sent from the Delta quadrant using Borg technology!
> >>
> >> Nux!
> >> www.nux.ro
> >>
> >> ----- Original Message -----
> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> >> > To: "users" <us...@cloudstack.apache.org>
> >> > Sent: Monday, 27 November, 2017 14:58:20
> >> > Subject: Re: Where is the vm root password published?
> >>
> >> > Are you talking about the generated passwords to be injected in user
> vms?
> >> > Besides that, we do not have any other password. At least that I know.
> >> >
> >> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
> >> >
> >> >> No, I mean the regular user VM instances.
> >> >> I know they are held somewhere temporarily, just don't know where. :)
> >> >>
> >> >> --
> >> >> Sent from the Delta quadrant using Borg technology!
> >> >>
> >> >> Nux!
> >> >> www.nux.ro
> >> >>
> >> >> ----- Original Message -----
> >> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> >> >> > To: "users" <us...@cloudstack.apache.org>
> >> >> > Sent: Monday, 27 November, 2017 12:26:59
> >> >> > Subject: Re: Where is the vm root password published?
> >> >>
> >> >> > If you are talking about the system VMs password.
> >> >> > If you set the parameter "system.vm.random.password" to "true",
> then
> >> you
> >> >> > can see the password at "system.vm.password"
> >> >> >
> >> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
> >> >> >
> >> >> >> Hello,
> >> >> >>
> >> >> >> I know that the vm root password is temporarily stored somewhere
> in
> >> the
> >> >> >> system. I need to find it out for accessing the console of some
> >> >> instances
> >> >> >> created programmatically.
> >> >> >> Where do I look?
> >> >> >>
> >> >> >> Cheers,
> >> >> >> Lucian
> >> >> >>
> >> >> >> --
> >> >> >> Sent from the Delta quadrant using Borg technology!
> >> >> >>
> >> >> >> Nux!
> >> >> >> www.nux.ro
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > Rafael Weingärtner
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Rafael Weingärtner
> >>
> >
> >
> >
> > --
> > Rafael Weingärtner
>
--
Rafael Weingärtner
Re: Where is the vm root password published?
Posted by Nux! <nu...@li.nux.ro>.
Ok, so found out some more stuff.
First of all, the password appears in management-server.log and apilog.log, so that's one place to grep into.
Second, I could query the jobid and get the password from there. E.g. from cloudmonkey
query asyncjobresult jobid=caac0e1f-0aff-4065-8189-1d32d480e73f | grep password\ =
More info here
https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI#CloudStackcloudmonkeyCLI-AsyncJobexecution
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
> From: "Rafael Weingärtner" <ra...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Sent: Monday, 27 November, 2017 15:21:30
> Subject: Re: Where is the vm root password published?
> Ah, if that is the case, I know it is stored in the VR of the network where
> the VM is connected to.
>
> I forgot now the file, but it is something like “/var/usr?/cloud/cache” or
> something that ends in “/cache/cloud”.
>
>
> Do we store these password in ACS database as well?
>
> On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
>
>> Rafael,
>>
>> Yes indeed, sorry if I wasn't clear.
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>>
>> ----- Original Message -----
>> > From: "Rafael Weingärtner" <ra...@gmail.com>
>> > To: "users" <us...@cloudstack.apache.org>
>> > Sent: Monday, 27 November, 2017 14:58:20
>> > Subject: Re: Where is the vm root password published?
>>
>> > Are you talking about the generated passwords to be injected in user vms?
>> > Besides that, we do not have any other password. At least that I know.
>> >
>> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
>> >
>> >> No, I mean the regular user VM instances.
>> >> I know they are held somewhere temporarily, just don't know where. :)
>> >>
>> >> --
>> >> Sent from the Delta quadrant using Borg technology!
>> >>
>> >> Nux!
>> >> www.nux.ro
>> >>
>> >> ----- Original Message -----
>> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
>> >> > To: "users" <us...@cloudstack.apache.org>
>> >> > Sent: Monday, 27 November, 2017 12:26:59
>> >> > Subject: Re: Where is the vm root password published?
>> >>
>> >> > If you are talking about the system VMs password.
>> >> > If you set the parameter "system.vm.random.password" to "true", then
>> you
>> >> > can see the password at "system.vm.password"
>> >> >
>> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
>> >> >
>> >> >> Hello,
>> >> >>
>> >> >> I know that the vm root password is temporarily stored somewhere in
>> the
>> >> >> system. I need to find it out for accessing the console of some
>> >> instances
>> >> >> created programmatically.
>> >> >> Where do I look?
>> >> >>
>> >> >> Cheers,
>> >> >> Lucian
>> >> >>
>> >> >> --
>> >> >> Sent from the Delta quadrant using Borg technology!
>> >> >>
>> >> >> Nux!
>> >> >> www.nux.ro
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Rafael Weingärtner
>> >>
>> >
>> >
>> >
>> > --
>> > Rafael Weingärtner
>>
>
>
>
> --
> Rafael Weingärtner
Re: Where is the vm root password published?
Posted by Rafael Weingärtner <ra...@gmail.com>.
Ah, if that is the case, I know it is stored in the VR of the network where
the VM is connected to.
I forgot now the file, but it is something like “/var/usr?/cloud/cache” or
something that ends in “/cache/cloud”.
Do we store these password in ACS database as well?
On Mon, Nov 27, 2017 at 1:18 PM, Nux! <nu...@li.nux.ro> wrote:
> Rafael,
>
> Yes indeed, sorry if I wasn't clear.
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> ----- Original Message -----
> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > To: "users" <us...@cloudstack.apache.org>
> > Sent: Monday, 27 November, 2017 14:58:20
> > Subject: Re: Where is the vm root password published?
>
> > Are you talking about the generated passwords to be injected in user vms?
> > Besides that, we do not have any other password. At least that I know.
> >
> > On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
> >
> >> No, I mean the regular user VM instances.
> >> I know they are held somewhere temporarily, just don't know where. :)
> >>
> >> --
> >> Sent from the Delta quadrant using Borg technology!
> >>
> >> Nux!
> >> www.nux.ro
> >>
> >> ----- Original Message -----
> >> > From: "Rafael Weingärtner" <ra...@gmail.com>
> >> > To: "users" <us...@cloudstack.apache.org>
> >> > Sent: Monday, 27 November, 2017 12:26:59
> >> > Subject: Re: Where is the vm root password published?
> >>
> >> > If you are talking about the system VMs password.
> >> > If you set the parameter "system.vm.random.password" to "true", then
> you
> >> > can see the password at "system.vm.password"
> >> >
> >> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
> >> >
> >> >> Hello,
> >> >>
> >> >> I know that the vm root password is temporarily stored somewhere in
> the
> >> >> system. I need to find it out for accessing the console of some
> >> instances
> >> >> created programmatically.
> >> >> Where do I look?
> >> >>
> >> >> Cheers,
> >> >> Lucian
> >> >>
> >> >> --
> >> >> Sent from the Delta quadrant using Borg technology!
> >> >>
> >> >> Nux!
> >> >> www.nux.ro
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Rafael Weingärtner
> >>
> >
> >
> >
> > --
> > Rafael Weingärtner
>
--
Rafael Weingärtner
Re: Where is the vm root password published?
Posted by Nux! <nu...@li.nux.ro>.
Rafael,
Yes indeed, sorry if I wasn't clear.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
> From: "Rafael Weingärtner" <ra...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Sent: Monday, 27 November, 2017 14:58:20
> Subject: Re: Where is the vm root password published?
> Are you talking about the generated passwords to be injected in user vms?
> Besides that, we do not have any other password. At least that I know.
>
> On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
>
>> No, I mean the regular user VM instances.
>> I know they are held somewhere temporarily, just don't know where. :)
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>>
>> ----- Original Message -----
>> > From: "Rafael Weingärtner" <ra...@gmail.com>
>> > To: "users" <us...@cloudstack.apache.org>
>> > Sent: Monday, 27 November, 2017 12:26:59
>> > Subject: Re: Where is the vm root password published?
>>
>> > If you are talking about the system VMs password.
>> > If you set the parameter "system.vm.random.password" to "true", then you
>> > can see the password at "system.vm.password"
>> >
>> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
>> >
>> >> Hello,
>> >>
>> >> I know that the vm root password is temporarily stored somewhere in the
>> >> system. I need to find it out for accessing the console of some
>> instances
>> >> created programmatically.
>> >> Where do I look?
>> >>
>> >> Cheers,
>> >> Lucian
>> >>
>> >> --
>> >> Sent from the Delta quadrant using Borg technology!
>> >>
>> >> Nux!
>> >> www.nux.ro
>> >>
>> >
>> >
>> >
>> > --
>> > Rafael Weingärtner
>>
>
>
>
> --
> Rafael Weingärtner
Re: Where is the vm root password published?
Posted by Rafael Weingärtner <ra...@gmail.com>.
Are you talking about the generated passwords to be injected in user vms?
Besides that, we do not have any other password. At least that I know.
On Mon, Nov 27, 2017 at 12:56 PM, Nux! <nu...@li.nux.ro> wrote:
> No, I mean the regular user VM instances.
> I know they are held somewhere temporarily, just don't know where. :)
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> ----- Original Message -----
> > From: "Rafael Weingärtner" <ra...@gmail.com>
> > To: "users" <us...@cloudstack.apache.org>
> > Sent: Monday, 27 November, 2017 12:26:59
> > Subject: Re: Where is the vm root password published?
>
> > If you are talking about the system VMs password.
> > If you set the parameter "system.vm.random.password" to "true", then you
> > can see the password at "system.vm.password"
> >
> > On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
> >
> >> Hello,
> >>
> >> I know that the vm root password is temporarily stored somewhere in the
> >> system. I need to find it out for accessing the console of some
> instances
> >> created programmatically.
> >> Where do I look?
> >>
> >> Cheers,
> >> Lucian
> >>
> >> --
> >> Sent from the Delta quadrant using Borg technology!
> >>
> >> Nux!
> >> www.nux.ro
> >>
> >
> >
> >
> > --
> > Rafael Weingärtner
>
--
Rafael Weingärtner
Re: Where is the vm root password published?
Posted by Nux! <nu...@li.nux.ro>.
No, I mean the regular user VM instances.
I know they are held somewhere temporarily, just don't know where. :)
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
> From: "Rafael Weingärtner" <ra...@gmail.com>
> To: "users" <us...@cloudstack.apache.org>
> Sent: Monday, 27 November, 2017 12:26:59
> Subject: Re: Where is the vm root password published?
> If you are talking about the system VMs password.
> If you set the parameter "system.vm.random.password" to "true", then you
> can see the password at "system.vm.password"
>
> On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
>
>> Hello,
>>
>> I know that the vm root password is temporarily stored somewhere in the
>> system. I need to find it out for accessing the console of some instances
>> created programmatically.
>> Where do I look?
>>
>> Cheers,
>> Lucian
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>>
>
>
>
> --
> Rafael Weingärtner
Re: Where is the vm root password published?
Posted by Rafael Weingärtner <ra...@gmail.com>.
If you are talking about the system VMs password.
If you set the parameter "system.vm.random.password" to "true", then you
can see the password at "system.vm.password"
On Mon, Nov 27, 2017 at 10:24 AM, Nux! <nu...@li.nux.ro> wrote:
> Hello,
>
> I know that the vm root password is temporarily stored somewhere in the
> system. I need to find it out for accessing the console of some instances
> created programmatically.
> Where do I look?
>
> Cheers,
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
--
Rafael Weingärtner