Unable to start VMs created by deleted users
|Category:||Core & System|
|Target version:||Release 5.4.2|
|Affected Versions:||OpenNebula 5.2|
VMs that use OneGate tokens cannot be started if the user that created that VM has been deleted.
Error is: Cannot generate OneGate token: TOKEN_PASSWORD not set in the user template.
If TOKEN=YES in the VM template, OpenNebula looks at the CREATED_BY attribute in the VM template to find the UID of the user that created this VM, then looks at that user's TOKEN_PASSWORD attribute. If that user has been deleted, this returns an empty string, leading to this error.
Possible solutions include:
1. Do not support deleting users, only soft-deleting them so TOKEN_PASSWORD is always available
2. Keep TOKEN_PASSWORD for VMs somewhere else
3. Compute TOKEN_PASSWORD from the current owner, meaning the token will change during deployments after chown
A workaround is to updateconf and remove TOKEN=YES, then updateconf again and re-add TOKEN=YES. Then CREATED_BY is set to the current owner of the VM.
[test] root# onevm chown 0 2 [test] root# onevm show 0|grep CREA CREATED_BY="0" [test] root# onevm updateconf 0 ... remove TOKEN=YES... [test] root# onevm updateconf 0 ... add TOKEN=YES... [test] root# onevm show 0|grep CREA CREATED_BY="2" [test] root# onevm resume 0