Bug #5316

Unable to start VMs created by deleted users

Added by Roy Keene 3 months ago. Updated about 1 month ago.

Status:ClosedStart date:08/17/2017
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Core & System
Target version:Release 5.4.2
Resolution:fixed Pull request:
Affected Versions:OpenNebula 5.2

Description

VMs that use OneGate tokens cannot be started if the user that created that VM has been deleted.

Error is: Cannot generate OneGate token: TOKEN_PASSWORD not set in the user template.

If TOKEN=YES in the VM template, OpenNebula looks at the CREATED_BY attribute in the VM template to find the UID of the user that created this VM, then looks at that user's TOKEN_PASSWORD attribute. If that user has been deleted, this returns an empty string, leading to this error.

Possible solutions include:
1. Do not support deleting users, only soft-deleting them so TOKEN_PASSWORD is always available
2. Keep TOKEN_PASSWORD for VMs somewhere else
3. Compute TOKEN_PASSWORD from the current owner, meaning the token will change during deployments after chown

Associated revisions

Revision 3cbda46e
Added by Juan Jose Montiel Cano about 1 month ago

B #5316: Given token password of the owner of creator user doesn't exist (#507)

Revision ad8e188f
Added by Juan Jose Montiel Cano about 1 month ago

B #5316: Given token password of the owner of creator user doesn't exist (#507)

(cherry picked from commit 3cbda46ec16de136da647d1556239175a1b455a0)

History

#1 Updated by Roy Keene 3 months ago

A workaround is to updateconf and remove TOKEN=YES, then updateconf again and re-add TOKEN=YES. Then CREATED_BY is set to the current owner of the VM.

[test] root# onevm chown 0 2
[test] root# onevm show 0|grep CREA
CREATED_BY="0" 
[test] root# onevm updateconf 0
... remove TOKEN=YES...
[test] root# onevm updateconf 0
... add TOKEN=YES...
[test] root# onevm show 0|grep CREA
CREATED_BY="2" 
[test] root# onevm resume 0

#2 Updated by Ruben S. Montero about 1 month ago

  • Status changed from Pending to Closed
  • Target version set to Release 5.4.2
  • Resolution set to fixed

Also available in: Atom PDF