Bug #5316
Unable to start VMs created by deleted users
Status: | Closed | Start date: | 08/17/2017 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | Core & System | |||
Target version: | Release 5.4.2 | |||
Resolution: | fixed | Pull request: | ||
Affected Versions: | OpenNebula 5.2 |
Description
VMs that use OneGate tokens cannot be started if the user that created that VM has been deleted.
Error is: Cannot generate OneGate token: TOKEN_PASSWORD not set in the user template.
If TOKEN=YES in the VM template, OpenNebula looks at the CREATED_BY attribute in the VM template to find the UID of the user that created this VM, then looks at that user's TOKEN_PASSWORD attribute. If that user has been deleted, this returns an empty string, leading to this error.
Possible solutions include:
1. Do not support deleting users, only soft-deleting them so TOKEN_PASSWORD is always available
2. Keep TOKEN_PASSWORD for VMs somewhere else
3. Compute TOKEN_PASSWORD from the current owner, meaning the token will change during deployments after chown
Associated revisions
History
#1 Updated by Roy Keene almost 4 years ago
A workaround is to updateconf and remove TOKEN=YES, then updateconf again and re-add TOKEN=YES. Then CREATED_BY is set to the current owner of the VM.
[test] root# onevm chown 0 2 [test] root# onevm show 0|grep CREA CREATED_BY="0" [test] root# onevm updateconf 0 ... remove TOKEN=YES... [test] root# onevm updateconf 0 ... add TOKEN=YES... [test] root# onevm show 0|grep CREA CREATED_BY="2" [test] root# onevm resume 0
#2 Updated by Ruben S. Montero almost 4 years ago
- Status changed from Pending to Closed
- Target version set to Release 5.4.2
- Resolution set to fixed