apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/setup/bindir/cloud-set-guest-password.in
dimsijul 3ac819410a
setup: Update cloud-set-guest-password.in (#4070) 
Update cloud-set-guest-password.in
Adaptation of the original script to be able to work with netplan, network manager and ifupdown.

Changes have been tested in Cloudstack V 4.13 with the following operating systems and network providers :

Ubuntu 16.04 with ifupdown (/etc/network/interfaces)
Ubuntu 18.04 with netplan
Ubuntu 20.04 with netplan
Debian 10 with ifupdown (/etc/network/interfaces)
Debian 9 with ifupdown (/etc/network/interfaces)
CentOS 8 with network manager (/etc/sysconfig/network-scripts/ifcfg-eth0)
CentOS 7 with network manager (/etc/sysconfig/network-scripts/ifcfg-eth0)
Create a new vm from template with password feature enabled and log in the vm with provided password.

Stop the vm, change the password with the feature, start the vm and log in the vm with provided password.
2020-06-16 10:14:11 +05:30

144 lines
5.0 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
#
# Init file for Password Download Client
#
# chkconfig: 345 98 02
# description: Password Download Client
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Modify this line to specify the user (default is root)
user=root
# Detect main interface name
NETINT=$(ip -o -4 route show to default | awk '{print $5}')
# Add network provider variables here (default means that interface for network manager is eth0)
NETPLAN=/etc/netplan
IFUPDOWN=/etc/network/interfaces
NETMAN=/etc/sysconfig/network-scripts
# Add dhcp variables
PASSWORD_SERVER_PORT=8080
password_received=0
error_count=0
file_count=0
# OS is using netplan
if [ -d "$NETPLAN" ]; then
logger -t "cloud" "Operating System is using netplan"
PASSWORD_SERVER_IP=$(netplan ip leases $NETINT | grep SERVER_ADDRESS | awk '{split($0,a,"="); print a[2]}')
if [ -n "$PASSWORD_SERVER_IP" ]; then
logger -t "cloud" "Found password server IP $PASSWORD_SERVER_IP in netplan config"
fi
fi
# OS is using ifupdown
if [ -f "$IFUPDOWN" ]; then
logger -t "cloud" "Operating System is using ifupdown"
DHCP_FOLDERS="/var/lib/dhclient/* /var/lib/dhcp3/* /var/lib/dhcp/*"
for DHCP_FILE in $DHCP_FOLDERS; do
if [ -f $DHCP_FILE ]; then
file_count=$((file_count+1))
PASSWORD_SERVER_IP=$(grep dhcp-server-identifier $DHCP_FILE | tail -1 | awk '{print $NF}' | tr -d '\;')
if [ -n "$PASSWORD_SERVER_IP" ]; then
logger -t "cloud" "Found password server IP $PASSWORD_SERVER_IP in $DHCP_FILE"
break
fi
fi
done
fi
# OS is using network interfaces
if [ -d "$NETMAN" ]; then
logger -t "cloud" "Operating System is using network manager"
PASSWORD_SERVER_IP=$(nmcli -f IP4.GATEWAY device show $NETINT | sed 's/ //g' | awk '{split($0,a,":"); print a[2]}')
if [ -n "$PASSWORD_SERVER_IP" ]; then
logger -t "cloud" "Found password server IP $PASSWORD_SERVER_IP in nmcli output"
fi
fi
#start sequence
if [ -z "$PASSWORD_SERVER_IP" ] ; then
logger -t "cloud" "Unable to determine the password server, falling back to data-server"
PASSWORD_SERVER_IP=data-server
fi
logger -t "cloud" "Sending request to password server at $PASSWORD_SERVER_IP"
password=$(wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password" http://$PASSWORD_SERVER_IP:$PASSWORD_SERVER_PORT)
if [ $? -eq 0 ]; then
password=$(echo $password | tr -d '\r')
logger -t "cloud" "Got response from server at $PASSWORD_SERVER_IP"
case $password in
"")
logger -t "cloud" "Password server at $PASSWORD_SERVER_IP did not have any password for the VM"
;;
"bad_request")
logger -t "cloud" "VM sent an invalid request to password server at $PASSWORD_SERVER_IP"
error_count=$((error_count+1))
;;
"saved_password")
logger -t "cloud" "VM has already saved a password from the password server at $PASSWORD_SERVER_IP"
;;
*)
logger -t "cloud" "VM got a valid password from server at $PASSWORD_SERVER_IP"
password_received=1
;;
esac
else
logger -t "cloud" "Failed to send request to password server at $PASSWORD_SERVER_IP"
error_count=$((error_count+1))
fi
if [ "$password_received" == "0" ]; then
if [ "$error_count" == "$file_count" ]; then
logger -t "cloud" "Failed to get password from any server"
exit 1
else
logger -t "cloud" "Did not need to change password."
exit 0
fi
fi
logger -t "cloud" "Changing password for user $user"
echo $user:$password | chpasswd
if [ $? -gt 0 ]; then
usermod -p `mkpasswd -m SHA-512 $password` $user
if [ $? -gt 0 ]; then
logger -t "cloud" "Failed to change password for user $user"
exit 1
else
logger -t "cloud" "Successfully changed password for user $user"
fi
fi
logger -t "cloud" "Sending acknowledgment to password server at $PASSWORD_SERVER_IP"
wget -q -t 3 -T 20 -O - --header "DomU_Request: saved_password" $PASSWORD_SERVER_IP:$PASSWORD_SERVER_PORT
exit 0
Reference in New Issue View Git Blame Copy Permalink