Bug #11068
open
Password issues with compute resources - account for VMware resource to connect to VMware keeps getting locked.
Description
I have a foreman 1.8.2 instance that runs on 2 nodes and we use the VMware plugin and have multiple compute resources defined for VMware for "Stage" and "Production" resources. I've had non-stop issues with the service account that authorizes foreman to talk to vmware expiring/locking itself after a password change as if there is somewhere else that the password is being stored.
I have no errors when saving the password. I put in the username, put in the password and click load datacenters and I get everything i'm expecting. I can even provision hosts and import VMs and search images and everything i normally do.
But give it a day and everything is locked and i'm not sure why - no changes are made and no one else is really doing anything in vmware land except me as i'm finishing the rollout. No one else has admin rights to change or even know the password and i login to AD and have to uncheck the disabled checkbox to allow things to pick back up again.
How can i debug this issue? Is there a way to purge the accounts password completely? I tried one of the rake tasks to cleanup caches and such but no difference.
Updated by Dominic Cleal almost 9 years ago
Just for the record, there's no deliberate caching of credentials in Foreman that I can think of or see. Every time Foreman accesses vSphere it should be through the same, simple method that uses the current password, I can't think why it would be any different, sorry.
Updated by Byron Miller almost 9 years ago
I'm still having issues with the password disappearing or being locked. If someone clicks around after getting a warning it seems to lock, but otherwise i can login, set a password to the same password it was and it works fine again.. so strange..
I wonder if i have users running lastpass and its somehow saving a value in that field? i dunno.. thinking out loud.. no one should be editing it. Will have to see if i can look at authentication logs and see if there is any pattern.
Updated by Ingo Bauersachs almost 7 years ago
There's definitely some caching issue going on. I initially created the vCenter compuete resource using the administrator@vsphere.local account and later changed it do an AD domain account (srvForeman). As soon as I changed the password of the AD account to the be the same as the administrator@vsphere.local account, things start working again.
Updated by Marek Hulán over 6 years ago
There was caching mechanism introduced meanwhile. Could you go to compute resource detail and try pressing "refresh cache" button? Can you perhaps check from foreman-rake console whether the password is changed after you change it in compute resource form? This should print the list of CRs with their passwords
foreman-rake console
ComputeResource.all.map {|c| [ c.name, c.password ]}
exit
Updated by Marek Hulán over 6 years ago
- Status changed from New to Need more information
- Bugzilla link set to 1501323