[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] Unable to move VMs between XCP hosts? odd.

To: xen-api@xxxxxxxxxxxxx
From: "Michael @ Professional Edge LLC" <m3@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 04 Jun 2013 13:55:40 -0700
Delivery-date: Tue, 04 Jun 2013 20:56:14 +0000
List-id: User and development list for XCP and XAPI <xen-api.lists.xen.org>

Evgeniy,

Well it wasn't a problem with /etc/securetty. But you got me thinkingin the right direction! THANK YOU!

One of my folks had installed a pam module - to restrict access to loginto root - except from a specific set of internal IP addresses.


Somehow this:
/etc/pam.d/system-auth
##################
account     required      pam_access.so
##################

/etc/security/access.conf
##################
+ : root : 10.0.0.0/8 127.0.0.1
- : root : ALL
##################

Blocks all ability to login to ROOT ( including SU ) - when there is noIP address configured on the Interfaces ( which of course happens bydefault when you import the VM ).

The moment there is a IP on the primary NIC - everything works properlyagain.


So procedurally - I will do the following going forward.

1. EDIT - /etc/pam.d/system-auth ( DELETE the line - "accountrequired pam_access.so" )

2. Export the VM from source XCP Host.
3. Import the VM from the VDI file into the target XCP Host.
4. Login configure IPs on the imported VM
5. Re-ADD the PAM line deleted in Step#1.

Hope this chatter helps someone else in the future.

-Michael


Evgeniy Chupriyanov wrote on 6/4/2013 4:52 AM:

04.06.2013, в 12:06, Michael @ Professional Edge LLC <m3@xxxxxxxxxxxxxxxxxxxxxxx> 
написал(а):

XCP 1.6 - new Host #3 deployed last week - every VM I export from Host#1 or 
Host#2 - imports fine... but I'm unable to login, after a successful import.

================================================
[root@host3 ~]# xe console vm=test1
...
Kernel 2.6.18-308.1.1.el5xen on an x86_64

(test1.FQDN) login: root
Password:

Permission denied
================================================

Looks like console device name (/dev/console or /dev/xvc0) is missing from 
/etc/securetty
You can login as usual (non-root) user, than su to root and add correct dev 
name to /etc/securetty



_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api



_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api

References:
- [Xen-API] Unable to move VMs between XCP hosts? odd.
  - From: Michael @ Professional Edge LLC
- Re: [Xen-API] Unable to move VMs between XCP hosts? odd.
  - From: Evgeniy Chupriyanov

Prev by Date: Re: [Xen-API] Unable to move VMs between XCP hosts? odd.
Next by Date: [Xen-API] xvp
Previous by thread: Re: [Xen-API] Unable to move VMs between XCP hosts? odd.
Next by thread: [Xen-API] xvp
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.