[Openstack] Handling of adminPass is arguably broken (essex)

John Garbutt John.Garbutt at citrix.com
Wed Nov 28 17:27:56 UTC 2012 

Those agents use the Xen/XenAPI specific stuff called xenstore.

There was talk of extending cloud-init and the metadata service to support some kind of password generation on boot or at a poll interval, but I don't remember that conversation getting too far. Anyone one else remember what came of those ideas?

John

From: openstack-bounces+john.garbutt=citrix.com at lists.launchpad.net [mailto:openstack-bounces+john.garbutt=citrix.com at lists.launchpad.net] On Behalf Of Sam Stoelinga
Sent: 28 November 2012 06:26
To: Pádraig Brady
Cc: openstack at lists.launchpad.net
Subject: Re: [Openstack] Handling of adminPass is arguably broken (essex)

Hi,

Just noticed the following two projects:
https://github.com/rackspace/openstack-guest-agents-windows-xenserver
https://github.com/rackspace/openstack-guest-agents-unix

Would those be useful in creating an agent like Vish described?
It seems they currently only support Xen? Haven't taken a deep look yet.

a) put a public key on the instance via metadata or config drive (for ease of use this could actually just be the ssh public key you normally use for logging into the vm).
b) have a daemon in the windows instance that:
 * generates a random password
 * sets the administrator password to the random password
 * encrypts it with the public key
 * serves the encrypted password over https on a known port (say 9999)
c) open up port (9999) in the instance's security group
d) retrieve the encrypted password and decrypt it
e) close port (9999) in the instances security group

Was wondering if it's planned for Grizzly a way to change the password for libvirt/kvm guests (unix and windows)?
Is there any blueprint available?

Sam
On Sat, Nov 3, 2012 at 3:15 AM, Pádraig Brady <P at draigbrady.com<mailto:P at draigbrady.com>> wrote:
On 11/02/2012 07:03 PM, Lars Kellogg-Stedman wrote:
On Thu, Nov 01, 2012 at 11:03:14AM -0700, Vishvananda Ishaya wrote:
The new config drive code defaults to iso-9660, so that should work. The
vfat version should probably create a partition table.

Is that what Folsom is using?  Or is it new-er than that?

That's in Folsom




_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121128/6ebff7aa/attachment.html>

More information about the Openstack mailing list