← Back to team overview

openstack team mailing list archive

Re: OS API server password generation

 

On Mar 2, 2011, at 11:41 PM, Mark Washenberger wrote:

> To your main point, I share your desire to be able to turn off password injection during instance creation. (For clarity, I'm assuming that your preference is to create the vm with no root password and only ssh keys as a means of access.) I guess the main problem with this is that it isn't in the 1.[01] spec so we'd need to agree on a sensible way of adding it to the api.
> 
> Does anyone know if it would create any compatibility problems to support an optional "disable_admin_pass": "True" attribute to the /servers POST request? Are there any reasons other than compatibility to require an adminPass to always be set?

	Right now password injection is a function of the guest agent running under XenServer; there is no way of setting this directly from nova. So if you're not running XenServer, or not running the guest agent (still being developed), there is no password setting being done.

	Alternatively, you could create a separate guest agent that expects a user's public key, writes that to the VM, and disables SSH, so that your instances are created with the security scheme that you want.



-- Ed Leafe






Follow ups

References