openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #19001
Re: Handling of adminPass is arguably broken (essex)
Those agents use the Xen/XenAPI specific stuff called xenstore.
There was talk of extending cloud-init and the metadata service to support some kind of password generation on boot or at a poll interval, but I don't remember that conversation getting too far. Anyone one else remember what came of those ideas?
John
From: openstack-bounces+john.garbutt=citrix.com@xxxxxxxxxxxxxxxxxxx [mailto:openstack-bounces+john.garbutt=citrix.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Sam Stoelinga
Sent: 28 November 2012 06:26
To: Pádraig Brady
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Handling of adminPass is arguably broken (essex)
Hi,
Just noticed the following two projects:
https://github.com/rackspace/openstack-guest-agents-windows-xenserver
https://github.com/rackspace/openstack-guest-agents-unix
Would those be useful in creating an agent like Vish described?
It seems they currently only support Xen? Haven't taken a deep look yet.
a) put a public key on the instance via metadata or config drive (for ease of use this could actually just be the ssh public key you normally use for logging into the vm).
b) have a daemon in the windows instance that:
* generates a random password
* sets the administrator password to the random password
* encrypts it with the public key
* serves the encrypted password over https on a known port (say 9999)
c) open up port (9999) in the instance's security group
d) retrieve the encrypted password and decrypt it
e) close port (9999) in the instances security group
Was wondering if it's planned for Grizzly a way to change the password for libvirt/kvm guests (unix and windows)?
Is there any blueprint available?
Sam
On Sat, Nov 3, 2012 at 3:15 AM, Pádraig Brady <P@xxxxxxxxxxxxxx<mailto:P@xxxxxxxxxxxxxx>> wrote:
On 11/02/2012 07:03 PM, Lars Kellogg-Stedman wrote:
On Thu, Nov 01, 2012 at 11:03:14AM -0700, Vishvananda Ishaya wrote:
The new config drive code defaults to iso-9660, so that should work. The
vfat version should probably create a partition table.
Is that what Folsom is using? Or is it new-er than that?
That's in Folsom
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
References