yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1280094] Re: admin password treachery

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Akihiro Motoki <1280094@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Feb 2021 06:55:41 -0000
Reply-to: Bug 1280094 <1280094@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Horizon configuration (can_set_password) and nova configuration
(libvirt.inject_password) should match. Administrators should be
responsible for this. Nova does not expose the nova configuration via
API, so there is no way for horizon to know the nova configuration and
the only way is that adminsitrators ensure the consistency between
horizon and nova configurations.

In addition, can_set_password (admin password injection) only works wehn a VM image allows users to access it via SSH as the root user. This means whether this feature works depends on VM image used. This information is not available via the nova API, so horizon cannot know which images can support the feature.
One possible solution in the horizon side is to add a setting on which images support the feature, but it looks too much .
Considering this, I am marking this as Won't Fix.

Note that it does not mean we deny an implementation to satisy this bug
but the horizon team does not consider it as a prioritized item.

** Changed in: horizon
Status: Confirmed => Won't Fix

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1280094

Title:
admin password treachery

Status in OpenStack Dashboard (Horizon):
Won't Fix

Bug description:
Horizon can be configured to ask for an admin password to inject when
instantiating an image, or not. But it is not that simple. Whether
password injection will actually happen also depends on nova
configuration and the image being instantiated. The bug is that
Horizon is not able to ask for an admin password under exactly the
circumstances in which it will be successfully injected AND the user
is given no clue about this. Also, the user is given no clue about
which user's password this will be. For example, in Ubuntu, it is
common to log in as ubuntu rather than root, so it is natural to
wonder which user's password is being requested.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1280094/+subscriptions

References

[Bug 1280094] [NEW] admin password treachery
From: Mike Spreitzer, 2014-02-14