data source config drive doesn't use the Admin Pass given by OpenStack

Bug #1236883 reported by Alexandre Bécholey on 2013-10-08
34
This bug affects 7 people
Affects Status Importance Assigned to Milestone
cloud-init
Low
Unassigned

Bug Description

The script cloudinit/sources/DataSourceConfigDrive.py doesn't use the Admin Pass that is generated by OpenStack or given by the user at the creation of a VM.

Here is a quick patch that uses this information and passes it to cloud config, let me know what you think.

Anthony Woods (awoods-0) wrote :

I think a better approach for using the admin_pass available in the ConfigDriver is to pull it in within the cc_set_passwords plugin.

This will allow users to override the password by adding it to their config, either directly in /etc/cloud/ or via a cloud-init config in user-data.

see attached patch

Scott Moser (smoser) wrote :

The logic to do this seems sane, but generally I think its dangerous to just start setting root passwords at all.
My personal feeling is that cloud-init's path to root is superior (provisioning ssh keys to a non-root user with sudo access). I'd like to keep that the default behavior.

I'm not opposed to allowing config to turn this "use MD provided password". But generally, it just seems like an un-necessary security regression.

Thoughts?

(and thanks for taking the time to file the bug).

Changed in cloud-init:
importance: Undecided → Low
status: New → Triaged
Abel Lopez (al592b) wrote :

Can we have cloud-init set the password for the default_user using the admin-pass in the metadata? This would make the VNC console a viable tool for troubleshooting. Users could `nova get-password` the value out of metadata, and use that to login.

Abel Lopez (al592b) wrote :

It seems reasonable to have this as as option, since the admin-pass is random or user-specified, we should be able to say something in cloud.cfg like
password: ADMIN-PASS
and have cc_set_passwords.py know that means "Take the admin-pass out of the metadata", it's already there, and it sure beats libvirt injection.

Anthony Woods (awoods-0) wrote :

While using ssh keys is generally a 'better' option for access control, it is not always compatible with existing tools policies.

So, I agree that the default behavior should be SSH keys, but we still need a way to set a password if desired.

I think that Abel's suggestion of a configuration option to enable using the admin_pass in the ConfigDrive is a good one.

Abel Lopez (al592b) wrote :

There are two cases where having the root pass would be helpful.
1. You've misconfigured your network in someway (sshd died?) and need to get in via VNC console
2. You've fubar'd your sudoers file and can no longer sudo

I'd imagine being able to use "nova get-password" to get this, which requires the ssh key for encrypting

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers