openstack-manuals

Injecting the administrator password on Windows requires clarifications

Bug #1455110 reported by Alessandro Pilotti on 2015-05-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Fix Released	Low	Unassigned

Bug Description

The following setting is linux only. The documentation already states that it works by updating directly the /etc/shadow file, but this is not explicit enough and users might think that by setting inject_password to True it will work on Windows instances as well.

[libvirt]
inject_password=true

The article should also specify that if the password is provided via nova CLI or Horizon (can_set_password = True), this will only be available in the metadata when a configdrive is used (admin_pass in meta_data.son).

The password is not included in the corresponding HTTP metadata (e.g. http://169.254.169.254/openstack/latest/meta_data.json).

Additionally, it should be clearly stated that clear text passwords are a security risk and that Nova provides a secure way to handle passwords with "nova get-password" since Grizzly.

-----------------------------------
Built: 2015-05-14T07:06:14 00:00
git SHA: c48b1257234e95a1e74f10bbe84318c4f63fdbed
URL: http://docs.openstack.org/admin-guide-cloud/content/admin-password-injection.html
source File: file:/home/jenkins/workspace/openstack-manuals-tox-doc-publishdocs/doc/admin-guide-cloud/compute/section_compute-system-admin.xml
xml:id: admin-password-injection

See original description

Tags:

Gauvain Pocentek (gpocentek) on 2015-05-14

Changed in openstack-manuals:
status:	New → Confirmed
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-14: Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/183093

Changed in openstack-manuals:
assignee:	nobody → Gauvain Pocentek (gpocentek)
status:	Confirmed → In Progress

Alessandro Pilotti (alexpilotti) on 2015-05-14

description:

updated

Alessandro Pilotti (alexpilotti) on 2015-05-14

description:

updated

Alessandro Pilotti (alexpilotti) on 2015-05-14

summary:

- Injecting the administrator password on libvirt must specify that it's
- linux only
+ Injecting the administrator password on Windows requires clarifications

Tom Fifield (fifieldt) on 2015-06-11

Changed in openstack-manuals:
milestone:	none → liberty

Gauvain Pocentek (gpocentek) on 2015-06-26

Changed in openstack-manuals:
assignee:	Gauvain Pocentek (gpocentek) → nobody
status:	In Progress → New

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-26: Change abandoned on openstack-manuals (master)

Change abandoned by Gauvain Pocentek (<email address hidden>) on branch: master
Review: https://review.openstack.org/183093
Reason: I'm not sure I'll find time to work on this before a while, so I prefer to abandon this patchset.

I set the bug status to 'new', mmaybe it's worth discussing it on LP.

Revision history for this message

Lana (loquacity) wrote on 2015-07-13:

From Michael Still's comment on Guavain's patch: "we shouldn't be encouraging file injection at all -- nova has wanted to remove it for a long time. If users want this functionality we should be steering them to config drive or the metadata server. Incidentally, both of those two mechanisms work just fine on Windows."

Changed in openstack-manuals:
status:	New → Confirmed

Revision history for this message

Atsushi SAKAI (sakaia) wrote on 2015-09-30:

Lana
Tom

This issue seems that it should skip Libery cycle.
Is this issue target still in Libery cycle?

KATO Tomoyuki (kato-tomoyuki) on 2016-01-04

Changed in openstack-manuals:
milestone:	liberty → mitaka

KATO Tomoyuki (kato-tomoyuki) on 2016-04-18

Changed in openstack-manuals:
milestone:	mitaka → newton

KATO Tomoyuki (kato-tomoyuki) on 2016-10-23

Changed in openstack-manuals:
milestone:	newton → ocata

Alexandra Settle (alexandra-settle) on 2017-01-25

Changed in openstack-manuals:
milestone:	ocata → none
tags:	added: admin-guide
tags:	added: nova
Changed in openstack-manuals:
importance:	Medium → Low

Alexandra Settle (alexandra-settle) on 2017-01-26

tags:

removed: nova

Revision history for this message

Alexandra Settle (alexandra-settle) wrote on 2017-02-08:

This has been fixed: http://docs.openstack.org/admin-guide/compute-admin-password-injection.html

Changed in openstack-manuals:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.