Sahara

hadoop element manually creates credentials

Bug #1188442 reported by Robert Collins
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Sahara
Fix Released
High
ruhe
Sahara 0.2a1

Bug Description

I note that the hadoop diskimage-builder element manually creates a user, sets a password and so on.. the password and ssh key should be passed in - e.g. via nova metadata or heat stack parameters. That way a single image is usable in different environments without security ramifications.

Sergey Lukjanov (slukjanov)
Changed in savanna:
assignee: nobody → IvanBerezovskiy (iberezovskiy)
Sergey Lukjanov (slukjanov)
tags: added: extra.elements
Revision history for this message
Alexander Ignatov (aignatov) wrote :

Agree with Robert.
Savanna 0.2 will set password and ssh keys for hadoop user via nova during the cluster creation stage.
This in the our development plan and already partially implemeted for root user.

Changed in savanna:
importance: Undecided → High
Sergey Lukjanov (slukjanov)
Changed in savanna:
status: New → Triaged
milestone: none → 0.2a1
Sergey Lukjanov (slukjanov)
Changed in savanna:
status: Triaged → Fix Committed
Revision history for this message
Sergey Lukjanov (slukjanov) wrote :

Sorry, this issue isn't completed yet…

Already done:

* login-password configuration moved to the separated element - https://github.com/stackforge/savanna-extra/commit/8c74913e91cf0e0df36cbbc0c7c6ee35818a2fce, Robert, thank you!

TODO items:

* remove all ssh configuration tweaks;
* remove ssh keypair generation for all users (depends on implementation of https://blueprints.launchpad.net/savanna/+spec/avoid-keypair-in-dib-scripts)

Changed in savanna:
status: Fix Committed → Triaged
Sergey Lukjanov (slukjanov)
tags: added: 0.2
ruhe (ruhe)
Changed in savanna:
assignee: IvanBerezovskiy (iberezovskiy) → Ruslan Kamaldinov (ruhe)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to savanna (master)

Fix proposed to branch: master
Review: https://review.openstack.org/35118

Changed in savanna:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to savanna (master)

Reviewed: https://review.openstack.org/35118
Committed: http://github.com/stackforge/savanna/commit/07153cc6b3e1e7916def3dab3e190a02374dd7de
Submitter: Jenkins
Branch: master

commit 07153cc6b3e1e7916def3dab3e190a02374dd7de
Author: Ruslan Kamaldinov <email address hidden>
Date: Mon Jul 1 15:09:41 2013 +0400

    Private key for user hadoop in vanilla plugin.

    Write cluster-wide private key and authorized_keys for user hadoop in
    the Vanilla plugin.
    This is the same key we use in
    instances.py#_generate_user_data_script().

    There's going to be corresponding fix in savanna dib elements.

    Partially fixes: bug #1188442
    Implements: blueprint avoid-keypair-in-dib-scripts

    Change-Id: I81b98053d4176d7f87bf9ed1b7e64eea6994562d

Changed in savanna:
status: In Progress → Fix Committed
Sergey Lukjanov (slukjanov)
Changed in savanna:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.