Extension for retrieving a secure password of an instance
Some guests need a password in order to be used. We need a secure way to generate an encrypted password and let the user retrieve it securely. Although we can do this using the console and an init script[1] it would be much nicer to have support in the api for such a thing.
The high-level goal is:
nova get-password <uuid>
(returns the password for the vm)
The steps involved are:
a) Add a post location to nova-api-metadata that can send encrypted password (should be write once)
b) Add an extension to the api allowing get_password and reset_password (reset simply clears the value
c) Allow an alternative method for xenapi (password could be encrypted and written by nova or guest agent)
d) Work with cloud-init to for it to support generating an encrypted password and posting it
e) Work with hyper-v team to make sure their cloud-init support includes it
f) Add code to python-novaclient for decrypting password
Blueprint information
- Status:
- Complete
- Approver:
- Vish Ishaya
- Priority:
- Low
- Drafter:
- Vish Ishaya
- Direction:
- Approved
- Assignee:
- Vish Ishaya
- Definition:
- Approved
- Series goal:
- Accepted for grizzly
- Implementation:
- Implemented
- Milestone target:
- 2013.1
- Started by
- Thierry Carrez
- Completed by
- Thierry Carrez
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add api extension to get and reset password
Addressed by: https:/
Allows an instance to post encrypted password
Addressed by: https:/
Allow larger encrypted password posts to metadata
Addressed by: https:/
Implements getPasswordData for ec2
Addressed by: https:/
Add encryption and decryption methods for ssh keys
Addressed by: https:/
Save password set through xen agent.