[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] qga: add guest-set-admin-password command
|
From: |
Daniel P. Berrange |
|
Subject: |
Re: [Qemu-devel] [PATCH v2] qga: add guest-set-admin-password command |
|
Date: |
Wed, 4 Feb 2015 10:52:59 +0000 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Wed, Feb 04, 2015 at 01:48:40PM +0300, Roman Kagan wrote:
> On Mon, Jan 12, 2015 at 03:58:14PM +0000, Daniel P. Berrange wrote:
> > Add a new 'guest-set-admin-password' command for changing the
> > root/administrator password. This command is needed to allow
> > OpenStack to support its API for changing the admin password
> > on a running guest.
> >
> > Accepts either the raw password string:
> >
> > $ virsh -c qemu:///system qemu-agent-command f21x86_64 \
> > '{ "execute": "guest-set-admin-password", "arguments":
> > { "crypted": false, "password": "12345678" } }'
> > {"return":{}}
> >
> > Or a pre-encrypted string (recommended)
> >
> > $ virsh -c qemu:///system qemu-agent-command f21x86_64 \
> > '{ "execute": "guest-set-admin-password", "arguments":
> > { "crypted": true, "password":
> > "$6$T9O/j/aGPrE...snip....rQoRN4F0.GG0MPjNUNyml." } }'
>
> Does it have to be a QMP command? Wouldn't the recently (re-)submitted
> guest-exec allow to do the same, by running "chpasswd" in the guest and
> piping the username:password into its stdin?
guest-exec puts the burden on the calling application to figure out which
command to invoke and what syntax it has. This is really sucky for any
kind of cross-OS portability. ie windows is going to be completely different
from Linux, and even different UNIX variants are different to some extent.
I don't consider guest-exec to be something that managment applications
should *ever* use to build features around. It is just a useful mechanism
for human administrators to do ad-hoc interactions with guests.
> Besides I think it makes sense to (optionally) pass the username, to
> allow to change the password for arbitrary users. This would make the
> functionality useful for systems where root password plays no role as
> root logins are disallowed, and the only access to root shell is via
> sudo from a user belonging to a particular group (IIRC Ubuntu is usually
> set up like that).
Yep, extending it to any username is a possibility if it is thought to
be useful
>
> > NB windows support is desirable, but not implemented in this
> > patch.
>
> Yes Windows may have an issue with username here too, because the admin
> user can be any user (and even "Administrator" can be localized).
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|