Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Honor the VNC password length of (up to) 8 symbols in libvirt/qemu #5842

Closed
3 tasks
atodorov-storpool opened this issue May 25, 2022 · 2 comments
Closed
3 tasks

Honor the VNC password length of (up to) 8 symbols in libvirt/qemu #5842

atodorov-storpool opened this issue May 25, 2022 · 2 comments
Assignees
@rsmontero @vickmp
Labels
Category: KVM Priority: Normal Sponsored Status: Accepted Type: Feature
Milestone
Release 6.6

Comments

@atodorov-storpool
Copy link
Contributor

Description
Libvirt utilizes the first 8 characters of the VNC password so having a longer string is pointless and also, the latest/future version to libvirt/qemu it could lead to denied domain migration and deployment.

Use case
OpenNebula compatibility with the latest qemu/libvirt
Interface Changes
API check for the VNC password length. (I believe that the ONE API must be the true source of truth, not any edge interface/bindings)
Notification in FireEdge/Sunstone to propagate the API error
(optionally onedb fsck/update function to validate/fix the issue

Additional Context
Having a long "strong" password but only the first 8 characters used could lead to a false impression of security.

Progress Status

  • Code committed
  • Testing - QA
  • Documentation (Release notes - resolved issues, compatibility, known issues)
@rsmontero
Copy link
Member

Thanks!

Yes this checks are always done at API level not at interface. Note that OpenNebula supports multiple bindings and higher level modules. VM/Image/Network etc.. logic is always coded at oned level. Only some orchestration and higher level operations are implemented using a sequence of API calls.

Note that this is already enforced for SPICE (60 chars max)

Note for implementation: Change should be implemented here

@rsmontero rsmontero added this to the Release 6.6 milestone May 25, 2022
@kvakanet
Copy link

Hello!
A similar problem...

OpenNebula 6.4 CE host Almalinux 8.4 libvirt 8.0.0
error deploy vm

Sun Aug 21 09:29:42 2022: DEPLOY: error: Failed to create domain from /var/lib/one//datastores/0/6/deployment.2 error: unsupported configuration: VNC password is 64 characters long, only 8 permitted Could
 not create domain from /var/lib/one//datastores/0/6/deployment.2 ExitCode: 255

@rsmontero rsmontero self-assigned this Aug 22, 2022
@tinova tinova mentioned this issue Nov 22, 2022
Closed
3 tasks
rsmontero pushed a commit that referenced this issue Nov 22, 2022
@vickmp
F #5842: limit VNC password length to 8 symbols (#2333)
24df1b4
vickmp added a commit to OpenNebula/docs that referenced this issue Dec 7, 2022
@vickmp
F OpenNebula/one#5842: Update whats new
d9abf40
rsmontero pushed a commit to OpenNebula/docs that referenced this issue Dec 7, 2022
@vickmp
F OpenNebula/one#5842: Update whats new (#2444)
5a1eb58
rsmontero pushed a commit to OpenNebula/docs that referenced this issue Dec 7, 2022
@vickmp @rsmontero
F OpenNebula/one#5842: Update whats new (#2444)
7672e4f 
(cherry picked from commit 5a1eb58)
rsmontero added a commit to OpenNebula/docs that referenced this issue Dec 7, 2022
@rsmontero
F OpenNebula/one#5842: Add note to template reference
9bc5a0c
rsmontero added a commit to OpenNebula/docs that referenced this issue Dec 7, 2022
@rsmontero
F OpenNebula/one#5842: Add note to template reference
9edc6d6 
(cherry picked from commit 9bc5a0c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rsmontero rsmontero

@vickmp vickmp

Labels
Category: KVM Priority: Normal Sponsored Status: Accepted Type: Feature
Projects
None yet
Milestone
Release 6.6
Development

No branches or pull requests
4 participants
@rsmontero @atodorov-storpool @kvakanet @vickmp