Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge "libvirt: set admin root password"
- Loading branch information
Showing
1 changed file
with
140 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
.. | ||
This work is licensed under a Creative Commons Attribution 3.0 Unported | ||
License. | ||
http://creativecommons.org/licenses/by/3.0/legalcode | ||
|
||
=============================== | ||
Libvirt Set Admin Root Password | ||
=============================== | ||
|
||
https://blueprints.launchpad.net/nova/+spec/libvirt-set-admin-password | ||
|
||
Nova provides an API to let users set an administrator password on a | ||
virtual machine which is already active. The purpose of this spec is | ||
to take advantage of the libvirt API set-user-password provided with | ||
version 1.2.16 to implement that feature for Qemu/KVM users. | ||
|
||
Problem description | ||
=================== | ||
|
||
Nova provides API to let users set an administrator password but | ||
Qemu/KVM users cannot take advantage of it. | ||
|
||
Use Cases | ||
---------- | ||
|
||
Users want the ability to reset administrator password of an instance | ||
which is already active by using the command "nova root-password | ||
<instance>" | ||
|
||
Project Priority | ||
----------------- | ||
|
||
None. | ||
|
||
Proposed change | ||
=============== | ||
|
||
To be noted this feature requires that the image have the qemu guest | ||
agent installed to function. Most of the change will be done in the | ||
libvirt driver of Nova. | ||
|
||
In order to support both unix-like (GNU/Linux) virtual machines and | ||
Windows the default behavior will be to update password of username | ||
"root" for unix-like virtual machines and "Administrator" for Windows. | ||
|
||
To give more flexibility and provide a way for users to change | ||
administrator password of a different username. A new image property | ||
"os_admin_user" will be introduced to let users define who is the | ||
administrator username to update. | ||
|
||
Alternatives | ||
------------ | ||
|
||
The use case for this API is to allow an admin to re-gain control over | ||
an already running guest for which they have lost the password, or for | ||
an admin to bulk change the passwords across all their running guests, | ||
without having to login to the console of each guest | ||
manually/individually. The inject password feature doesn't really | ||
satisfy that. | ||
|
||
Data model impact | ||
----------------- | ||
|
||
None | ||
|
||
REST API impact | ||
--------------- | ||
|
||
None | ||
|
||
Security impact | ||
--------------- | ||
|
||
None | ||
|
||
Notifications impact | ||
-------------------- | ||
|
||
None | ||
|
||
Other end user impact | ||
--------------------- | ||
|
||
* The end user will have to install a QEMU Guest Agent daemon program | ||
inside the image and set the image property 'hw_qemu_guest_agent'. | ||
* If the image request a different username to be updated, end user | ||
will have to correctly set image property 'os_admin_user'. | ||
|
||
Performance Impact | ||
------------------ | ||
|
||
None | ||
|
||
Other deployer impact | ||
--------------------- | ||
|
||
None | ||
|
||
Developer impact | ||
---------------- | ||
|
||
None | ||
|
||
Implementation | ||
============== | ||
|
||
Assignee(s) | ||
----------- | ||
|
||
Primary assignee: | ||
sahid-ferdjaoui | ||
|
||
Work Items | ||
---------- | ||
|
||
* Implement method set_admin_password | ||
* Extend the method set_admin_password to read in image property for | ||
specific admin user | ||
|
||
Dependencies | ||
============ | ||
|
||
Libvirt 1.2.16 | ||
|
||
Testing | ||
======= | ||
|
||
* Unit tests will cover the new code | ||
* The nova API is already covered by tests | ||
|
||
Documentation Impact | ||
==================== | ||
|
||
The new glance image property will need to be documented. | ||
|
||
References | ||
========== | ||
|
||
* http://wiki.qemu.org/Features/QAPI/GuestAgent |