Permalink
Browse files

Fix Issue 904

This commit adds the ability for a user to set the VNC password.
If the password is not set one will be set for you. This is done
to address a potential security issue with not having password
protected VNC access by default.

Issue:
rcbops/chef-cookbooks#904
  • Loading branch information...
cloudnull committed May 23, 2014
1 parent da05046 commit 6f41a4648a55e68ca1af175c650bc06e34644285
View
@@ -116,6 +116,7 @@
default["nova"]["libvirt"]["virt_type"] = "kvm"
default["nova"]["libvirt"]["vncserver_listen"] = nil
+default["nova"]["libvirt"]["vnc_password"] = nil
default["nova"]["libvirt"]["vncserver_proxyclient_address"] = node["ipaddress"]
default["nova"]["libvirt"]["auth_tcp"] = "none"
default["nova"]["libvirt"]["remove_unused_base_images"] = true
View
@@ -168,6 +168,7 @@
"user" => node["nova"]["db"]["username"],
"passwd" => nova_setup_info["db"]["password"],
"db_name" => node["nova"]["db"]["name"],
+ "vnc_password" => node["nova"]["libvirt"]["vnc_password"],
"vncserver_listen" => node["nova"]["libvirt"]["vncserver_listen"] || novncserver_bind["host"],
"vncserver_proxyclient_address" => novncserver_bind["host"],
"novnc_proxy_cert" => novnc_proxy_cert,
View
@@ -22,8 +22,10 @@
# Allow for using a well known db password
if node["developer_mode"] == true
node.set_unless["nova"]["db"]["password"] = "nova"
+ node.set_unless["nova"]["libvirt"]["vnc_password"] = "nova"
else
node.set_unless["nova"]["db"]["password"] = secure_password
+ node.set_unless["nova"]["libvirt"]["vnc_password"] = secure_password
end
include_recipe "nova::nova-common"
@@ -14,5 +14,6 @@ key=<%= @novnc_proxy_key %>
ssl_only=True
<% end -%>
+vnc_password=<%= @vnc_password %>
vncserver_listen=<%= @vncserver_listen %>
vncserver_proxyclient_address=<%= @vncserver_proxyclient_address %>

0 comments on commit 6f41a46

Please sign in to comment.