def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get("key_data")
if sshkey and sshkey.startswith("ssh-rsa"):
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
self.instance.system_metadata.update(password.convert_password(ctxt, base64.b64encode(enc)))
self.instance.save()
def delete(self, req, server_id):
context = req.environ['nova.context']
authorize(context)
instance = self._get_instance(context, server_id)
meta = password.convert_password(context, None)
db.instance_system_metadata_update(context, instance['uuid'],
meta, False)
def delete(self, req, server_id):
context = req.environ['nova.context']
authorize(context)
instance = self._get_instance(context, server_id)
meta = password.convert_password(context, None)
instance.system_metadata.update(meta)
instance.save()
def delete(self, req, server_id):
context = req.environ['nova.context']
authorize(context)
instance = self._get_instance(context, server_id)
meta = password.convert_password(context, None)
instance.system_metadata.update(meta)
instance.save()
def delete(self, req, server_id):
context = req.environ['nova.context']
authorize(context)
instance = common.get_instance(self.compute_api, context, server_id,
want_objects=True)
meta = password.convert_password(context, None)
instance.system_metadata.update(meta)
instance.save()
def delete(self, req, server_id):
context = req.environ['nova.context']
authorize(context)
instance = common.get_instance(self.compute_api, context, server_id,
want_objects=True)
meta = password.convert_password(context, None)
instance.system_metadata.update(meta)
instance.save()
def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get("key_data")
if sshkey and sshkey.startswith("ssh-rsa"):
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.instance_sys_meta(self.instance)
sys_meta.update(password.convert_password(ctxt, base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance["uuid"], {"system_metadata": sys_meta})
def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get('key_data')
if sshkey and sshkey.startswith("ssh-rsa"):
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
self.instance.system_metadata.update(
password.convert_password(ctxt, base64.encode_as_text(enc)))
self.instance.save()
def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get('key_data')
if sshkey and sshkey.startswith("ssh-rsa"):
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.instance_sys_meta(self.instance)
sys_meta.update(
password.convert_password(ctxt, base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance['uuid'],
{'system_metadata': sys_meta})
def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get('key_data')
if sshkey:
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.instance_sys_meta(self.instance)
sys_meta.update(password.convert_password(ctxt,
base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance['uuid'],
{'system_metadata': sys_meta})
def set_admin_password(self, new_pass):
"""Set the root/admin password on the VM instance.
This is done via an agent running on the VM. Communication between nova
and the agent is done via writing xenstore records. Since communication
is done over the XenAPI RPC calls, we need to encrypt the password.
We're using a simple Diffie-Hellman class instead of a more advanced
library (such as M2Crypto) for compatibility with the agent code.
"""
LOG.debug(_('Setting admin password'), instance=self.instance)
dh = SimpleDH()
# Exchange keys
args = {'pub': str(dh.get_public())}
resp = _call_agent(
self.session, self.instance, self.vm_ref, 'key_init', args)
# Successful return code from key_init is 'D0'
if resp['returncode'] != 'D0':
msg = _('Failed to exchange keys: %(resp)r') % locals()
LOG.error(msg, instance=self.instance)
raise NotImplementedError(msg)
# Some old versions of the Windows agent have a trailing \\r\\n
# (ie CRLF escaped) for some reason. Strip that off.
agent_pub = int(resp['message'].replace('\\r\\n', ''))
dh.compute_shared(agent_pub)
# Some old versions of Linux and Windows agent expect trailing \n
# on password to work correctly.
enc_pass = dh.encrypt(new_pass + '\n')
# Send the encrypted password
args = {'enc_pass': enc_pass}
resp = _call_agent(
self.session, self.instance, self.vm_ref, 'password', args)
# Successful return code from password is '0'
if resp['returncode'] != '0':
msg = _('Failed to update password: %(resp)r') % locals()
LOG.error(msg, instance=self.instance)
raise NotImplementedError(msg)
sshkey = self.instance.get('key_data')
if sshkey:
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.metadata_to_dict(self.instance['system_metadata'])
sys_meta.update(password.convert_password(ctxt,
base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance['uuid'],
{'system_metadata': sys_meta})
return resp['message']
def set_admin_password(self, new_pass):
"""Set the root/admin password on the VM instance.
This is done via an agent running on the VM. Communication between nova
and the agent is done via writing xenstore records. Since communication
is done over the XenAPI RPC calls, we need to encrypt the password.
We're using a simple Diffie-Hellman class instead of a more advanced
library (such as M2Crypto) for compatibility with the agent code.
"""
LOG.debug(_('Setting admin password'), instance=self.instance)
dh = SimpleDH()
# Exchange keys
args = {'pub': str(dh.get_public())}
resp = _call_agent(
self.session, self.instance, self.vm_ref, 'key_init', args)
# Successful return code from key_init is 'D0'
if resp['returncode'] != 'D0':
msg = _('Failed to exchange keys: %(resp)r') % locals()
LOG.error(msg, instance=self.instance)
raise NotImplementedError(msg)
# Some old versions of the Windows agent have a trailing \\r\\n
# (ie CRLF escaped) for some reason. Strip that off.
agent_pub = int(resp['message'].replace('\\r\\n', ''))
dh.compute_shared(agent_pub)
# Some old versions of Linux and Windows agent expect trailing \n
# on password to work correctly.
enc_pass = dh.encrypt(new_pass + '\n')
# Send the encrypted password
args = {'enc_pass': enc_pass}
resp = _call_agent(
self.session, self.instance, self.vm_ref, 'password', args)
# Successful return code from password is '0'
if resp['returncode'] != '0':
msg = _('Failed to update password: %(resp)r') % locals()
LOG.error(msg, instance=self.instance)
raise NotImplementedError(msg)
sshkey = self.instance.get('key_data')
if sshkey:
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.metadata_to_dict(self.instance['system_metadata'])
sys_meta.update(password.convert_password(ctxt,
base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance['uuid'],
{'system_metadata': sys_meta})
return resp['message']
def clear(self, req, server_id):
"""Removes the encrypted server password from the metadata server
Note that this does not actually change the instance server
password.
"""
context = req.environ['nova.context']
authorize(context)
instance = common.get_instance(self.compute_api, context, server_id)
meta = password.convert_password(context, None)
db.instance_system_metadata_update(context, instance['uuid'],
meta, False)
def clear(self, req, server_id):
"""Removes the encrypted server password from the metadata server
Note that this does not actually change the instance server
password.
"""
context = req.environ['nova.context']
context.can(sp_policies.BASE_POLICY_NAME)
instance = common.get_instance(self.compute_api, context, server_id)
meta = password.convert_password(context, None)
instance.system_metadata.update(meta)
instance.save()
def clear(self, req, server_id):
"""Removes the encrypted server password from the metadata server
Note that this does not actually change the instance server
password.
"""
context = req.environ['nova.context']
authorize(context)
instance = common.get_instance(self.compute_api, context, server_id)
meta = password.convert_password(context, None)
db.instance_system_metadata_update(context, instance['uuid'], meta,
False)
def clear(self, req, server_id):
"""Removes the encrypted server password from the metadata server
Note that this does not actually change the instance server
password.
"""
context = req.environ["nova.context"]
authorize(context)
instance = common.get_instance(self.compute_api, context, server_id)
meta = password.convert_password(context, None)
instance.system_metadata.update(meta)
instance.save()
def clear(self, req, server_id):
"""Removes the encrypted server password from the metadata server
Note that this does not actually change the instance server
password.
"""
context = req.environ['nova.context']
context.can(sp_policies.BASE_POLICY_NAME)
instance = common.get_instance(self.compute_api, context, server_id)
meta = password.convert_password(context, None)
instance.system_metadata.update(meta)
instance.save()
def clear(self, req, server_id):
"""Removes the encrypted server password from the metadata server
Note that this does not actually change the instance server
password.
"""
context = req.environ['nova.context']
authorize(context)
instance = common.get_instance(self.compute_api, context, server_id,
want_objects=True)
meta = password.convert_password(context, None)
instance.system_metadata.update(meta)
instance.save()
