def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get("key_data")
if sshkey and sshkey.startswith("ssh-rsa"):
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
self.instance.system_metadata.update(password.convert_password(ctxt, base64.b64encode(enc)))
self.instance.save()
def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get("key_data")
if sshkey and sshkey.startswith("ssh-rsa"):
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.instance_sys_meta(self.instance)
sys_meta.update(password.convert_password(ctxt, base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance["uuid"], {"system_metadata": sys_meta})
def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get('key_data')
if sshkey and sshkey.startswith("ssh-rsa"):
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
self.instance.system_metadata.update(
password.convert_password(ctxt, base64.b64encode(enc)))
self.instance.save()
def _test_ssh_encrypt_decrypt_text(self, key):
enc = crypto.ssh_encrypt_text(self.pubkey, self.text)
self.assertIsInstance(enc, bytes)
# Comparison between bytes and str raises a TypeError
# when using python3 -bb
result = self._ssh_decrypt_text(self.prikey, enc)
self.assertIsInstance(result, bytes)
result = result.decode('utf-8')
self.assertEqual(result, self.text)
def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get('key_data')
if sshkey and sshkey.startswith("ssh-rsa"):
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.instance_sys_meta(self.instance)
sys_meta.update(
password.convert_password(ctxt, base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance['uuid'],
{'system_metadata': sys_meta})
def _save_instance_password_if_sshkey_present(self, new_pass):
sshkey = self.instance.get('key_data')
if sshkey:
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.instance_sys_meta(self.instance)
sys_meta.update(password.convert_password(ctxt,
base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance['uuid'],
{'system_metadata': sys_meta})
def set_admin_password(self, new_pass):
"""Set the root/admin password on the VM instance.
This is done via an agent running on the VM. Communication between nova
and the agent is done via writing xenstore records. Since communication
is done over the XenAPI RPC calls, we need to encrypt the password.
We're using a simple Diffie-Hellman class instead of a more advanced
library (such as M2Crypto) for compatibility with the agent code.
"""
LOG.debug(_('Setting admin password'), instance=self.instance)
dh = SimpleDH()
# Exchange keys
args = {'pub': str(dh.get_public())}
resp = _call_agent(
self.session, self.instance, self.vm_ref, 'key_init', args)
# Successful return code from key_init is 'D0'
if resp['returncode'] != 'D0':
msg = _('Failed to exchange keys: %(resp)r') % locals()
LOG.error(msg, instance=self.instance)
raise NotImplementedError(msg)
# Some old versions of the Windows agent have a trailing \\r\\n
# (ie CRLF escaped) for some reason. Strip that off.
agent_pub = int(resp['message'].replace('\\r\\n', ''))
dh.compute_shared(agent_pub)
# Some old versions of Linux and Windows agent expect trailing \n
# on password to work correctly.
enc_pass = dh.encrypt(new_pass + '\n')
# Send the encrypted password
args = {'enc_pass': enc_pass}
resp = _call_agent(
self.session, self.instance, self.vm_ref, 'password', args)
# Successful return code from password is '0'
if resp['returncode'] != '0':
msg = _('Failed to update password: %(resp)r') % locals()
LOG.error(msg, instance=self.instance)
raise NotImplementedError(msg)
sshkey = self.instance.get('key_data')
if sshkey:
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.metadata_to_dict(self.instance['system_metadata'])
sys_meta.update(password.convert_password(ctxt,
base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance['uuid'],
{'system_metadata': sys_meta})
return resp['message']
def set_admin_password(self, new_pass):
"""Set the root/admin password on the VM instance.
This is done via an agent running on the VM. Communication between nova
and the agent is done via writing xenstore records. Since communication
is done over the XenAPI RPC calls, we need to encrypt the password.
We're using a simple Diffie-Hellman class instead of a more advanced
library (such as M2Crypto) for compatibility with the agent code.
"""
LOG.debug(_('Setting admin password'), instance=self.instance)
dh = SimpleDH()
# Exchange keys
args = {'pub': str(dh.get_public())}
resp = _call_agent(
self.session, self.instance, self.vm_ref, 'key_init', args)
# Successful return code from key_init is 'D0'
if resp['returncode'] != 'D0':
msg = _('Failed to exchange keys: %(resp)r') % locals()
LOG.error(msg, instance=self.instance)
raise NotImplementedError(msg)
# Some old versions of the Windows agent have a trailing \\r\\n
# (ie CRLF escaped) for some reason. Strip that off.
agent_pub = int(resp['message'].replace('\\r\\n', ''))
dh.compute_shared(agent_pub)
# Some old versions of Linux and Windows agent expect trailing \n
# on password to work correctly.
enc_pass = dh.encrypt(new_pass + '\n')
# Send the encrypted password
args = {'enc_pass': enc_pass}
resp = _call_agent(
self.session, self.instance, self.vm_ref, 'password', args)
# Successful return code from password is '0'
if resp['returncode'] != '0':
msg = _('Failed to update password: %(resp)r') % locals()
LOG.error(msg, instance=self.instance)
raise NotImplementedError(msg)
sshkey = self.instance.get('key_data')
if sshkey:
ctxt = context.get_admin_context()
enc = crypto.ssh_encrypt_text(sshkey, new_pass)
sys_meta = utils.metadata_to_dict(self.instance['system_metadata'])
sys_meta.update(password.convert_password(ctxt,
base64.b64encode(enc)))
self.virtapi.instance_update(ctxt, self.instance['uuid'],
{'system_metadata': sys_meta})
return resp['message']
def _test_ssh_encrypt_decrypt_text(self, key):
enc = crypto.ssh_encrypt_text(self.pubkey, self.text)
self.assertIsInstance(enc, bytes)
# Comparison between bytes and str raises a TypeError
# when using python3 -bb
if six.PY2:
self.assertNotEqual(enc, self.text)
result = self._ssh_decrypt_text(self.prikey, enc)
self.assertIsInstance(result, bytes)
if six.PY3:
result = result.decode('utf-8')
self.assertEqual(result, self.text)
def test_ssh_encrypt_decrypt_text(self):
enc = crypto.ssh_encrypt_text(self.pubkey, self.text)
self.assertNotEqual(enc, self.text)
result = self._ssh_decrypt_text(self.prikey, enc)
self.assertEqual(result, self.text)
def test_ssh_encrypt_decrypt_text(self):
enc = crypto.ssh_encrypt_text(self.pubkey, self.text)
self.assertNotEqual(enc, self.text)
result = self._ssh_decrypt_text(self.prikey, enc)
self.assertEqual(result, self.text)
