Exemplo n.º 1
0
Arquivo: agent.py Projeto: markmc/nova
 def _save_instance_password_if_sshkey_present(self, new_pass):
     sshkey = self.instance.get("key_data")
     if sshkey and sshkey.startswith("ssh-rsa"):
         ctxt = context.get_admin_context()
         enc = crypto.ssh_encrypt_text(sshkey, new_pass)
         self.instance.system_metadata.update(password.convert_password(ctxt, base64.b64encode(enc)))
         self.instance.save()
Exemplo n.º 2
0
 def delete(self, req, server_id):
     context = req.environ['nova.context']
     authorize(context)
     instance = self._get_instance(context, server_id)
     meta = password.convert_password(context, None)
     db.instance_system_metadata_update(context, instance['uuid'],
                                        meta, False)
Exemplo n.º 3
0
 def delete(self, req, server_id):
     context = req.environ['nova.context']
     authorize(context)
     instance = self._get_instance(context, server_id)
     meta = password.convert_password(context, None)
     instance.system_metadata.update(meta)
     instance.save()
Exemplo n.º 4
0
 def delete(self, req, server_id):
     context = req.environ['nova.context']
     authorize(context)
     instance = self._get_instance(context, server_id)
     meta = password.convert_password(context, None)
     instance.system_metadata.update(meta)
     instance.save()
Exemplo n.º 5
0
 def delete(self, req, server_id):
     context = req.environ['nova.context']
     authorize(context)
     instance = common.get_instance(self.compute_api, context, server_id,
                                    want_objects=True)
     meta = password.convert_password(context, None)
     instance.system_metadata.update(meta)
     instance.save()
Exemplo n.º 6
0
 def delete(self, req, server_id):
     context = req.environ['nova.context']
     authorize(context)
     instance = common.get_instance(self.compute_api, context, server_id,
                                    want_objects=True)
     meta = password.convert_password(context, None)
     instance.system_metadata.update(meta)
     instance.save()
Exemplo n.º 7
0
 def _save_instance_password_if_sshkey_present(self, new_pass):
     sshkey = self.instance.get("key_data")
     if sshkey and sshkey.startswith("ssh-rsa"):
         ctxt = context.get_admin_context()
         enc = crypto.ssh_encrypt_text(sshkey, new_pass)
         sys_meta = utils.instance_sys_meta(self.instance)
         sys_meta.update(password.convert_password(ctxt, base64.b64encode(enc)))
         self.virtapi.instance_update(ctxt, self.instance["uuid"], {"system_metadata": sys_meta})
Exemplo n.º 8
0
 def _save_instance_password_if_sshkey_present(self, new_pass):
     sshkey = self.instance.get('key_data')
     if sshkey and sshkey.startswith("ssh-rsa"):
         ctxt = context.get_admin_context()
         enc = crypto.ssh_encrypt_text(sshkey, new_pass)
         self.instance.system_metadata.update(
             password.convert_password(ctxt, base64.encode_as_text(enc)))
         self.instance.save()
Exemplo n.º 9
0
 def _save_instance_password_if_sshkey_present(self, new_pass):
     sshkey = self.instance.get('key_data')
     if sshkey and sshkey.startswith("ssh-rsa"):
         ctxt = context.get_admin_context()
         enc = crypto.ssh_encrypt_text(sshkey, new_pass)
         sys_meta = utils.instance_sys_meta(self.instance)
         sys_meta.update(
             password.convert_password(ctxt, base64.b64encode(enc)))
         self.virtapi.instance_update(ctxt, self.instance['uuid'],
                                      {'system_metadata': sys_meta})
Exemplo n.º 10
0
 def _save_instance_password_if_sshkey_present(self, new_pass):
     sshkey = self.instance.get('key_data')
     if sshkey:
         ctxt = context.get_admin_context()
         enc = crypto.ssh_encrypt_text(sshkey, new_pass)
         sys_meta = utils.instance_sys_meta(self.instance)
         sys_meta.update(password.convert_password(ctxt,
                                                   base64.b64encode(enc)))
         self.virtapi.instance_update(ctxt, self.instance['uuid'],
                                      {'system_metadata': sys_meta})
Exemplo n.º 11
0
    def set_admin_password(self, new_pass):
        """Set the root/admin password on the VM instance.

        This is done via an agent running on the VM. Communication between nova
        and the agent is done via writing xenstore records. Since communication
        is done over the XenAPI RPC calls, we need to encrypt the password.
        We're using a simple Diffie-Hellman class instead of a more advanced
        library (such as M2Crypto) for compatibility with the agent code.
        """
        LOG.debug(_('Setting admin password'), instance=self.instance)

        dh = SimpleDH()

        # Exchange keys
        args = {'pub': str(dh.get_public())}
        resp = _call_agent(
            self.session, self.instance, self.vm_ref, 'key_init', args)

        # Successful return code from key_init is 'D0'
        if resp['returncode'] != 'D0':
            msg = _('Failed to exchange keys: %(resp)r') % locals()
            LOG.error(msg, instance=self.instance)
            raise NotImplementedError(msg)

        # Some old versions of the Windows agent have a trailing \\r\\n
        # (ie CRLF escaped) for some reason. Strip that off.
        agent_pub = int(resp['message'].replace('\\r\\n', ''))
        dh.compute_shared(agent_pub)

        # Some old versions of Linux and Windows agent expect trailing \n
        # on password to work correctly.
        enc_pass = dh.encrypt(new_pass + '\n')

        # Send the encrypted password
        args = {'enc_pass': enc_pass}
        resp = _call_agent(
            self.session, self.instance, self.vm_ref, 'password', args)

        # Successful return code from password is '0'
        if resp['returncode'] != '0':
            msg = _('Failed to update password: %(resp)r') % locals()
            LOG.error(msg, instance=self.instance)
            raise NotImplementedError(msg)

        sshkey = self.instance.get('key_data')
        if sshkey:
            ctxt = context.get_admin_context()
            enc = crypto.ssh_encrypt_text(sshkey, new_pass)
            sys_meta = utils.metadata_to_dict(self.instance['system_metadata'])
            sys_meta.update(password.convert_password(ctxt,
                                                      base64.b64encode(enc)))
            self.virtapi.instance_update(ctxt, self.instance['uuid'],
                                         {'system_metadata': sys_meta})

        return resp['message']
Exemplo n.º 12
0
    def set_admin_password(self, new_pass):
        """Set the root/admin password on the VM instance.

        This is done via an agent running on the VM. Communication between nova
        and the agent is done via writing xenstore records. Since communication
        is done over the XenAPI RPC calls, we need to encrypt the password.
        We're using a simple Diffie-Hellman class instead of a more advanced
        library (such as M2Crypto) for compatibility with the agent code.
        """
        LOG.debug(_('Setting admin password'), instance=self.instance)

        dh = SimpleDH()

        # Exchange keys
        args = {'pub': str(dh.get_public())}
        resp = _call_agent(
            self.session, self.instance, self.vm_ref, 'key_init', args)

        # Successful return code from key_init is 'D0'
        if resp['returncode'] != 'D0':
            msg = _('Failed to exchange keys: %(resp)r') % locals()
            LOG.error(msg, instance=self.instance)
            raise NotImplementedError(msg)

        # Some old versions of the Windows agent have a trailing \\r\\n
        # (ie CRLF escaped) for some reason. Strip that off.
        agent_pub = int(resp['message'].replace('\\r\\n', ''))
        dh.compute_shared(agent_pub)

        # Some old versions of Linux and Windows agent expect trailing \n
        # on password to work correctly.
        enc_pass = dh.encrypt(new_pass + '\n')

        # Send the encrypted password
        args = {'enc_pass': enc_pass}
        resp = _call_agent(
            self.session, self.instance, self.vm_ref, 'password', args)

        # Successful return code from password is '0'
        if resp['returncode'] != '0':
            msg = _('Failed to update password: %(resp)r') % locals()
            LOG.error(msg, instance=self.instance)
            raise NotImplementedError(msg)

        sshkey = self.instance.get('key_data')
        if sshkey:
            ctxt = context.get_admin_context()
            enc = crypto.ssh_encrypt_text(sshkey, new_pass)
            sys_meta = utils.metadata_to_dict(self.instance['system_metadata'])
            sys_meta.update(password.convert_password(ctxt,
                                                      base64.b64encode(enc)))
            self.virtapi.instance_update(ctxt, self.instance['uuid'],
                                         {'system_metadata': sys_meta})

        return resp['message']
Exemplo n.º 13
0
    def clear(self, req, server_id):
        """Removes the encrypted server password from the metadata server

        Note that this does not actually change the instance server
        password.
        """

        context = req.environ['nova.context']
        authorize(context)
        instance = common.get_instance(self.compute_api, context, server_id)
        meta = password.convert_password(context, None)
        db.instance_system_metadata_update(context, instance['uuid'],
                                           meta, False)
Exemplo n.º 14
0
    def clear(self, req, server_id):
        """Removes the encrypted server password from the metadata server

        Note that this does not actually change the instance server
        password.
        """

        context = req.environ['nova.context']
        context.can(sp_policies.BASE_POLICY_NAME)
        instance = common.get_instance(self.compute_api, context, server_id)
        meta = password.convert_password(context, None)
        instance.system_metadata.update(meta)
        instance.save()
Exemplo n.º 15
0
    def clear(self, req, server_id):
        """Removes the encrypted server password from the metadata server

        Note that this does not actually change the instance server
        password.
        """

        context = req.environ['nova.context']
        authorize(context)
        instance = common.get_instance(self.compute_api, context, server_id)
        meta = password.convert_password(context, None)
        db.instance_system_metadata_update(context, instance['uuid'], meta,
                                           False)
Exemplo n.º 16
0
    def clear(self, req, server_id):
        """Removes the encrypted server password from the metadata server

        Note that this does not actually change the instance server
        password.
        """

        context = req.environ["nova.context"]
        authorize(context)
        instance = common.get_instance(self.compute_api, context, server_id)
        meta = password.convert_password(context, None)
        instance.system_metadata.update(meta)
        instance.save()
Exemplo n.º 17
0
    def clear(self, req, server_id):
        """Removes the encrypted server password from the metadata server

        Note that this does not actually change the instance server
        password.
        """

        context = req.environ['nova.context']
        context.can(sp_policies.BASE_POLICY_NAME)
        instance = common.get_instance(self.compute_api, context, server_id)
        meta = password.convert_password(context, None)
        instance.system_metadata.update(meta)
        instance.save()
Exemplo n.º 18
0
    def clear(self, req, server_id):
        """Removes the encrypted server password from the metadata server

        Note that this does not actually change the instance server
        password.
        """

        context = req.environ['nova.context']
        authorize(context)
        instance = common.get_instance(self.compute_api, context, server_id,
                                       want_objects=True)
        meta = password.convert_password(context, None)
        instance.system_metadata.update(meta)
        instance.save()