You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by "Radhika Nair (JIRA)" <ji...@apache.org> on 2013/02/18 08:35:12 UTC

[jira] [Comment Edited] (CLOUDSTACK-991) system.vm.password property is visible under global configuration when categorized as 'Secure'

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13568679#comment-13568679 ] 

Radhika Nair edited comment on CLOUDSTACK-991 at 2/18/13 7:33 AM:
------------------------------------------------------------------

Planning to add the following note under the section Working with System Virtual Machines:

You can configure the systm.vm.random.password parameter to create a random system VM password for higher security. If the value for systm.vm.random.password is set to true and restart the
Management Server, a random password is generated and stored encrypted in the database. You can view the encrypted password under the system.vm.password global parameter.
                
      was (Author: radhikap):
    Planning to add the following note under the section Working with System Virtual Machines:

You can configure the systm.vm.random.password parameter to create a random system VM password for higher security. If the value for systm.vm.random.password is set to true and restart the
Management Server, a random password is generated and stored encrypted in the database. You can view the encrypted password under the system.vm.password global parameter.
                  
> system.vm.password property is visible under global configuration when categorized as 'Secure'
> ----------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-991
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-991
>             Project: CloudStack
>          Issue Type: Task
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Doc
>    Affects Versions: 4.1.0
>            Reporter: Ram Ganesh
>            Assignee: Radhika Nair
>            Priority: Minor
>              Labels: documentation
>             Fix For: 4.1.0
>
>
> -----Original Message-----
> From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com] 
> Sent: 17 January 2013 00:11
> To: CloudStack DeveloperList; Chip Childers
> Cc: Kishan Kavala; Rajesh Battala; Chiradeep Vittal; Rohit Yadav
> Subject: Re: Review Request: CLOUDSTACK-822 system.vm.password is not encrypted
> This also needs to be documented. Can you raise a documentation issue?
> What about the upgrade from 4.0 case? Are we encrypting previously
> unencrypted passwords?
> On 1/16/13 10:05 AM, "Saksham Srivastava" <sa...@citrix.com>
> wrote:
> >As Kishan pointed out on the review board , changing the category to
> >"Secure" will be a way out.
> >Secure configurations are listed whenever admin will execute
> >listConfiguration API , unlike Hidden configurations which do not get
> >listed.
> >If however the password is not encrypted, a management server restart
> >might fail whenever system.vm.random.password is set to true as CS will
> >try to decrypt system.vm.password .
> >
> >Thanks,
> >Saksham
> >
> >-----Original Message-----
> >From: Chip Childers [mailto:chip.childers@sungard.com]
> >Sent: Wednesday, January 16, 2013 8:23 PM
> >To: cloudstack-dev@incubator.apache.org
> >Cc: Saksham Srivastava; Kishan Kavala; Rajesh Battala; Chiradeep Vittal;
> >Rohit Yadav
> >Subject: Re: Review Request: CLOUDSTACK-822 system.vm.password is not
> >encrypted
> >
> >Can we get an answer to Chiradeep's question below before this is
> >committed?
> >
> >On Thu, Jan 10, 2013 at 1:49 PM, Chiradeep Vittal
> ><Ch...@citrix.com> wrote:
> >> The question around how the cloud admin can log in to the system vm
> >> without visibility into the actual password needs to be resolved. Can
> >> the UI display the unencrypted password whenever the console is viewed?
> >>
> >> On 1/10/13 4:40 AM, "Saksham Srivastava"
> >> <sa...@citrix.com>
> >> wrote:
> >>
> >>>
> >>>-----------------------------------------------------------
> >>>This is an automatically generated e-mail. To reply, visit:
> >>>https://reviews.apache.org/r/8859/
> >>>-----------------------------------------------------------
> >>>
> >>>(Updated Jan. 10, 2013, 12:40 p.m.)
> >>>
> >>>
> >>>Review request for cloudstack and Kishan Kavala.
> >>>
> >>>
> >>>Changes
> >>>-------
> >>>
> >>>Changing the category to "Secure" instead of "Hidden" and Encrypting
> >>>the password.
> >>>
> >>>
> >>>Description
> >>>-------
> >>>
> >>>Parameter 'system.vm.password' is not encrypted. Need to encrypt it.
> >>>
> >>>
> >>>This addresses bug CLOUDSTACK-822.
> >>>
> >>>
> >>>Diffs (updated)
> >>>-----
> >>>
> >>>  server/src/com/cloud/server/ConfigurationServerImpl.java b25c63f
> >>>
> >>>Diff: https://reviews.apache.org/r/8859/diff/
> >>>
> >>>
> >>>Testing
> >>>-------
> >>>
> >>>Tested Locally.
> >>>
> >>>
> >>>Thanks,
> >>>
> >>>saksham srivastava
> >>>
> >>
> >>

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira