You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/11/12 06:34:49 UTC

[GitHub] [cloudstack] weizhouapache opened a new pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

weizhouapache opened a new pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681


   ### Description
   
   This PR provides a new option to add kvm host. 
   
   It have the following changes
   (1) Add kvm host with private key (both API and UI changes)
   (2) cancel host maitenance by ssh to host using private key
   (3) update host with new private key (API changes)
   
   (4) UI: add new dialog to update host password
   
   (5) bug fix: cannot update host password on ubuntu 20.04
   (6) bug fix: new password is always applied on host when update host password
   
   
   ### Types of changes
   
   - [ ] Breaking change (fix or feature that would cause existing functionality to change)
   - [ ] New feature (non-breaking change which adds functionality)
   - [ ] Bug fix (non-breaking change which fixes an issue)
   - [x] Enhancement (improves an existing feature and functionality)
   - [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
   
   ### Feature/Enhancement Scale or Bug Severity
   
   #### Feature/Enhancement Scale
   
   - [ ] Major
   - [x] Minor
   
   
   ### Screenshots (if appropriate):
   
   
   ### How Has This Been Tested?
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681#issuecomment-966867975


   > Thanks @weizhouapache for submitting, left one remark. The idea was primarily that people don't want to share credentials with CloudStack (either passwords or pub/priv key)
   
   @rhtyd 
   we need to figure out which username and private key file will be used. 
   root user and /var/lib/cloudstack/management/.ssh/id_rsa ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681#issuecomment-966878507


   > @weizhouapache Yes I think it should be management server's cloud user ssh key which is stored in the database too. We may show like a UI form to tell admin the public ssh key which they can copy to authorized_keys file of kvm host for the root user. This is generally the practice I think, we can ask community for feedback @wido @GabrielBrascher @DaanHoogland @mlsorensen @kiwiflyer @nvazquez @pdion891 @svenvogel et al.
   > 
   > Alternatively, we can display steps in the UI for the admin to run specific shell or run cloudStack-setup-agent commands to allow for out of band adding of hosts (manually for admin who are very security-risk averse)
   
   @rhtyd 
   let's leave the option to users. 
   They can decide whether they want to sync /var/lib/cloudstack/management/.ssh/id_rsa.pub to kvm hosts (it is also saved in cloudstack DB).
   
   I will create another PR, it will be easier.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache closed pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

Posted by GitBox <gi...@apache.org>.

weizhouapache closed pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache edited a comment on pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

Posted by GitBox <gi...@apache.org>.

weizhouapache edited a comment on pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681#issuecomment-966868718


   this is not same as what Rohit proposed.
   closing this pr then.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681#issuecomment-966868718


   this is not same as what Rohit purposed.
   closing this pr then.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd commented on a change in pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

Posted by GitBox <gi...@apache.org>.

rhtyd commented on a change in pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681#discussion_r748010960



##########
File path: api/src/main/java/org/apache/cloudstack/api/command/admin/host/AddHostCmd.java
##########
@@ -60,6 +60,9 @@
     @Parameter(name = ApiConstants.PASSWORD, type = CommandType.STRING, description = "the password for the host; required to be passed for hypervisors other than VMWare")
     private String password;
 
+    @Parameter(name = ApiConstants.PRIVATE_KEY, type = CommandType.STRING, description = "the private key for the host; support KVM only.", length = 16384)
+    private String privateKey;

Review comment:
       No this beats the purpose, we should assume that admin will setup and sync mgmt server ssh key for the cloud user across hosts. 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd commented on pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

Posted by GitBox <gi...@apache.org>.

rhtyd commented on pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681#issuecomment-966862460


   Thanks @weizhouapache for submitting, left one remark. The idea was primarily that people don't want to share credentials with CloudStack (either passwords or pub/priv key) 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd commented on pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

Posted by GitBox <gi...@apache.org>.

rhtyd commented on pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681#issuecomment-966870403


   @weizhouapache Yes I think it should be management server's cloud user ssh key which is stored in the database too. We may show like a UI form to tell admin the public ssh key which they can copy to authorized_keys file of kvm host for the root user. This is generally the practice I think, we can ask community for feedback @wido @GabrielBrascher @DaanHoogland @mlsorensen @kiwiflyer @nvazquez @pdion891 @svenvogel et al.
   
   Alternatively, we can display steps in the UI for the admin to run specific shell or run cloudStack-setup-agent commands to allow for out of band adding of hosts (manually for admin who are very security-risk averse) 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on pull request #5681: CCC21 hackathon: Manage kvm hosts with private key

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on pull request #5681:
URL: https://github.com/apache/cloudstack/pull/5681#issuecomment-966860739


   @blueorangutan package


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org