Bug 1194493

Summary: [RFE]Best practice change password of root schedule 90 days and have option to input the password or random it
Product: Red Hat Satellite Reporter: Mario Gamboa <mario.gamboa>
Component: Remote ExecutionAssignee: Katello Bug Bin <katello-bugs>
Status: CLOSED ERRATA QA Contact: Stephen Benjamin <stbenjam>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: bbuckingham, bkearney, cwelton, mhulan, mmccune, stbenjam, xdmoon
Target Milestone: UnspecifiedKeywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-27 09:13:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 260381, 1052273    

Description Mario Gamboa 2015-02-20 00:29:08 UTC 
Description of problem:
To archive the PCI DSS we need to schedule the change of the password of the user root each 90 days at this moment we doing via script but would be great if in satellite 6 we can send the change of password via host collections as task and also that the task can give us the option to input a new password for all the servers or make random password for the server in case of random password have the ability to send back from the server a email specify in this task and also get the notification in openscan for the next release of Satellite 6 this must be 1 of the good feature to get the standard in pci dss.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
No option to change root password scheduled in host collections or send this kind of task

Expected results:
Have some option to change the password or automatic assing new password to the server via schedule task.

Additional info:
Comment 1 RHEL Program Management 2015-02-20 00:59:45 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 3 Mike McCune 2015-02-20 16:08:15 UTC 
This would be well served if our remote management had the ability to arbitrarily execute scripts against the managed hosts.

You can do this currently with Satellite 5 and we need this in Satellite 6.
Comment 4 Mario Gamboa 2015-02-23 04:06:07 UTC 
yes that's correct we can do this at the moment on Satellite 5 but to move forwared to Satellite 6 we need this feature also , thank you mike for you comment
Comment 6 Marek Hulan 2016-02-16 14:25:41 UTC 
With remote execution plugin one can define job template with optional user input for specifying a password and second one for specifying email address to which the result should be sent. The template would generate random password (on target host) or use the one specified through input (would be saved in clear text in DB though).
Comment 8 Mario Gamboa 2016-02-28 08:27:10 UTC 
That's correct marek with remote-execute command i can send a echo with the ecrypted password for change the root and schedule every 90 day that resolve the issue but redhat is taking so much time to deliver this plugin that is already in katello and now our company is using that instead of satellite because the time of response for a simple solution that is already in your open source take some much time almost a year that's ridiculous, and we know redhat doesn't care of the customer because always is the same history with you products , opensource quick response and quick fix redhat only is quick fix and response when is a security bug but after that any new feature already in opensource taking you 1 or 2 years to have it at that time for the company is no compensate the current cost of license with the current customer service we get 

i don't blame you but is the true i would like someone from the top make a change and deliver to the customer the expectations that we are paying because you product is no free at all 

This issue we already fixed , move in to katello instead to use satellite for more that 1 year is funny you write until now because i know you are planing release 6.2 together with 1.11 foreman
Comment 9 Marek Hulan 2016-03-02 09:38:14 UTC 
I'm sorry you feel it this way. All I can say is that me and all other folks working on remote execution plugin are Red Hatters so therefore I'd say Red Hat came with the open source solution thus I think Red Hat cares about the customer.

It's true that the plugin exists for a while, the first instalable version 0.0.1 was released on 14 Aug 2015 ~ 7 months ago. And I'm very happy that Red Hat stabilizes it first because, frankly, first versions of remote execution were simply not production ready.

Thanks for the feedback about the release frequency, maybe we can consider making releases more often.
Comment 10 Stephen Benjamin 2016-03-24 19:09:12 UTC 
Verified.

This will work with remote execution, you need only provide your script to Satellite and schedule it on the time basis you want (e.g. every 90 days).  As you can write the script in any language, you can generate the password randomly if you wish.

Additionally, remote execution jobs can take inputs, so you can also make the job take an input for the new root password.

Thanks for the RFE.
Comment 13 errata-xmlrpc 2016-07-27 09:13:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501