Bug 1331858
| Summary: | [RFE] Allow user to enable ssh access for RHEV-M appliance during hosted-engine deploy | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Marina Kalinin <mkalinin> |
| Component: | ovirt-hosted-engine-setup | Assignee: | Simone Tiraboschi <stirabos> |
| Status: | CLOSED ERRATA | QA Contact: | Nikolai Sednev <nsednev> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.0.0 | CC: | bgraveno, bugs, eedri, jbelka, lsurette, mkalinin, mwest, rbalakri, rhev-integ, sbendavi, srevivo, stirabos, ykaul, ylavi |
| Target Milestone: | ovirt-4.1.0-alpha | Keywords: | FutureFeature, Triaged |
| Target Release: | --- | Flags: | gklein:
testing_plan_complete+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: |
This update allows you to enable SSH access for the Manager virtual machine when deploying the self-hosted engine. You can choose between yes, no and without-password. You can also pass a public SSH key for the root user during deployment.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-04-25 00:50:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1412024 | ||
|
Description
Marina Kalinin
2016-04-29 20:32:46 UTC
P.S. I think this RFE should be filed on the d/s project. But following the current workflow. IMO the question should be (based on an installer of a project who maintains OpenSSH): ~~~ Allow root ssh login? (yes, no, prohibit-password) no ~~~ When prohibit-password would be intered, then we could ask for public ssh key. There could be also a line like this one to describe what's going on:
~~~
echo "WARNING: root is targeted by password guessing attacks, pubkeys are safer."
~~~
Sure. Not sure about warnings. I think we are overdoing here. All RHEV-M deployments have root access by default (as any other RHEL box). *** Bug 1382581 has been marked as a duplicate of this bug. *** Why are the scripts removing the patch? Shlomi, can you check? new hooks were deployed recently, so there might be a bug in the new code. (In reply to Eyal Edri from comment #7) > Shlomi, can you check? > new hooks were deployed recently, so there might be a bug in the new code. Any news? Should this be on QA? Works for me on components as appears bellow:
Enter ssh public key for the root user that will be used for the engine appliance (leave it empty to skip):
[WARNING] Skipping appliance root ssh public key
Do you want to enable ssh access for the root user (yes, no, without-password) [yes]:
Hosts:
rhevm-appliance-20161214.0-1.el7ev.noarch
ovirt-hosted-engine-ha-2.1.0-1.el7ev.noarch
ovirt-host-deploy-1.6.0-1.el7ev.noarch
ovirt-imageio-common-0.5.0-0.el7ev.noarch
ovirt-vmconsole-host-1.0.4-1.el7ev.noarch
qemu-kvm-rhev-2.6.0-28.el7_3.3.x86_64
libvirt-client-2.0.0-10.el7_3.4.x86_64
mom-0.5.8-1.el7ev.noarch
vdsm-4.19.2-2.el7ev.x86_64
ovirt-hosted-engine-setup-2.1.0-2.el7ev.noarch
ovirt-setup-lib-1.1.0-1.el7ev.noarch
ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch
ovirt-imageio-daemon-0.5.0-0.el7ev.noarch
ovirt-vmconsole-1.0.4-1.el7ev.noarch
rhevm-appliance-20161214.0-1.el7ev.noarch
sanlock-3.4.0-1.el7.x86_64
Linux version 3.10.0-514.6.1.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Sat Dec 10 11:15:38 EST 2016
Linux 3.10.0-514.6.1.el7.x86_64 #1 SMP Sat Dec 10 11:15:38 EST 2016 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.3 (Maipo)
|