Bug 1331858
Summary: | [RFE] Allow user to enable ssh access for RHEV-M appliance during hosted-engine deploy | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Marina Kalinin <mkalinin> |
Component: | ovirt-hosted-engine-setup | Assignee: | Simone Tiraboschi <stirabos> |
Status: | CLOSED ERRATA | QA Contact: | Nikolai Sednev <nsednev> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 4.0.0 | CC: | bgraveno, bugs, eedri, jbelka, lsurette, mkalinin, mwest, rbalakri, rhev-integ, sbendavi, srevivo, stirabos, ykaul, ylavi |
Target Milestone: | ovirt-4.1.0-alpha | Keywords: | FutureFeature, Triaged |
Target Release: | --- | Flags: | gklein:
testing_plan_complete+
|
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: |
This update allows you to enable SSH access for the Manager virtual machine when deploying the self-hosted engine. You can choose between yes, no and without-password. You can also pass a public SSH key for the root user during deployment.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-04-25 00:50:13 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1412024 |
Description
Marina Kalinin
2016-04-29 20:32:46 UTC
P.S. I think this RFE should be filed on the d/s project. But following the current workflow. IMO the question should be (based on an installer of a project who maintains OpenSSH): ~~~ Allow root ssh login? (yes, no, prohibit-password) no ~~~ When prohibit-password would be intered, then we could ask for public ssh key. There could be also a line like this one to describe what's going on: ~~~ echo "WARNING: root is targeted by password guessing attacks, pubkeys are safer." ~~~ Sure. Not sure about warnings. I think we are overdoing here. All RHEV-M deployments have root access by default (as any other RHEL box). *** Bug 1382581 has been marked as a duplicate of this bug. *** Why are the scripts removing the patch? Shlomi, can you check? new hooks were deployed recently, so there might be a bug in the new code. (In reply to Eyal Edri from comment #7) > Shlomi, can you check? > new hooks were deployed recently, so there might be a bug in the new code. Any news? Should this be on QA? Works for me on components as appears bellow: Enter ssh public key for the root user that will be used for the engine appliance (leave it empty to skip): [WARNING] Skipping appliance root ssh public key Do you want to enable ssh access for the root user (yes, no, without-password) [yes]: Hosts: rhevm-appliance-20161214.0-1.el7ev.noarch ovirt-hosted-engine-ha-2.1.0-1.el7ev.noarch ovirt-host-deploy-1.6.0-1.el7ev.noarch ovirt-imageio-common-0.5.0-0.el7ev.noarch ovirt-vmconsole-host-1.0.4-1.el7ev.noarch qemu-kvm-rhev-2.6.0-28.el7_3.3.x86_64 libvirt-client-2.0.0-10.el7_3.4.x86_64 mom-0.5.8-1.el7ev.noarch vdsm-4.19.2-2.el7ev.x86_64 ovirt-hosted-engine-setup-2.1.0-2.el7ev.noarch ovirt-setup-lib-1.1.0-1.el7ev.noarch ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch ovirt-imageio-daemon-0.5.0-0.el7ev.noarch ovirt-vmconsole-1.0.4-1.el7ev.noarch rhevm-appliance-20161214.0-1.el7ev.noarch sanlock-3.4.0-1.el7.x86_64 Linux version 3.10.0-514.6.1.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Sat Dec 10 11:15:38 EST 2016 Linux 3.10.0-514.6.1.el7.x86_64 #1 SMP Sat Dec 10 11:15:38 EST 2016 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise Linux Server release 7.3 (Maipo) |