Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1331858 - [RFE] Allow user to enable ssh access for RHEV-M appliance during hosted-engine deploy
[RFE] Allow user to enable ssh access for RHEV-M appliance during hosted-engi...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-setup (Show other bugs)
4.0.0
Unspecified Unspecified
high Severity medium
: ovirt-4.1.0-alpha
: ---
Assigned To: Simone Tiraboschi
Nikolai Sednev
: FutureFeature, Triaged
: 1382581 (view as bug list)
Depends On:
Blocks: 1412024
  Show dependency treegraph
 
Reported: 2016-04-29 16:32 EDT by Marina
Modified: 2017-05-11 05:25 EDT (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
This update allows you to enable SSH access for the Manager virtual machine when deploying the self-hosted engine. You can choose between yes, no and without-password. You can also pass a public SSH key for the root user during deployment.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-04-24 20:50:13 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Integration
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
gklein: testing_plan_complete+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2262201 None None None 2016-05-18 14:08 EDT
Red Hat Product Errata RHEA-2017:1002 normal SHIPPED_LIVE ovirt-hosted-engine-setup bug fix and enhancement update 2017-04-18 16:14:37 EDT

  None (edit)
Description Marina 2016-04-29 16:32:46 EDT 
Currently, RHEV-M appliance provided d/s does not have root ssh access enabled due to security reasons. It is quite inconvenient and requires additional steps from the user[1]. Hosted-engine setup should ask the user during hosted-engine deployment to enable ssh access for RHEV-M appliance.

[1] https://access.redhat.com/solutions/2262201
Comment 1 Marina 2016-04-29 16:33:02 EDT 
P.S. I think this RFE should be filed on the d/s project. But following the current workflow.
Comment 2 Jiri Belka 2016-06-16 06:19:33 EDT 
IMO the question should be (based on an installer of a project who maintains OpenSSH):

~~~
Allow root ssh login? (yes, no, prohibit-password) no
~~~

When prohibit-password would be intered, then we could ask for public ssh key.
Comment 3 Jiri Belka 2016-06-16 06:20:48 EDT 
There could be also a line like this one to describe what's going on:

~~~
        echo "WARNING: root is targeted by password guessing attacks, pubkeys are safer."
~~~
Comment 4 Marina 2016-06-17 16:32:28 EDT 
Sure. 
Not sure about warnings. I think we are overdoing here.
All RHEV-M deployments have root access by default (as any other RHEL box).
Comment 5 Simone Tiraboschi 2016-10-10 06:00:12 EDT 
*** Bug 1382581 has been marked as a duplicate of this bug. ***
Comment 6 Yaniv Lavi 2016-11-07 08:09:22 EST 
Why are the scripts removing the patch?
Comment 7 Eyal Edri 2016-11-07 08:16:52 EST 
Shlomi, can you check? 
new hooks were deployed recently, so there might be a bug in the new code.
Comment 12 Yaniv Lavi 2016-11-20 07:47:21 EST 
(In reply to Eyal Edri from comment #7)
> Shlomi, can you check? 
> new hooks were deployed recently, so there might be a bug in the new code.

Any news?
Comment 13 Yaniv Lavi 2017-01-08 10:27:29 EST 
Should this be on QA?
Comment 14 Nikolai Sednev 2017-01-23 10:38:27 EST 
Works for me on components as appears bellow:
         Enter ssh public key for the root user that will be used for the engine appliance (leave it empty to skip): 
[WARNING] Skipping appliance root ssh public key
          Do you want to enable ssh access for the root user (yes, no, without-password) [yes]: 

Hosts:
rhevm-appliance-20161214.0-1.el7ev.noarch
ovirt-hosted-engine-ha-2.1.0-1.el7ev.noarch
ovirt-host-deploy-1.6.0-1.el7ev.noarch
ovirt-imageio-common-0.5.0-0.el7ev.noarch
ovirt-vmconsole-host-1.0.4-1.el7ev.noarch
qemu-kvm-rhev-2.6.0-28.el7_3.3.x86_64
libvirt-client-2.0.0-10.el7_3.4.x86_64
mom-0.5.8-1.el7ev.noarch
vdsm-4.19.2-2.el7ev.x86_64
ovirt-hosted-engine-setup-2.1.0-2.el7ev.noarch
ovirt-setup-lib-1.1.0-1.el7ev.noarch
ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch
ovirt-imageio-daemon-0.5.0-0.el7ev.noarch
ovirt-vmconsole-1.0.4-1.el7ev.noarch
rhevm-appliance-20161214.0-1.el7ev.noarch
sanlock-3.4.0-1.el7.x86_64
Linux version 3.10.0-514.6.1.el7.x86_64 (mockbuild@x86-030.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Sat Dec 10 11:15:38 EST 2016
Linux 3.10.0-514.6.1.el7.x86_64 #1 SMP Sat Dec 10 11:15:38 EST 2016 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.3 (Maipo)
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.