Hide Forgot
Description of problem: I've just coerced a guest to build and launch on vSphere. No ssh keypair is present, and I was able to ssh in as root with the default 'ozrootpw' password. In theory the user can override this in the template, but if they don't, minting VM images with a predictable root password will be a security risk. Version-Release number of selected component (if applicable): imagefactory-0.2.2-1.el6.noarch How reproducible: 100% Expected results: Guests are not launched with a publicly-known root password.
So the thing is that Oz already has the ability to set the root password at build time, via the <rootpw> tag (see the RelaxNG schema for the right placement). I'm thinking that we should "enforce" this tag at the imagefactory level by not accepting builds unless they have this tag set. That will at least make sure that builds coming from the factory aren't insecure by default. Chris Lalancette
sounds like a doc issue for beta release notes
making sure all the bugs are at the right version for future queries
https://www.aeolusproject.org/redmine/issues/2447
Created attachment 532113 [details] ss - blank passwd screen shot of blank passwd in template description. I'm assuming that is ok [root@qeblade30 ~]# rpm -qa | grep imagefactory rubygem-imagefactory-console-0.5.0-4.20110824113238gitd9debef.el6.noarch imagefactory-jeosconf-ec2-rhel-0.8.0-1.el6.noarch imagefactory-jeosconf-ec2-fedora-0.8.0-1.el6.noarch imagefactory-0.8.0-1.el6.noarch [root@qeblade30 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0588.html