Description of problem: 1. The default ssh option is disable after TUI install RHEV-H, if user set password for adding node through RHEV-M UI in RHEV-M page, the ssh will be enabled in security page. But after reboot, the option "Enable ssh password authentication" will be disabled. 2. If user enable ssh option in secutity page directly, after reboot, the ssh state is unchanged(still enable). Version-Release number of selected component (if applicable): rhev-hypervisor6-6.4-20130116.3.0.el6 How reproducible: 100% Steps to Reproduce: 1. TUI Install RHEV-H and config network. 2. Set password for adding node through RHEV-M UI in RHEV-M page, 3. Reboot RHEV-H. 4. Focus on Security page and check ssh status. Actual results: "Enable ssh password authentication" option will be reset after reboot if user set password for adding node through RHEV-M UI. Expected results: SSH can be enabled after reboot if user set password for adding node through RHEV-M UI in RHEV-M page, Additional info:
Upstream patch: http://gerrit.ovirt.org/#/c/12300/
Hi Fabiand, The RHEVM UI has been removed from RHEV-H 6.5 base image, so I can't verify this bug. But I have checked the path and noticed that the sshd config is persisted now. I think the bug should be fixed. So could you help to move the bug component to RHEVM? Thanks!
Chen, sure!
What should be the version to verify this BZ? I tried with 'ed Hat Enterprise Virtualization Hypervisor release 6.5 (20131011.0.el6)' and sshd is (still) enabled after reboot if I added password in oVirt engine submenu in TUI.
(In reply to Jiri Belka from comment #12) > What should be the version to verify this BZ? I tried with 'ed Hat > Enterprise Virtualization Hypervisor release 6.5 (20131011.0.el6)' and sshd > is (still) enabled after reboot if I added password in oVirt engine submenu > in TUI. This is correct behavior. rhev-hypervisor6-6.5-20131106.0.el6ev [1] is last iso available which includes the Mike's patch. However, looks like the original report is about setting the password on oVirt engine menu and back to Security menu it shows ssh checkbox disabled even when enabled. Here the steps: -------------------- - Setup Network by Network tab - Set password on oVirt Engine tab for adding node through oVirt Engine * At this moment, ssh will be enabled Back to Security menu and the item "Enable SSH password authentication" checkbox is disabled. If you reboot the RHEV-H it will keep the ssh enabled but on security menu it will keep disabled. Fabian, on ovirt-node-plugin-vdsm we are using the below code, anything we need to call specifically by node API to make security tab be updated or is it something on security_page? <snip> passwd = utils.security.Passwd() passwd.set_password("root", self.password) sshd = utils.security.Ssh() sshd.password_authentication(True) sshd.restart() </snip> I have verified, it changes PasswordAuthentication in /etc/ssh/sshd_config
(In reply to Douglas Schilling Landgraf from comment #14) > Fabian, on ovirt-node-plugin-vdsm we are using the below code, anything we > need to call specifically by node API to make security tab be updated or is > it something on security_page? > > <snip> > passwd = utils.security.Passwd() > passwd.set_password("root", self.password) > > sshd = utils.security.Ssh() > sshd.password_authentication(True) > sshd.restart() > </snip> > > I have verified, it changes PasswordAuthentication in /etc/ssh/sshd_config Hey Douglas, the problem here is that the TUI uses the /etc/default/ovirt file to determin if pwauth is enabled or not. The vdsm plugin is currently "bypassing" this, because that file is not updated, and thus the TUI is unaware that pwauth is used. Does this make the cause clearer? The classes in ovirt.node.config.defaults.* can be used to configure the aspects of ovirt-node, this classes also take care that the correct files are persisted and the ovirt node configuration file is uddated, so please use a snippet like: sshcfg = defaults.SSH() sshcfg.update(pwauth=True) sshcfg.commit() This will enable SSH password authentication, persist the files and update the node config file. In general, it should solves this bug.
(In reply to Fabian Deutsch from comment #15) > (In reply to Douglas Schilling Landgraf from comment #14) > > Fabian, on ovirt-node-plugin-vdsm we are using the below code, anything we > > need to call specifically by node API to make security tab be updated or is > > it something on security_page? > > > > <snip> > > passwd = utils.security.Passwd() > > passwd.set_password("root", self.password) > > > > sshd = utils.security.Ssh() > > sshd.password_authentication(True) > > sshd.restart() > > </snip> > > > > I have verified, it changes PasswordAuthentication in /etc/ssh/sshd_config > > Hey Douglas, > > the problem here is that the TUI uses the /etc/default/ovirt file to > determin if pwauth is enabled or not. The vdsm plugin is currently > "bypassing" this, because that file is not updated, and thus the TUI is > unaware that pwauth is used. Does this make the cause clearer? > The classes in ovirt.node.config.defaults.* can be used to configure the > aspects of ovirt-node, this classes also take care that the correct files > are persisted and the ovirt node configuration file is uddated, so please > use a snippet like: > > sshcfg = defaults.SSH() > sshcfg.update(pwauth=True) > sshcfg.commit() > > This will enable SSH password authentication, persist the files and update > the node config file. In general, it should solves this bug. Thanks for clarification Fabian, I have sent a patch.
ovirt-node-plugin-vdsm-0.1.1-11.el6ev https://brewweb.devel.redhat.com/buildinfo?buildID=313971
ok, rhev-hypervisor6-6.5-20131121.0.el6ev. after setting password in oVirt engine tab, enable ssh is checked in Security menu.
Closing - RHEV 3.3 Released