978365 – nova: Make set_admin_password work with the libvirt driver (via QEMU guest agent)

Bug 978365 - nova: Make set_admin_password work with the libvirt driver (via QEMU guest agent)

Summary: nova: Make set_admin_password work with the libvirt driver (via QEMU guest ag...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-nova
Sub Component:
Version:	5.0 (RHEL 7)
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	beta
Target Release:	8.0 (Liberty)
Assignee:	Sahid Ferdjaoui
QA Contact:	Gabriel Szasz
Docs Contact:
URL:
Whiteboard:
Depends On:	1174176 1174177 1174181 1303906
Blocks:	1261100
TreeView+	depends on / blocked

Reported:	2013-06-26 13:06 UTC by Dafna Ron
Modified:	2023-09-18 09:58 UTC (History)
CC List:	14 users (show)
Fixed In Version:	openstack-nova-12.0.0-2.el7ost
Doc Type:	Enhancement
Doc Text:	The ability of the libvirt driver to set the admin password has been added. To use this feature, run the following command: "nova root-password [server]".
Clone Of:
Clones:	1261100 (view as bug list)
Environment:
Last Closed:	2016-04-07 20:58:17 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
log (46.90 KB, application/x-xz) 2013-06-26 13:06 UTC, Dafna Ron	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	187509	0	None	MERGED	libvirt: set admin root password	2020-07-14 19:07:53 UTC
Red Hat Product Errata	RHEA-2016:0603	0	normal	SHIPPED_LIVE	Red Hat OpenStack Platform 8 Enhancement Advisory	2016-04-08 00:53:53 UTC

Description Dafna Ron 2013-06-26 13:06:43 UTC

Created attachment 765574 [details]
log

Description of problem:

when I tried running nova root-password  I got a trace saying that this is not implemented by by this driver or guest instance. 
it would be helpful if we can either add to the trace where this command is implemented or add it to the man/help for nova

Version-Release number of selected component (if applicable):

openstack-nova-compute-2013.1.2-2.el6ost.noarch

How reproducible:

100%

Steps to Reproduce:
1. run instances using libvirt agent
2. run nova root-password
3. run nova help root-password
4. run man nova - search for root-password

Actual results:

there is no information in trace, help or man page for nova in which instances we can actually run the command. 

Expected results:

we should add supported/implemented drivers/agents for this option.  

Additional info: log


2013-06-26 15:05:59.476 ERROR nova.openstack.common.rpc.amqp [req-5f740868-1250-45d5-b54f-fda4a8fb48a9 4e8268c19c2143a0b3cf978afab45fea f372ca53f0484f589413148b6c9ad39c] Except
ion during message handling
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp Traceback (most recent call last):
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/openstack/common/rpc/amqp.py", line 430, in _process_data
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     rval = self.proxy.dispatch(ctxt, version, method, **args)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/openstack/common/rpc/dispatcher.py", line 133, in dispatch
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     return getattr(proxyobj, method)(ctxt, **kwargs)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/exception.py", line 117, in wrapped
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     temp_level, payload)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib64/python2.6/contextlib.py", line 23, in __exit__
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     self.gen.next()
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/exception.py", line 94, in wrapped
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     return f(self, context, *args, **kw)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 209, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     pass
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib64/python2.6/contextlib.py", line 23, in __exit__
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     self.gen.next()
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 195, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     return function(self, context, *args, **kwargs)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 260, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     function(self, context, *args, **kwargs)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 237, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     e, sys.exc_info())
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib64/python2.6/contextlib.py", line 23, in __exit__
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     self.gen.next()
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 224, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     return function(self, context, *args, **kwargs)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 1888, in set_admin_password
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     raise NotImplementedError(_msg)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp NotImplementedError: set_admin_password is not implemented by this driver or guest instance.
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp 
2013-06-26 15:05:59.477 ERROR nova.openstack.common.rpc.common [req-5f740868-1250-45d5-b54f-fda4a8fb48a9 4e8268c19c2143a0b3cf978afab45fea f372ca53f0484f589413148b6c9ad39c] Retu
rning exception set_admin_password is not implemented by this driver or guest instance. to caller
2013-06-26 15:05:59.478 ERROR nova.openstack.common.rpc.common [req-5f740868-1250-45d5-b54f-fda4a8fb48a9 4e8268c19c2143a0b3cf978afab45fea f372ca53f0484f589413148b6c9ad39c] ['Tr
aceback (most recent call last):\n', '  File "/usr/lib/python2.6/site-packages/nova/openstack/common/rpc/amqp.py", line 430, in _process_data\n    rval = self.proxy.dispatch(ct
xt, version, method, **args)\n', '  File "/usr/lib/python2.6/site-packages/nova/openstack/common/rpc/dispatcher.py", line 133, in dispatch\n    return getattr(proxyobj, method)
(ctxt, **kwargs)\n', '  File "/usr/lib/python2.6/site-packages/nova/exception.py", line 117, in wrapped\n    temp_level, payload)\n', '  File "/usr/lib64/python2.6/contextlib.p
y", line 23, in __exit__\n    self.gen.next()\n', '  File "/usr/lib/python2.6/site-packages/nova/exception.py", line 94, in wrapped\n    return f(self, context, *args, **kw)\n'
, '  File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 209, in decorated_function\n    pass\n', '  File "/usr/lib64/python2.6/contextlib.py", line 23, in __
exit__\n    self.gen.next()\n', '  File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 195, in decorated_function\n    return function(self, context, *args, *
*kwargs)\n', '  File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 260, in decorated_function\n    function(self, context, *args, **kwargs)\n', '  File "/usr
/lib/python2.6/site-packages/nova/compute/manager.py", line 237, in decorated_function\n    e, sys.exc_info())\n', '  File "/usr/lib64/python2.6/contextlib.py", line 23, in __e
xit__\n    self.gen.next()\n', '  File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 224, in decorated_function\n    return function(self, context, *args, **
:

Comment 1 Russell Bryant 2013-11-21 05:20:38 UTC

Documentation for what supports what: https://wiki.openstack.org/wiki/HypervisorSupportMatrix#Hypervisor_feature_support_matrix

Also, when you try to do this, you do get a 501 Not Implemented response via the API, so it should be clear what the failure reason is.

Comment 3 Daniel Berrangé 2014-12-15 09:35:12 UTC

To make this feature work on a running guest would require some kind of guest agent to support. The QEMU guest agent does not currently provide this feature, so there's basically nothing we can do in OpenStack to implement this at this time.

In any case, use of passwords for root accounts is strongly discouraged, in favour of using strong authentication as provided by SSH public keys, which can be installed at boot time using cloud init.

Comment 5 Daniel Berrangé 2014-12-15 10:02:47 UTC

Cloud-init is able to set the root password at initial boot, and/or create user accounts with sudo access. As explained above, there's *nothing* we can do to enable live changing of the root password in the near future, as that functionality does not exist in the virt stack or guest OS today. It would need to be implemented & released for every different guest OS we wish to support, so even if we decide to do this, it is going to be a significant time before it is available for use. So they are going to have to make do with the functionality available today for now.

Comment 6 Daniel Berrangé 2014-12-15 10:24:52 UTC

I've filed bugs to request support for password change in libvirt + QEMU guest agent

libvirt: https://bugzilla.redhat.com/show_bug.cgi?id=1174177
QEMU (RHEL-7): https://bugzilla.redhat.com/show_bug.cgi?id=1174176
QEMU (RHEL-6): https://bugzilla.redhat.com/show_bug.cgi?id=1174181

Comment 7 Udayendu Sekhar Kar 2014-12-15 10:41:38 UTC

Thank You Daniel. 

Lets hope that one day we will have this feature.

Cheers,
Uday

Comment 11 Sahid Ferdjaoui 2015-05-27 08:03:06 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=1174177

Comment 12 Sahid Ferdjaoui 2015-05-27 09:55:23 UTC

Posted upstream: https://review.openstack.org/#/c/185910

Comment 22 errata-xmlrpc 2016-04-07 20:58:17 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0603.html

Note You need to log in before you can comment on or make changes to this bug.