Bug 978365 - nova: Make set_admin_password work with the libvirt driver (via QEMU guest agent)
nova: Make set_admin_password work with the libvirt driver (via QEMU guest ag...
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova (Show other bugs)
5.0 (RHEL 7)
x86_64 Linux
high Severity high
: beta
: 8.0 (Liberty)
Assigned To: Sahid Ferdjaoui
Gabriel Szasz
: FutureFeature, Reopened, Triaged
Depends On: 1174176 1174177 1174181 1303906
Blocks: 1261100
  Show dependency treegraph
 
Reported: 2013-06-26 09:06 EDT by Dafna Ron
Modified: 2016-04-26 16:37 EDT (History)
16 users (show)

See Also:
Fixed In Version: openstack-nova-12.0.0-2.el7ost
Doc Type: Enhancement
Doc Text:
The ability of the libvirt driver to set the admin password has been added. To use this feature, run the following command: "nova root-password [server]".
Story Points: ---
Clone Of:
: 1261100 (view as bug list)
Environment:
Last Closed: 2016-04-07 16:58:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
log (46.90 KB, application/x-xz)
2013-06-26 09:06 EDT, Dafna Ron
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 187509 None None None Never

  None (edit)
Description Dafna Ron 2013-06-26 09:06:43 EDT
Created attachment 765574 [details]
log

Description of problem:

when I tried running nova root-password  I got a trace saying that this is not implemented by by this driver or guest instance. 
it would be helpful if we can either add to the trace where this command is implemented or add it to the man/help for nova

Version-Release number of selected component (if applicable):

openstack-nova-compute-2013.1.2-2.el6ost.noarch

How reproducible:

100%

Steps to Reproduce:
1. run instances using libvirt agent
2. run nova root-password
3. run nova help root-password
4. run man nova - search for root-password

Actual results:

there is no information in trace, help or man page for nova in which instances we can actually run the command. 

Expected results:

we should add supported/implemented drivers/agents for this option.  

Additional info: log


2013-06-26 15:05:59.476 ERROR nova.openstack.common.rpc.amqp [req-5f740868-1250-45d5-b54f-fda4a8fb48a9 4e8268c19c2143a0b3cf978afab45fea f372ca53f0484f589413148b6c9ad39c] Except
ion during message handling
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp Traceback (most recent call last):
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/openstack/common/rpc/amqp.py", line 430, in _process_data
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     rval = self.proxy.dispatch(ctxt, version, method, **args)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/openstack/common/rpc/dispatcher.py", line 133, in dispatch
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     return getattr(proxyobj, method)(ctxt, **kwargs)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/exception.py", line 117, in wrapped
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     temp_level, payload)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib64/python2.6/contextlib.py", line 23, in __exit__
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     self.gen.next()
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/exception.py", line 94, in wrapped
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     return f(self, context, *args, **kw)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 209, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     pass
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib64/python2.6/contextlib.py", line 23, in __exit__
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     self.gen.next()
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 195, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     return function(self, context, *args, **kwargs)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 260, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     function(self, context, *args, **kwargs)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 237, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     e, sys.exc_info())
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib64/python2.6/contextlib.py", line 23, in __exit__
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     self.gen.next()
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 224, in decorated_function
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     return function(self, context, *args, **kwargs)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 1888, in set_admin_password
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp     raise NotImplementedError(_msg)
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp NotImplementedError: set_admin_password is not implemented by this driver or guest instance.
2013-06-26 15:05:59.476 31371 TRACE nova.openstack.common.rpc.amqp 
2013-06-26 15:05:59.477 ERROR nova.openstack.common.rpc.common [req-5f740868-1250-45d5-b54f-fda4a8fb48a9 4e8268c19c2143a0b3cf978afab45fea f372ca53f0484f589413148b6c9ad39c] Retu
rning exception set_admin_password is not implemented by this driver or guest instance. to caller
2013-06-26 15:05:59.478 ERROR nova.openstack.common.rpc.common [req-5f740868-1250-45d5-b54f-fda4a8fb48a9 4e8268c19c2143a0b3cf978afab45fea f372ca53f0484f589413148b6c9ad39c] ['Tr
aceback (most recent call last):\n', '  File "/usr/lib/python2.6/site-packages/nova/openstack/common/rpc/amqp.py", line 430, in _process_data\n    rval = self.proxy.dispatch(ct
xt, version, method, **args)\n', '  File "/usr/lib/python2.6/site-packages/nova/openstack/common/rpc/dispatcher.py", line 133, in dispatch\n    return getattr(proxyobj, method)
(ctxt, **kwargs)\n', '  File "/usr/lib/python2.6/site-packages/nova/exception.py", line 117, in wrapped\n    temp_level, payload)\n', '  File "/usr/lib64/python2.6/contextlib.p
y", line 23, in __exit__\n    self.gen.next()\n', '  File "/usr/lib/python2.6/site-packages/nova/exception.py", line 94, in wrapped\n    return f(self, context, *args, **kw)\n'
, '  File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 209, in decorated_function\n    pass\n', '  File "/usr/lib64/python2.6/contextlib.py", line 23, in __
exit__\n    self.gen.next()\n', '  File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 195, in decorated_function\n    return function(self, context, *args, *
*kwargs)\n', '  File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 260, in decorated_function\n    function(self, context, *args, **kwargs)\n', '  File "/usr
/lib/python2.6/site-packages/nova/compute/manager.py", line 237, in decorated_function\n    e, sys.exc_info())\n', '  File "/usr/lib64/python2.6/contextlib.py", line 23, in __e
xit__\n    self.gen.next()\n', '  File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 224, in decorated_function\n    return function(self, context, *args, **
:
Comment 1 Russell Bryant 2013-11-21 00:20:38 EST
Documentation for what supports what: https://wiki.openstack.org/wiki/HypervisorSupportMatrix#Hypervisor_feature_support_matrix

Also, when you try to do this, you do get a 501 Not Implemented response via the API, so it should be clear what the failure reason is.
Comment 3 Daniel Berrange 2014-12-15 04:35:12 EST
To make this feature work on a running guest would require some kind of guest agent to support. The QEMU guest agent does not currently provide this feature, so there's basically nothing we can do in OpenStack to implement this at this time.

In any case, use of passwords for root accounts is strongly discouraged, in favour of using strong authentication as provided by SSH public keys, which can be installed at boot time using cloud init.
Comment 5 Daniel Berrange 2014-12-15 05:02:47 EST
Cloud-init is able to set the root password at initial boot, and/or create user accounts with sudo access. As explained above, there's *nothing* we can do to enable live changing of the root password in the near future, as that functionality does not exist in the virt stack or guest OS today. It would need to be implemented & released for every different guest OS we wish to support, so even if we decide to do this, it is going to be a significant time before it is available for use. So they are going to have to make do with the functionality available today for now.
Comment 6 Daniel Berrange 2014-12-15 05:24:52 EST
I've filed bugs to request support for password change in libvirt + QEMU guest agent

libvirt: https://bugzilla.redhat.com/show_bug.cgi?id=1174177
QEMU (RHEL-7): https://bugzilla.redhat.com/show_bug.cgi?id=1174176
QEMU (RHEL-6): https://bugzilla.redhat.com/show_bug.cgi?id=1174181
Comment 7 Udayendu Sekhar Kar 2014-12-15 05:41:38 EST
Thank You Daniel. 

Lets hope that one day we will have this feature.

Cheers,
Uday
Comment 11 Sahid Ferdjaoui 2015-05-27 04:03:06 EDT
https://bugzilla.redhat.com/show_bug.cgi?id=1174177
Comment 12 Sahid Ferdjaoui 2015-05-27 05:55:23 EDT
Posted upstream: https://review.openstack.org/#/c/185910
Comment 22 errata-xmlrpc 2016-04-07 16:58:17 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0603.html

Note You need to log in before you can comment on or make changes to this bug.