openstack/nova-specs
Code Issues Proposed changes
Files
1032743e5410088b770bb454eda794b6f1d50a99
nova-specs/specs/liberty/implemented/libvirt-set-admin-password.rst
Michael Still 30d5bacb19 Mark liberty specs as implemented 
This review syncs the state of launchpad with the spec repo for
things implemented up to liberty-3. There are no changes to the
specs, just things being moved around.

Change-Id: I930d33532b268b6e933c8be06a0569c20fd09586
2015-09-30 10:17:33 +10:00

141 lines
3.1 KiB
ReStructuredText
Raw Blame History

..
This work is licensed under a Creative Commons Attribution 3.0 Unported
License.
http://creativecommons.org/licenses/by/3.0/legalcode
===============================
Libvirt Set Admin Root Password
===============================
https://blueprints.launchpad.net/nova/+spec/libvirt-set-admin-password
Nova provides an API to let users set an administrator password on a
virtual machine which is already active. The purpose of this spec is
to take advantage of the libvirt API set-user-password provided with
version 1.2.16 to implement that feature for Qemu/KVM users.
Problem description
===================
Nova provides API to let users set an administrator password but
Qemu/KVM users cannot take advantage of it.
Use Cases
----------
Users want the ability to reset administrator password of an instance
which is already active by using the command "nova root-password
<instance>"
Project Priority
-----------------
None.
Proposed change
===============
To be noted this feature requires that the image have the qemu guest
agent installed to function. Most of the change will be done in the
libvirt driver of Nova.
In order to support both unix-like (GNU/Linux) virtual machines and
Windows the default behavior will be to update password of username
"root" for unix-like virtual machines and "Administrator" for Windows.
To give more flexibility and provide a way for users to change
administrator password of a different username. A new image property
"os_admin_user" will be introduced to let users define who is the
administrator username to update.
Alternatives
------------
The use case for this API is to allow an admin to re-gain control over
an already running guest for which they have lost the password, or for
an admin to bulk change the passwords across all their running guests,
without having to login to the console of each guest
manually/individually. The inject password feature doesn't really
satisfy that.
Data model impact
-----------------
None
REST API impact
---------------
None
Security impact
---------------
None
Notifications impact
--------------------
None
Other end user impact
---------------------
* The end user will have to install a QEMU Guest Agent daemon program
inside the image and set the image property 'hw_qemu_guest_agent'.
* If the image request a different username to be updated, end user
will have to correctly set image property 'os_admin_user'.
Performance Impact
------------------
None
Other deployer impact
---------------------
None
Developer impact
----------------
None
Implementation
==============
Assignee(s)
-----------
Primary assignee:
sahid-ferdjaoui
Work Items
----------
* Implement method set_admin_password
* Extend the method set_admin_password to read in image property for
specific admin user
Dependencies
============
Libvirt 1.2.16
Testing
=======
* Unit tests will cover the new code
* The nova API is already covered by tests
Documentation Impact
====================
The new glance image property will need to be documented.
References
==========
* http://wiki.qemu.org/Features/QAPI/GuestAgent
View Git Blame Copy Permalink