x/cloudbase-init
Code Issues Proposed changes

Fixes issue with the admin_pass usage

Browse Source
This commit is contained in:
Alessandro Pilotti 2013-11-01 02:46:41 +02:00
parent deee7d4b74
commit 24c1201690
2 changed files with 33 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
cloudbaseinit/plugins/windows/createuser.py
View File

@ -25,9 +25,6 @@ opts = [
cfg.ListOpt('groups', default=['Administrators'], help='List of local ' cfg.ListOpt('groups', default=['Administrators'], help='List of local '
'groups to which the user specified in \'username\' will ' 'groups to which the user specified in \'username\' will '
'be added'), 'be added'),
cfg.BoolOpt('inject_user_password', default=True, help='Set the password '
'provided in the configuration. If False or no password is '
'provided, a random one will be set'),
] ]
CONF = cfg.CONF CONF = cfg.CONF
@ -37,25 +34,16 @@ LOG = logging.getLogger(__name__)
class CreateUserPlugin(base.BasePlugin): class CreateUserPlugin(base.BasePlugin):
def _get_password(self, service, osutils): def _get_password(self, osutils):
meta_data = service.get_meta_data('openstack') # Generate a temporary random password to be replaced
meta = meta_data.get('meta') # by SetUserPasswordPlugin (starting from Grizzly)
return osutils.generate_random_password(14)
if CONF.inject_user_password and meta and 'admin_pass' in meta:
LOG.warn('Using admin_pass metadata user password. Consider '
'changing it as soon as possible')
password = meta['admin_pass']
else:
# Generate a temporary random password to be replaced
# by SetUserPasswordPlugin (starting from Grizzly)
password = osutils.generate_random_password(14)
return password
def execute(self, service): def execute(self, service):
user_name = CONF.username user_name = CONF.username
osutils = osutils_factory.OSUtilsFactory().get_os_utils() osutils = osutils_factory.OSUtilsFactory().get_os_utils()
password = self._get_password(service, osutils) password = self._get_password(osutils)
if osutils.user_exists(user_name): if osutils.user_exists(user_name):
LOG.info('Setting password for existing user "%s"' % user_name) LOG.info('Setting password for existing user "%s"' % user_name)

51
cloudbaseinit/plugins/windows/setuserpassword.py
View File

@ -23,14 +23,20 @@ from cloudbaseinit.osutils import factory as osutils_factory
from cloudbaseinit.plugins import base from cloudbaseinit.plugins import base
from cloudbaseinit.utils import crypt from cloudbaseinit.utils import crypt
opts = [
cfg.BoolOpt('inject_user_password', default=True, help='Set the password '
'provided in the configuration. If False or no password is '
'provided, a random one will be set'),
]
CONF = cfg.CONF CONF = cfg.CONF
CONF.register_opts(opts)
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
class SetUserPasswordPlugin(base.BasePlugin): class SetUserPasswordPlugin(base.BasePlugin):
_post_password_md_ver = '2013-04-04' _post_password_md_ver = '2013-04-04'
_max_password_set_retry_count = 10
def _encrypt_password(self, ssh_pub_key, password): def _encrypt_password(self, ssh_pub_key, password):
cm = crypt.CryptManager() cm = crypt.CryptManager()
@ -52,11 +58,21 @@ class SetUserPasswordPlugin(base.BasePlugin):
break break
return ssh_pub_key return ssh_pub_key
def _get_password(self, osutils): def _get_password(self, service, osutils):
LOG.debug('Generating a random user password') meta_data = service.get_meta_data('openstack')
# Generate a random password meta = meta_data.get('meta')
# Limit to 14 chars for compatibility with NT
return osutils.generate_random_password(14) if CONF.inject_user_password and meta and 'admin_pass' in meta:
LOG.warn('Using admin_pass metadata user password. Consider '
'changing it as soon as possible')
password = meta['admin_pass']
else:
LOG.debug('Generating a random user password')
# Generate a random password
# Limit to 14 chars for compatibility with NT
password = osutils.generate_random_password(14)
return password
def _set_metadata_password(self, password, service): def _set_metadata_password(self, password, service):
try: try:
@ -76,22 +92,11 @@ class SetUserPasswordPlugin(base.BasePlugin):
'supported by this metadata version') 'supported by this metadata version')
return True return True
def _set_password(self, osutils, user_name): def _set_password(self, service, osutils, user_name):
i = 0 password = self._get_password(service, osutils)
while True: LOG.info('Setting the user\'s password')
try: osutils.set_user_password(user_name, password)
# The retry is due to Windows not accepting some of return password
# the randomly generated passwords due to complexity
# constraints
password = self._get_password(osutils)
LOG.info('Setting the user\'s password')
osutils.set_user_password(user_name, password)
return password
except:
if i < self._max_password_set_retry_count:
i += 1
else:
raise
def execute(self, service): def execute(self, service):
user_name = CONF.username user_name = CONF.username
@ -106,7 +111,7 @@ class SetUserPasswordPlugin(base.BasePlugin):
else: else:
osutils = osutils_factory.OSUtilsFactory().get_os_utils() osutils = osutils_factory.OSUtilsFactory().get_os_utils()
if osutils.user_exists(user_name): if osutils.user_exists(user_name):
password = self._set_password(osutils, user_name) password = self._set_password(service, osutils, user_name)
self._set_metadata_password(password, service) self._set_metadata_password(password, service)
return (base.PLUGIN_EXECUTE_ON_NEXT_BOOT, False) return (base.PLUGIN_EXECUTE_ON_NEXT_BOOT, False)