[libvirt] [libvirt-jenkins-ci PATCH 1/5] ansible: Remove bootstrap phase

Pavel Hrdina phrdina at redhat.com
Tue Oct 17 16:16:50 UTC 2017


On Tue, Oct 17, 2017 at 05:11:40PM +0100, Daniel P. Berrange wrote:
> On Tue, Oct 17, 2017 at 06:05:23PM +0200, Pavel Hrdina wrote:
> > On Mon, Oct 16, 2017 at 06:02:04PM +0200, Andrea Bolognani wrote:
> > > Having to bootstrap the guest as a separate phase is annoying and
> > > can be avoided by assuming the root password is well-known.
> > 
> > I'm not sure about this.  Yes the password will be well known for us
> > but I would rather have it generated and stored somewhere on the host.
> > 
> > The guests are hidden from internet but they are still connected to
> > jenkins and are executing commands provided by jenkins.  Maybe I'm
> > just too paranoid :).
> 
> Could we just generate a random root password, but install SSH public
> keys and set SSH to only permit public key auth. 

That's the idea, having the root password stored on the host is just
if something goes wrong and you need to use serial console.

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20171017/2aba698f/attachment-0001.sig>


More information about the libvir-list mailing list