[libvirt] [jenkins-ci PATCH] lcitool: Don't encrypt password manually
Martin Kletzander
mkletzan at redhat.com
Wed Sep 5 09:39:59 UTC 2018
On Tue, Sep 04, 2018 at 01:53:45PM +0200, Andrea Bolognani wrote:
>On Tue, 2018-09-04 at 10:49 +0200, Martin Kletzander wrote:
>
>s/manually/ourselves/ in the subject.
>
>[...]
>> def get_root_password_file(self):
>> - root_pass_file = self._get_config_file("root-password")
>> - root_hash_file = self._get_config_file(".root-password.hash")
>> -
>> - try:
>> - with open(root_pass_file, "r") as infile:
>> - root_pass = infile.readline().strip()
>> - except Exception:
>> - raise Error(
>> - "Missing or invalid root password file ({})".format(
>> - root_pass_file,
>> - )
>> - )
>> -
>> - # The hash will be different every time we run, but that doesn't
>> - # matter - it will still validate the correct root password
>> - root_hash = crypt.crypt(root_pass, Util.mksalt())
>> -
>> - try:
>> - with open(root_hash_file, "w") as infile:
>> - infile.write("{}\n".format(root_hash))
>> - except Exception:
>> - raise Error(
>> - "Can't write hashed root password file ({})".format(
>> - root_hash_file,
>> - )
>> - )
>> -
>> - return root_hash_file
>> + return self._get_config_file("root-password")
>
>This is a really nice improvement overall, but we can't quite get
>rid of the entire function: we still need to try and open the file,
>or at least stat() it, like we do in get_vault_password_file(), so
>that we can error out early instead of having Ansible bail out on
>us really late in the game.
>
So what you had in mind is something like the following squashed in?
diff --git i/guests/lcitool w/guests/lcitool
index 609c73c43dbc..2ac98ea69030 100755
--- i/guests/lcitool
+++ w/guests/lcitool
@@ -151,7 +151,22 @@ class Config:
return vault_pass_file
def get_root_password_file(self):
- return self._get_config_file("root-password")
+ root_pass_file = None
+
+ root_pass_file = self._get_config_file("root-password")
+
+ try:
+ with open(root_pass_file, "r") as infile:
+ if not infile.readline().strip():
+ raise ValueError
+ except Exception:
+ raise Error(
+ "Missing or invalid root password file ({})".format(
+ root_pass_file,
+ )
+ )
+
+ return root_pass_file
class Inventory:
--
Or we could have the check in ansible itself, but that would be a bigger change
and the codebase is not prepared for that.
TLTTIRN,
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180905/0ebcf47a/attachment-0001.sig>
More information about the libvir-list
mailing list