Re: a hypervisor's username & password
Support for the vmware_tools username and password has been added. To get the variables from $self->data in esx.pm - do something like the following: my $vmhost_username = $self->data->get_vmhost_profile_username(); my $vmhost_password = $self->data->get_vmhost_profile_password(); Aaron --On March 10, 2009 1:17:01 PM -0400 Aaron Peeler wrote: ok, np. I'll go ahead and update both the database and get_vmhost_info routine in utils.pm. Encrypting the password - (I think you also mentioned this), but it might be easier to use plain text on the password field at first and then once that is working - encrypt the password via some method. This will also have be synced with the front-end so VCLadmins and edit the vmprofiles. Aaron --On March 10, 2009 11:10:01 AM -0400 Brian Bouterse wrote: You are correct, I misspoke in my previous note. What I meant to say was: "We need the 'username' and 'password' fields added to vmprofile" Sorry for the confusion. -Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 On Mar 10, 2009, at 9:14 AM, Aaron Peeler wrote: Also I think your meaning the vmprofile table. vmhost table should only contain: id computerid vmliimt vmprofileid The vmprofile table is to contain all the extra info so one can make better use of normalization and easily define vmprofiles for one or more vmhost. Once you start adding 10, 100 or more vmhost servers it's cleaner to have as little as possible in the vmhost table. The vmprofile table consists: id profilename -- name of profile vmtypeid -- links to vmtype->id imageid -- links to image->id defines the vhost server image nasshare -- we're not using this one datastorepath -- path to the vmdks vmpath -- path to the vmx files could be same as datastorepath virtualswitch0 -- vmware private switch name for .vmx files virtualswitch1 -- vmware public switch name for .vmx files vmdisk enum('localdisk', 'networkdisk') -- used in vmware.pm to determine if using local disk on blade or using network mounted datastore So if that is all that's needed we extend vmprofile table to include the username and password(or some key or a password hash and use mcrypt like Josh mentioned) and suggest to make use of the datastore and vmpath to define where the vmdks are and vmx files are respectively. With that we also need to update the get_vmhost_info routine in utils.pm. An example of how vmware.pm is using datastore and vmpath - on the vmware Server and the ESX standard server vmware.pm using the vmprofile table to define separate locations for the vmdk files and vmx files on a per-reservation basis. Since under normal user mode(non-image creation) they get a vm that is in "independent- nonpersistent" mode. i.e. on a ESX standard server vmprofile datastore=/vmfs/volumes/Netapp network mounted datastore for vmdks /vmfs/volumes/Netapp/vmwareesx-base1-v0/ vmpath=/vmfs/volumes/Storage1 local storage is location for the vm's /vmfs/volumes/Storage1/vmwareesx-base1-v0vclv1-1/ In the running vm directory it contains the vmx file that points to the vmdk also it contains the memory files, etc. Aaron --On March 10, 2009 8:59:50 AM -0400 Josh Thompson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've used mcrypt for all encryption in the frontend. I see perl has an mcrypt module available. So, I'd suggest looking at using it to keep things in line with the frontend. On Monday March 09, 2009, Brian Bouterse wrote: All we'll need are the 'username' and 'password' to vmhost? I've updated the code to the example below based on feedback. I've set the username length to 32 which should be long enough, but I'm not sure about the password. We want the ability to encrypt this later on with a private key. Any ideas here? `username` varchar(32) NULL default 'NULL' `password` varchar(128) NULL default 'NULL' Also, does the code exist for us to have access to the already existing 'datastorepath' field in the vmhost table? We can use that for the rest of our datastore info for now. Brian Brian Bouterse Secure Open Systems Initiative On Mar 9, 2009, at 4:51 PM, Aaron Peeler wrote: > Brian, > > Do you have a list of additional variables? Or is the username and > password all that's needed to be added to the vmprofile table? > > Just glancing at esx.pm I see > > $vmhost_username > $vmhost_password > $datastore_ip > $datastore_share_path > > $from -- is this or could this be similar to the datastorepath > variable, where the vmdk's are at > > Aaron > > > --On March 5, 2009 3:19:20 PM -0500 Brian Bouterse > > wrote: >> Heretofore, VCL SSH's to a hypervisor when it wants to cause some >> change >> (ie: provision or deprovision a VM). The VCL uses pre-shared SSH >> keys >> between VCL and the hypervisor to allow the SSHing the authenticate. >> This works for VMware server and regular ESX because they are >> confi
Re: a hypervisor's username & password
ok, np. I'll go ahead and update both the database and get_vmhost_info routine in utils.pm. Encrypting the password - (I think you also mentioned this), but it might be easier to use plain text on the password field at first and then once that is working - encrypt the password via some method. This will also have be synced with the front-end so VCLadmins and edit the vmprofiles. Aaron --On March 10, 2009 11:10:01 AM -0400 Brian Bouterse wrote: You are correct, I misspoke in my previous note. What I meant to say was: "We need the 'username' and 'password' fields added to vmprofile" Sorry for the confusion. -Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 On Mar 10, 2009, at 9:14 AM, Aaron Peeler wrote: Also I think your meaning the vmprofile table. vmhost table should only contain: id computerid vmliimt vmprofileid The vmprofile table is to contain all the extra info so one can make better use of normalization and easily define vmprofiles for one or more vmhost. Once you start adding 10, 100 or more vmhost servers it's cleaner to have as little as possible in the vmhost table. The vmprofile table consists: id profilename -- name of profile vmtypeid -- links to vmtype->id imageid -- links to image->id defines the vhost server image nasshare -- we're not using this one datastorepath -- path to the vmdks vmpath -- path to the vmx files could be same as datastorepath virtualswitch0 -- vmware private switch name for .vmx files virtualswitch1 -- vmware public switch name for .vmx files vmdisk enum('localdisk', 'networkdisk') -- used in vmware.pm to determine if using local disk on blade or using network mounted datastore So if that is all that's needed we extend vmprofile table to include the username and password(or some key or a password hash and use mcrypt like Josh mentioned) and suggest to make use of the datastore and vmpath to define where the vmdks are and vmx files are respectively. With that we also need to update the get_vmhost_info routine in utils.pm. An example of how vmware.pm is using datastore and vmpath - on the vmware Server and the ESX standard server vmware.pm using the vmprofile table to define separate locations for the vmdk files and vmx files on a per-reservation basis. Since under normal user mode(non-image creation) they get a vm that is in "independent- nonpersistent" mode. i.e. on a ESX standard server vmprofile datastore=/vmfs/volumes/Netapp network mounted datastore for vmdks /vmfs/volumes/Netapp/vmwareesx-base1-v0/ vmpath=/vmfs/volumes/Storage1 local storage is location for the vm's /vmfs/volumes/Storage1/vmwareesx-base1-v0vclv1-1/ In the running vm directory it contains the vmx file that points to the vmdk also it contains the memory files, etc. Aaron --On March 10, 2009 8:59:50 AM -0400 Josh Thompson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've used mcrypt for all encryption in the frontend. I see perl has an mcrypt module available. So, I'd suggest looking at using it to keep things in line with the frontend. On Monday March 09, 2009, Brian Bouterse wrote: All we'll need are the 'username' and 'password' to vmhost? I've updated the code to the example below based on feedback. I've set the username length to 32 which should be long enough, but I'm not sure about the password. We want the ability to encrypt this later on with a private key. Any ideas here? `username` varchar(32) NULL default 'NULL' `password` varchar(128) NULL default 'NULL' Also, does the code exist for us to have access to the already existing 'datastorepath' field in the vmhost table? We can use that for the rest of our datastore info for now. Brian Brian Bouterse Secure Open Systems Initiative On Mar 9, 2009, at 4:51 PM, Aaron Peeler wrote: > Brian, > > Do you have a list of additional variables? Or is the username and > password all that's needed to be added to the vmprofile table? > > Just glancing at esx.pm I see > > $vmhost_username > $vmhost_password > $datastore_ip > $datastore_share_path > > $from -- is this or could this be similar to the datastorepath > variable, where the vmdk's are at > > Aaron > > > --On March 5, 2009 3:19:20 PM -0500 Brian Bouterse > > wrote: >> Heretofore, VCL SSH's to a hypervisor when it wants to cause some >> change >> (ie: provision or deprovision a VM). The VCL uses pre-shared SSH >> keys >> between VCL and the hypervisor to allow the SSHing the authenticate. >> This works for VMware server and regular ESX because they are >> configurable to accept SSH keys. ESX 3i isn't configurable to >> accept an >> SSH logon, and can only be communicated with through a web service >> which >> requires a valid hypervisor username and password. >> >> So I'd like to propose that we add a hypervisor username and >> password in >> the VCL database associated. As far as I can tell, there ar
Re: a hypervisor's username & password
You are correct, I misspoke in my previous note. What I meant to say was: "We need the 'username' and 'password' fields added to vmprofile" Sorry for the confusion. -Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 On Mar 10, 2009, at 9:14 AM, Aaron Peeler wrote: Also I think your meaning the vmprofile table. vmhost table should only contain: id computerid vmliimt vmprofileid The vmprofile table is to contain all the extra info so one can make better use of normalization and easily define vmprofiles for one or more vmhost. Once you start adding 10, 100 or more vmhost servers it's cleaner to have as little as possible in the vmhost table. The vmprofile table consists: id profilename -- name of profile vmtypeid -- links to vmtype->id imageid -- links to image->id defines the vhost server image nasshare -- we're not using this one datastorepath -- path to the vmdks vmpath -- path to the vmx files could be same as datastorepath virtualswitch0 -- vmware private switch name for .vmx files virtualswitch1 -- vmware public switch name for .vmx files vmdisk enum('localdisk', 'networkdisk') -- used in vmware.pm to determine if using local disk on blade or using network mounted datastore So if that is all that's needed we extend vmprofile table to include the username and password(or some key or a password hash and use mcrypt like Josh mentioned) and suggest to make use of the datastore and vmpath to define where the vmdks are and vmx files are respectively. With that we also need to update the get_vmhost_info routine in utils.pm. An example of how vmware.pm is using datastore and vmpath - on the vmware Server and the ESX standard server vmware.pm using the vmprofile table to define separate locations for the vmdk files and vmx files on a per-reservation basis. Since under normal user mode(non-image creation) they get a vm that is in "independent- nonpersistent" mode. i.e. on a ESX standard server vmprofile datastore=/vmfs/volumes/Netapp network mounted datastore for vmdks /vmfs/volumes/Netapp/vmwareesx-base1-v0/ vmpath=/vmfs/volumes/Storage1 local storage is location for the vm's /vmfs/volumes/Storage1/vmwareesx-base1-v0vclv1-1/ In the running vm directory it contains the vmx file that points to the vmdk also it contains the memory files, etc. Aaron --On March 10, 2009 8:59:50 AM -0400 Josh Thompson > wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've used mcrypt for all encryption in the frontend. I see perl has an mcrypt module available. So, I'd suggest looking at using it to keep things in line with the frontend. On Monday March 09, 2009, Brian Bouterse wrote: All we'll need are the 'username' and 'password' to vmhost? I've updated the code to the example below based on feedback. I've set the username length to 32 which should be long enough, but I'm not sure about the password. We want the ability to encrypt this later on with a private key. Any ideas here? `username` varchar(32) NULL default 'NULL' `password` varchar(128) NULL default 'NULL' Also, does the code exist for us to have access to the already existing 'datastorepath' field in the vmhost table? We can use that for the rest of our datastore info for now. Brian Brian Bouterse Secure Open Systems Initiative On Mar 9, 2009, at 4:51 PM, Aaron Peeler wrote: > Brian, > > Do you have a list of additional variables? Or is the username and > password all that's needed to be added to the vmprofile table? > > Just glancing at esx.pm I see > > $vmhost_username > $vmhost_password > $datastore_ip > $datastore_share_path > > $from -- is this or could this be similar to the datastorepath > variable, where the vmdk's are at > > Aaron > > > --On March 5, 2009 3:19:20 PM -0500 Brian Bouterse > > wrote: >> Heretofore, VCL SSH's to a hypervisor when it wants to cause some >> change >> (ie: provision or deprovision a VM). The VCL uses pre-shared SSH >> keys >> between VCL and the hypervisor to allow the SSHing the authenticate. >> This works for VMware server and regular ESX because they are >> configurable to accept SSH keys. ESX 3i isn't configurable to >> accept an >> SSH logon, and can only be communicated with through a web service >> which >> requires a valid hypervisor username and password. >> >> So I'd like to propose that we add a hypervisor username and >> password in >> the VCL database associated. As far as I can tell, there are two >> places >> to add this information. >> >> 1) Extend the 'vmhost' table to include a username field and a >> password >> field. This would allow each individual hypervisor to have its own >> user/pass. However, if all the hypervisors use the same user/ pass >> then >> we've just duplicated a lot of data, and it is very hard to change >> this >> system wide password later. >> >> 2) Ex
Re: a hypervisor's username & password
Also I think your meaning the vmprofile table. vmhost table should only contain: id computerid vmliimt vmprofileid The vmprofile table is to contain all the extra info so one can make better use of normalization and easily define vmprofiles for one or more vmhost. Once you start adding 10, 100 or more vmhost servers it's cleaner to have as little as possible in the vmhost table. The vmprofile table consists: id profilename -- name of profile vmtypeid -- links to vmtype->id imageid -- links to image->id defines the vhost server image nasshare -- we're not using this one datastorepath -- path to the vmdks vmpath -- path to the vmx files could be same as datastorepath virtualswitch0 -- vmware private switch name for .vmx files virtualswitch1 -- vmware public switch name for .vmx files vmdisk enum('localdisk', 'networkdisk') -- used in vmware.pm to determine if using local disk on blade or using network mounted datastore So if that is all that's needed we extend vmprofile table to include the username and password(or some key or a password hash and use mcrypt like Josh mentioned) and suggest to make use of the datastore and vmpath to define where the vmdks are and vmx files are respectively. With that we also need to update the get_vmhost_info routine in utils.pm. An example of how vmware.pm is using datastore and vmpath - on the vmware Server and the ESX standard server vmware.pm using the vmprofile table to define separate locations for the vmdk files and vmx files on a per-reservation basis. Since under normal user mode(non-image creation) they get a vm that is in "independent-nonpersistent" mode. i.e. on a ESX standard server vmprofile datastore=/vmfs/volumes/Netapp network mounted datastore for vmdks /vmfs/volumes/Netapp/vmwareesx-base1-v0/ vmpath=/vmfs/volumes/Storage1 local storage is location for the vm's /vmfs/volumes/Storage1/vmwareesx-base1-v0vclv1-1/ In the running vm directory it contains the vmx file that points to the vmdk also it contains the memory files, etc. Aaron --On March 10, 2009 8:59:50 AM -0400 Josh Thompson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've used mcrypt for all encryption in the frontend. I see perl has an mcrypt module available. So, I'd suggest looking at using it to keep things in line with the frontend. On Monday March 09, 2009, Brian Bouterse wrote: All we'll need are the 'username' and 'password' to vmhost? I've updated the code to the example below based on feedback. I've set the username length to 32 which should be long enough, but I'm not sure about the password. We want the ability to encrypt this later on with a private key. Any ideas here? `username` varchar(32) NULL default 'NULL' `password` varchar(128) NULL default 'NULL' Also, does the code exist for us to have access to the already existing 'datastorepath' field in the vmhost table? We can use that for the rest of our datastore info for now. Brian Brian Bouterse Secure Open Systems Initiative On Mar 9, 2009, at 4:51 PM, Aaron Peeler wrote: > Brian, > > Do you have a list of additional variables? Or is the username and > password all that's needed to be added to the vmprofile table? > > Just glancing at esx.pm I see > > $vmhost_username > $vmhost_password > $datastore_ip > $datastore_share_path > > $from -- is this or could this be similar to the datastorepath > variable, where the vmdk's are at > > Aaron > > > --On March 5, 2009 3:19:20 PM -0500 Brian Bouterse > > wrote: >> Heretofore, VCL SSH's to a hypervisor when it wants to cause some >> change >> (ie: provision or deprovision a VM). The VCL uses pre-shared SSH >> keys >> between VCL and the hypervisor to allow the SSHing the authenticate. >> This works for VMware server and regular ESX because they are >> configurable to accept SSH keys. ESX 3i isn't configurable to >> accept an >> SSH logon, and can only be communicated with through a web service >> which >> requires a valid hypervisor username and password. >> >> So I'd like to propose that we add a hypervisor username and >> password in >> the VCL database associated. As far as I can tell, there are two >> places >> to add this information. >> >> 1) Extend the 'vmhost' table to include a username field and a >> password >> field. This would allow each individual hypervisor to have its own >> user/pass. However, if all the hypervisors use the same user/pass >> then >> we've just duplicated a lot of data, and it is very hard to change >> this >> system wide password later. >> >> 2) Extend the 'vmprofile' table to include a username field and a >> password. In this case a group of hypervisors (linked through the >> same >> vmprofile) would share a single user/pass. This would make password >> changes easier since it only has to be updated in one place, but >> requires >> hypervisors to have a consistant username/
Re: a hypervisor's username & password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've used mcrypt for all encryption in the frontend. I see perl has an mcrypt module available. So, I'd suggest looking at using it to keep things in line with the frontend. On Monday March 09, 2009, Brian Bouterse wrote: > All we'll need are the 'username' and 'password' to vmhost? I've > updated the code to the example below based on feedback. I've set the > username length to 32 which should be long enough, but I'm not sure > about the password. We want the ability to encrypt this later on with > a private key. Any ideas here? > > `username` varchar(32) NULL default 'NULL' > `password` varchar(128) NULL default 'NULL' > > Also, does the code exist for us to have access to the already > existing 'datastorepath' field in the vmhost table? We can use that > for the rest of our datastore info for now. > > Brian > > Brian Bouterse > Secure Open Systems Initiative > > On Mar 9, 2009, at 4:51 PM, Aaron Peeler wrote: > > Brian, > > > > Do you have a list of additional variables? Or is the username and > > password all that's needed to be added to the vmprofile table? > > > > Just glancing at esx.pm I see > > > > $vmhost_username > > $vmhost_password > > $datastore_ip > > $datastore_share_path > > > > $from -- is this or could this be similar to the datastorepath > > variable, where the vmdk's are at > > > > Aaron > > > > > > --On March 5, 2009 3:19:20 PM -0500 Brian Bouterse > > > > wrote: > >> Heretofore, VCL SSH's to a hypervisor when it wants to cause some > >> change > >> (ie: provision or deprovision a VM). The VCL uses pre-shared SSH > >> keys > >> between VCL and the hypervisor to allow the SSHing the authenticate. > >> This works for VMware server and regular ESX because they are > >> configurable to accept SSH keys. ESX 3i isn't configurable to > >> accept an > >> SSH logon, and can only be communicated with through a web service > >> which > >> requires a valid hypervisor username and password. > >> > >> So I'd like to propose that we add a hypervisor username and > >> password in > >> the VCL database associated. As far as I can tell, there are two > >> places > >> to add this information. > >> > >> 1) Extend the 'vmhost' table to include a username field and a > >> password > >> field. This would allow each individual hypervisor to have its own > >> user/pass. However, if all the hypervisors use the same user/pass > >> then > >> we've just duplicated a lot of data, and it is very hard to change > >> this > >> system wide password later. > >> > >> 2) Extend the 'vmprofile' table to include a username field and a > >> password. In this case a group of hypervisors (linked through the > >> same > >> vmprofile) would share a single user/pass. This would make password > >> changes easier since it only has to be updated in one place, but > >> requires > >> hypervisors to have a consistant username/password across them. > >> Because > >> of the de-duplication of data, and easyness of password changes, I > >> favor > >> of this second option. > >> > >> Whichever table it goes in, here are the lines to be added to the > >> vcl.sql > >> file: > >> > >> `username` varchar(8) NOT NULL default '' > >> `password` varchar(40) NOT NULL default '' > >> > >> Could someone tell us a bit about how to get that username and > >> password > >> out of the database and into our module as a variable? > >> > >> Best, > >> Brian > >> > >> Brian Bouterse > >> Secure Open Systems Initiative > >> 919.698.8796 > > > > Aaron Peeler > > OIT Advanced Computing > > College of Engineering-NCSU > > 919.513.4571 > > http://vcl.ncsu.edu - -- - --- Josh Thompson Systems Programmer Virtual Computing Lab (VCL) North Carolina State University josh_thomp...@ncsu.edu 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJtmRHV/LQcNdtPQMRAm+JAJ0RiAsY/6t1zlcS51ZNnaF0c544dwCfRADt 3nJhDF2PptAZ2tWARsNoJao= =fE2o -END PGP SIGNATURE-
Re: a hypervisor's username & password
All we'll need are the 'username' and 'password' to vmhost? I've updated the code to the example below based on feedback. I've set the username length to 32 which should be long enough, but I'm not sure about the password. We want the ability to encrypt this later on with a private key. Any ideas here? `username` varchar(32) NULL default 'NULL' `password` varchar(128) NULL default 'NULL' Also, does the code exist for us to have access to the already existing 'datastorepath' field in the vmhost table? We can use that for the rest of our datastore info for now. Brian Brian Bouterse Secure Open Systems Initiative On Mar 9, 2009, at 4:51 PM, Aaron Peeler wrote: Brian, Do you have a list of additional variables? Or is the username and password all that's needed to be added to the vmprofile table? Just glancing at esx.pm I see $vmhost_username $vmhost_password $datastore_ip $datastore_share_path $from -- is this or could this be similar to the datastorepath variable, where the vmdk's are at Aaron --On March 5, 2009 3:19:20 PM -0500 Brian Bouterse wrote: Heretofore, VCL SSH's to a hypervisor when it wants to cause some change (ie: provision or deprovision a VM). The VCL uses pre-shared SSH keys between VCL and the hypervisor to allow the SSHing the authenticate. This works for VMware server and regular ESX because they are configurable to accept SSH keys. ESX 3i isn't configurable to accept an SSH logon, and can only be communicated with through a web service which requires a valid hypervisor username and password. So I'd like to propose that we add a hypervisor username and password in the VCL database associated. As far as I can tell, there are two places to add this information. 1) Extend the 'vmhost' table to include a username field and a password field. This would allow each individual hypervisor to have its own user/pass. However, if all the hypervisors use the same user/pass then we've just duplicated a lot of data, and it is very hard to change this system wide password later. 2) Extend the 'vmprofile' table to include a username field and a password. In this case a group of hypervisors (linked through the same vmprofile) would share a single user/pass. This would make password changes easier since it only has to be updated in one place, but requires hypervisors to have a consistant username/password across them. Because of the de-duplication of data, and easyness of password changes, I favor of this second option. Whichever table it goes in, here are the lines to be added to the vcl.sql file: `username` varchar(8) NOT NULL default '' `password` varchar(40) NOT NULL default '' Could someone tell us a bit about how to get that username and password out of the database and into our module as a variable? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 Aaron Peeler OIT Advanced Computing College of Engineering-NCSU 919.513.4571 http://vcl.ncsu.edu
Re: a hypervisor's username & password
Brian, Do you have a list of additional variables? Or is the username and password all that's needed to be added to the vmprofile table? Just glancing at esx.pm I see $vmhost_username $vmhost_password $datastore_ip $datastore_share_path $from -- is this or could this be similar to the datastorepath variable, where the vmdk's are at Aaron --On March 5, 2009 3:19:20 PM -0500 Brian Bouterse wrote: Heretofore, VCL SSH's to a hypervisor when it wants to cause some change (ie: provision or deprovision a VM). The VCL uses pre-shared SSH keys between VCL and the hypervisor to allow the SSHing the authenticate. This works for VMware server and regular ESX because they are configurable to accept SSH keys. ESX 3i isn't configurable to accept an SSH logon, and can only be communicated with through a web service which requires a valid hypervisor username and password. So I'd like to propose that we add a hypervisor username and password in the VCL database associated. As far as I can tell, there are two places to add this information. 1) Extend the 'vmhost' table to include a username field and a password field. This would allow each individual hypervisor to have its own user/pass. However, if all the hypervisors use the same user/pass then we've just duplicated a lot of data, and it is very hard to change this system wide password later. 2) Extend the 'vmprofile' table to include a username field and a password. In this case a group of hypervisors (linked through the same vmprofile) would share a single user/pass. This would make password changes easier since it only has to be updated in one place, but requires hypervisors to have a consistant username/password across them. Because of the de-duplication of data, and easyness of password changes, I favor of this second option. Whichever table it goes in, here are the lines to be added to the vcl.sql file: `username` varchar(8) NOT NULL default '' `password` varchar(40) NOT NULL default '' Could someone tell us a bit about how to get that username and password out of the database and into our module as a variable? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 Aaron Peeler OIT Advanced Computing College of Engineering-NCSU 919.513.4571 http://vcl.ncsu.edu
Re: a hypervisor's username & password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu March 5 2009 3:41:47 pm Aaron Peeler wrote: > option 2 - vmprofile table is the definitely the correct location to store > this type of data. > > Whichever table it goes in, here are the lines to be added to the vcl.sql > > file: > > > > `username` varchar(8) NOT NULL default '' > > `password` varchar(40) NOT NULL default '' These should be allowed to be NULL with a default value of NULL since they will exist for every vmprofile, including those that do not require these fields. Also, are you sure ESXi limits the username to 8 characters? Josh - -- - --- Josh Thompson Systems Programmer Virtual Computing Lab (VCL) North Carolina State University josh_thomp...@ncsu.edu 919-515-5323 my GPG/PGP key can be found at www.keyserver.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iD8DBQFJsD+XV/LQcNdtPQMRAtJSAJsEV/QcbIPmukSzDP9uhxKuhUGNawCfX3ar PJ/6OqBsttA5YaoOKt6C+kQ= =Obs6 -END PGP SIGNATURE-
Re: a hypervisor's username & password
option 2 - vmprofile table is the definitely the correct location to store this type of data. The vmhost table will eventually only have 4 columns id,computerid,vmlimit,vmprofileid.All additional info about a given hypervisor should in a profile. After extending the database - we'll need to extend the query in utils::get_vmhost_info routine Are there any other variables for the esx module that should go into the vmprofile table? Aaron --On March 5, 2009 3:19:20 PM -0500 Brian Bouterse wrote: Heretofore, VCL SSH's to a hypervisor when it wants to cause some change (ie: provision or deprovision a VM). The VCL uses pre-shared SSH keys between VCL and the hypervisor to allow the SSHing the authenticate. This works for VMware server and regular ESX because they are configurable to accept SSH keys. ESX 3i isn't configurable to accept an SSH logon, and can only be communicated with through a web service which requires a valid hypervisor username and password. So I'd like to propose that we add a hypervisor username and password in the VCL database associated. As far as I can tell, there are two places to add this information. 1) Extend the 'vmhost' table to include a username field and a password field. This would allow each individual hypervisor to have its own user/pass. However, if all the hypervisors use the same user/pass then we've just duplicated a lot of data, and it is very hard to change this system wide password later. 2) Extend the 'vmprofile' table to include a username field and a password. In this case a group of hypervisors (linked through the same vmprofile) would share a single user/pass. This would make password changes easier since it only has to be updated in one place, but requires hypervisors to have a consistant username/password across them. Because of the de-duplication of data, and easyness of password changes, I favor of this second option. Whichever table it goes in, here are the lines to be added to the vcl.sql file: `username` varchar(8) NOT NULL default '' `password` varchar(40) NOT NULL default '' Could someone tell us a bit about how to get that username and password out of the database and into our module as a variable? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796 Aaron Peeler OIT Advanced Computing College of Engineering-NCSU 919.513.4571 http://vcl.ncsu.edu
a hypervisor's username & password
Heretofore, VCL SSH's to a hypervisor when it wants to cause some change (ie: provision or deprovision a VM). The VCL uses pre-shared SSH keys between VCL and the hypervisor to allow the SSHing the authenticate. This works for VMware server and regular ESX because they are configurable to accept SSH keys. ESX 3i isn't configurable to accept an SSH logon, and can only be communicated with through a web service which requires a valid hypervisor username and password. So I'd like to propose that we add a hypervisor username and password in the VCL database associated. As far as I can tell, there are two places to add this information. 1) Extend the 'vmhost' table to include a username field and a password field. This would allow each individual hypervisor to have its own user/pass. However, if all the hypervisors use the same user/ pass then we've just duplicated a lot of data, and it is very hard to change this system wide password later. 2) Extend the 'vmprofile' table to include a username field and a password. In this case a group of hypervisors (linked through the same vmprofile) would share a single user/pass. This would make password changes easier since it only has to be updated in one place, but requires hypervisors to have a consistant username/password across them. Because of the de-duplication of data, and easyness of password changes, I favor of this second option. Whichever table it goes in, here are the lines to be added to the vcl.sql file: `username` varchar(8) NOT NULL default '' `password` varchar(40) NOT NULL default '' Could someone tell us a bit about how to get that username and password out of the database and into our module as a variable? Best, Brian Brian Bouterse Secure Open Systems Initiative 919.698.8796