On Tue, Sep 04, 2018 at 01:53:45PM +0200, Andrea Bolognani wrote:
On Tue, 2018-09-04 at 10:49 +0200, Martin Kletzander wrote:

s/manually/ourselves/ in the subject.

[...]
     def get_root_password_file(self):
-        root_pass_file = self._get_config_file("root-password")
-        root_hash_file = self._get_config_file(".root-password.hash")
-
-        try:
-            with open(root_pass_file, "r") as infile:
-                root_pass = infile.readline().strip()
-        except Exception:
-            raise Error(
-                "Missing or invalid root password file ({})".format(
-                    root_pass_file,
-                )
-            )
-
-        # The hash will be different every time we run, but that doesn't
-        # matter - it will still validate the correct root password
-        root_hash = crypt.crypt(root_pass, Util.mksalt())
-
-        try:
-            with open(root_hash_file, "w") as infile:
-                infile.write("{}\n".format(root_hash))
-        except Exception:
-            raise Error(
-                "Can't write hashed root password file ({})".format(
-                    root_hash_file,
-                )
-            )
-
-        return root_hash_file
+        return self._get_config_file("root-password")

This is a really nice improvement overall, but we can't quite get
rid of the entire function: we still need to try and open the file,
or at least stat() it, like we do in get_vault_password_file(), so
that we can error out early instead of having Ansible bail out on
us really late in the game.


So what you had in mind is something like the following squashed in?

diff --git i/guests/lcitool w/guests/lcitool
index 609c73c43dbc..2ac98ea69030 100755
--- i/guests/lcitool
+++ w/guests/lcitool
@@ -151,7 +151,22 @@ class Config:
        return vault_pass_file

    def get_root_password_file(self):
-        return self._get_config_file("root-password")
+        root_pass_file = None
+
+        root_pass_file = self._get_config_file("root-password")
+
+        try:
+            with open(root_pass_file, "r") as infile:
+                if not infile.readline().strip():
+                    raise ValueError
+        except Exception:
+            raise Error(
+                "Missing or invalid root password file ({})".format(
+                    root_pass_file,
+                )
+            )
+
+        return root_pass_file


class Inventory:
--

Or we could have the check in ansible itself, but that would be a bigger change
and the codebase is not prepared for that.

TLTTIRN,
Martin

Attachment: signature.asc
Description: Digital signature

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to