All we'll need are the 'username' and 'password' to vmhost? I've
updated the code to the example below based on feedback. I've set the
username length to 32 which should be long enough, but I'm not sure
about the password. We want the ability to encrypt this later on with
a private key. Any ideas here?
`username` varchar(32) NULL default 'NULL'
`password` varchar(128) NULL default 'NULL'
Also, does the code exist for us to have access to the already
existing 'datastorepath' field in the vmhost table? We can use that
for the rest of our datastore info for now.
Brian
Brian Bouterse
Secure Open Systems Initiative
On Mar 9, 2009, at 4:51 PM, Aaron Peeler wrote:
Brian,
Do you have a list of additional variables? Or is the username and
password all that's needed to be added to the vmprofile table?
Just glancing at esx.pm I see
$vmhost_username
$vmhost_password
$datastore_ip
$datastore_share_path
$from -- is this or could this be similar to the datastorepath
variable, where the vmdk's are at
Aaron
--On March 5, 2009 3:19:20 PM -0500 Brian Bouterse
<bmbou...@ncsu.edu> wrote:
Heretofore, VCL SSH's to a hypervisor when it wants to cause some
change
(ie: provision or deprovision a VM). The VCL uses pre-shared SSH
keys
between VCL and the hypervisor to allow the SSHing the authenticate.
This works for VMware server and regular ESX because they are
configurable to accept SSH keys. ESX 3i isn't configurable to
accept an
SSH logon, and can only be communicated with through a web service
which
requires a valid hypervisor username and password.
So I'd like to propose that we add a hypervisor username and
password in
the VCL database associated. As far as I can tell, there are two
places
to add this information.
1) Extend the 'vmhost' table to include a username field and a
password
field. This would allow each individual hypervisor to have its own
user/pass. However, if all the hypervisors use the same user/pass
then
we've just duplicated a lot of data, and it is very hard to change
this
system wide password later.
2) Extend the 'vmprofile' table to include a username field and a
password. In this case a group of hypervisors (linked through the
same
vmprofile) would share a single user/pass. This would make password
changes easier since it only has to be updated in one place, but
requires
hypervisors to have a consistant username/password across them.
Because
of the de-duplication of data, and easyness of password changes, I
favor
of this second option.
Whichever table it goes in, here are the lines to be added to the
vcl.sql
file:
`username` varchar(8) NOT NULL default ''
`password` varchar(40) NOT NULL default ''
Could someone tell us a bit about how to get that username and
password
out of the database and into our module as a variable?
Best,
Brian
Brian Bouterse
Secure Open Systems Initiative
919.698.8796
Aaron Peeler
OIT Advanced Computing
College of Engineering-NCSU
919.513.4571
http://vcl.ncsu.edu