-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've used mcrypt for all encryption in the frontend. I see perl has an mcrypt module available. So, I'd suggest looking at using it to keep things in line with the frontend.
On Monday March 09, 2009, Brian Bouterse wrote: > All we'll need are the 'username' and 'password' to vmhost? I've > updated the code to the example below based on feedback. I've set the > username length to 32 which should be long enough, but I'm not sure > about the password. We want the ability to encrypt this later on with > a private key. Any ideas here? > > `username` varchar(32) NULL default 'NULL' > `password` varchar(128) NULL default 'NULL' > > Also, does the code exist for us to have access to the already > existing 'datastorepath' field in the vmhost table? We can use that > for the rest of our datastore info for now. > > Brian > > Brian Bouterse > Secure Open Systems Initiative > > On Mar 9, 2009, at 4:51 PM, Aaron Peeler wrote: > > Brian, > > > > Do you have a list of additional variables? Or is the username and > > password all that's needed to be added to the vmprofile table? > > > > Just glancing at esx.pm I see > > > > $vmhost_username > > $vmhost_password > > $datastore_ip > > $datastore_share_path > > > > $from -- is this or could this be similar to the datastorepath > > variable, where the vmdk's are at > > > > Aaron > > > > > > --On March 5, 2009 3:19:20 PM -0500 Brian Bouterse > > > > <bmbou...@ncsu.edu> wrote: > >> Heretofore, VCL SSH's to a hypervisor when it wants to cause some > >> change > >> (ie: provision or deprovision a VM). The VCL uses pre-shared SSH > >> keys > >> between VCL and the hypervisor to allow the SSHing the authenticate. > >> This works for VMware server and regular ESX because they are > >> configurable to accept SSH keys. ESX 3i isn't configurable to > >> accept an > >> SSH logon, and can only be communicated with through a web service > >> which > >> requires a valid hypervisor username and password. > >> > >> So I'd like to propose that we add a hypervisor username and > >> password in > >> the VCL database associated. As far as I can tell, there are two > >> places > >> to add this information. > >> > >> 1) Extend the 'vmhost' table to include a username field and a > >> password > >> field. This would allow each individual hypervisor to have its own > >> user/pass. However, if all the hypervisors use the same user/pass > >> then > >> we've just duplicated a lot of data, and it is very hard to change > >> this > >> system wide password later. > >> > >> 2) Extend the 'vmprofile' table to include a username field and a > >> password. In this case a group of hypervisors (linked through the > >> same > >> vmprofile) would share a single user/pass. This would make password > >> changes easier since it only has to be updated in one place, but > >> requires > >> hypervisors to have a consistant username/password across them. > >> Because > >> of the de-duplication of data, and easyness of password changes, I > >> favor > >> of this second option. > >> > >> Whichever table it goes in, here are the lines to be added to the > >> vcl.sql > >> file: > >> > >> `username` varchar(8) NOT NULL default '' > >> `password` varchar(40) NOT NULL default '' > >> > >> Could someone tell us a bit about how to get that username and > >> password > >> out of the database and into our module as a variable? > >> > >> Best, > >> Brian > >> > >> Brian Bouterse > >> Secure Open Systems Initiative > >> 919.698.8796 > > > > Aaron Peeler > > OIT Advanced Computing > > College of Engineering-NCSU > > 919.513.4571 > > http://vcl.ncsu.edu - -- - ------------------------------- Josh Thompson Systems Programmer Virtual Computing Lab (VCL) North Carolina State University josh_thomp...@ncsu.edu 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJtmRHV/LQcNdtPQMRAm+JAJ0RiAsY/6t1zlcS51ZNnaF0c544dwCfRADt 3nJhDF2PptAZ2tWARsNoJao= =fE2o -----END PGP SIGNATURE-----