Project

General

Profile

Actions
Copy link

Bug #35035

closed

VM creation is broken with libvirt >= 8.0.0 due to VNC password length

Added by Guilherme M. Schroeder over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Compute resources - libvirt
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/9265
Fixed in Releases:
3.4.0
Found in Releases:
3.3.0
Red Hat JIRA:

Description

since libvirt >= 8.0.0 [1] (RHEL 8.6, RHEL9, and probably others), the VNC password must be limited to 8 chars.

Foreman uses 16 a char password and VM creation breaks:

"Failed to create a compute xxxx (Libvirt) instance xxxx: Error saving the server: Call to virDomainDefineXML failed: unsupported configuration: VNC password is 16 characters long, only 8 permitted"

The solution, for now, was to reduce SecureRandom.hex(8) to SecureRandom.hex(4) in random_password() [2], which is called by the libvirt model [3]. But that's probably not the best way :)

[1] https://github.com/libvirt/libvirt/commit/27c1d06b5bd68bdce55efff0a50a15a30cb2a96b
[2] https://github.com/theforeman/foreman/blob/develop/app/models/compute_resource.rb#L429
[3] https://github.com/theforeman/foreman/blob/develop/app/models/compute_resources/foreman/model/libvirt.rb#L176

Related issues 1 (1 open0 closed)

Related to Foreman - Bug #35024: Foreman Libvirt Plugin requesting +8 chars for remote console VNC PasswordNewActions
Actions
Copy link
 #1

Updated by Robert Frank over 2 years ago

  • Related to Bug #35024: Foreman Libvirt Plugin requesting +8 chars for remote console VNC Password added
Actions
Copy link
 #2

Updated by Robert Frank over 2 years ago

  • Found in Releases 3.3.0 added

I think the best approach is to pass the required length to the random_password function using the current 8 as the default value.
Then libvirt.rb can call random_password(4) without reducing the security of other providers.
I've create a patch [1]. Let me know if you want me to create a PR.

[1] https://github.com/theforeman/foreman/compare/develop...rwf14f:35035-fix_vnc_password_length

Actions
Copy link
 #3

Updated by Lukas Zapletal over 2 years ago

  • Triaged changed from No to Yes

Hey, thanks for the report and patch, yeah file a PR please.

Actions
Copy link
 #4

Updated by The Foreman Bot over 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/9265 added
Actions
Copy link
 #5

Updated by The Foreman Bot over 2 years ago

  • Fixed in Releases 3.4.0 added
Actions
Copy link
 #6

Updated by Anonymous over 2 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #7

Updated by Ewoud Kohl van Wijngaarden about 2 years ago

  • Subject changed from VM creation is broken with libvirt >= 8.0.0 to VM creation is broken with libvirt >= 8.0.0 due to VNC password length
  • Category set to Compute resources - libvirt
Actions
Copy link

Also available in: Atom PDF