Page MenuHomePhabricator
Create Task
Maniphest T141399

Support console access for nova VMs
Closed, DuplicatePublic
Actions

Description

The attached patch sets console-via-Spice for labs VMs, but does not actually enable the service. My concerns:

  1. What good is a console when we don't support password logins?
  1. Consoles are protected via a token, but I'm not sure how long the tokens last. It seems somewhat insecure to open up consoles that the world can see, protected only by a password (?) and the obscurity and short lifespan of the token.

Details

SubjectRepoBranchLines +/-
Set up spice-based remote consoles for Labs instancesoperations/puppetproduction+68 -15
Customize query in gerrit

Related Objects

Event Timeline

Andrew created this task.Jul 26 2016, 9:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 26 2016, 9:37 PM
Andrew added a project: Cloud-Services.Jul 26 2016, 9:38 PM
Andrew added subscribers: yuvipanda, chasemp, Krenair, dpatrick.
Andrew added a comment.Jul 26 2016, 9:41 PM

Update: The default token lifespan is 10 minutes. So, I'm no longer much worried about #2.

This can be set in nova.conf:

  1. console_token_ttl = 600
gerritbot subscribed.Jul 26 2016, 9:44 PM

Change 301294 had a related patch set uploaded (by Andrew Bogott):
Set up spice-based remote consoles for Labs instances

https://gerrit.wikimedia.org/r/301294

Andrew added a comment.Jul 26 2016, 9:48 PM

(Of course if we implement this for real, we should set this up on misc-web so that it doesn't run on http.)

Andrew mentioned this in rOPUP7c481f909f96: Set up spice-based remote consoles for Labs instances.Jul 26 2016, 9:48 PM
gerritbot added a comment.Jul 26 2016, 9:50 PM

Change 301177 had a related patch set uploaded (by Andrew Bogott):
Add domain labtestspice.wikimedia.org

https://gerrit.wikimedia.org/r/301177

AlexMonk-WMF closed this task as a duplicate of T130806: Interactive consoles?.Jul 27 2016, 1:53 AM
gerritbot added a comment.Jul 27 2016, 4:40 PM

Change 301294 had a related patch set uploaded (by Andrew Bogott):
Set up spice-based remote consoles for Labs instances

https://gerrit.wikimedia.org/r/301294

Andrew mentioned this in rOPUPd860346ec626: Set up spice-based remote consoles for Labs instances.Jul 27 2016, 4:43 PM
Andrew mentioned this in rOPUP416767160d69: Set up spice-based remote consoles for Labs instances.Aug 3 2016, 2:58 PM
Andrew mentioned this in rOPUPeb226c66f2e3: Set up spice-based remote consoles for Labs instances.Aug 3 2016, 3:24 PM
gerritbot added a comment.Aug 3 2016, 8:13 PM

Change 301294 merged by Andrew Bogott:
Set up spice-based remote consoles for Labs instances

https://gerrit.wikimedia.org/r/301294

Andrew mentioned this in rOPUPaedbb59f2835: Set up spice-based remote consoles for Labs instances.Aug 3 2016, 8:17 PM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits