In order to make spice consoles useful, we need passwords. Consoles will only be enabled for people with the 'admin' role, and passwords will be stored on a production host (labcontrol) to restrict access to Ops.
Proposed steps:
- Puppet run on a VM checks to see if there's already a root password set. If not, it generates a random password and sets it.
- Puppet encrypts the password and writes the encrypted password to the puppet log
- The puppet master (via a custom 'report') notices the encrypted password and stores it (possibly just by catting to a flat file)
- A script on the puppetmaster will take a hostname as an argument and return the decrypted password
Questions:
a) Is it actually useful to encrypt the passwords before passing them to the puppetmaster? Who would be in a position to intercept them?
b) How should the encrypting/decrypting actually happen? I imagine that we'd have a public key (for encrypting) on the labs instances and a private key (for decrypting) on the puppetmaster. But maybe it doesn't work like that?