one
one copied to clipboard
OpenNebula
Honor the VNC password length of (up to) 8 symbols in libvirt/qemu
Description Libvirt utilizes the first 8 characters of the VNC password so having a longer string is pointless and also, the latest/future version to libvirt/qemu it could lead to denied domain migration and deployment.
Use case OpenNebula compatibility with the latest qemu/libvirt Interface Changes API check for the VNC password length. (I believe that the ONE API must be the true source of truth, not any edge interface/bindings) Notification in FireEdge/Sunstone to propagate the API error (optionally onedb fsck/update function to validate/fix the issue
Additional Context Having a long "strong" password but only the first 8 characters used could lead to a false impression of security.
Progress Status
- [ ] Code committed
- [ ] Testing - QA
- [ ] Documentation (Release notes - resolved issues, compatibility, known issues)
Thanks!
Yes this checks are always done at API level not at interface. Note that OpenNebula supports multiple bindings and higher level modules. VM/Image/Network etc.. logic is always coded at oned level. Only some orchestration and higher level operations are implemented using a sequence of API calls.
Note that this is already enforced for SPICE (60 chars max)
Note for implementation: Change should be implemented here
Hello! A similar problem...
OpenNebula 6.4 CE host Almalinux 8.4 libvirt 8.0.0 error deploy vm
Sun Aug 21 09:29:42 2022: DEPLOY: error: Failed to create domain from /var/lib/one//datastores/0/6/deployment.2 error: unsupported configuration: VNC password is 64 characters long, only 8 permitted Could
not create domain from /var/lib/one//datastores/0/6/deployment.2 ExitCode: 255
