On Tue, Oct 17, 2017 at 05:11:40PM +0100, Daniel P. Berrange wrote:
On Tue, Oct 17, 2017 at 06:05:23PM +0200, Pavel Hrdina wrote:
> On Mon, Oct 16, 2017 at 06:02:04PM +0200, Andrea Bolognani wrote:
> > Having to bootstrap the guest as a separate phase is annoying and
> > can be avoided by assuming the root password is well-known.
>
> I'm not sure about this. Yes the password will be well known for us
> but I would rather have it generated and stored somewhere on the host.
>
> The guests are hidden from internet but they are still connected to
> jenkins and are executing commands provided by jenkins. Maybe I'm
> just too paranoid :).
Could we just generate a random root password, but install SSH public
keys and set SSH to only permit public key auth.
That's the idea, having the root password stored on the host is just
if something goes wrong and you need to use serial console.
Pavel