Re: [libvirt-jenkins-ci PATCH 4/5] playbooks: gitlab: Force a random password for the root account
On Thu, 2020-03-26 at 14:33 +0100, Erik Skultety wrote:
Unlike with the 'test' flavour, where the 'test' user
has sudo
permissions on the system, with machines set up with the 'gitlab'
flavour which are intended to contact the outside world which, we don't
want that. More importantly though, we must not use the default root
password which is set by the install script on such machines.
Therefore, set the root password to a random one as part of the gitlab
flavour task, thus only allowing SSH pubkey authentication for the root
account.
I'm confused by this.
If we want the root account to only be accessible via SSH with a
pubkey, then we can configure sshd accordingly: setting a random
password which is not stored anywhere prevents access not only via
SSH, but also via local access (eg. serial console), which I don't
think is desirable.
Moreover, the root password that is set in the first place is taken
from a mandatory user-provided configuration file, and I'm not sure
we should be condescending towards users by basically saying "we know
you didn't choose a secure password, so we're going to generate a new
one ourselves".
What am I missing?
--
Andrea Bolognani / Red Hat / Virtualization