Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloud properties pw use #2559

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Cloud properties pw use #2559

wants to merge 1 commit into from
+26 −1

Conversation

Sascha222
Copy link

@Sascha222 Sascha222 commented Sep 10, 2024
edited
Loading

What is this change about?

We saw now in several situations that we are unable to solve issues fast, if we cannot access a failed or broken vm. We need access to the VM if the agent fails to startup so we can debug.

We want to have control over vcap password without interfering with other deployments.

Please provide contextual information.

https://www.starkandwayne.com/blog/how-to-lock-vcap-password-for-bosh-vms/index.html

What tests have you run against this PR?

  • A Unittest in create_vm_step_spec.rb
  • We uploaded the code in the local dev landscape and deployed a VM. The password defined in cloud-config was taken by the vm
  • Ran all unittest in this repository

How should this change be described in bosh release notes?

In case of fixed vcap-password in cloud-config the corresponding password is set during deployment of VM’s.

Does this PR introduce a breaking change?

No as long no one configure a vcap password in cloud-config.

Tag your pair, your PM, and/or team!

@ansh-SAP @anshrupani @a-hassanin @Sascha-Stoj @cf-bosh

@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Sep 10, 2024
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: Sascha-Stoj / name: Sascha Stojanovic (d186b0a)

@aramprice
Copy link
Member

@Sascha-Stoj - could you say more about why this change is wanted, and what it what problem it is addressing?

@Sascha222 Sascha222 closed this Sep 11, 2024
@Sascha222
Copy link
Author

@Sascha-Stoj - could you say more about why this change is wanted, and what it what problem it is addressing?

@aramprice - Hi commented the questionaire above. I hope it helps to clarify

@Sascha222 Sascha222 reopened this Sep 11, 2024
@jpalermo
Copy link
Member

Discussion at the 12/9/2024 FIWG meeting notes:

Overall goals for this are being able to configure a password/ssh credentials to a VM where the agent is failing to start, but without having to modify the deployment manifest.

Ideal place for this is probably something new in the runtime configs. This allows placement rules to be used to configure this, as well as all other env hash properties.

CloudProperties isn't a great fit for these things because CloudProperties are properties that bosh doesn't know anything about and assumes the CPI knows about them. But the env hash is something bosh does know about and is made available to the agent.

@aramprice aramprice self-requested a review September 17, 2024 01:37
@beyhan
Copy link
Member

beyhan commented Sep 19, 2024

We decided to make this draft because the direction this should go is completely different one.

@beyhan beyhan marked this pull request as draft September 19, 2024 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aramprice aramprice Awaiting requested review from aramprice

Assignees
No one assigned
Labels
None yet
Projects
Foundational Infrastructure Working Group
Status: Waiting for Changes | Open for Contribution
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Sascha222 @aramprice @jpalermo @beyhan @Sascha-Stoj