[ovirt-users] I wrote an oVirt thing

Konstantin Shalygin k0ste at k0ste.ru
Tue Nov 29 12:48:26 UTC 2016


Use case - Explain what is Virtual Machine to accountant or stockman - 
beyond my powers. But they understand what is Remote Desktop, and how to 
"Start menu->Programs->Remote Work->password->Enter".


In this talk I like the fact that I learned about deprecation this 
packet and need to start wrote on another library instead call sub-process.

About security reasons: is acceptable for our company. For who don't 
need this patch can easy disable it. This is not package[1], only 
playbook for build this.


[1] https://wiki.archlinux.org/index.php/Arch_User_Repository

On 11/29/2016 07:06 PM, Yaniv Kaul wrote:
>
>
> On Tue, Nov 29, 2016 at 3:40 AM, Konstantin Shalygin <k0ste at k0ste.ru 
> <mailto:k0ste at k0ste.ru>> wrote:
>
>     ovirt-shell will be deprecated and not supported or some functions
>     on ovirt-shell (or all package ovirt-engine-cli)?
>
>     We use ovirt-shell on client desktops who connected to SPICE
>     consoles and work (users provided by LDAP on ovirt-engine), like
>     via RDP. For this I wrote very fast-hack patch for ovirt-shell and
>     GUI for enter password (https://github.com/k0ste/ovirt-pygtk
>     <https://github.com/k0ste/ovirt-pygtk>). Very simple, but via
>     Internet people use SPICE without negative about packet loss and
>     disconnects, instead RDP.
>
>
> Can you further explain the use case? I assume the user portal is not 
> good enough for some reason?
>
>
>
>         BTW, the ovirt-shell is something we deprecated. It is working
>         on top of
>         the v3 api, which we plan to remove in 4.2.
>         So better not use it.
>
>
>
>     You can start maintain. For example I maintain packes for Arch
>     Linux: ovirt-engine-cli
>     (https://aur.archlinux.org/packages/ovirt-engine-cli
>     <https://aur.archlinux.org/packages/ovirt-engine-cli>) and
>     ovirt-engine-sdk-python
>     (https://aur.archlinux.org/packages/ovirt-engine-sdk-python
>     <https://aur.archlinux.org/packages/ovirt-engine-sdk-python>).
>
>
> Hi,
>
> It somehow looks like a fork of the CLI (due to the added patch[1]).
> I'm not sure how happy I am about it, considering the patch is adding 
> a feature with security issues (there is a reason we do not support 
> password passed via the command line - it's somewhat less secure).
> Since you are already checking for the CLI rc file[2], just add the 
> password to it and launch with it (in a temp file in the temp 
> directory with the right permissions, etc...)
>
> BTW, note that the attempt to delete the password from memory[3] may 
> or may not work. After all, it's a copy of what you got 
> from entry.get_text() few lines before.
> And Python GC is not really to be relied upon to delete things ASAP 
> anyway. There are some lovely discussions on the Internet about it. 
> For example[4].
> Y.
>
> [1] 
> https://github.com/k0ste/ovirt-pygtk/blob/master/add_password_option.patch
> [2] https://github.com/k0ste/ovirt-pygtk/blob/master/ovirt-pygtk.py#L81
> [3] https://github.com/k0ste/ovirt-pygtk/blob/master/ovirt-pygtk.py#L71
> [4] 
> http://stackoverflow.com/questions/728164/securely-erasing-password-in-memory-python
>
>
>
>           My workstation at work is running Ubuntu, and I do not
>         believe that ovirt-shell is packaged for it.
>
>
>     -- 
>     Best regards,
>     Konstantin Shalygin
>
>
>
>     _______________________________________________
>     Users mailing list
>     Users at ovirt.org <mailto:Users at ovirt.org>
>     http://lists.ovirt.org/mailman/listinfo/users
>     <http://lists.ovirt.org/mailman/listinfo/users>
>
>

-- 
Best regards,
Konstantin Shalygin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161129/59078a20/attachment-0001.html>


More information about the Users mailing list