Fwd: Can we get rid of the hash(password) dance?
roger peppe
roger.peppe at canonical.com
Thu Jul 17 06:22:41 UTC 2014
On 17 July 2014 05:49, John Meinel <john at arbash-meinel.com> wrote:
> Michael is working on changing how we handle sessions with Mongo, and
> noticed that his first attempt started running into Auth failures.
> It turned out that this was because of the hash(password) dance. (For those
> who don't know, in certain circumstances we used to seed the password for
> the database with the hash(password) and then once we had a secure channel
> we would replace it with the real password.)
>
> I believe all of our production bootstrap code has gotten rid of the
> password dance, because we now just use cloud-init to bring up a machine and
> then SSH into that machine to finish provisioning. Thus all the information
> is already over the secure SSH channel, instead of the insecure cloud-init
> user data.
>
> From what I can tell poking around the code base, the only place that still
> uses the hash(password) is actually in the Dummy provider.
That's strictly true, but I don't think it helps. We only use ssh to provision
machines at bootstrap time. The usual provisioning case still uses cloudinit.
In this case, we don't use the hash(password) thing, but we *do* change
the password immediately when the agent starts, and we need to.
We *could* change the provisioner to provision machines synchronously,
but this would seem to me to add needless fragility to the system
(if the provisioner goes down while a machine is coming up, we'll
lose that machine).
If changing the mongodb authorization information is a problem, can't
we just restart the agent when the password is changed?
cheers,
rog.
More information about the Juju-dev
mailing list