Bug 41340

Summary: no password for noVNC web console configurable like in ucs 3 with Xen
Product: UCS Reporter: Tobias Birkefeld <birkefeld>
Component: Virtualization - UVMMAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Erik Damrose <damrose>
Severity: normal    
Priority: P5 CC: best, damrose, gohmann, hahn, peichert
Version: UCS 4.1Flags: damrose: Patch_Available+
Target Milestone: UCS 4.1-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 1: Will affect a very few installed domains How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.023 Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Attachments: patch for noVNC password option

Description Tobias Birkefeld univentionstaff 2016-05-25 12:43:47 CEST 
Created attachment 7685 [details]
patch for noVNC password option

In UCS 3 exist a UCR variable "xen/vnc/password" to set a password for the web noVNC console.
This option is missing in UCS 4 under qemu/KVM.

I added this option in /etc/libvirt/qemu.conf with the attached patch.
Comment 1 Philipp Hahn univentionstaff 2016-05-26 17:52:21 CEST 
r69567 | Bug #41340 uvmm: Add support for global VNC password
Comment 2 Philipp Hahn univentionstaff 2016-05-27 11:08:48 CEST 
Package: univention-virtual-machine-manager-node
Version: 4.0.1-3.95.201605271058
Branch: ucs_4.1-0
Scope: errata4.1-2

r69580 | Bug #41340 uvmm: Add support for global VNC password YAML
 univention-virtual-machine-manager-node.yaml
Comment 3 Erik Damrose univentionstaff 2016-05-30 13:39:25 CEST 
OK: Configure passwort
OK: works with noVNC + external VNC viewers
OK: yaml

Reopen: Please clarify the UCR documentation. In my tests the behavior was as follows:
.Set global password per UCR: A password configured for an individual instance has to be entered for a VNC connection for this instance. This means that VNC is not deactivated globally is an empty string is configured for UCR uvmm/kvm/vnc/password.
The current ucr doc reads like a per instance password is only possible if the global password is not set.
Comment 4 Florian Best univentionstaff 2016-05-30 13:51:40 CEST 
Maybe mention that everybody can read UCR therefore one should not store valuable passwords in UCR.
Comment 5 Philipp Hahn univentionstaff 2016-05-31 09:46:55 CEST 
r69628 | Bug #41340: Improve description for global VNC password

Package: univention-virtual-machine-manager-node
Version: 4.0.1-4.96.201605310938
Branch: ucs_4.1-0
Scope: errata4.1-2

r69629 | Bug #41340: Improve description for global VNC password YAML
 univention-virtual-machine-manager-node.yaml
Comment 6 Erik Damrose univentionstaff 2016-05-31 11:19:20 CEST 
OK: Updated UCR info
OK: yaml
-> Verified
Comment 7 Janek Walkenhorst univentionstaff 2016-06-02 13:15:49 CEST 
<http://errata.software-univention.de/ucs/4.1/189.html>