action #101006: Provide unique non-dictionary passwords for all our IPMI/HMC interfaces size:S - openQA Infrastructure - openSUSE Project Management Tool

Actions

Copy link

action #101006

closed

Provide unique non-dictionary passwords for all our IPMI/HMC interfaces size:S

Added by okurz over 2 years ago. Updated over 2 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

mkittler

Category:

Target version:

openQA Project - Ready

Start date:

2021-10-14

Due date:

% Done:

Estimated time:

Description

Motivation¶

bmwiedemann from SUSE-IT informed me that security scans have shown openqaworkers to be vulnerable due to the default IPMI passwords. We should provide a unique password for that purpose, potentially unique for each host.

Acceptance criteria¶

AC1: No IPMI/BMC connection in https://gitlab.suse.de/openqa/salt-pillars-openqa/-/blob/master/openqa/workerconf.sls references the default password anymore

Suggestions¶

~~Generate a password for each host with xkcdpass from python3-xkcdpass~~ Just use the same password we have for sp.openqaw8-vmware.qa.suse.de where bmwiedemann recently set a new password
Set password from each host, e.g. with

rcipmi start 
ipmitool user list
ipmitool user set password 2 'FOOBAR'

Update https://gitlab.suse.de/openqa/salt-pillars-openqa/-/blob/master/openqa/workerconf.sls

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

QA » openQA Project » openQA Infrastructure

Tags

Custom queries

action #101006

Provide unique non-dictionary passwords for all our IPMI/HMC interfaces size:S

Motivation¶

Acceptance criteria¶

Suggestions¶

Updated by okurz over 2 years ago

Updated by okurz over 2 years ago

Updated by livdywan over 2 years ago

Updated by mkittler over 2 years ago

Updated by mkittler over 2 years ago

Updated by okurz over 2 years ago

Updated by okurz over 2 years ago

Updated by mkittler over 2 years ago

Updated by mkittler over 2 years ago

Updated by mkittler over 2 years ago