openstack,nova创建虚拟机随机密码
管理员在cli命令行创建虚拟机的时候会输入大概一个这样的命令
nova boot --flavor FLAVOR --image IMAGE --nic net-id=XXX NAME
然后就输出我平时看起来像是nova show 就可以看出来的,但是仔细发现有几个属性上不一致的,其中有个叫做adminPass,是一个12位的伪随机数。
今天来说一下这个随机数是怎么生成的。
nova/api/openstack/compute/servers.py
def _get_server_admin_password(self, server): """Determine the admin password for a server on creation.""" if 'adminPass' in server: password = server['adminPass'] else: password = utils.generate_password() return password
_get_server_admin_password()函数获取在字典server里查找adminPass的key,如果创建的时候指定了adminPass就直接返回password,如果没有指定,接下来调用了一个generate_password(),跳转到utils.generate_password继续看
nova/utils.py
def generate_password(length=None, symbolgroups=DEFAULT_PASSWORD_SYMBOLS): """Generate a random password from the supplied symbol groups. At least one symbol from each group will be included. Unpredictable results if length is less than the number of symbol groups. Believed to be reasonably secure (with a reasonable password length!) """ if length is None: length = CONF.password_length r = random.SystemRandom() # NOTE(jerdfelt): Some password policies require at least one character # from each group of symbols, so start off with one random character # from each symbol group password = [r.choice(s) for s in symbolgroups] # If length < len(symbolgroups), the leading characters will only # be from the first length groups. Try our best to not be predictable # by shuffling and then truncating. r.shuffle(password) password = password[:length] length -= len(password) # then fill with random characters from all symbol groups symbols = ''.join(symbolgroups) password.extend([r.choice(symbols) for _i in range(length)]) # finally shuffle to ensure first x characters aren't from a # predictable group r.shuffle(password) return ''.join(password)
首先这个函数要两个参数,一个length,默认是none,还有一个symbolgroups=DEFAULT_PASSWORD_SYMBOLS 在这个文件中有这个元组变量
DEFAULT_PASSWORD_SYMBOLS = ('23456789', # Removed: 0,1 'ABCDEFGHJKLMNPQRSTUVWXYZ', # Removed: I, O 'abcdefghijkmnopqrstuvwxyz') # Removed: l
先要拿到一个预设值的密码长度length 然后从大小写字母数字中各拿一个,然后在从整个DEFAULT_PASSWORD_SYMBOLS随机拿出剩下的(length-元组元素个数)个
字符放在password里,在返回password
伪源码:
import random DEFAULT_PASSWORD_SYMBOLS = ('23456789', # Removed: 0,1 'ABCDEFGHJKLMNPQRSTUVWXYZ', # Removed: I, O 'abcdefghijkmnopqrstuvwxyz') # Removed: l def generate_password(length=None, symbolgroups=DEFAULT_PASSWORD_SYMBOLS): ''' if length is None: length = CONF.password_length ''' length = 20 r = random.SystemRandom() password = [r.choice(s) for s in symbolgroups] r.shuffle(password) password = password[:length] length -= len(password) symbols = ''.join(symbolgroups) password.extend([r.choice(symbols) for _i in range(length)]) r.shuffle(password) return ''.join(password)
print generate_password()
基本就这样了,密码长度没有强制的要求,可以在元组添加新元素,特殊字符什么的。
