Thanks Juerg!
when I use a debian7 image without cloudinit, I login the instance successfully!
it's because cloudinit locks password.
2014-06-25 16:14 (UTC+8)
Wangpan
----- Original Message -----
> From: Juerg Haefliger <jue...@gmail.com>
> To: "Wangpan"<hzwang...@corp.netease.com>
> Sent: 2014-06-25 15:50
> Subject: Re: [Openstack] [Nova] Admin pass injection in launch libvirt/kvm
> instance
On Wed, Jun 25, 2014 at 9:07 AM, Wangpan <hzwang...@corp.netease.com> wrote:
>
> Hi all,
>
> I debug the process of libvirt admin password injection, I found everything
> is OK before the instance is booting up,
> the /etc/shadow is modified normally, such as:
> Wangpan@10-120-120-7:/tmp/openstack-vfs-localfsX_J5ke/etc$ sudo cat shadow
> root:$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7:::
> daemon:*:15822:0:99999:7:::
> bin:*:15822:0:99999:7:::
> ...
>
> but after the instance is running up, I login it by ssh+keypair, I cat this
> file again, it is changed like this:
> root@t1:~# cat /etc/shadow
> root:!$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7:::
> daemon:*:15822:0:99999:7:::
> bin:*:15822:0:99999:7:::
>
> the difference is:
> root:$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7::: (before
> running up)
> root:!$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7::: (after
> running up)
> you can find that a '!' prefix is added to the encrypted password, if I
> remove it, then I can login the instance by VNC successfully!
> I don't know what happened? anyone can help me?
What image is this?
Probably cloud-init locking the root password. Check /etc/cloud/cloud.cfg for:
lock_passwd: True
...Juerg
> thanks!
>
>
> 2014-06-25 14:57 (UTC+8)
> Wangpan
>
> ----- Original Message -----
> > From: CôngTT <tcvn1...@gmail.com>
> > To: "Thang Pham"<thang.g.p...@gmail.com>
> > Sent: 2014-06-25 12:21
> > Subject: Re: [Openstack] [Nova] Admin pass injection in launch libvirt/kvm
> > instance
>
> Hi Thang Pham and all !
>
> I am using KVM on OpenStack Havana , OpenStack Icehouse , And inject admin
> password OK. SURE 100%
>
>
> Step 1 : Edit /etc/nova/nova.conf
>
> [DEFAULT ]
> ....
>
> libvirt_inject_password=True
> enable_instance_password = True
>
>
> Step 22:
> If you use image cirros, ubuntu .... downloading from Internet, then you will
> modify /etc/ssh/sshd_config to disable authentication private key (rsa):
> (Example Ubuntu 13.10)
>
>
> #Line 15 Un-comment
> UsePrivilegeSeparation yes
>
> #Line 30: Comment 30
> #RSAAuthentication no
>
> #Line 31
> PubkeyAuthentication no
>
> #Line 51
> PasswordAuthentication yes
>
>
>
> Besides, You can create image for GLANCE by yourself.
>
> Note: On KVM not support reset password. You can see
> https://wiki.openstack.org/wiki/HypervisorSupportMatrix
>
> Good luck for U !
>
> P/S: Thắng: Tính năng này là tính năng chèn password ngay khi khởi tạo máy,
> mình thực hiện tốt trên KVM
>
> tu0ng_c0ng
>
> On Wed, Jun 25, 2014 at 10:48 AM, Thang Pham <thang.g.p...@gmail.com> wrote:
>>
>> Hi Wangpan,
>>
>> Injecting admin password is not implemented or supported in libvirt/kvm. I
>> believe only Xen supports it.
>>
>> Regards,
>> Thang
>>
>>
>> On Tue, Jun 24, 2014 at 11:36 PM, Wangpan <hzwang...@corp.netease.com> wrote:
>>>
>>> Hi all,
>>>
>>> I want to inject admin password to a libvirt/kvm instance, and I enable the
>>> config libvirt_inject_password=true on the compute node,
>>> I also find the /etc/shadow file in the instance is changed, but when I use
>>> the adminPass to login the instance from vnc, it is failed.
>>> I find that the admin password is encrypted in
>>> nova/virt/disk/api.py:_set_password() method,
>>> evenif I encrypt my adminPass and replace the root password in /etc/shadow
>>> manually, I can't login the instance with vnc.
>>>
>>> My questions are:
>>> 1) Does this admin password injection function of libvirt driver useable?
>>> In other words, my issue is a bug or not?
>>> 2) Are there some special details I was losing sight of? such as any
>>> configs should change?
>>> 3) Is this function depends on the libc version?
>>>
>>> BTW, I'm using stable havana and booting a debian7 instance, and this is
>>> the admin guide page of this function:
>>> http://docs.openstack.org/admin-guide-cloud/content/admin-password-injection.html
>>>
>>> thanks!
>>>
>>> 2014-06-25 11:16 (UTC+8)
>>> Wangpan
>>>
>>> _______________________________________________
>>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to : openstack@lists.openstack.org
>>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>
>>
>> _______________________________________________
>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack@lists.openstack.org
>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
