I found the following documentation on it: http://docs.openstack.org/admin-guide-cloud/content/admin-password-injection.html .
I initially thought it was not implemented because the set_admin_password method was not implemented in the libvirt driver. Now I see there is another way to do it, which is easier to login than using ssh key pairs :) Thanks for pointing it out, Thang On Wed, Jun 25, 2014 at 4:16 AM, Wangpan <hzwang...@corp.netease.com> wrote: > Thanks Juerg! > when I use a debian7 image without cloudinit, I login the instance > successfully! > it's because cloudinit locks password. > > 2014-06-25 16:14 (UTC+8) > Wangpan > > ----- Original Message ----- > > From: Juerg Haefliger <jue...@gmail.com> > > To: "Wangpan"<hzwang...@corp.netease.com> > > Sent: 2014-06-25 15:50 > > Subject: Re: [Openstack] [Nova] Admin pass injection in launch > libvirt/kvm instance > > > > > On Wed, Jun 25, 2014 at 9:07 AM, Wangpan <hzwang...@corp.netease.com> > wrote: > > > > Hi all, > > > > I debug the process of libvirt admin password injection, I found > everything is OK before the instance is booting up, > > the /etc/shadow is modified normally, such as: > > Wangpan@10-120-120-7:/tmp/openstack-vfs-localfsX_J5ke/etc$ sudo cat > shadow > > root:$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7::: > > daemon:*:15822:0:99999:7::: > > bin:*:15822:0:99999:7::: > > ... > > > > but after the instance is running up, I login it by ssh+keypair, I cat > this file again, it is changed like this: > > root@t1:~# cat /etc/shadow > > root:!$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7::: > > daemon:*:15822:0:99999:7::: > > bin:*:15822:0:99999:7::: > > > > the difference is: > > root:$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7::: (before > running up) > > root:!$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7::: (after > running up) > > you can find that a '!' prefix is added to the encrypted password, if I > remove it, then I can login the instance by VNC successfully! > > I don't know what happened? anyone can help me? > > What image is this? > > Probably cloud-init locking the root password. Check /etc/cloud/cloud.cfg > for: > lock_passwd: True > > ...Juerg > > > > thanks! > > > > > > 2014-06-25 14:57 (UTC+8) > > Wangpan > > > > ----- Original Message ----- > > > From: CôngTT <tcvn1...@gmail.com> > > > To: "Thang Pham"<thang.g.p...@gmail.com> > > > Sent: 2014-06-25 12:21 > > > Subject: Re: [Openstack] [Nova] Admin pass injection in launch > libvirt/kvm instance > > > > Hi Thang Pham and all ! > > > > I am using KVM on OpenStack Havana , OpenStack Icehouse , And inject > admin password OK. SURE 100% > > > > > > Step 1 : Edit /etc/nova/nova.conf > > > > [DEFAULT ] > > .... > > > > libvirt_inject_password=True > > enable_instance_password = True > > > > > > Step 22: > > If you use image cirros, ubuntu .... downloading from Internet, then you > will modify /etc/ssh/sshd_config to disable authentication private key > (rsa): (Example Ubuntu 13.10) > > > > > > #Line 15 Un-comment > > UsePrivilegeSeparation yes > > > > #Line 30: Comment 30 > > #RSAAuthentication no > > > > #Line 31 > > PubkeyAuthentication no > > > > #Line 51 > > PasswordAuthentication yes > > > > > > > > Besides, You can create image for GLANCE by yourself. > > > > Note: On KVM not support reset password. You can see > https://wiki.openstack.org/wiki/HypervisorSupportMatrix > > > > Good luck for U ! > > > > P/S: Thắng: Tính năng này là tính năng chèn password ngay khi khởi tạo > máy, mình thực hiện tốt trên KVM > > > > tu0ng_c0ng > > > > On Wed, Jun 25, 2014 at 10:48 AM, Thang Pham <thang.g.p...@gmail.com> > wrote: > >> > >> Hi Wangpan, > >> > >> Injecting admin password is not implemented or supported in > libvirt/kvm. I believe only Xen supports it. > >> > >> Regards, > >> Thang > >> > >> > >> On Tue, Jun 24, 2014 at 11:36 PM, Wangpan <hzwang...@corp.netease.com> > wrote: > >>> > >>> Hi all, > >>> > >>> I want to inject admin password to a libvirt/kvm instance, and I > enable the config libvirt_inject_password=true on the compute node, > >>> I also find the /etc/shadow file in the instance is changed, but when > I use the adminPass to login the instance from vnc, it is failed. > >>> I find that the admin password is encrypted in > nova/virt/disk/api.py:_set_password() method, > >>> evenif I encrypt my adminPass and replace the root password in > /etc/shadow manually, I can't login the instance with vnc. > >>> > >>> My questions are: > >>> 1) Does this admin password injection function of libvirt driver > useable? In other words, my issue is a bug or not? > >>> 2) Are there some special details I was losing sight of? such as any > configs should change? > >>> 3) Is this function depends on the libc version? > >>> > >>> BTW, I'm using stable havana and booting a debian7 instance, and this > is the admin guide page of this function: > >>> > http://docs.openstack.org/admin-guide-cloud/content/admin-password-injection.html > >>> > >>> thanks! > >>> > >>> 2014-06-25 11:16 (UTC+8) > >>> Wangpan > >>> > >>> _______________________________________________ > >>> Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >>> Post to : openstack@lists.openstack.org > >>> Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >>> > >> > >> > >> _______________________________________________ > >> Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> Post to : openstack@lists.openstack.org > >> Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> > > > > > > _______________________________________________ > > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
