Bug 1225069
| Summary: | [RFE] We need to let user to set root password for the controllers and computes. | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Leonid Natapov <lnatapov> |
| Component: | openstack-tripleo-heat-templates | Assignee: | Emilien Macchi <emacchi> |
| Status: | CLOSED ERRATA | QA Contact: | Arik Chernetsky <achernet> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | Director | CC: | achernet, agurenko, aschultz, dmacpher, dsneddon, emacchi, gmollett, hbrock, jcoufal, jschluet, mburns, morazi, nlevinki, oblaut, rhel-osp-director-maint, salmank, sclewis, tvignaud |
| Target Milestone: | Upstream M3 | Keywords: | FutureFeature, Triaged |
| Target Release: | 11.0 (Ocata) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-tripleo-heat-templates-6.0.0-0.20170130212245.el7ost | Doc Type: | Known Issue |
| Doc Text: |
For security reasons, the Overcloud only allows SSH key-based access by default. You can set a root password on the disk image for the overcloud using the virt-customize tool, which is found in the Red Hat Enterprise Linux Extras channel. After installing the tool and downloading the Overcloud images, use the following command to change the root password:
$ virt-customize -a overcloud-full.qcow2 --root-password password:<my_root_password>
Perform this operation prior to uploading the images into glance with the "openstack overcloud image upload" command.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-05-17 19:22:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Leonid Natapov
2015-05-26 13:56:36 UTC
Mike, should we close this if we aren't going to implement it based upon the security concern? *** Bug 1205444 has been marked as a duplicate of this bug. *** Even though we set the root password we can't ssh login with root user. We would have to use the ssh key with "heat-admin" user to login and then use "su" to get the root access. Bulk update to reflect scope of Red Hat OpenStack Platform 9 and Red Hat OpenStack Platform does not include this issue (No pm_ack+). This is already possible, by passing some custom userdata to cloud-init, I posted an example upstream: https://review.openstack.org/416697 Another option would be to use virt-customize to modify the image, but ref comment #8 I don't think we should enable either option by default, folks can chose either the cloud-init or image customization option depending on their requirements. Verified. Just few notes here: - If Comment 13's example is used, this will set password for all nodes - If password in a yaml file is empty it will give the following error early in the deployment: CommandError: Could not fetch contents for file:///home/stack/path/to/userdata_root_password.yaml - Changing password in a yaml will not update root password after the initial deployment Forgot to mention: rpm -q openstack-tripleo-heat-templates openstack-tripleo-heat-templates-6.0.0-0.20170218023452.edbaaa9.el7ost.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1245 |