Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1225069 - [RFE] We need to let user to set root password for the controllers and computes.
[RFE] We need to let user to set root password for the controllers and computes.
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates (Show other bugs)
Director
Unspecified Unspecified
low Severity high
: Upstream M3
: 11.0 (Ocata)
Assigned To: Emilien Macchi
Arik Chernetsky
: FutureFeature, Triaged
: 1205444 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-05-26 09:56 EDT by Leonid Natapov
Modified: 2017-05-17 15:22 EDT (History)
18 users (show)

See Also:
Fixed In Version: openstack-tripleo-heat-templates-6.0.0-0.20170130212245.el7ost
Doc Type: Known Issue
Doc Text:
For security reasons, the Overcloud only allows SSH key-based access by default. You can set a root password on the disk image for the overcloud using the virt-customize tool, which is found in the Red Hat Enterprise Linux Extras channel. After installing the tool and downloading the Overcloud images, use the following command to change the root password: $ virt-customize -a overcloud-full.qcow2 --root-password password:<my_root_password> Perform this operation prior to uploading the images into glance with the "openstack overcloud image upload" command.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-05-17 15:22:29 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 416697 None None None 2017-01-04 13:15 EST
Red Hat Product Errata RHEA-2017:1245 normal SHIPPED_LIVE Red Hat OpenStack Platform 11.0 Bug Fix and Enhancement Advisory 2017-05-17 19:01:50 EDT

  None (edit)
Description Leonid Natapov 2015-05-26 09:56:36 EDT 
Now user don't have root access to controller and compute.
Everything is done by using public key. If for some reason public key file got damaged,deleted,re-generated user will have no access to controllers and computes. Like in staypuft we asked from user to set root password ,the same manner we should do in RDO.
Comment 4 chris alfonso 2015-07-31 14:21:36 EDT 
Mike, should we close this if we aren't going to implement it based upon the security concern?
Comment 5 chris alfonso 2015-07-31 14:22:07 EDT 
*** Bug 1205444 has been marked as a duplicate of this bug. ***
Comment 11 Salman Khan 2016-06-07 10:20:57 EDT 
Even though we set the root password we can't ssh login with root user. We would have to use the ssh key with "heat-admin" user to login and then use "su" to get the root access.
Comment 12 Stephen Gordon 2016-06-09 14:51:19 EDT 
Bulk update to reflect scope of Red Hat OpenStack Platform 9 and Red Hat OpenStack Platform does not include this issue (No pm_ack+).
Comment 13 Steven Hardy 2017-01-04 13:13:47 EST 
This is already possible, by passing some custom userdata to cloud-init, I posted an example upstream:

https://review.openstack.org/416697

Another option would be to use virt-customize to modify the image, but ref comment #8 I don't think we should enable either option by default, folks can chose either the cloud-init or image customization option depending on their requirements.
Comment 18 Gurenko Alex 2017-02-22 02:51:35 EST 
Verified. Just few notes here:

- If Comment 13's example is used, this will set password for all nodes
- If password in a yaml file is empty it will give the following error early in the deployment: CommandError: Could not fetch contents for file:///home/stack/path/to/userdata_root_password.yaml
- Changing password in a yaml will not update root password after the initial deployment
Comment 19 Gurenko Alex 2017-02-22 02:57:01 EST 
Forgot to mention:

rpm -q openstack-tripleo-heat-templates
openstack-tripleo-heat-templates-6.0.0-0.20170218023452.edbaaa9.el7ost.noarch
Comment 21 errata-xmlrpc 2017-05-17 15:22:29 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1245
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.