Now user don't have root access to controller and compute.
Everything is done by using public key. If for some reason public key file got damaged,deleted,re-generated user will have no access to controllers and computes. Like in staypuft we asked from user to set root password ,the same manner we should do in RDO.
Mike, should we close this if we aren't going to implement it based upon the security concern?
*** Bug 1205444 has been marked as a duplicate of this bug. ***
Even though we set the root password we can't ssh login with root user. We would have to use the ssh key with "heat-admin" user to login and then use "su" to get the root access.
Bulk update to reflect scope of Red Hat OpenStack Platform 9 and Red Hat OpenStack Platform does not include this issue (No pm_ack+).
This is already possible, by passing some custom userdata to cloud-init, I posted an example upstream:
Another option would be to use virt-customize to modify the image, but ref comment #8 I don't think we should enable either option by default, folks can chose either the cloud-init or image customization option depending on their requirements.
Verified. Just few notes here:
- If Comment 13's example is used, this will set password for all nodes
- If password in a yaml file is empty it will give the following error early in the deployment: CommandError: Could not fetch contents for file:///home/stack/path/to/userdata_root_password.yaml
- Changing password in a yaml will not update root password after the initial deployment
Forgot to mention:
rpm -q openstack-tripleo-heat-templates
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.