Red Hat Bugzilla – Bug 1262959
virt-builder/virt-customize set password does not work
Last modified: 2016-11-03 13:55:08 EDT
Created attachment 1073392 [details] Provided log showing what is going on with virt-customize when trying to set a root password. Description of problem: When using virt-builder or virt-customize to set a password to any user, including root, it does not set a password, but not does give a error or a clear answer to why it does not touch/edit /etc/shadow. Version-Release number of selected component (if applicable): 1.30.2 How reproducible: 100% Steps to Reproduce: 1. run "virt-cat -a /path/to/image /etc/shadow" and note of the data it provides (including hash of the root user or any other user if youre changing those passwords) 2. run "virt-customize -a /path/to/image --root-password password:newpassword1" 3. run the first command and you will see the hash have not changed. Actual results: See attachment Additional info: I have tested 1.28 and have not had this issue but however on 1.30 this problem occurs. I am unsure about 1.29 or 1.31.
Which version of Augeas is installed on the host? Might be bug 1145249.
I am using what is provided in the repo which is 1.1.0.17.el7, but wouldnt it still work regardless since 1.28 works as well?
The problem is these two lines in the trace: libguestfs: trace: aug_ls "/files/etc/shadow" ... libguestfs: trace: aug_ls = [] corresponding to this code: https://github.com/libguestfs/libguestfs/blob/1b4c1d74d36c942417ea946a561a1964b20a1191/customize/password.ml#L91-L117 As either /etc/shadow is really empty, or the Augeas shadow lens cannot read anything from the file, no passwords get changed. Suggest you look at the contents of /etc/shadow before & after the virt-customize command to see if it is empty before (or after) and if anything changed in the file. If /etc/shadow is not empty, then it must be a problem with Augeas, although I don't know exactly what. You can try aug-init and aug-ls commands from within guestfish.
It is not empty (which is how I know nothing is being changed because the content remains the same). I have ran those in guestfish but aug-ls doesnt show anything. ><fs> aug-init / 0 ><fs> aug-ls /files/etc/shadow ><fs> aug-ls /etc/shadow ><fs> aug-close ><fs> aug-init / 1 ><fs> aug-ls /etc/shadow ><fs> aug-ls /files/etc/shadow ><fs> aug-close I dont really see much that could've changed between 1.28 and 1.30 that couldve broken this.
Created attachment 1075242 [details] Log of guestfish
aug-ls /files/etc/shadow should show something. If it doesn't that's an augeas problem of some sort. It turns out that augeas has been rebased in RHEL 7.2. I uploaded the new version to https://people.redhat.com/~rjones/libguestfs-RHEL-7.2-preview/ so see if that makes a difference.
Ill update and let you know if it does
I can confirm that guestfish now sees /files/etc/shadow and it is also providing the password to the file.
Works for me with: libguestfs-1.28.1-1.55.el7.x86_64 augeas-libs-1.4.0-2.el7.x86_64 $ virt-builder ubuntu-14.04 $ guestfish -a ubuntu-14.04.img -i --ro Welcome to guestfish, the guest filesystem shell for editing virtual machine filesystems and disk images. Type: 'help' for help on commands 'man' to read the manual 'quit' to quit the shell Operating system: Ubuntu 14.04 LTS /dev/sda1 mounted on / ><fs> aug-init / 0 ><fs> aug-ls /files/etc/shadow /files/etc/shadow/backup /files/etc/shadow/bin /files/etc/shadow/builder /files/etc/shadow/daemon /files/etc/shadow/games /files/etc/shadow/gnats /files/etc/shadow/irc /files/etc/shadow/libuuid /files/etc/shadow/list /files/etc/shadow/lp /files/etc/shadow/mail /files/etc/shadow/man /files/etc/shadow/messagebus /files/etc/shadow/news /files/etc/shadow/nobody /files/etc/shadow/proxy /files/etc/shadow/root /files/etc/shadow/sshd /files/etc/shadow/sync /files/etc/shadow/sys /files/etc/shadow/syslog /files/etc/shadow/uucp /files/etc/shadow/www-data
I believe this bug is now fixed. I'm leaving it open so QA can check in the RHEL 7.3 timeframe.
Verified with the packages: libguestfs-1.28.1-1.55.el7.x86_64 augeas-1.4.0-2.el7.x86_64 Verify steps: # guestfish -a RHEL-Server-6.7-64-hvm.raw -i ><fs> aug-init / 1 ><fs> aug-ls /files/etc/shadow /files/etc/shadow/abrt /files/etc/shadow/adm /files/etc/shadow/avahi-autoipd /files/etc/shadow/bin /files/etc/shadow/daemon /files/etc/shadow/dbus /files/etc/shadow/ftp /files/etc/shadow/games /files/etc/shadow/gopher /files/etc/shadow/haldaemon /files/etc/shadow/halt /files/etc/shadow/lp /files/etc/shadow/mail /files/etc/shadow/nobody /files/etc/shadow/ntp /files/etc/shadow/operator /files/etc/shadow/postfix /files/etc/shadow/root /files/etc/shadow/saslauth /files/etc/shadow/shutdown /files/etc/shadow/sshd /files/etc/shadow/sync /files/etc/shadow/tcpdump /files/etc/shadow/uucp /files/etc/shadow/vcsa So verified.
In RHEL7.3 with the packages: libguestfs-1.32.5-6.el7.x86_64 Verify steps: # guestfish -a RHEL-Server-7.2-64-hvm.raw -i ><fs> aug-init / 1 ><fs> aug-ls /files/etc/shadow /files/etc/shadow/abrt /files/etc/shadow/adm /files/etc/shadow/avahi-autoipd /files/etc/shadow/bin /files/etc/shadow/chrony /files/etc/shadow/daemon /files/etc/shadow/dbus /files/etc/shadow/ftp /files/etc/shadow/games /files/etc/shadow/halt /files/etc/shadow/libstoragemgmt /files/etc/shadow/lp /files/etc/shadow/mail /files/etc/shadow/nfsnobody /files/etc/shadow/nobody /files/etc/shadow/ntp /files/etc/shadow/operator /files/etc/shadow/oprofile /files/etc/shadow/pcp /files/etc/shadow/polkitd /files/etc/shadow/postfix /files/etc/shadow/qemu /files/etc/shadow/radvd /files/etc/shadow/root /files/etc/shadow/rpc /files/etc/shadow/rpcuser /files/etc/shadow/saslauth /files/etc/shadow/shutdown /files/etc/shadow/sshd /files/etc/shadow/sssd /files/etc/shadow/sync /files/etc/shadow/systemd-bus-proxy /files/etc/shadow/systemd-network /files/etc/shadow/tcpdump /files/etc/shadow/tss /files/etc/shadow/unbound /files/etc/shadow/usbmuxd Also works good.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2576.html