openstack/nova
Code Issues Proposed changes
Files
58f7582c6326f5a59623b1786f4bcce959b1fb34
nova/doc/source/admin/admin-password-injection.rst
Stephen Finucane 58f7582c63 docs: Remove references to XenAPI driver 
Not as many of these as I thought there would be. Also, yes, the change
to 'nova.conf.compute' is a doc change :)

Change-Id: I27626984ce94544bd81d998c5fdf141875faec92
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2020-08-31 15:53:31 +01:00

61 lines
2.2 KiB
ReStructuredText
Raw Blame History

====================================
Injecting the administrator password
====================================
Compute can generate a random administrator (root) password and inject that
password into an instance. If this feature is enabled, users can run
:command:`ssh` to an instance without an :command:`ssh` keypair. The random
password appears in the output of the :command:`openstack server create`
command. You can also view and set the admin password from the dashboard.
.. rubric:: Password injection using the dashboard
By default, the dashboard will display the ``admin`` password and allow the
user to modify it.
If you do not want to support password injection, disable the password fields
by editing the dashboard's ``local_settings.py`` file.
.. code-block:: none
OPENSTACK_HYPERVISOR_FEATURES = {
...
'can_set_password': False,
}
.. rubric:: Password injection on libvirt-based hypervisors
For hypervisors that use the libvirt back end (such as KVM, QEMU, and LXC),
admin password injection is disabled by default. To enable it, set this option
in ``/etc/nova/nova.conf``:
.. code-block:: ini
[libvirt]
inject_password=true
When enabled, Compute will modify the password of the admin account by editing
the ``/etc/shadow`` file inside the virtual machine instance.
.. note::
Linux distribution guest only.
.. note::
Users can only use :command:`ssh` to access the instance by using the admin
password if the virtual machine image is a Linux distribution, and it has
been configured to allow users to use :command:`ssh` as the root user with
password authorization. This is not the case for
`Ubuntu cloud images <http://uec-images.ubuntu.com>`_
which, by default, does not allow users to use :command:`ssh` to access the
root account, or
`CentOS cloud images <http://cloud.centos.org/centos/>`_ which, by default,
does not allow :command:`ssh` access to the instance with password.
.. rubric:: Password injection and Windows images (all hypervisors)
For Windows virtual machines, configure the Windows image to retrieve the admin
password on boot by installing an agent such as `cloudbase-init
<https://cloudbase.it/cloudbase-init>`_.
View Git Blame Copy Permalink