openstack/openstack-manuals
Code Issues Proposed changes
66692c71a5
openstack-manuals/doc/admin-guide-cloud/source/compute-admin-password-injection.rst
Joseph Robinson 8e9507bf9a Moving .rst format files to main admin-guide-cloud folder 
This change moves the .rst files into the main adming-guide-cloud
folder now conversion is complete. changes to the project config
and to the openstack manuals to stop sync of .xml files
are also needed.

Change-Id: I498e8d6ac3cb80da413e23b14a0959abd58e7d79
Implements: blueprint reorganise-user-guides
2015-08-21 09:37:08 +02:00

2.5 KiB
Raw Blame History

Injecting the administrator password

Compute can generate a random administrator (root) password and inject that password into an instance. If this feature is enabled, users can run ssh to an instance without an ssh keypair. The random password appears in the output of the nova boot command. You can also view and set the admin password from the dashboard.

Password injection using the dashboard

By default, the dashboard will display the admin password and allow the user to modify it.

If you do not want to support password injection, disable the password fields by editing the dashboard's local_settings file. On Fedora/RHEL/CentOS, the file location is /etc/openstack-dashboard/local_settings. On Ubuntu and Debian, it is /etc/openstack-dashboard/local_settings.py. On openSUSE and SUSE Linux Enterprise Server, it is /srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py

OPENSTACK_HYPERVISOR_FEATURES = {
...
    'can_set_password': False,
}

Password injection on libvirt-based hypervisors

For hypervisors that use the libvirt back end (such as KVM, QEMU, and LXC), admin password injection is disabled by default. To enable it, set this option in /etc/nova/nova.conf:

[libvirt]
inject_password=true

When enabled, Compute will modify the password of the admin account by editing the /etc/shadow file inside the virtual machine instance.

Note

Users can only use ssh to access the instance by using the admin password if the virtual machine image is a Linux distribution, and it has been configured to allow users to use ssh as the root user. This is not the case for Ubuntu cloud images which, by default, does not allow users to use ssh to access the root account.

Password injection and XenAPI (XenServer/XCP)

When using the XenAPI hypervisor back end, Compute uses the XenAPI agent to inject passwords into guests. The virtual machine image must be configured with the agent for password injection to work.

Password injection and Windows images (all hypervisors)

For Windows virtual machines, configure the Windows image to retrieve the admin password on boot by installing an agent such as cloudbase-init.