8e9507bf9a
This change moves the .rst files into the main adming-guide-cloud folder now conversion is complete. changes to the project config and to the openstack manuals to stop sync of .xml files are also needed. Change-Id: I498e8d6ac3cb80da413e23b14a0959abd58e7d79 Implements: blueprint reorganise-user-guides
70 lines
2.5 KiB
ReStructuredText
70 lines
2.5 KiB
ReStructuredText
.. _admin-password-injection:
|
|
|
|
====================================
|
|
Injecting the administrator password
|
|
====================================
|
|
|
|
Compute can generate a random administrator (root) password and inject
|
|
that password into an instance. If this feature is enabled, users can
|
|
run :command:`ssh` to an instance without an :command:`ssh` keypair.
|
|
The random password appears in the output of the :command:`nova boot` command.
|
|
You can also view and set the admin password from the dashboard.
|
|
|
|
**Password injection using the dashboard**
|
|
|
|
By default, the dashboard will display the ``admin`` password and allow
|
|
the user to modify it.
|
|
|
|
If you do not want to support password injection, disable the password
|
|
fields by editing the dashboard's :file:`local_settings` file. On
|
|
Fedora/RHEL/CentOS, the file location is
|
|
:file:`/etc/openstack-dashboard/local_settings`. On Ubuntu and Debian, it is
|
|
:file:`/etc/openstack-dashboard/local_settings.py`. On openSUSE and SUSE
|
|
Linux Enterprise Server, it is
|
|
:file:`/srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py`
|
|
|
|
.. code:: ini
|
|
|
|
OPENSTACK_HYPERVISOR_FEATURES = {
|
|
...
|
|
'can_set_password': False,
|
|
}
|
|
|
|
**Password injection on libvirt-based hypervisors**
|
|
|
|
For hypervisors that use the libvirt back end (such as KVM, QEMU, and
|
|
LXC), admin password injection is disabled by default. To enable it, set
|
|
this option in :file:`/etc/nova/nova.conf`:
|
|
|
|
.. code:: ini
|
|
|
|
[libvirt]
|
|
inject_password=true
|
|
|
|
When enabled, Compute will modify the password of the admin account by
|
|
editing the :file:`/etc/shadow` file inside the virtual machine instance.
|
|
|
|
.. note::
|
|
|
|
Users can only use :command:`ssh` to access the instance by using the admin
|
|
password if the virtual machine image is a Linux distribution, and it has
|
|
been configured to allow users to use :command:`ssh` as the root user. This
|
|
is not the case for `Ubuntu cloud images`_ which, by default, does not
|
|
allow users to use :command:`ssh` to access the root account.
|
|
|
|
**Password injection and XenAPI (XenServer/XCP)**
|
|
|
|
When using the XenAPI hypervisor back end, Compute uses the XenAPI agent
|
|
to inject passwords into guests. The virtual machine image must be
|
|
configured with the agent for password injection to work.
|
|
|
|
**Password injection and Windows images (all hypervisors)**
|
|
|
|
.. _Ubuntu cloud images: #
|
|
|
|
For Windows virtual machines, configure the Windows image to retrieve
|
|
the admin password on boot by installing an agent such as
|
|
`cloudbase-init`_.
|
|
|
|
.. _cloudbase-init: #
|