bfca36c772
-----BEGIN PGP SIGNATURE----- iQEcBAABAgAGBQJYV1yqAAoJEBty/58O8cX8hLwIAKP66w6MdPN8PDgUOteui/Sx N0UFKJ9yR4GQOAP0NffPLjch5/g0iJLs3eFKOhtGC1LjbDjpVgjX8vW18ib8wBZK GemOZPF3uxg8FROrZF1vpoDy/cHgL1YV10hCnwdjN/r9rb8zOuSabqjW+Dennj2n fZ0SJfa8Owfudn3YxGuOymVb/wMtEloDmVGBEI1Y+h7osELCCDi3OXmwsA8qMsdl cTwbeugBs4PlOVbZUK/JKGuwIHKgPnDYzYu5KpXw77/MdjGT0fo5Tlq5AOBDI2sC 9JOFEBDli4Ro05VwvI58ADMpvvOax+9EvOhLbB1dRPdZl21Iyb6gOdy2PUbFO0c= =aKxq -----END PGP SIGNATURE----- Merge tag '1.25.2' into merge-branch Release 1.25.2 Change-Id: I698bcf2e82117bd81649cd065a7af5cac85990c7 |
||
---|---|---|
.. | ||
init-scripts | ||
install.d | ||
static/usr/local/bin | ||
element-deps | ||
README.rst |
dynamic-login
This element insert a helper script in the image that allows users to dynamically configure credentials at boot time. This is specially useful for troubleshooting.
Troubleshooting an image can be quite hard, specially if you can not
get a prompt you can enter commands to find out what went wrong. By
default, the images (specially ramdisks) doesn't have any SSH key or
password for any user. Of course one could use the devuser
element to generate an image with SSH keys and user/password in the
image but that would be a massive security hole and very it's
discouraged to run in production with a ramdisk like that.
This element allows the operator to inject a SSH key and/or change the root password dynamically when the image boots. Two kernel command line parameters are used to do it:
- sshkey
-
- Description
-
If the operator append sshkey="$PUBLIC_SSH_KEY" to the kernel command line on boot, the helper script will append this key to the root user authorized_keys.
- rootpwd
-
- Description
-
If the operator append rootpwd="$ENCRYPTED_PASSWORD" to the kernel command line on boot, the helper script will set the root password to the one specified by this option. Note that this password must be encrypted. Encrypted passwords can be generated using the
openssl
command, e.g: openssl passwd -1.
Note
The value of these parameters must be quoted, e.g: sshkey="ssh-rsa BBBA1NBzaC1yc2E ..."
Warning
Some base operational systems might require selinux to be in
permissive or disabled mode so that
you can log in the image. This can be achieved by building the image
with the selinux-permissive
element for diskimage-builder
or by passing selinux=0
in the kernel command line.
RHEL/CentOS are examples of OSs which this is true.