openstack/openstack-manuals
Code Issues Proposed changes
Files
2ce5b11b1aecd749c4daad6a10b0ee87837e098b
openstack-manuals/doc/admin-guide/source/compute-admin-password-injection.rst
Joseph Robinson 2ce5b11b1a [User Guides] Rename Admin-Guide-Cloud to Admin-Guide 
This patch changes the name of the Admin-Guide from the Cloud
Admin Guide to the Administrator guide. This affects the
filename in the repository, and references to cloud administrators
within the document texts.

1.) Changing instances of 'cloud administrator'
    to 'administrator'.

2.) Change links from '/admin-guide-cloud/' to
    '/admin-guide/' within the Admin Guide.

3.) Adjust .htaccess file.

Change-Id: I7f21a710e922981aa295afc0616de36fd819b523
Implements: blueprint user-guides-reorganised
2016-04-01 19:50:13 +09:00

65 lines
2.2 KiB
ReStructuredText
Raw Blame History

.. _admin-password-injection:
====================================
Injecting the administrator password
====================================
Compute can generate a random administrator (root) password and inject
that password into an instance. If this feature is enabled, users can
run :command:`ssh` to an instance without an :command:`ssh` keypair.
The random password appears in the output of the :command:`nova boot` command.
You can also view and set the admin password from the dashboard.
**Password injection using the dashboard**
By default, the dashboard will display the ``admin`` password and allow
the user to modify it.
If you do not want to support password injection, disable the password
fields by editing the dashboard's ``local_settings.py`` file.
.. code-block:: none
OPENSTACK_HYPERVISOR_FEATURES = {
...
'can_set_password': False,
}
**Password injection on libvirt-based hypervisors**
For hypervisors that use the libvirt back end (such as KVM, QEMU, and
LXC), admin password injection is disabled by default. To enable it, set
this option in ``/etc/nova/nova.conf``:
.. code-block:: ini
[libvirt]
inject_password=true
When enabled, Compute will modify the password of the admin account by
editing the ``/etc/shadow`` file inside the virtual machine instance.
.. note::
Users can only use :command:`ssh` to access the instance by using the admin
password if the virtual machine image is a Linux distribution, and it has
been configured to allow users to use :command:`ssh` as the root user. This
is not the case for `Ubuntu cloud images`_ which, by default, does not
allow users to use :command:`ssh` to access the root account.
**Password injection and XenAPI (XenServer/XCP)**
When using the XenAPI hypervisor back end, Compute uses the XenAPI agent
to inject passwords into guests. The virtual machine image must be
configured with the agent for password injection to work.
**Password injection and Windows images (all hypervisors)**
.. _Ubuntu cloud images: #
For Windows virtual machines, configure the Windows image to retrieve
the admin password on boot by installing an agent such as
`cloudbase-init`_.
.. _cloudbase-init: #
View Git Blame Copy Permalink