Change-Id: I45738217d997db8af3bc2ffed10e63dc8e7a09b1
2.2 KiB
Injecting the administrator password
Compute can generate a random administrator (root) password and
inject that password into an instance. If this feature is enabled, users
can run ssh
to an
instance without an ssh
keypair. The random password appears in the
output of the nova boot
command. You can also view and set the
admin password from the dashboard.
Password injection using the dashboard
By default, the dashboard will display the admin
password and allow the user to modify it.
If you do not want to support password injection, disable the
password fields by editing the dashboard's
local_settings.py
file.
OPENSTACK_HYPERVISOR_FEATURES = {
...
'can_set_password': False,
}
Password injection on libvirt-based hypervisors
For hypervisors that use the libvirt back end (such as KVM, QEMU, and
LXC), admin password injection is disabled by default. To enable it, set
this option in /etc/nova/nova.conf
:
[libvirt]
inject_password=true
When enabled, Compute will modify the password of the admin account
by editing the /etc/shadow
file inside the virtual machine
instance.
Note
Users can only use ssh
to access the instance by using the admin
password if the virtual machine image is a Linux distribution, and it
has been configured to allow users to use ssh
as the root user. This is not the case for Ubuntu cloud images which, by default, does not allow users
to use ssh
to
access the root account.
Password injection and XenAPI (XenServer/XCP)
When using the XenAPI hypervisor back end, Compute uses the XenAPI agent to inject passwords into guests. The virtual machine image must be configured with the agent for password injection to work.
Password injection and Windows images (all hypervisors)
For Windows virtual machines, configure the Windows image to retrieve the admin password on boot by installing an agent such as cloudbase-init.