Atom feed of this document
  
 

 Admin password injection

You can configure Compute to generate a random administrator (root) password and inject that password into the instance. If this feature is enabled, a user can ssh to an instance without an ssh keypair. The random password appears in the output of the nova boot command. You can also view and set the admin password from the dashboard.

 Dashboard

The dashboard is configured by default to display the admin password and allow the user to modify it.

If you do not want to support password injection, we recommend disabling the password fields by editing your Dashboard local_settings file (file location will vary by Linux distribution, on Fedora/RHEL/CentOS: /etc/openstack-dashboard/local_settings, on Ubuntu and Debian: /etc/openstack-dashboard/local_settings.py and on openSUSE and SUSE Linux Enterprise Server: /srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py)

OPENSTACK_HYPERVISOR_FEATURE = {
...
    'can_set_password': False,
}

 Libvirt-based hypervisors (KVM, QEMU, LXC)

For hypervisors such as KVM that use the libvirt backend, admin password injection is disabled by default. To enable it, set the following option in /etc/nova/nova.conf:

[libvirt]
inject_password=true

When enabled, Compute will modify the password of the root account by editing the /etc/shadow file inside of the virtual machine instance.

[Note]Note

Users can only ssh to the instance by using the admin password if:

  • The virtual machine image is a Linux distribution

  • The virtual machine has been configured to allow users to ssh as the root user. This is not the case for Ubuntu cloud images, which disallow ssh to the root account by default.

 XenAPI (XenServer/XCP)

Compute uses the XenAPI agent to inject passwords into guests when using the XenAPI hypervisor backend. The virtual-machine image must be configured with the agent for password injection to work.

 Windows images (all hypervisors)

To support the admin password for Windows virtual machines, you must configure the Windows image to retrieve the admin password on boot by installing an agent such as cloudbase-init.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...