Ask Your Question
1

Is it possible to set root password and add sudo user within a heat template file?

asked 2015-02-13 14:25:29 -0600

abrandt gravatar image

Hi,

I'm currently fine tuning the following heat template file or use with rackspace orchestration: https://github.com/rackspace-orchestration-templates/wordpress-multi/blob/master/wordpress-multi-server.yaml (link text)

To expedite orchestration, I was wondering if it was possible to specify a root password(auto generated) and add an additional sudo user also with auto generated pw-- that I could then show in output list. I know that it's probably not the best protocol to rely on these auto-generated passwords, but I'd like to use them for the sake of being able to output them immediately after setup instead of having to go into the cloud console to change it in order to gain access.

Thanks!

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
3

answered 2015-02-13 14:55:04 -0600

larsks gravatar image

So, first, you're probably better off using ssh keys to gain access to your instances, rather than passwords. This avoids the need to generate or modify passwords, while still allowing you to access your instances immediately.

With that out of the way...

When you boot a Nova instance (with or without Heat), you can provide a blog of user-data that is available to the instance through the Nova metadata service. Cloud-enabled images from most vendors (Fedora, Ubuntu, RHEL, CentOS) run a program called "cloud-init" when they boot that queries this user-data and can use it to perform initial boot configuration tasks. In the simplest case, the user-data can just be a shell script.

You can provide a nova instance with a user-data script in your Heat template, as in this example:

myserver:
  type: OS::Nova::Server
  properties:
    image: { get_param: image }
    flavor: { get_param: flavor }
    key_name: { get_param: key_name }
    networks:
      - port: { get_resource: controller_port }
    user_data_format: RAW
    user_data: |
      #!/bin/sh

      echo Hello world > /root/bootup.log

This script doesn't do anything other than echo a line to a log file, but you can do anything you want here. Heat also has the ability to generate random strings for you, through the OS::Heat::RandomString resource:

root_pw:
  type: OS::Heat::RandomString

And, heat has the value to perform some basic token replacement on text. You can use this feature to (a) have heat generate a random string, (b) subsitute it into a user-data script, and (c) assign that random string as a password. Something like this:

resources:
  root_pw:
    type: OS::Heat::RandomString

  myserver:
    type: OS::Nova::Server
    properties:
      image: { get_param: image }
      flavor: { get_param: flavor }
      key_name: { get_param: key_name }
      networks:
        - port: { get_resource: controller_port }
      user_data_format: RAW
      user_data:
        str_replace:
          template: |
            #!/bin/sh

            ROOT_PW="@ROOT_PW@"
            (
            echo "$ROOT_PW"
            echo "$ROOT_PW"
            ) | passwd --stdin root
          params:
            "@ROOT_PW@": {get_resource: root_pw}

outputs:
  root_pw:
    value: {get_resource: root_pw}

You could obviously extend the script to generate a new user, configure sudoers, and set a password on that account.

edit flag offensive delete link more

Comments

This is exactly what I was looking for, thanks!!! :)

abrandt gravatar imageabrandt ( 2015-02-13 15:06:17 -0600 )edit

Hi I used this example to change my template, but I dont know how the password was changed and where I can see the output.

Jorge19 gravatar imageJorge19 ( 2016-03-23 11:35:45 -0600 )edit
add a comment
0

answered 2016-03-23 11:30:10 -0600

Jorge19 gravatar image

Hi I used this example to change my template, but I dont know how the password was changed and where I can see the output.

This is my template:

heat_template_version: 2013-05-23

description: 2VCPU, 4GB RAM, 135 GB,VLAN300

resources: root_pw: type: OS::Heat::RandomString

myserver: type: OS::Nova::Server properties: image: rhel6_6x64_heat flavor: A1 Small Instance -1VCPU- 2GB RAM- 70 GB Disco key_name: key2 networks: - network : Discovered Network VLAN300_Cliente1_ICO user_data_format: RAW user_data: str_replace: template: | #!/bin/sh

        ROOT_PW="@ROOT_PW@"
        (
        echo "$ROOT_PW"
        echo "$ROOT_PW"
        ) | passwd --stdin root
      params:
        "@ROOT_PW@": {get_resource: root_pw}

outputs: root_pw: value: {get_resource: root_pw}

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

subscribe to rss feed

Stats

Asked: 2015-02-13 14:25:29 -0600

Seen: 5,508 times

Last updated: Feb 13 '15

Related questions

How can you debug a Heat Template ?

Error in Heat Template Composition

heat userData is not executed

havana - heat stack-list returns Invalid openstack identity credentials [closed]

Managing a ready installed neutron server with heat

If multiple resources are created in a nested template how do you reference the attributes of those resources.

Heat Orchestration: Scale-down a specific instance

heat-keystone-setup-domain command doesnt works on my Openstack kilo setup

heat multi cloud

multiple templates in user_data of heat template