Ask Your Question
1

Is it possible to set root password and add sudo user within a heat template file?

asked 2015-02-13 14:25:29 -0500

abrandt gravatar image

Hi,

I'm currently fine tuning the following heat template file or use with rackspace orchestration: https://github.com/rackspace-orchestration-templates/wordpress-multi/blob/master/wordpress-multi-server.yaml (link text)

To expedite orchestration, I was wondering if it was possible to specify a root password(auto generated) and add an additional sudo user also with auto generated pw-- that I could then show in output list. I know that it's probably not the best protocol to rely on these auto-generated passwords, but I'd like to use them for the sake of being able to output them immediately after setup instead of having to go into the cloud console to change it in order to gain access.

Thanks!

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
3

answered 2015-02-13 14:55:04 -0500

larsks gravatar image

So, first, you're probably better off using ssh keys to gain access to your instances, rather than passwords. This avoids the need to generate or modify passwords, while still allowing you to access your instances immediately.

With that out of the way...

When you boot a Nova instance (with or without Heat), you can provide a blog of user-data that is available to the instance through the Nova metadata service. Cloud-enabled images from most vendors (Fedora, Ubuntu, RHEL, CentOS) run a program called "cloud-init" when they boot that queries this user-data and can use it to perform initial boot configuration tasks. In the simplest case, the user-data can just be a shell script.

You can provide a nova instance with a user-data script in your Heat template, as in this example:

myserver:
  type: OS::Nova::Server
  properties:
    image: { get_param: image }
    flavor: { get_param: flavor }
    key_name: { get_param: key_name }
    networks:
      - port: { get_resource: controller_port }
    user_data_format: RAW
    user_data: |
      #!/bin/sh

      echo Hello world > /root/bootup.log

This script doesn't do anything other than echo a line to a log file, but you can do anything you want here. Heat also has the ability to generate random strings for you, through the OS::Heat::RandomString resource:

root_pw:
  type: OS::Heat::RandomString

And, heat has the value to perform some basic token replacement on text. You can use this feature to (a) have heat generate a random string, (b) subsitute it into a user-data script, and (c) assign that random string as a password. Something like this:

resources:
  root_pw:
    type: OS::Heat::RandomString

  myserver:
    type: OS::Nova::Server
    properties:
      image: { get_param: image }
      flavor: { get_param: flavor }
      key_name: { get_param: key_name }
      networks:
        - port: { get_resource: controller_port }
      user_data_format: RAW
      user_data:
        str_replace:
          template: |
            #!/bin/sh

            ROOT_PW="@ROOT_PW@"
            (
            echo "$ROOT_PW"
            echo "$ROOT_PW"
            ) | passwd --stdin root
          params:
            "@ROOT_PW@": {get_resource: root_pw}

outputs:
  root_pw:
    value: {get_resource: root_pw}

You could obviously extend the script to generate a new user, configure sudoers, and set a password on that account.

edit flag offensive delete link more

Comments

This is exactly what I was looking for, thanks!!! :)

abrandt gravatar imageabrandt ( 2015-02-13 15:06:17 -0500 )edit

Hi I used this example to change my template, but I dont know how the password was changed and where I can see the output.

Jorge19 gravatar imageJorge19 ( 2016-03-23 11:35:45 -0500 )edit
add a comment
0

answered 2016-03-23 11:30:10 -0500

Jorge19 gravatar image

Hi I used this example to change my template, but I dont know how the password was changed and where I can see the output.

This is my template:

heat_template_version: 2013-05-23

description: 2VCPU, 4GB RAM, 135 GB,VLAN300

resources: root_pw: type: OS::Heat::RandomString

myserver: type: OS::Nova::Server properties: image: rhel6_6x64_heat flavor: A1 Small Instance -1VCPU- 2GB RAM- 70 GB Disco key_name: key2 networks: - network : Discovered Network VLAN300_Cliente1_ICO user_data_format: RAW user_data: str_replace: template: | #!/bin/sh

        ROOT_PW="@ROOT_PW@"
        (
        echo "$ROOT_PW"
        echo "$ROOT_PW"
        ) | passwd --stdin root
      params:
        "@ROOT_PW@": {get_resource: root_pw}

outputs: root_pw: value: {get_resource: root_pw}

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

subscribe to rss feed

Stats

Asked: 2015-02-13 14:25:29 -0500

Seen: 4,957 times

Last updated: Feb 13 '15

Related questions

DiscoveryFailure: Could not determine a suitable URL for the plugin

Heat autoscaling is triggering alarms but new instance is not created.

Multiple possible networks found, use a Network ID to be more specific

How to read attributes of existing network in Heat template

Heat Orchestration Template (HOT) conditional resource creation

*default.py:324: Warning: Specified key was too long; max key length is 767 bytes cursor.execute(statement, parameters)

how to add network parally heat orchestation icehouse

Openstack autonomic behaviour

Instance HA

keystone and heat integration