Issue with password injection and centos 6.7

asked 2015-09-16 09:22:37 -0600

jpmethot gravatar image

There are many things to consider in this issue, so let's start by explaining the infrastructure a bit.

-This openstack setup uses ceph as a backend, so libguestfs cannot be used to inject passwords.

-Metadata password injection is not secure, as the root password can be curled from inside the instance

Considering this, we decided to inject password through libvirt and use metadata for other settings. This actually work very well on ubuntu 14.04 and centos 7. Where there is an issue though is with centos 6.7. We made our own custom centos 6.7 image as the official one does not support all the required features of cloud-init. However, we can't inject password into it. I have read that it's suggested to use libguestfs to inject the password, but that's not possible because our images and block devices are on ceph.

So, my question is, is there something I can install inside my image of CentOS 6.7 to make it compatible with the way openstack Kilo inject passwords?

edit retag flag offensive close merge delete


Having the same issue, reported a bug for it.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-09-17 01:29:56 -0600 )edit

Do you have the ID of that bug? We're considering setting a first password through cloud-init and then have it expire so the customer needs to enter a new one that they want, but this is not an ideal scenario.

jpmethot gravatar imagejpmethot ( 2015-09-17 13:43:05 -0600 )edit