<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<STYLE type=text/css> <!--@import url(scrollbar.css); --></STYLE>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<STYLE> body{FONT-SIZE:12pt; FONT-FAMILY:宋体,serif;} </STYLE>
<META name=GENERATOR content="MSHTML 8.00.7600.16385"><BASE
target=_blank></HEAD>
<BODY
style="LINE-HEIGHT: 1.3; BORDER-RIGHT-WIDTH: 0px; MARGIN: 12px; BORDER-TOP-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; BORDER-LEFT-WIDTH: 0px"
marginwidth="0" marginheight="0">
<DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑><FONT face=微软雅黑><FONT
color=#000000 size=3 face=宋体>Hi all,</FONT></FONT></FONT></FONT></DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑><FONT
face=宋体></FONT></FONT></FONT> </DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑><FONT face=宋体>I debug the process
of libvirt admin password injection, I found everything is OK before the
instance is booting up,</FONT></FONT></FONT></DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑><FONT face=宋体>the /etc/shadow is modified
normally, such as:</FONT></FONT></FONT></DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑><A
href="mailto:Wangpan@10-120-120-7:/tmp/openstack-vfs-localfsX_J5ke/etc$">Wangpan@10-120-120-7:/tmp/openstack-vfs-localfsX_J5ke/etc$</A>
sudo cat shadow<BR><FONT
color=#ff0000>root:$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7:::<BR></FONT>daemon:*:15822:0:99999:7:::<BR>bin:*:15822:0:99999:7:::</FONT></FONT></DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑>...</FONT></FONT></DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑></FONT></FONT> </DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑>but after the instance is running up, I
login it by ssh+keypair, I cat this file again, it is changed like
this:</FONT></FONT></DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑><A href="mailto:root@t1">root@t1</A>:~# cat
/etc/shadow<BR><FONT
color=#ff0000>root:!$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7:::<BR></FONT>daemon:*:15822:0:99999:7:::<BR>bin:*:15822:0:99999:7:::</DIV>
<DIV><FONT face=微软雅黑></FONT> </DIV>
<DIV>the difference is:</DIV>
<DIV><FONT
color=#ff0000>root:$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7:::
(before running up)</FONT><BR><FONT
color=#ff0000>root:!$1$n1j7WavS$FYuXUja3LSUvwOT8yqyt2/:15822:0:99999:7:::
(after running up)</FONT><BR>you can find that a <STRONG>'!'</STRONG>
prefix is added to the encrypted password, if I remove it, then I can login
the instance by VNC successfully!</DIV>
<DIV>I don't know what happened? anyone can help me?</DIV>
<DIV>thanks!</DIV>
<DIV> </DIV>
<DIV> </DIV></FONT></FONT>
<DIV><FONT face=微软雅黑>2014-06-25 14:57 (UTC+8)</FONT></DIV>
<DIV><FONT face=微软雅黑>Wangpan</FONT></DIV>
<DIV><FONT size=2 face=微软雅黑></FONT> </DIV>
<DIV><FONT size=2 face=微软雅黑>----- Original Message -----</FONT></DIV>
<DIV><FONT size=2 face=微软雅黑>> From: CôngTT
<tcvn1985@gmail.com></FONT></DIV>
<DIV><FONT size=2 face=微软雅黑>> To: "Thang
Pham"<thang.g.pham@gmail.com><BR>>
Sent: 2014-06-25 12:21</FONT></DIV>
<DIV><FONT size=2 face=微软雅黑>> Subject: Re: [Openstack] [Nova] Admin pass
injection in launch libvirt/kvm instance</FONT></DIV>
<DIV><FONT size=2 face=微软雅黑>
<TABLE width="100%">
<TBODY>
<TR>
<TD width="100%">
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV dir=ltr>Hi Thang Pham and all !<BR><BR>I am using KVM on
OpenStack Havana , OpenStack Icehouse , And inject admin password
OK. SURE 100% <BR><BR>
<DIV><BR></DIV>
<DIV><B>Step 1</B> : Edit /etc/nova/nova.conf</DIV>
<DIV><BR></DIV>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px">
<DIV>[DEFAULT ]</DIV>
<DIV>....</DIV>
<DIV><BR></DIV>
<DIV>
<DIV>libvirt_inject_password=True</DIV></DIV>
<DIV>
<DIV>enable_instance_password = True</DIV></DIV></BLOCKQUOTE>
<DIV><BR></DIV>
<DIV><B>Step 22:</B><BR>If you use image cirros, ubuntu .... downloading
from Internet, then you will modify /etc/ssh/sshd_config to disable
authentication private key (rsa): (Example Ubuntu 13.10)</DIV>
<DIV>
<BLOCKQUOTE
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px">
<DIV><SPAN style="BACKGROUND-COLOR: rgb(255,153,0)"><BR></SPAN></DIV>
<DIV>
<DIV><SPAN style="BACKGROUND-COLOR: rgb(255,153,0)">#Line 15
Un-comment</SPAN></DIV></DIV>
<DIV>
<DIV><SPAN
style="BACKGROUND-COLOR: rgb(255,153,0)">UsePrivilegeSeparation
yes</SPAN></DIV></DIV>
<DIV>
<DIV><SPAN
style="BACKGROUND-COLOR: rgb(255,153,0)"><BR></SPAN></DIV></DIV>
<DIV>
<DIV><SPAN style="BACKGROUND-COLOR: rgb(255,153,0)">#Line 30: Comment
30</SPAN></DIV></DIV>
<DIV>
<DIV><SPAN style="BACKGROUND-COLOR: rgb(255,153,0)">#RSAAuthentication
no</SPAN></DIV></DIV>
<DIV>
<DIV><SPAN
style="BACKGROUND-COLOR: rgb(255,153,0)"><BR></SPAN></DIV></DIV>
<DIV>
<DIV><SPAN style="BACKGROUND-COLOR: rgb(255,153,0)">#Line
31</SPAN></DIV></DIV>
<DIV>
<DIV><SPAN
style="BACKGROUND-COLOR: rgb(255,153,0)">PubkeyAuthentication
no</SPAN></DIV></DIV>
<DIV>
<DIV><SPAN
style="BACKGROUND-COLOR: rgb(255,153,0)"><BR></SPAN></DIV></DIV>
<DIV>
<DIV><SPAN style="BACKGROUND-COLOR: rgb(255,153,0)">#Line
51</SPAN></DIV></DIV>
<DIV>
<DIV><SPAN
style="BACKGROUND-COLOR: rgb(255,153,0)">PasswordAuthentication
yes</SPAN></DIV></DIV></BLOCKQUOTE></DIV>
<DIV>
<DIV><BR></DIV>
<DIV><BR></DIV>
<DIV>Besides, You can create image for GLANCE by yourself.</DIV>
<DIV><BR></DIV>
<DIV>Note: On KVM not support reset password. You can see <A
href="https://wiki.openstack.org/wiki/HypervisorSupportMatrix">https://wiki.openstack.org/wiki/HypervisorSupportMatrix</A></DIV>
<DIV><BR></DIV>
<DIV>Good luck for U !<BR></DIV>
<DIV><BR>P/S: Thắng: Tính năng này là tính năng chèn password ngay khi
khởi tạo máy, mình thực hiện tốt trên KVM <BR><BR></DIV></DIV>
<DIV class=gmail_extra>tu0ng_c0ng<BR><BR>
<DIV class=gmail_quote>On Wed, Jun 25, 2014 at 10:48 AM, Thang Pham
<SPAN dir=ltr><<A href="mailto:thang.g.pham@gmail.com"
target=_blank>thang.g.pham@gmail.com</A>></SPAN> wrote:<BR>
<BLOCKQUOTE
style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>
<DIV dir=ltr>
<DIV style="FONT-FAMILY: verdana,sans-serif">
<DIV style="FONT-SIZE: 13px">Hi Wangpan,</DIV>
<DIV style="FONT-SIZE: 13px"><BR></DIV>
<DIV style="FONT-SIZE: 13px">Injecting admin password is not
implemented or supported in libvirt/kvm. I believe only Xen
supports it.</DIV>
<DIV style="FONT-SIZE: 13px"><BR></DIV>
<DIV style="FONT-SIZE: 13px">Regards,</DIV>
<DIV style="FONT-SIZE: 13px">Thang</DIV></DIV></DIV>
<DIV class=gmail_extra><BR><BR>
<DIV class=gmail_quote>
<DIV>
<DIV class=h5>On Tue, Jun 24, 2014 at 11:36 PM, Wangpan <SPAN
dir=ltr><<A href="mailto:hzwangpan@corp.netease.com"
target=_blank>hzwangpan@corp.netease.com</A>></SPAN>
wrote:<BR></DIV></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>
<DIV>
<DIV class=h5><U></U>
<DIV
style="LINE-HEIGHT: 1.3; BORDER-RIGHT-WIDTH: 0px; MARGIN: 12px; BORDER-TOP-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; BORDER-LEFT-WIDTH: 0px"
marginwidth="0" marginheight="0"><U></U>
<DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑><FONT face=微软雅黑><FONT
color=#000000 size=3 face=宋体>Hi
all,</FONT></FONT></FONT></FONT></DIV>
<DIV><FONT color=#000000 size=3></FONT> </DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑>I want to inject admin password
to a libvirt/kvm instance, and I enable the config
libvirt_inject_password=true on the compute
node,</FONT></FONT></DIV>
<DIV><FONT face=微软雅黑>I also find the /etc/shadow file in the
instance is changed, but when I use the adminPass to login the
instance from vnc, it is failed.</FONT></DIV>
<DIV><FONT face=微软雅黑>I find that the admin password is
encrypted in nova/virt/disk/api.py:_set_password()
method,</FONT></DIV>
<DIV><FONT face=微软雅黑>evenif I </FONT><FONT face=微软雅黑>encrypt my
adminPass and replace the root password in /etc/shadow manually, I
can't login the instance with vnc.</FONT></DIV>
<DIV><FONT face=微软雅黑></FONT> </DIV>
<DIV><FONT face=微软雅黑>My questions are:</FONT></DIV>
<DIV><FONT face=微软雅黑>1) Does this admin password
injection function of libvirt driver useable? In other
words, my issue is a bug or not?</FONT></DIV>
<DIV><FONT face=微软雅黑>2) Are there some special details I was
losing sight of? such as any configs should change?</FONT></DIV>
<DIV><FONT face=微软雅黑>3) Is this function depends on the libc
version?</FONT></DIV>
<DIV><FONT face=微软雅黑><FONT face=微软雅黑><FONT
face=微软雅黑></FONT></FONT></FONT> </DIV>
<DIV>BTW, I'm using stable havana and booting a debian7 instance,
and this is the admin guide page of this function:</DIV>
<DIV><A
href="http://docs.openstack.org/admin-guide-cloud/content/admin-password-injection.html"
target=_blank>http://docs.openstack.org/admin-guide-cloud/content/admin-password-injection.html</A></DIV>
<DIV> </DIV>
<DIV>thanks!</DIV>
<DIV> </DIV>
<DIV><FONT face=微软雅黑><A href="tel:2014-06-25%C2%A011" target=_blank
value="+12014062511">2014-06-25 11</A>:16 (UTC+8)</FONT></DIV><SPAN><FONT
color=#888888>
<DIV><FONT
face=微软雅黑>Wangpan</FONT></DIV><U></U></FONT></SPAN></DIV></DIV><BR></DIV></DIV>_______________________________________________<BR>Mailing
list: <A
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
target=_blank>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</A><BR>Post
to : <A href="mailto:openstack@lists.openstack.org"
target=_blank>openstack@lists.openstack.org</A><BR>Unsubscribe : <A
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
target=_blank>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</A><BR><BR></BLOCKQUOTE></DIV><BR></DIV><BR>_______________________________________________<BR>Mailing
list: <A
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
target=_blank>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</A><BR>Post
to : <A
href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</A><BR>Unsubscribe
: <A
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
target=_blank>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</A><BR><BR></BLOCKQUOTE></DIV><BR></DIV></DIV></BLOCKQUOTE></TD></TR></TBODY></TABLE></FONT><FONT
size=2 face="Times New Roman"></DIV></FONT></DIV></BODY></HTML>