BOSH root/vcap passwords
1,920 views
Skip to first unread message
john mcteague
Mar 13, 2015, 8:08:53 AM3/13/15
to bosh-...@cloudfoundry.org
The tracker issue at https://www.pivotaltracker.com/n/projects/966314/stories/85997438 suggests a resource pool can have the root/vcap password changed from the default c1oudc0w to something of my choosing.
Using cf v201 with stemcells v2862 for openstack, I setup my resource pool to change the default password, yet when I attempt to login as root or vcap via the openstack console the password is still c1oudc0w.
Is this feature cloud specific?
Using cf v201 with stemcells v2862 for openstack, I setup my resource pool to change the default password, yet when I attempt to login as root or vcap via the openstack console the password is still c1oudc0w.
Is this feature cloud specific?
Aristoteles Neto
Mar 13, 2015, 6:54:51 PM3/13/15
to bosh-...@cloudfoundry.org
I’ve successfully done so, albeit in AWS, as follows:
resource_pools:
- name: rp_z1
network: web_z1
stemcell:
name: bosh-aws-xen-ubuntu-trusty-go_agent
version: latest
cloud_properties:
availability_zone: ap-southeast-2a
instance_type: m3.medium
env:
bosh:
# password generated using:
# HASH=$(mkpasswd -s -m sha-512); echo -n $HASH | base64 -w 50
password: !binary |-
zzzzz.......
zzzzz.......
zzzzz.......
Not sure if Openstack would behave any differently, but this sets the vcap user password (no root access is allowed, regardless of password).
One thing I did notice, is that this doesn’t set the compilation vm password, however.
-- Neto
To unsubscribe from this group and stop receiving emails from it, send an email to bosh-users+...@cloudfoundry.org.
Dmitriy Kalinin
Mar 13, 2015, 7:50:57 PM3/13/15
to bosh-...@cloudfoundry.org
you can add 'env' key on compilation section to set their password: e.g.
compilation:
workers: blah
cloud_properties: { ... }
env: { ... }
Reasoning here is that compilation does not belong to any resource pool but rather dynamically uses different stemcells so it has to have its own cloud_properties and env.
Message has been deleted
john mcteague
Mar 14, 2015, 11:31:03 AM3/14/15
to bosh-...@cloudfoundry.org
Thanks Dmitriy and Aristoteles,
Thanks
The tracker suggests the format is
resource_pools:
name: small_z1
...
bosh:
# Change default password:
# hashed password - Generate SHA hash using mkpasswd -m sha-512
# Generated hash for FT9KDyDoBqmeKQqEKoap
password: $6$DVhgWycGMhiQYKsH$py04MGy0HVislvOLxtg/fx1RhycpbH7bSHBjxwZYC/KYg6gc59uN6LulsEk33WzggDQPBDjm0BM9iQXSzjITi1
...
but as per your responses it is
resource_pools:
name: small_z1
...
env:
bosh:
# Change default password:
# hashed password - Generate SHA hash using mkpasswd -m sha-512
# Generated hash for FT9KDyDoBqmeKQqEKoap
password: $6$DVhgWycGMhiQYKsH$py04MGy0HVislvOLxtg/fx1RhycpbH7bSHBjxwZYC/KYg6gc59uN6LulsEk33WzggDQPBDjm0BM9iQXSzjITi1
...
Reply all
Reply to author
Forward
0 new messages