[image based provisioning] SSH allows password authorization on image provisioned nodes
Bug #1413690 reported by
Miroslav Anashkin
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Released
|
Critical
|
Alexander Gordeev | ||
6.0.x |
Fix Committed
|
Critical
|
Alexander Gordeev | ||
6.1.x |
Fix Released
|
Critical
|
Alexander Gordeev |
Bug Description
Nodes, provisioned from image have SSH password authorization turned on.
Please turn off password autrorization for such nodes.
tags: | added: image-based provision |
To post a comment you must log in.
Workaround:
How to fix wrong SSH settings on image provisioned nodes:
On master node as root:
1. Unpack initramfs.img
# `cp /var/www/ nailgun/ bootstrap/ initramfs. img ./`
# `mkdir initramfs`
# `cd initramfs/`
# `cat ../initramfs.img | gunzip | cpio -imudv`
2. Make your changes to internal initramfs files as root
Edit these files: usr/share/ fuel-agent/ cloud-init- templates/ cloud_config_ ubuntu. jinja2 usr/share/ fuel-agent/ cloud-init- templates/ cloud_config_ centos. jinja2
./initramfs/
./initramfs/
Change
ssh_pwauth: true
parameter to false ans save the file.
3. Assemble new initramfs.img
# `cd initramfs/` or where you did unpacked it img.updated`
#`find . -xdev | cpio --create --format='newc' | gzip -9 > ../initramfs.
4. Install updated initramfs.img
# `rm /var/lib/ tftpboot/ images/ bootstrap/ initramfs. img` nailgun/ bootstrap/ initramfs. img` cobbler/ images/ bootstrap/ initramfs. img`
# `rm /var/www/
# `rm /var/www/
# `cp ../initramfs. img.updated /var/www/ nailgun/ bootstrap/ initramfs. img` nailgun/ bootstrap/ initramfs. img`
# `chmod +r /var/www/
# `dockerctl shell cobbler`
# `cobbler sync`
# `exit`
# `dockerctl restart nailgun`
# `dockerctl restart nginx`