Skip to content

Commit 91b7ae9

Browse files
dtantsurdtantsur
committed
Reformat and update the section on injecting root credentials
Change-Id: I49ad9979daad11bf7a54069564c6b7919de0ea7c
1 parent 3a757f7 commit 91b7ae9

File tree

1 file changed

+31
-11
lines changed

1 file changed

+31
-11
lines changed

doc/source/admin/troubleshooting.rst

Lines changed: 31 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -64,29 +64,49 @@ Access via console
6464
If you need to use console access, passwords must be enabled there are a
6565
couple ways to enable this depending on how the IPA image was created:
6666

67-
ironic-python-agent-builder
68-
~~~~~~~~~~~~~~~~~~~~~~~~~~~
67+
ironic-python-agent-builder: dynamic-login
68+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6969
Users wishing to use password access can be add the dynamic-login [0]_ or the
7070
devuser element [1]_
7171

7272
The dynamic-login element allows the operator to change the root password
7373
dynamically when the image boots. Kernel command line parameters
7474
are used to do this.
7575

76-
dynamic-login element example::
76+
Generate a password hash with following command:
7777

78-
Generate a ENCRYPTED_PASSWORD with following command:
79-
.. code-block:: console
80-
openssl passwd -1 -stdin | sed 's/\$/\$\$/g'
78+
.. code-block:: console
8179
82-
Add rootpwd="$ENCRYPTED_PASSWORD" value on the kernel_append_params setting in /etc/ironic/ironic.conf
83-
Restart the ironic-conductor with the command service ironic-conductor restart
80+
$ openssl passwd -1 -stdin | sed 's/\$/\$\$/g'
8481
85-
Users can also be added to DIB built IPA images with the devuser element [1]_
82+
Add ``rootpwd="<openssl output>"`` value on the ``kernel_append_params``
83+
setting in the Ironic configuration file (``/etc/ironic/ironic.conf``).
84+
Restart the ironic-conductor e.g. with
8685

87-
Install ``ironic-python-agent-builder`` following the guide [2]_
86+
.. code-block:: console
8887
89-
Example::
88+
$ sudo systemctl restart ironic-conductor
89+
90+
Alternatively, you can use the contents of the SSH public key.
91+
92+
.. warning::
93+
94+
* The ``sed`` command is used to escape the ``$`` symbols in the
95+
configuration file.
96+
97+
* The quotation marks around the value are mandatory.
98+
99+
* Only 1 password or 1 SSH key is supported.
100+
101+
ironic-python-agent-builder: devuser
102+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
103+
104+
Users can also be added to DIB built IPA images with the devuser element [1]_.
105+
Install ``ironic-python-agent-builder`` following the guide [2]_.
106+
107+
Example:
108+
109+
.. code-block:: bash
90110
91111
export DIB_DEV_USER_USERNAME=username
92112
export DIB_DEV_USER_PWDLESS_SUDO=yes

0 commit comments

Comments
 (0)