diskimage-builder/diskimage_builder/elements/dynamic-login
Ian Wienand bfca36c772 Release 1.25.2
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJYV1yqAAoJEBty/58O8cX8hLwIAKP66w6MdPN8PDgUOteui/Sx
 N0UFKJ9yR4GQOAP0NffPLjch5/g0iJLs3eFKOhtGC1LjbDjpVgjX8vW18ib8wBZK
 GemOZPF3uxg8FROrZF1vpoDy/cHgL1YV10hCnwdjN/r9rb8zOuSabqjW+Dennj2n
 fZ0SJfa8Owfudn3YxGuOymVb/wMtEloDmVGBEI1Y+h7osELCCDi3OXmwsA8qMsdl
 cTwbeugBs4PlOVbZUK/JKGuwIHKgPnDYzYu5KpXw77/MdjGT0fo5Tlq5AOBDI2sC
 9JOFEBDli4Ro05VwvI58ADMpvvOax+9EvOhLbB1dRPdZl21Iyb6gOdy2PUbFO0c=
 =aKxq
 -----END PGP SIGNATURE-----

Merge tag '1.25.2' into merge-branch

Release 1.25.2

Change-Id: I698bcf2e82117bd81649cd065a7af5cac85990c7
2017-02-02 11:20:00 +11:00
..
init-scripts Release 1.25.2 2017-02-02 11:20:00 +11:00
install.d Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
static/usr/local/bin Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
element-deps Merge remote-tracking branch 'origin/master' into merge-branch 2016-11-29 07:43:46 +11:00
README.rst Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00

=============
dynamic-login
=============

This element insert a helper script in the image that allows users to
dynamically configure credentials at boot time. This is specially useful
for troubleshooting.

Troubleshooting an image can be quite hard, specially if you can not get
a prompt you can enter commands to find out what went wrong. By default,
the images (specially ramdisks) doesn't have any SSH key or password for
any user. Of course one could use the ``devuser`` element to generate
an image with SSH keys and user/password in the image but that would be
a massive security hole and very it's discouraged to run in production
with a ramdisk like that.

This element allows the operator to inject a SSH key and/or change the
root password dynamically when the image boots. Two kernel command line
parameters are used to do it:

sshkey
  :Description: If the operator append sshkey="$PUBLIC_SSH_KEY" to the
                kernel command line on boot, the helper script will append
                this key to the root user authorized_keys.

rootpwd
  :Description: If the operator append rootpwd="$ENCRYPTED_PASSWORD" to the
                kernel command line on boot, the helper script will set the
                root password to the one specified by this option. Note that
                this password must be **encrypted**. Encrypted passwords
                can be generated using the ``openssl`` command, e.g:
                *openssl passwd -1*.


.. note::
   The value of these parameters must be **quoted**, e.g: sshkey="ssh-rsa
   BBBA1NBzaC1yc2E ..."


.. warning::
    Some base operational systems might require selinux to be in
    **permissive** or **disabled** mode so that you can log in
    the image. This can be achieved by building the image with the
    ``selinux-permissive`` element for diskimage-builder or by passing
    ``selinux=0`` in the kernel command line. RHEL/CentOS are examples
    of OSs which this is true.