Setting a password inside virtual machines

Instead of an SSH key, you can use a password of the default administrator, to access a virtual machine created from a template. To be able to set a password for a VM, you need to configure a template to allow password setting. By default, this possibility is enabled for all templates. However, VM password setting is not available unless a template has the default administrator created inside the guest OS and this user name is specified as a template property.

Setting a password inside virtual machines is supported for both Linux and Windows guest operating systems.

Limitations

  • Setting passwords is only available for new virtual machines. Existing VMs that were created before enabling password setting for their template will stay unchanged.
  • System administrators do not have the permission to set VM passwords in self-service projects where they have no administrative privileges.

Prerequisites

  • The template that you want to enable password authentication for must be prepared, as instructed in Preparing templates, and it must have the default administrator account created.
  • The guest tools are installed inside a guest operating system, as described in Installing guest tools.
  • To authorize further OpenStack commands, the OpenStack command-line client must be configured, as outlined in Connecting to OpenStack command-line interface.

To enable password setting for a template

  1. Find out the ID of the required image by running:

    # openstack --insecure image list
    +--------------------------------------+--------------------------+--------+
    | ID                                   | Name                     | Status |
    +--------------------------------------+--------------------------+--------+
    | c6d4a56f-b0b9-4bf3-a641-5fea8f70bbb3 | centos8-with-guest-tools | active |
    | 5d10e5ee-9389-4a2f-838e-fe5ec915374e | cirros                   | active |
    +--------------------------------------+--------------------------+--------+
  2. For the required template, set the hci_allow_set_password property to True and specify the default administrator name with the os_admin_user property. For example:

    # openstack --insecure image set --property hci_allow_set_password=True --property os_admin_user=centos \
    c6d4a56f-b0b9-4bf3-a641-5fea8f70bbb3

On the Compute > Virtual machines > Images tab in the admin panel, you can check the newly set properties on the template right pane. The Password setting property will be displayed as Yes, and the Default admin login property will show the default administrator name, which should be used when accessing VMs created from this template.

To set a password inside a virtual machine

Admin panel

  1. On the Compute > Virtual machines > Virtual machines tab, click the required VM.
  2. On the VM right pane, click Set password.
  3. In the Set password window, specify a password for the default administrator login. The password must meet the following complexity requirements:

    • It must be at least 12 characters long.
    • It must contain characters from all of the following categories:

      • Uppercase Latin letters
      • Lowercase Latin letters
      • Base 10 digits (0 through 9)
      • Non-alphanumeric characters (special characters)

    Alternatively, click Generate to automatically generate a random password and copy it to the clipboard.

    Save this password. After closing this window, the password will be hidden and unavailable for recovery.

  4. Click Set to set the specified password for the default administrator account inside the VM.

Once the password is injected inside the virtual machine, you can use it to log in to the guest operating system with the default admin login. The Default admin login is displayed on the VM right pane in the VM properties.

Command-line interface

Use the following command:

vinfra service compute server set [--password] <server>
--password
Request the password from stdin. This option must be used separately from other options.
<server>
Compute server ID or name

For example, to set a password inside the virtual machine myvm, run:

# vinfra service compute server set myvm --password

Specify the VM password when prompted. The password must meet the following complexity requirements:

  • It must be at least 12 characters long.
  • It must contain characters from all of the following categories:

    • Uppercase Latin letters
    • Lowercase Latin letters
    • Base 10 digits (0 through 9)
    • Non-alphanumeric characters (special characters)

To disable password setting for a template

  1. Find out the ID of the required image by running:

    # openstack --insecure image list
    +--------------------------------------+--------------------------+--------+
    | ID                                   | Name                     | Status |
    +--------------------------------------+--------------------------+--------+
    | c6d4a56f-b0b9-4bf3-a641-5fea8f70bbb3 | centos8-with-guest-tools | active |
    | 5d10e5ee-9389-4a2f-838e-fe5ec915374e | cirros                   | active |
    +--------------------------------------+--------------------------+--------+
  2. For the required template, set the hci_allow_set_password property to False and unset the os_admin_user property. For example:

    # openstack --insecure image set --property hci_allow_set_password=False c6d4a56f-b0b9-4bf3-a641-5fea8f70bbb3
    # openstack --insecure image unset --property os_admin_user c6d4a56f-b0b9-4bf3-a641-5fea8f70bbb3

On the Compute > Virtual machines > Images tab in the admin panel, you can check that the Password setting and Default admin login properties are not displayed on the template right pane.