Changing the password on the RHEL 7 kvm qcow2 download (links updated 3/15/2016)
(Links updated / last reviewed March 15, 2016)
Environment
- Freshly downloaded RHEL7 qcow2 KVM image to be a guest virtual system under KVM virtualization.
- Red Hat Enterprise Linux 6 as the host system running KVM virtualization.
- This is in review for Fedora Linux as a host system running KVM virtualization (this review is not completed)
Introduction
You will find you need to change the password if you download a RHEL 7 kvm qcow2 image. This discussion goes into two different methods to do this. Make a note in the discussion area if you happen to have any suggestions etc...
Red Hat Enterprise Linux 7.x is now Generally Available (GA) (getting started guide) and available including in a qcow2 KVM image at the Red Hat Enterprise Linux product page (NOTE: a subscription is required, and this link is subject to change). The image is approximately 5 GB). You have to "root the system" after attaching it to a KVM session.
Download 7.2 KVM image at:
- Use this link to download 7.2 RHEL qcow2 image (link last checked 3/15/2016)
Method 1, Red Hat Documentation, Recovering Root Password (with grub 2)
See Red Hat Enterprise Linux 7 System Administrator's Guide: Changing and Resetting the Root Password.
Method 2 - Using "guestfish" to change the Password for the root account
You can use guestfish to edit a running system under KVM virtualization:
- You can use "guestfish" to edit the /etc/shadow file and change the root password.
- Guestfish is an interactive shell that you can use from the command line or from shell scripts to access guest virtual machine file systems. (See example below):
- If needed, first install the guestfish rpm.
- Red Hat Enterprise Linux 7.x (This command will not work on Fedora, If you are using Fedora Linux, see next block)
yum -y install guestfish
Thanks Ben Woodard from Red Hat FEDORA LINUX 20
# yum -y install libguestfs-tools
- Import the qcow2 image into KVM. The image will be named something along the lines of: "rhel-guest-image-7.1-20150224.0.x86_64.qcow2", (as of July 2nd, 2015, the version will of course change over time)
- Change the password on the newly imported KVM to get on the pre-built system.
Example steps to change the root password using guestfish:
- This set of instructions is for use on the host system that has the kvm RHEL 7 guest. The following is from Red Hat solution ID 641193
- The syntax is: guestfish --rw -a <image-name>
- (Note, your system may be /dev/vda1, mine was /dev/sda1. Use the 'list-filesystems' command)
root@box1 # guestfish --rw -a ./rhel-guest-image-7.1-20150224.0.x86_64.qcow2
><fs> run
><fs> list-filesystems
><fs> mount /dev/sda1 /
><fs> vi /etc/shadow
NOTE: after you perform the following steps you use "quit" to exit.
DO NOT EXIT NOW, proceed with the following steps
- Replace the encrypted password (add it while you are still in vi).
This will set the password for the image permanently. - An encrypted password can be created using the openssl command (see an example below).
NOTE: Open a separate terminal window to create an encrypted password with the openssl command (see example just below)
Separate window, different terminal window
[root@someothersystem ~]# openssl passwd -1 changeme
$1$QiSwNHrs$uID6S6qOifSNZKzfXsmQG1
- There is a vi session open from the guestfish session mentioned above.
- Copy the output of the openssl command above and appropriately place it into the /etc/shadow file you have opened with vi.
When done type "quit"
><fs> quit
Responses
The RHEL 7 yum command is still wrong "yum install libguestfs-tools"
The only thing I'd add is to insert the openssl generated password into field 2 of /etc/shadow for the root user, or suggest man shadow to understand the file. Other than that, perfect.
As indicated in the KCS: to make a note in case of suggestions:
- The Environment should be
- RHEL 7 - RHEL 6
It would be nice to have a clear method for each RHEL. I do not know about RHEL6 but on RHEL7 the easiest way to change the password is this: virt-customize -a undercloud.qcow2 --root-password password: IMO this should be the first method recommended since we are modifying a qcow2 image vs break into a server etc.
If another section to specify how to do the same thing on RHEL6 it would make this article even more clear.
I agree with Ruchika, there is an easier way to do this. I also remove "cloud-init" when I'm using Virtual Machine Manager / Boxes / VMware Workstation / etc...
Example for RHEL7
$ virt-customize -a rhel-guest-image-7.2-20160302.0.x86_64.qcow2 --root-password password:PASSW0RD --uninstall cloud-init
[ 0.0] Examining the guest ...
[ 12.1] Setting a random seed
[ 12.1] Uninstalling packages: cloud-init
[ 14.5] Setting passwords
[ 15.9] Finishing off
It also works for RHEL6
$ virt-customize -a rhel-guest-image-6.8-20160425.0.x86_64.qcow2 --root-password password:PASSW0RD --uninstall cloud-init
[ 0.0] Examining the guest ...
[ 14.5] Setting a random seed
[ 14.5] Uninstalling packages: cloud-init
[ 17.0] Setting passwords
[ 18.1] Finishing off
This also worked very well for me on my RHEL 8.8 VM image. It even worked with the LVM volume device:
# virt-customize -a /dev/raid/jboss04 --root-password password:<PASSWORD> --uninstall cloud-init
[ 0.0] Examining the guest ...
[ 21.2] Setting a random seed
[ 21.3] Setting the machine ID in /etc/machine-id
[ 21.3] Uninstalling packages: cloud-init
[ 34.0] Setting passwords
[ 37.4] Finishing off
Also works in rhel 8.1
sudo virt-customize -a rhel-8.1-x86_64-kvm.qcow2 --root-password password:changeme --uninstall cloud-init
[ 0.0] Examining the guest ...
[ 2.3] Setting a random seed
[ 2.3] Uninstalling packages: cloud-init
[ 9.6] Setting passwords
[ 12.7] Finishing off
Here is a simple wrapper script with this kbase and a few others
!/bin/bash -x
# made by andrew puch
# https://access.redhat.com/discussions/664843
# Note:
# should there may be issues on rhel7 hyper-visor messing with rhel8
# see https://access.redhat.com/solutions/4073061
# also see other option to add more value to your script
#virt-customize --help
# sample run
# ./rh-rm-cloud-init.sh idm-rhel-8.4-x86_64-kvm.qcow2 changeme newhostname.example.com
#virt-customize -a idm-rhel-8.4-x86_64-kvm.qcow2 --root-password password:redhat --uninstall cloud-init
virt-customize -a $1 --root-password password:$2 --uninstall cloud-init --hostname $3
Sample run
./rh-rm-cloud-init.sh idm-rhel-8.4-x86_64-kvm.qcow2 changeme newhost.example.com
+ virt-customize -a idm-rhel-8.4-x86_64-kvm.qcow2 --root-password password:changeme --uninstall cloud-init
[ 0.0] Examining the guest ...
[ 9.0] Setting a random seed
[ 9.1] Setting the machine ID in /etc/machine-id
[ 9.1] Uninstalling packages: cloud-init
[ 21.2] Setting the hostname: idm-hub.lan
[ 21.3] Setting passwords
[ 33.5] Finishing off
mount /dev/sda1 /
is not working. It says
libguestfs: error: mount: mount exited with status 32: mount: unknown filesystem type 'xfs'
Help will be really appreciated.
Hello Taimur Falak
Please determine if this solution https://access.redhat.com/solutions/3914591 helps or not
Regards
RJ
Mr. Hinton that solution is targeting RHEL 7 and I am on RHEL 8.6. Apologies I totally forgot to mention my environment. I thought I didn't mattered. I am using RHEL 8.6 and have installed GNS3 on top of it. Downloaded the RHEL 8.5 KVM image as a GNS3 appliance. Its not allowing to break the boot process for the root password change.
This work for me on a rhel-9 kvm image: Assuming libguestfs-tools are installed. First export LIBGUESTFS_DEBUG=1 LIBGUESTFS_TRACE=1 Then: virt-customize -a rhel-9.2-x86_64-kvm.qcow2 --root-password passwrod:mypassword
And finally created a kvm VM using the previous rhel9 qcow2 image and login with root and mypassword.
I executed previous two commands on a RHEL8.5 kvm vm.
Regards,