Changing the password on the RHEL 7 kvm qcow2 download (links updated 3/15/2016)
(Links updated / last reviewed March 15, 2016)
Environment
- Freshly downloaded RHEL7 qcow2 KVM image to be a guest virtual system under KVM virtualization.
- Red Hat Enterprise Linux 6 as the host system running KVM virtualization.
- This is in review for Fedora Linux as a host system running KVM virtualization (this review is not completed)
Introduction
You will find you need to change the password if you download a RHEL 7 kvm qcow2 image. This discussion goes into two different methods to do this. Make a note in the discussion area if you happen to have any suggestions etc...
Red Hat Enterprise Linux 7.x is now Generally Available (GA) (getting started guide) and available including in a qcow2 KVM image at the Red Hat Enterprise Linux product page (NOTE: a subscription is required, and this link is subject to change). The image is approximately 5 GB). You have to "root the system" after attaching it to a KVM session.
Download 7.2 KVM image at:
- Use this link to download 7.2 RHEL qcow2 image (link last checked 3/15/2016)
Method 1, Red Hat Documentation, Recovering Root Password (with grub 2)
See Red Hat Enterprise Linux 7 System Administrator's Guide: Changing and Resetting the Root Password.
Method 2 - Using "guestfish" to change the Password for the root account
You can use guestfish to edit a running system under KVM virtualization:
- You can use "guestfish" to edit the /etc/shadow file and change the root password.
- Guestfish is an interactive shell that you can use from the command line or from shell scripts to access guest virtual machine file systems. (See example below):
- If needed, first install the guestfish rpm.
- Red Hat Enterprise Linux 7.x (This command will not work on Fedora, If you are using Fedora Linux, see next block)
yum -y install guestfish
Thanks Ben Woodard from Red Hat FEDORA LINUX 20
# yum -y install libguestfs-tools
- Import the qcow2 image into KVM. The image will be named something along the lines of: "rhel-guest-image-7.1-20150224.0.x86_64.qcow2", (as of July 2nd, 2015, the version will of course change over time)
- Change the password on the newly imported KVM to get on the pre-built system.
Example steps to change the root password using guestfish:
- This set of instructions is for use on the host system that has the kvm RHEL 7 guest. The following is from Red Hat solution ID 641193
- The syntax is: guestfish --rw -a <image-name>
- (Note, your system may be /dev/vda1, mine was /dev/sda1. Use the 'list-filesystems' command)
root@box1 # guestfish --rw -a ./rhel-guest-image-7.1-20150224.0.x86_64.qcow2
><fs> run
><fs> list-filesystems
><fs> mount /dev/sda1 /
><fs> vi /etc/shadow
NOTE: after you perform the following steps you use "quit" to exit.
DO NOT EXIT NOW, proceed with the following steps
- Replace the encrypted password (add it while you are still in vi).
This will set the password for the image permanently. - An encrypted password can be created using the openssl command (see an example below).
NOTE: Open a separate terminal window to create an encrypted password with the openssl command (see example just below)
Separate window, different terminal window
[root@someothersystem ~]# openssl passwd -1 changeme
$1$QiSwNHrs$uID6S6qOifSNZKzfXsmQG1
- There is a vi session open from the guestfish session mentioned above.
- Copy the output of the openssl command above and appropriately place it into the /etc/shadow file you have opened with vi.
When done type "quit"
><fs> quit
Responses
The RHEL 7 yum command is still wrong "yum install libguestfs-tools"
The only thing I'd add is to insert the openssl generated password into field 2 of /etc/shadow for the root user, or suggest man shadow to understand the file. Other than that, perfect.
As indicated in the KCS: to make a note in case of suggestions:
- The Environment should be
- RHEL 7 - RHEL 6
It would be nice to have a clear method for each RHEL. I do not know about RHEL6 but on RHEL7 the easiest way to change the password is this: virt-customize -a undercloud.qcow2 --root-password password: IMO this should be the first method recommended since we are modifying a qcow2 image vs break into a server etc.
If another section to specify how to do the same thing on RHEL6 it would make this article even more clear.
I agree with Ruchika, there is an easier way to do this. I also remove "cloud-init" when I'm using Virtual Machine Manager / Boxes / VMware Workstation / etc...
Example for RHEL7
$ virt-customize -a rhel-guest-image-7.2-20160302.0.x86_64.qcow2 --root-password password:PASSW0RD --uninstall cloud-init
[ 0.0] Examining the guest ...
[ 12.1] Setting a random seed
[ 12.1] Uninstalling packages: cloud-init
[ 14.5] Setting passwords
[ 15.9] Finishing off
It also works for RHEL6
$ virt-customize -a rhel-guest-image-6.8-20160425.0.x86_64.qcow2 --root-password password:PASSW0RD --uninstall cloud-init
[ 0.0] Examining the guest ...
[ 14.5] Setting a random seed
[ 14.5] Uninstalling packages: cloud-init
[ 17.0] Setting passwords
[ 18.1] Finishing off