RHEV-H: How to change root password
How do I change the root password on a RHEV hypervisor?
Responses
again, you are not supposed to work as the root user in RHEV-H, only as the admin, with the option to get a root shell when you need it. Direct root acces sis not supported, if you need to work as root, you can use a full RHEL host as the hypervisor
I am not sure I understand, really. We do not support using a root account, and the account is limited specifically because of that. RHEV-H is not a complete Linux distribution, but an appliance-like bundle, that does not and should not behave like a normal Linux distribution. RHEV-H is supposed to work with a RHEV-Manager, and run VMs, nothing else, so any additional functionality that it is missing (like the yum command, or the way the root account works) is quite normal for RHEV-H
thing is, you're not setting a password for root, you're setting a password for "admin" (in the TUI interface), and the admin user can access a root shell
Hi Pär, It certainly can be done from the console, and I can certainly understand why, especially if you have security policies that say it must be done every X days. Just remember that ssh'ing into the hypervisor (except to access the text menu as the admin user) isn't generally recommended. The kicker is that in the hypervisor/LiveOS environment, it isn't trivial to change the passwords with chpasswd or passwd, as the method that PAM uses to update /etc/shadow, creates a file /etc/nshadow, then moves /etc/nshadow to /etc/shadow (this is to try and prevent corruption if you happen to lose power at the exactly wrong moment). What we need to do is sync the filesystems, unpersist, make the changes, and then repersist the /etc/shadow file, so it survives a reboot. The following code is an example of how you could do it as a script:
#!/bin/bash
. /usr/libexec/ovirt-functions
sync
unmount_config /etc/shadow
echo 'admin:mynewpassword | chpasswd
ovirt_store_config /etc/shadow
syncFrom at the console point of view, the equivalent should be:
# sync
# unpersist /etc/shadow
# passwd
# persist /etc/shadow
# sync
Let us know how you go.
If you need to change/set the root password, you can drop to a shell and run /usr/libexec/ovirt-config-password. It's a slightly cleaner solution than following the steps that Nigel proposes, which will work, but a simpler option.
There are a few ways that the root password can be set.
1. Run the ovirt-config-password script
2. Install/Boot with the rootpw=<hashed password> option
3. Fill in the password on the RHEV-M configuration screen.
As for password based ssh, that is disabled by default, unless you set the password on the RHEV-M screen or enable it manually on the Security screen.
If you simply fill out the RHEV-M hostname and port and ignore the password entry, then the root password won't be set and password is only allowed with ssh keys.
Mike
[root@rhev-h ~]# ovirt-node-config-password
Password Configuration
Possible commands:
admin Set the password of the user 'admin'
help Show this help. [help --all to show all available functions]
q Quit this tool
quit Quit this tool
root Set the password of the user 'root'
ssh Enable or disable the SSH password authentication
[INFO] SSH password authentication is currently enabled
root
Password Configuration
System Administrator (root):
Changing password for user 'root'.
New password:
Retype new Password:
[WARNING] File already persisted: /etc/shadow
[WARNING] /etc/shadow Already persisted
[INFO] Password updated successfully.
q
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
