On Wed, 25 Dec 2013 19:17:19 -0500 "Michael H. Warfield" <[email protected]> wrote:
> On Wed, 2013-12-25 at 13:19 -0500, Leonid Isaev wrote: > > On Wed, 25 Dec 2013 10:17:20 -0500 > > "Michael H. Warfield" <[email protected]> wrote: > > > > In that case, you definitely need to go with 1.0.0-beta1 or better. I > > > is there anything special in the template that expects lxc-start 1.0.0, or > > one can simply download the template and run it as a bash script, and keep > > lxc 0.9.0? > > Nope. If you have a fully configured template from 1.0.0-beta1 and it > should work perfectly fine on what you have. > > > > just did the same thing and root/root worked (we've got to figure out > > > something better there) > > > What about generating a random passwd from /dev/random, e.g. > > root_password="$(tr -cd '[:graph:]' < /dev/random | head -c 15)", echo > > $root_password to stdout and prompt the user to take note/change it on 1st > > login? > > I'm working on something now. I've already submitted a strawman > proposal to the lxc-devel list for a root password like this: > > Root-${Container_Name}-${RANDOM} > > We'll see. Ah, sorry, I did not see that email... I'll try to do something similar for the archlinux template (it has an empty root password by default). Also, as long as fedora/centos/oracle (not sure if that file exists in debian/ubuntu) are concerned, perhaps one can use host's /etc/machine-id as a ${RANDOM} part of the password. It is of course weaker than a random string but still no secrets are shipped in the template and at least an admin won't be accidently locked out of a remotely-generated container... Thanks, Leonid. > > > > > > > Regards, > > > Mike > > > > > > > Cheers, > > Leonid. > > Regards, > Mike -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
signature.asc
Description: PGP signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
