Quoting Stéphane Graber ([email protected]): > On Mon, Apr 28, 2014 at 06:50:41PM -0400, Michael H. Warfield wrote: > > On Mon, 2014-04-28 at 22:26 +0100, Matt Saunders wrote: > > > Hi there, > > > > > > I'm enjoying using the lxc-download template to get slimmed down > > > containers. This works really well for me with the Ubuntu container. > > > > > > However, I'm having a problem with the CentOS 6 amd64 one at > > > http://images.linuxcontainers.org/images/centos/6/amd64/default/20140426_02:16/ > > > > > > The post-create message says "The default root password is: root" but I > > > can't log in on the console with that password. I have to edit > > > /etc/shadow manually to get into the container but it'd be much easier > > > to know what the password actually is. > > > > Rather than editing /etc/shadow manually, the correct practice is to > > either run: > > > > chroot /var/lib/lxc/{Container}/rootfs password > > > > or > > > > echo root:${Password_Hash} | chroot /var/lib/lxc/{Container}/rootfs > > setpasswd -e > > > > The later is safer (no password exposure and no static password), if > > you're a security paranoid like I am, but more complicated. > > > > > Can anyone help? > > > > I see Stéphane is saying he is fixing that in git. Can't say I agree > > with the practice of setting initial passwords to static values but the > > download template is his. > > The download template is designed to be minimal, never run any code from > the downloaded files on the host and the actual images are updated > daily, so using a static password seemed like the obvious choice there > as changing it would be a problem (either missing commands or possibly > running code in a potentially unsafe way) and using your password > generator would have meant that anyone using an image made on the same > day would also get a shared password. > > > I have a vague plan to have lxc-download allow hooks provided by the > actual templates, those would be trusted in that they'd be shipped with
I do think we should have lxc.hook.create, and think we've discussed it before. Just noone's implemented it yet. > LXC and not as part of what's downloaded by the download template and > would be able to do things like locale configuration, password changes, > ssh key config, ... > > However this is still a pretty vague plan and obviously not something > we'd ever backport to 1.0.x. > > > > > > > Thanks! > > > Matt. > > > -- > > > Matt Saunders > > > 07506 857125 > > > http://www.yoyo.org/matts/contacts/ > > > > Regards, > > Mike > > -- > > Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] > > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ > > NIC whois: MHW9 | An optimist believes we live in the best of > > all > > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! > > > > > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
