Username and Password Customizations
When deploying Crowbar and OpenStack in your environment, you may wish to change some of the default username and password settings. The goal of this document is to define the locations where these changes can be configured, and how to properly make these changes. Ultimately, it should be possible (using this document) to set or change usernames and passwords throughout the Crowbar infrastructure when needed.
- Create a working copy of the Crowbar proposal
/opt/dell/bin/crowbar crowbar proposal show default > file.json
- Edit the
users
section of the working copy of the Crowbar proposal.
vim file.json
* Example:
```bash
"users": {
"machine-install": { "password": "machine_password" },
"crowbar": { "password": "crowbar" }
}
```
is modified with `NEWPASSWORD`
```bash
"users": {
"machine-install": { "password": "machine_password" },
"crowbar": { "password": "NEWPASSWORD" }
}
```
- Stage the edited version of the Crowbar proposal
/opt/dell/bin/crowbar crowbar proposal edit default --file=file.json
- Commit the edited version of the Crowbar proposal
/opt/dell/bin/crowbar crowbar proposal commit default
- Switch to root
sudo -i
- Run
chef-client
to apply the new password to the Crowbar Web UI and REST API
chef-client
The Crowbar Web Interface and REST API should now be accessible using the new password.
Edit the crowbar proposal in raw mode, and update the password.
The Chef Web UI password is created during installation, but it can also be changed upon first login to the Chef web interface. The base installation password is based on:
/tftpboot/ubuntu_dvd/extra/debsel.conf
# New password for the 'admin' user in the Chef Server WebUI:
chef-server-webui chef-server-webui/admin_password password password
# New password for the 'chef' AMQP user in the RabbitMQ vhost "/chef":
chef-solr chef-solr/amqp_password password password
-
Log into the web interface
-
Click Users > List > and Edit under the account for which you wish to change the password .
-
Enter a new password.
-
Click Save User to apply the new password.
/opt/dell/barclamps/keystone/chef/data_bags/crowbar/bc-template-keystone.json
Look for the "admin" and "default" entries, that include the username, password and tenant for both a keystone admin and a simple user.
Edit the keystone proposal for the same values as above.
Nagios and Ganglia use databag items to define users. Note that the password is the htpasswd version, not the clear text one. see man htpasswd for usage.
/opt/dell/barclamps/nagios/chef/data_bags/users/nagiosadmin.json
use the chef server GUI to edit the nagiosadmin item in the users databag.
Ubuntu compute gets default user info from:
/opt/dell/barclamps/provisioner/chef/data_bags/crowbar/bc-template-provisioner.json
- The password used in this proposal is an md5 password hash. Though optionally you can specify a clear text password using
default_password
, this is less secure. To generate a hashed password, use themd5pass
command-line utility. This will outputYOURNEWLYGENERATEDHASH
:
md5pass [NEWPLAINTEXTPASSWORD]
-
Copy this
YOURNEWLYGENERATEDHASH
hash. It will replace the default hash in the working copy of the Provisioner proposal. -
Create a working copy of the Provisioner proposal.
/opt/dell/bin/crowbar provisioner proposal show default > file.json
- Edit the
default_password_hash
section of the working copy of the Provisioner proposal. Replace the default hash with your newly generated hash (the output of themd5pass
command).
vim file.json
* Example:
```bash
"default_password_hash": "$1$BDC3UwFr$/VqOWN1Wi6oM0jiMOjaPb."
```
is modified with `YOURNEWLYGENERATEDHASH`
```bash
"default_password_hash": "YOURNEWLYGENERATEDHASH"
```
- Stage the edited version of the Provisioner proposal
/opt/dell/bin/crowbar provisioner proposal edit default --file=file.json
- Commit the edited version of the Provisioner proposal
/opt/dell/bin/crowbar provisioner proposal commit default
- Switch to root
sudo -i
- Run
chef-client
. Any new Ubuntu installs completed via Crowbar will get the new password (NOTE: Existing Ubuntu installs will not be updated, and will need to be updated!)
chef-client
Red Hat follows a similar pattern as Ubuntu