Don't hard code password in image anymore

2025-07-16 16:11:03 +00:00 · 2015-02-24 01:27:30 -07:00 · 2015-02-24 01:27:30 -07:00 · beb044b265
commit beb044b265
parent 7a8d9c5ec9
5 changed files with 30 additions and 7 deletions
--- a/scripts/dockerimages/06-console
+++ b/scripts/dockerimages/06-console
@ -1,7 +1,7 @@
 FROM base
 COPY scripts/dockerimages/scripts/console.sh /usr/sbin/
 COPY scripts/dockerimages/scripts/update-ssh-keys /usr/bin/
-RUN sed -i 's/rancher.*/rancher:rixbL64o6zGmY:16486:0:99999:7:::/g' /etc/shadow && \
+RUN sed -i 's/rancher:!/rancher:*/g' /etc/shadow && \
    echo '## allow password less for rancher user' >> /etc/sudoers && \
    echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
 CMD ["/usr/sbin/console.sh"]
--- a/scripts/dockerimages/scripts/console.sh
+++ b/scripts/dockerimages/scripts/console.sh
@ -26,6 +26,18 @@ setup_ssh()
    mkdir -p /var/run/sshd
 }

+for i in $(</proc/cmdline); do
+    case $i in
+        rancher.password=*)
+            PASSWORD=$(echo $i | sed 's/rancher.password=//')
+            ;;
+    esac
+done
+
+if [ -n "$PASSWORD" ]; then
+    echo "rancher:$PASSWORD" | chpasswd
+fi
+
 cloud-init -execute

 setup_ssh
--- a/scripts/extraimages/00-ubuntuconsole
+++ b/scripts/extraimages/00-ubuntuconsole
@ -10,7 +10,6 @@ RUN locale-gen en_US.UTF-8
 RUN addgroup --gid 1100 rancher && \
    addgroup --gid 1101 docker && \
    useradd -u 1100 -g rancher -G docker,sudo -m -s /bin/bash rancher && \
-    sed -i 's/rancher.*/rancher:rixbL64o6zGmY:16486:0:99999:7:::/g' /etc/shadow && \
    echo '## allow password less for rancher user' >> /etc/sudoers && \
    echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
 CMD ["/usr/sbin/console.sh"]
--- a/scripts/package
+++ b/scripts/package
@ -29,10 +29,7 @@ default rancheros
 label rancheros
    kernel /boot/vmlinuz
    initrd /boot/initrd
-    append quiet
-
-prompt 1
-timeout 1
+    append quiet rancher.password=rancher
 EOF

 # Copied from boot2docker, thanks.
--- a/scripts/run
+++ b/scripts/run
@ -15,6 +15,7 @@ HD=${BASE}/build/empty-hd.img
 HD_GZ=${ARTIFACTS}/empty-hd.img.gz
 INITRD_TMP=${BUILD}/$(sha1sum ${INITRD} | awk '{print $1}')
 INITRD_TEST=${BUILD}/initrd.test
+USER_DATA=cloud-init/openstack/latest/user_data

 if [[ ! -e ${KERNEL} || ! -e ${INITRD} ]]; then
    echo "Failed to find ${KERNEL} or ${INITRD}" 1>&2
@ -33,6 +34,10 @@ if [ ! -d ${INITRD_TMP} ]; then
    popd
 fi

+if [ ! -e bin/rancheros ]; then
+    ./script/build
+fi
+
 cp bin/rancheros ${INITRD_TMP}/init
 cd ${INITRD_TMP}

@ -46,6 +51,16 @@ else
        zcat ${HD_GZ} > ${HD}
    fi

-    qemu-system-x86_64 -serial stdio -kernel ${KERNEL} -initrd ${INITRD_TEST} -m 1024 -net nic,vlan=0,model=virtio -net user,vlan=0,hostfwd=tcp::2222-:22,hostname=rancher -drive if=virtio,file=${HD} -machine accel=kvm -cpu host -smp 4 -append "x $@" ${QEMU_ARGS}
+    mkdir -p $(dirname $USER_DATA)
+
+    echo "#cloud-config" > ${USER_DATA}
+    echo "ssh_authorized_keys:" >> ${USER_DATA}
+    for i in ${HOME}/.ssh/*.pub; do
+        if [ -e $i ]; then
+            echo "  - $(<$i)" >> ${USER_DATA}
+        fi
+    done
+
+    qemu-system-x86_64 -serial stdio -kernel ${KERNEL} -initrd ${INITRD_TEST} -m 1024 -net nic,vlan=0,model=virtio -net user,vlan=0,hostfwd=tcp::2222-:22,hostname=rancher -drive if=virtio,file=${HD} -machine accel=kvm -cpu host -smp 4 -fsdev local,id=conf,security_model=none,readonly,path=$(pwd)/cloud-init -device virtio-9p-pci,fsdev=conf,mount_tag=config-2 -append "x rancher.password=rancher $@" ${QEMU_ARGS}

 fi