> On Dec 8, 2014, at 8:10 AM, Tim Mackey <tmac...@gmail.com> wrote: > > I've been working through a series of issues getting Ubuntu 12.04 LTS > templates to provision correctly, and I *think* most are really doc issues, > but before I run off and update docs I wanted to confirm that I'm doing the > right thing. Here's my list of issues, and what I did to get past my > "issue". My documentation source is: > http://cloudstack-administration.readthedocs.org/en/latest/templates.html. > My CloudStack is 4.4. > > 1. The docs make no mention of an Ubuntu change password script, and Google > returns Shankar's GitHub scripts as option #4. Unfortunately, that script > has a user of "ubuntu" hardcoded into it, so unless your template has an > "ubuntu" user, its not going to work. I haven't tried to use the stock > CloudStack password change script in my template, but have found references > to it not working as expected. For my purposes, I changed Shankar's script > to use a "root" user, but this leaves the following questions open: > > - Does the current CloudStack script work with Ubuntu 12.04 and later? If > so, I vote the docs be updated to reflect support for Ubuntu 12.04 and later; > with the objective of both clarifying the docs and helping boost our docs to > a higher rank than Shankar's GitHub.
See [1]. It should work with 12.04LTS. > - If the current CloudStack script doesn't work with Ubuntu 12.04 LTS, should > a JIRA ticket be entered to resolve this, or should we have multiple scripts > available and effectively incorporate Shankar's work more officially? > > 2. The docs recommend setting the password to expire, but when the change > password script runs, that flag is cleared and the user isn't promoted to > reset the root password. That leaves the following question in my mind. > > - Is our password intended to be a one-time use password. If so, then the > password change script should reset expiration forcing a new one to be set. > If not, then should we not remove the "expire password" recommendation from > the docs? Some providers and cloud mgmt platforms keep a copy of the “current” root password as set by the reset script. That type of functionality is why there’s probably no “expire” in the change passed script. I think you confusion is coming from the template section is not closely tied to the password management section - if one is making templates, they should reset the password so first login requires new password. This saves us from having thousands of VMs on the Internet with a default password. If a shop is making templates, and using password management - the password should be generated at VM creation and shouldn’t be an issue. Either way - you really shouldn’t be logging into systems (VMs or physical) as root on a regular basis. > 3. The script in the docs covering clearing the logs (step 6) doesn't include > clearing syslog. Recommend updating the script to include: cat /dev/null > > /var/log/syslog 2>/dev/null > > 4. The script in the docs covering clearing of command history (step 9) > doesn't clear the in memory history. Recommend updating the script to > become: cat /dev/null > ~/.bash_history && history -c && unset HISTFILE && > halt -p. This would also remove the the shutdown step (step 10). Good points, although I’m not sure if “halt” is as safe as shutdown... > 5. The script to set the hostname has a race condition which effectively > means it rarely sets the hostname correctly on initial boot. I've attached > the script I used. It doesn't depend upon the leases file being present, and > took care of some alternate "blank" hostname cases I encountered while > debugging. Unfortunately ASF lists strip out attachments. > I'm happy to update the docs, but want to make certain what I've encountered > as issues are things we care about updating. Would love to have your changes. At the minimum, please create Jira tickets, but if/where possible we’d happily take either submitted code review requests or pull requests on github. John 1: http://cloudstack-administration.readthedocs.org/en/latest/templates.html#adding-password-management-to-your-templates