allomov
6/5/2017 - 7:23 PM

set-sudo-password.md

How to set sudo password of VM deployed with BOSH v2

BOSH uses crypt(3) to encrypt sudo passwords. You can find an example of how it is done in sha512_hashed_password function.

This function is called in a case when you didn't set password in vm_type section (using env.bosh.password) of Cloud Config and set director.generate_vm_passwords property.

gem install 'unix-crypt'
PASS=c1oudc0w
ruby -e "require 'unix_crypt'; require 'securerandom'; salt = SecureRandom.hex(8); puts UnixCrypt::SHA512.build('$PASS', salt);"

The password is set by bosh agent using usermod command.

You can specify env.bosh.password in you instance group declaration like this:

instance_groups:
- name: es-master
  instances: 2
  jobs:
  - name: elasticsearch
  ...
  env:
    bosh:
      password: '$6$b97b279f9ad318be$.kftfBjE4Evk8P8pVCTxPl6.s7IEnUA661AwxVHJeilJEthfJU5v/w.ce0pCzndo/.rchRxGRpu.4xD2Bxjwr0'

The same is relevant for compilation section in Cloud Config:

compilation:
  az: z1
  network: default
  vm_type: m3.large
  workers: 2
  reuse_compilation_vms: true
  env:
    bosh:
      password: '$6$b97b279f9ad318be$.kftfBjE4Evk8P8pVCTxPl6.s7IEnUA661AwxVHJeilJEthfJU5v/w.ce0pCzndo/.rchRxGRpu.4xD2Bxjwr0'