Skip to content

Instantly share code, notes, and snippets.

@allomov

allomov/set-sudo-password.md

Last active June 6, 2017 18:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save allomov/74d3830e7981d4e57d8f0499c2a29951 to your computer and use it in GitHub Desktop.
Save allomov/74d3830e7981d4e57d8f0499c2a29951 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
set-sudo-password.md

How to set sudo password of VM deployed with BOSH v2

BOSH uses crypt(3) to encrypt sudo passwords. You can find an example of how it is done in sha512_hashed_password function.

This function is called in a case when you didn't set password in vm_type section (using env.bosh.password) of Cloud Config and set director.generate_vm_passwords property.

gem install 'unix-crypt'
PASS=c1oudc0w
ruby -e "require 'unix_crypt'; require 'securerandom'; salt = SecureRandom.hex(8); puts UnixCrypt::SHA512.build('$PASS', salt);"

The password is set by bosh agent using usermod command.

You can specify env.bosh.password in you instance group declaration like this:

instance_groups:
- name: es-master
  instances: 2
  jobs:
  - name: elasticsearch
  ...
  env:
    bosh:
      password: '$6$b97b279f9ad318be$.kftfBjE4Evk8P8pVCTxPl6.s7IEnUA661AwxVHJeilJEthfJU5v/w.ce0pCzndo/.rchRxGRpu.4xD2Bxjwr0'

The same is relevant for compilation section in Cloud Config:

compilation:
  az: z1
  network: default
  vm_type: m3.large
  workers: 2
  reuse_compilation_vms: true
  env:
    bosh:
      password: '$6$b97b279f9ad318be$.kftfBjE4Evk8P8pVCTxPl6.s7IEnUA661AwxVHJeilJEthfJU5v/w.ce0pCzndo/.rchRxGRpu.4xD2Bxjwr0'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment