BOSH uses crypt(3)
to encrypt sudo passwords. You can find an example of how it is done in sha512_hashed_password
function.
This function is called in a case when you didn't set password in vm_type
section (using env.bosh.password
) of Cloud Config and set director.generate_vm_passwords
property.
gem install 'unix-crypt'
PASS=c1oudc0w
ruby -e "require 'unix_crypt'; require 'securerandom'; salt = SecureRandom.hex(8); puts UnixCrypt::SHA512.build('$PASS', salt);"
The password is set by bosh agent using usermod
command.
You can specify env.bosh.password
in you instance group declaration like this:
instance_groups:
- name: es-master
instances: 2
jobs:
- name: elasticsearch
...
env:
bosh:
password: '$6$b97b279f9ad318be$.kftfBjE4Evk8P8pVCTxPl6.s7IEnUA661AwxVHJeilJEthfJU5v/w.ce0pCzndo/.rchRxGRpu.4xD2Bxjwr0'
The same is relevant for compilation section in Cloud Config:
compilation:
az: z1
network: default
vm_type: m3.large
workers: 2
reuse_compilation_vms: true
env:
bosh:
password: '$6$b97b279f9ad318be$.kftfBjE4Evk8P8pVCTxPl6.s7IEnUA661AwxVHJeilJEthfJU5v/w.ce0pCzndo/.rchRxGRpu.4xD2Bxjwr0'