<div dir="ltr">As further data points, Debian on AWS EC2 uses the 'admin' username, and all Google-supported images on Google Compute Engine (including CentOS) don't have a default account at all, but rather use integrated SSH key management via our metadata server and an open source daemon we install into the guest.<div>
<br></div><div>On that note, yes, we're aware of CentOS 7 - congrats to all! - and getting ready to proceed with GCE images of that too after we run it successfully through our test suite.</div><div><br></div><div>- Jimmy</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jul 14, 2014 at 9:07 AM, Neil Wilson <span dir="ltr"><<a href="mailto:neil@brightbox.co.uk" target="_blank">neil@brightbox.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br>
On 14 Jul 2014, at 16:54, Nux! <<a href="mailto:nux@li.nux.ro">nux@li.nux.ro</a>> wrote:<br>
<br>
> ----- Original Message -----<br>
>> From: "Karanbir Singh" <<a href="mailto:mail-lists@karan.org">mail-lists@karan.org</a>><br>
>> To: <a href="mailto:centos-devel@centos.org">centos-devel@centos.org</a><br>
>> Sent: Monday, 14 July, 2014 4:32:18 PM<br>
>> Subject: Re: [CentOS-devel] Cloud image default login<br>
>><br>
>> On 07/14/2014 04:27 PM, Daniel Ankers wrote:<br>
>>> As a user, I'd like to be able to take any set of instructions about<br>
>>> RHEL and s/RHEL/CentOS/g and have it work (with the exception of all the<br>
>>> things people pay RedHat good money for, of course.)<br>
>><br>
>> in the cloud images they wont, we built our own images ( always have )<br>
>> and have implemented our own policy.<br>
>><br>
>> I guess once rhel images show up for opennebula and in linode, we can<br>
>> start trying to work together a bit more.<br>
>><br>
>> my point really is - lets find the best place to be, without needing to<br>
>> just blindly work with what / where rhel is and what they are doing<br>
><br>
> Maybe it would be good, for a while, to have both root and cloud-user accounts active? Not sure how this would actually work in reality (ie how the cloud platforms and supporting scripts would deal with it).<br>
><br>
> In my case, building Cloudstack templates, there is a whole lot of people expecting root to be active, changing this behaviour would mean screwing them over.<br>
> If CentOS also has this kind of legacy problems - which I expect to be true - then it's something to be thinking about.<br>
><br>
> If this is not deemed a problem, then it would be nice to have the same sort of consistency between RHEL, CentOS and Fedora in this regard.<br>
><br>
<br>
<br>
</div></div>The default in cloud is to have a locked root user and use sudo for root operations from a non-privileged user. That’s how Ubuntu does it, and it is how the Fedora image does it. And it is what cloud-init expects to see which is what will link into the public metadata systems on the public clouds.<br>
<br>
The default for username should really be ‘centos’ I think. That fits with the other distros who name the user after themselves.<br>
<br>
The other thing that needs fixing is ‘cloud-init’ which currently doesn’t detect Enterprise Linux clones using systems properly and makes a hash of a few things. I logged a bug today about it: <a href="https://bugs.launchpad.net/cloud-init/+bug/1341508" target="_blank">https://bugs.launchpad.net/cloud-init/+bug/1341508</a><br>
<br>
Bear in mind that cloud-init creates the user as specified in the default cloud-config and locks the root user by default. The kickstart script I knocked together today just creates the root user with a default password, locks the password in the %post (to work around a limitation in anaconda which demands a user if you use —lock) and then leaves the user creation to cloud-init.<br>
<br>
That’s certainly what would make the image most useful here.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
<br>
_______________________________________________<br>
CentOS-devel mailing list<br>
<a href="mailto:CentOS-devel@centos.org">CentOS-devel@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-devel" target="_blank">http://lists.centos.org/mailman/listinfo/centos-devel</a><br>
</div></div></blockquote></div><br></div>