[CentOS-devel] Cloud image default login

Mon Jul 14 16:14:55 UTC 2014

As further data points, Debian on AWS EC2 uses the 'admin' username, and
all Google-supported images on Google Compute Engine (including CentOS)
don't have a default account at all, but rather use integrated SSH key
management via our metadata server and an open source daemon we install
into the guest.

On that note, yes, we're aware of CentOS 7 - congrats to all! - and getting
ready to proceed with GCE images of that too after we run it successfully
through our test suite.

- Jimmy

On Mon, Jul 14, 2014 at 9:07 AM, Neil Wilson <neil at brightbox.co.uk> wrote:

>
> On 14 Jul 2014, at 16:54, Nux! <nux at li.nux.ro> wrote:
>
> > ----- Original Message -----
> >> From: "Karanbir Singh" <mail-lists at karan.org>
> >> To: centos-devel at centos.org
> >> Sent: Monday, 14 July, 2014 4:32:18 PM
> >> Subject: Re: [CentOS-devel] Cloud image default login
> >>
> >> On 07/14/2014 04:27 PM, Daniel Ankers wrote:
> >>> As a user, I'd like to be able to take any set of instructions about
> >>> RHEL and s/RHEL/CentOS/g and have it work (with the exception of all
> the
> >>> things people pay RedHat good money for, of course.)
> >>
> >> in the cloud images they wont, we built our own images ( always have )
> >> and have implemented our own policy.
> >>
> >> I guess once rhel images show up for opennebula and in linode, we can
> >> start trying to work together a bit more.
> >>
> >> my point really is - lets find the best place to be, without needing to
> >> just blindly work with what / where rhel is and what they are doing
> >
> > Maybe it would be good, for a while, to have both root and cloud-user
> accounts active? Not sure how this would actually work in reality (ie how
> the cloud platforms and supporting scripts would deal with it).
> >
> > In my case, building Cloudstack templates, there is a whole lot of
> people expecting root to be active, changing this behaviour would mean
> screwing them over.
> > If CentOS also has this kind of legacy problems - which I expect to be
> true - then it's something to be thinking about.
> >
> > If this is not deemed a problem, then it would be nice to have the same
> sort of consistency between RHEL, CentOS and Fedora in this regard.
> >
>
>
> The default in cloud is to have a locked root user and use sudo for root
> operations from a non-privileged user. That’s how Ubuntu does it, and it is
> how the Fedora image does it. And it is what cloud-init expects to see
> which is what will link into the public metadata systems on the public
> clouds.
>
> The default for username should really be ‘centos’ I think. That fits with
> the other distros who name the user after themselves.
>
> The other thing that needs fixing is ‘cloud-init’ which currently doesn’t
> detect Enterprise Linux clones using systems properly and makes a hash of a
> few things. I logged a bug today about it:
> https://bugs.launchpad.net/cloud-init/+bug/1341508
>
> Bear in mind that cloud-init creates the user as specified in the default
> cloud-config and locks the root user by default. The kickstart script I
> knocked together today just creates the root user with a default password,
> locks the password in the %post (to work around a limitation in anaconda
> which demands a user if you use —lock) and then leaves the user creation to
> cloud-init.
>
> That’s certainly what would make the image most useful here.
>
>
>
>
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140714/49e30ad7/attachment.html>