thank you for your replay, latest version of OpenNebula can set root password by many ways, i’m using the starter script with this one line command : echo -e "123456\n123456" | passwd root
You will need to specify the whole context. It would be nice if cli allowed one to update only a part of the context.
Or maybe there is already a way to achieve that with cli?
I would also like to add another question to this topic: is there any way do remove PASSWORD variable (or any other ones) after the first (successful) boot? For example, to let VM admin to set temp root passwd, boot VM and then be able to change root password inside of the VM and keep it across reboots? I don’t like setting passwords via context for many reasons but have been asked about this functionality by users.
You could remove one-context service from the startup after the initial contextualization. This could be done via a script executed by the context plugin.
If you do that though you will not get any more updates you might send via onegate and basically onegate on the host will fail as the token and so on might not be there after a cleanup of tmp. That could be ok if the node is fully managed by it’s owner at that point.
Removing one-context service will cut too much functionality, so I would prefer to find an another way.
Of course the simplest option is to keep hashed variable value inside of the VM and assume that if it is equal to the hashed value during boot it was already set and do nothing. But this way also leads to some sort of inconvenience, so I would prefer check another solutions first.
As loc-20-set-username-password does not do anything when there is no password you could try to remove the password attribute via onegate. I’m not sure if this is possible via onegate though.
Besides that you could drop the set password script from the installed plugin after the first run. I’d rather patch it than removing the script but you could do that without touching the other context functionality via a script at the end of the first context run. At least that would be last option if everything else fails.