[lxc-devel] Predictable root passwords in LXC templates
Major Hayden
major at mhtx.net
Thu Jun 18 20:52:08 UTC 2015
On 06/18/2015 02:30 PM, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgraber at ubuntu.com):
>> > I think ideally, I'd like for:
>> >
>> > - All templates to default to no password at all (no an empty password)
>> > - All templates to support a common set of environment variables or/and
>> > arguments to have passwords generated for them or to use passwords
>> > provided by the user
>> > - Have a way (possibly optional) for those credentials to be written
>> > down into a text file in the container's directory (for use by scripts).
>> > - Print a generic message to the user, advising them of any credential
>> > that was generated and that they can use lxc-attach to interact with the
>> > container without them.
> That all sounds perfect.
Feel free to shoot down the idea, but since the LXC codebase already has some python in it, could we use something like Ansible to do the actual configuration of each container? Ansible can take actions on a chroot as if it was a remote machine and its list of dependencies is fairly short. This would allow us to steer clear of bash scripts which can become cumbersome over time.
What I'm suggesting is:
1) Do the initial build with a template (install pkgs, basic configuration)
2) Complete the remainder of the configuration using Ansible
-- OR --
1) Have Ansible build the chroot and then configure it
We're already looking at making significant changes to each of the templates to make them more uniform and it seems like we'd be better suited to get into a framework which makes it easier to maintain uniformity over time.
--
Major Hayden
More information about the lxc-devel
mailing list