
Option 2
If you wish to deploy the Cisco Prime Network Registrar virtual appliance instance in a way that is more in
accordance with the usual practice for OpenStack instance deployment, you can configure the Cisco Prime
Network Registrar OpenStack instance to not allow root logins with a password, and require an
SSH
key-pair
to login. If you also wish to allow a password based login for a user other than root with root permissions,
instructions on how to configure are listed below.
When you launch an OpenStack instance from WebUI, to prevent root password login you will have to perform
specific configuration in the Configuration section of the Launch instance dialog. You will need to provide
a Customization Script -- which is analogous to User Data in other systems. You will need to configure a
script (provided below) which will make the OpenStack instance disable the root password based login. After
you deploy an instance configured with this Customization script, the only way to gain the access to the Linux
operating system on the instance is to login via
ssh
using the
ssh key pair
associated with the instance at the
time of launch.
For example, you might login with: "ssh -i keypairname.pem [email protected]". If you did not associate a key
pair with the instance, or have lost access to the key pair, you will not be able to login to the instance. There
is no default root password when the instance is created in this way, and the root password login is disabled.
To configure option 2, enter the following in the "Customization Script" text box:
#cloud-boothook
#!/bin/bash
if [ ! -f /etc/cloud/cloud.cfg.orig ]; then
cp /etc/cloud/cloud.cfg /etc/cloud/cloud.cfg.orig
cp /etc/cloud/cloud.cfg.norootpasswd /etc/cloud/cloud.cfg
fi
If you choose option 2 and once you gained access to the instance using the
ssh key pair
, if you would
like to login with a password as well, you can create a new Linux user using the
useradd
command and
make that user a member of the group wheel. You must also give that user a secure password using the
passwd
command. Then you can always login with
ssh
or to the console as that user and have root
privileges.
To create a user to allow password login, use the following command:
useradd safeuser -g wheel
passwd safeuser
Then, if you need root access, login as
safeuser
and use the following command:
sudo su
enter the password for
safeuser
, and you will become a root user.
Note
If the IP addresses that are associated with the available interfaces are fixed addresses (i.e., they are only
accessible to other instances in OpenStack), then you will need to associate a floating address with Cisco
Prime Network Registrar instance. This floating address must then be accessible to the clients of the DHCP
or DNS service to be provided by the Cisco Prime Network Registrar instance. You will have to configure
the DHCP server provided by Cisco Prime Network Registrar to return the IP address of the floating address
as its server-id, instead of the fixed IP address that Cisco Prime Network Registrar can detect that is associated
with the interface built into the instance. In order to configure DHCP for this situation, you will need to be in
expert mode, and configure the DHCP Policy attribute "dhcp-server-identifier-address" with the floating
Cisco Prime Network Registrar 9.1 Installation Guide
45
Cisco Prime Network Registrar Virtual Appliance
Deploying the Regional Cluster or Local Cluster on OpenStack