Possibility to set an own root password for the image installation

[Sebbo94BY]

I want to be able to install a Profitbricks image on a new server with the option to set an own root password before the installation begins, that it's already set after the installation has been finished.

In the DCD it's currently not possible, but you may can talk with Profitbricks to get this feature...?

Would be very awesome!

[baldwinSPC]

Hey @Sebi94nbg

Thanks for passing this along. We've captured this and have forwarded it onto the appropriate folks. If you have any other future feedback, please feel free to drop us a note at:

https://devops.profitbricks.com/feedback

This flows into all the correct people and ensures that we see these types of things. Depending on who's working the issues these requests might fall through the cracks if filed through the Issues tracker on GitHub. Thanks again!

-matt

[bdrung]

You can already set the root password for ProfitBricks images via the SOAP and the REST API, when you create the volume.

[Sebbo94BY]

And how?

[jasmingacic]

You can do this by using the CLI command profitbricks volume create --datacenterid ' [dcid] -p [path_to_json_file]

Where json file should resemble this:

{ "properties": { "size": "1", "bus": "IDE", "licenceType": "LINUX", "imagePassword: "*****" } }

Details on parameter you can find here

https://devops.profitbricks.com/api/rest/#create-volume

[Sebbo94BY]

Mhmm, my problem is, that I don't want to use any json file. I want to use only parameters, because this makes my script more dynamic.

Well... Some companies are always using the same password for base installations, ok. But what about those guys/companies, who are always using different random passwords? Some other companies also have a list of different standard passwords within their company...

If you would use the json file, you always have to open it, change the string, save it and run the script. If you could provide it by a parameter, you just could run the script with a further parameter like "--image-password 'very$SecretPassw0rd'".

Due a Linux shell normally logs all (successful) commands, I prefer a single file, which just includes the password as string. This would help to set secure passwords, which aren't logged by the shell and it's very easy to change this string (password) in this file - also by a script.

I would integrate it with two options.

If the user always wants to set the same password, he just has to save this string in the file and use it like this:

    profitbricks [...] --image-password static

...while he also can say, that he always wants a new random generated password:

    profitbricks [...] --image-password random

For the random passwords, I prefer a function within the script, which creates unique random passwords by a list of allowed characters and a random but secure password strength. This string needs to be diverted into the password file.

Can you add this feature as described, that it can be used with parameters instead of a json file?

[jasmingacic]

Currently passing --image-password isn't supported by the CLI but it will be available in upcoming releases. We will also take under consideration you suggestions about random passwords

On Tue, Jan 12, 2016 at 10:50 PM, TS3tools notifications@github.com wrote:

Mhmm, my problem is, that I don't want to use any json file. I want to use only parameters, because this makes my script more dynamic.

Well... Some companies are always using the same password for base installations, ok. But what about those guys/companies, who are always using different random passwords? Some other companies also have a list of different standard passwords within their company...

If you would use the json file, you always have to open it, change the string, save it and run the script. If you could provide it by a parameter, you just could run the script with a further parameter like "--image-password 'very$SecretPassw0rd'".

Due a Linux shell normally logs all (successful) commands, I prefer a single file, which just includes the password as string. This would help to set secure passwords, which aren't logged by the shell and it's very easy to change this string (password) in this file - also by a script.

I would integrate it with two options.

If the user always wants to set the same password, he just has to save this string in the file and use it like this:

profitbricks [...] --image-password static

...while he also can say, that he always wants a new random generated password:

profitbricks [...] --image-password random

For the random passwords, I prefer a function within the script, which creates unique random passwords by a list of allowed characters and a random but secure password strength. This string needs to be diverted into the password file.

Can you add this feature as described, that it can be used with parameters instead of a json file?

— Reply to this email directly or view it on GitHub https://github.com/profitbricks/profitbricks-cli/issues/16#issuecomment-171069296 .

Jasmin Gacić

[Sebbo94BY]

Great! Can you already provide a release date for this, when it will be available approximately?

[bdrung]

Please also consider to take the password as environment variable (which will avoid logging the password in the shell history).

[Sebbo94BY]

This would avoid the logging in the shell history, but other users could see the password by using the command env, printenv or set. By using files, you have the advantage, that you can set explicit read and write permissions for just this one user.

My TS3UpdateScript for example saves the serveradmin password in a hidden file with Linux permissions '0', which means, that nobody except root can do something with this file.

Well, I'm currently not sure, if just root or any user can install this CLI.

Please don't forget the security of such things. Somebody else also reported such a security issue several weeks ago, which is still not solved: #14

[jasmingacic]

Since the cli needs to be installed as a global package sudo is required to install the cli in linux.

Can you please update the npm package to version 1.1.9.

The command should be something like this:

profitbricks volume create --datacenterid 843d8470-c474-4a9b-b640-6c2d10b40dab --size 123 --imagepassword 1234asdf --imageid 1087680b-6cc3-11e5-b680-52540066fee9

To use environment variables do the following:

Windows 

profitbricks volume create --datacenterid 843d8470-c474-4a9b-b640-6c2d10b40dab --size 123 --imagepassword %IMAGEPWD% --imageid 1087680b-6cc3-11e5-b680-52540066fee9 

Linux

profitbricks volume create --datacenterid 843d8470-c474-4a9b-b640-6c2d10b40dab --size 123 --imagepassword $IMAGEPWD --imageid 1087680b-6cc3-11e5-b680-52540066fee9```

[Sebbo94BY]

Great, works fine!

Thanks!