Open phillxnet opened 1 year ago
@phillxnet I had a question on this, is the plan for the next milestone to include a rescue environment like it existed for the CentOS installation, or should the reset be focused on using a regular OpenSUSE install disk (or other methods)?
@Hooverdan96 In our prior CentOS days we just used our upstream's installer to get a shell to do the password reset. I don't think our installer has this capability. But whatever works, that is relatively straightforward would be good here. I'm a little reluctant to add complexity to our existing installer (i.e. like an additional boot option for example) so yes, maybe we could resource an upstream mini-iso or the like to get to the filesystem, as that is all we need I think.
Haven't looked to what exactly is required however. And maybe we can invoke a rescue option that already exists in our kiwi-ng installer via for example a kernel/initram option or the like.
Just for posterity, this is how I have done it (a kiwi-ng option did not become apparent to me, and a mini-iso would of course add to the installation file).
Downloaded the appropriate rescue iso (based on architecture install of Rockstor) from the live CD offerings on OpenSUSE - in this case 15.4 from here: https://download.opensuse.org/distribution/leap/15.4/live/ (around 0.6GiB in size):
In my case I was trying this on a VM, so easy enough to just pop in the iso file, otherwise balena etcher onto a USB stick.
When booting from USB/VM virtual device, select select 2nd option to get to CLI (I guess, the first/default option works as well, which will then bring the Leap KDE desktop version from which one could launch a terminal, which in turn might make it easier to copy below commands rather than typing them in looking at a second device).
After the boot is complete:
enter root
as login name, hit Enter
and the login is complete.
Then I mostly followed the tutorial from here: https://en.opensuse.org/SDB:Recover_root_password#CD/DVD/USB_recovery_mode
It does require a bit of knowledge what the devices represent, but for me it was using
lsblk
which gave me an idea of - just based on size - which device I was looking for - /dev/sda
, then and (again in my case) identified /dev/sda4
as the item to mount.
the remount
option gave me errors, so after dropping that and:
mount -o rw /dev/sda4 /mnt
I followed the second set of instruction before executing chroot
:
# mount -o bind /proc /mnt/proc
# mount -o bind /sys /mnt/sys
# mount -o bind /dev /mnt/dev
# chroot /mnt
# mount -a
# passwd
After removing the boot media and rebooting the root password was changed/reset on Rockstor ... so, that's one way of doing it, and could work for any of Rockstor's architecture offerings. Granted, it requires another download, but at least it's not a full 4 GiB iso file.
Looking forward, not sure how this will play with TW as on the above link there was no apparent TW rescue iso under the top-level distributions directory. Possibly using a recent Leap version (as long Leap continues to exist) will probably work, as I can't imagine that the password security architecture has undergone a major change, but you might know better. That's for another day.
I finally found, for a TW rescue disk the path is somewhat different, at least for x86_64
https://download.opensuse.org/tumbleweed/iso/, e.g.,
https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-Rescue-CD-x86_64-Current.iso
Not sure what to do in the arm64 or raspberry pi case here (incidentally for Leap I also didn't see a rescue image/approach for the pi).
Looking further I found this for having a rescue system on the hard drive. Based on that, I assume one could figure out how to add this to the installation and only minimally increasing the installation disk size:
https://en.opensuse.org/SDB:Rescue_system_on_disk
Of course, like it's pointed out, that rescue system will be useless if the boot drive is compromised, however the good part is that a reinstallation for Rockstor is really quick ...
Our following page: https://rockstor.com/docs/howtos/reset-root-password.html pertains only to our now legacy CentOS releases prior to V4 "Built on openSUSE". It would be nice to have a V4+ update or alternative and likely maintain the old v3 and earlier doc as a how-to explicitly adding there that it is for the now legacy v3- installs.
Note also that this doc is hard-url referenced from within rockstor-core here:
https://github.com/rockstor/rockstor-core/blob/ccd21f7703d8974282bc05d232efc8f8c67b7700/src/rockstor/storageadmin/templates/storageadmin/login.html#L143