Overview

After uploading a cloud image to the OpenStack Glance service and creating an instance, you may find that the default password remains unchanged. This guide documents the process of modifying the root password within a cloud image file.

Environment and Image Preparation

First, list all available images in Glance:

openstack image list
# +--------------------------------------+-------------------------+--------+
# | ID                                   | Name                    | Status |
# +--------------------------------------+-------------------------+--------+
# | 170481aa-4221-4d19-b657-201b23b8be47 | Arch                    | active |
# | f4c3c588-49dc-42ff-a8dc-6ceb1f74b14b | CentOS-7.9.2009-minimal | active |
# | d05dea62-2440-43df-a80f-ae8ce303d08f | Rocky                   | active |
# | bd649513-8d66-4e90-a8f2-c873c32c82be | Windows Server 2019     | active |
# | fb1d339a-59d8-4e3d-bb5f-57b87dd015f6 | freebsd-14              | active |
# +--------------------------------------+-------------------------+--------+

Locate the image file in the /var/lib/glance/images/ directory on the Glance host, using the image ID from the list above. In this environment, the storage is mounted via iSCSI, so the image must be downloaded locally for modification.

openstack image save --file cloud-image.qcow2 Rocky
# --file specifies the local filename, followed by the image name.
# root@node1:~# ls -l
# ...
# -rw-r--r-- 1 root root 1092812800 Apr 11 02:28 cloud-image.qcow2

Install the libguestfs tools required for image modification:

apt install libguestfs-tools -y

Modifying the Password

Option 1: Generate a Random Password

virt-customize -a cloud-image.qcow2 --root-password random
# [   0.0] Examining the guest ...
# [   6.6] Setting a random seed
# [   6.7] Setting passwords
# virt-customize: Setting random password of root to X9kP7mNvL4qW2rTz
# [   8.6] Finishing off

The randomly generated password is X9kP7mNvL4qW2rTz.

Option 2: Set a Specific Password

virt-customize -a cloud-image.qcow2 --root-password password:MySecurePass2024
# [   0.0] Examining the guest ...
# [   6.6] Setting a random seed
# [   6.7] Setting passwords
# [   8.6] Finishing off

Option 3: Modify Password for Non-Root Users

Note: This command only modifies an existing user's password; it does not create new users.

virt-customize -a cloud-image.qcow2 --password deployuser:password:Deploy@2024
# [   0.0] Examining the guest ...
# [   6.6] Setting a random seed
# [   6.7] Setting passwords
# [   8.6] Finishing off

Uploading the Modified Image

Remove the old image from Glance and upload the modified version:

openstack image delete Rocky

openstack image create --file ./cloud-image.qcow2 --disk-format qcow2 --public RockyOS9

Alternative: OpenStack Script Enjection

Note: The following method was not verified in this environment (deployed via Docker). Use as reference only.

Modify the Nova configuration file at /etc/nova/nova.conf:

inject_password=true

When creating an instance, navigate to Create Instance → Configuration → Customization Script and enter the following shell script. Replace MySecurePass2024 with your desired password:

#!/bin/bash
echo 'MySecurePass2024' | passwd --stdin root

Insure the "Configuration Drive" opsion is checked.