Add example showing how to set root password via cloud-init

There have been some requests to enable this, and although it's not
something we should enable by default, this shows how you can use
the generic NodeUserData interface to have cloud-init do it.

To use this you create an environment file like:

resource_registry:
  OS::TripleO::NodeUserData: path/to/userdata_root_password.yaml
parameter_defaults:
  NodeRootPassword: insecure_changeme

Obviously this isn't that secure, and thus isn't intended for
production environments, but it may be useful for debugging and
as a further example showing how to configure things via cloud-init.

Change-Id: If87a1e1dbfaf31b84cc0667c9a60bbd3c757d8cd

1 files changed, 38 insertions, 0 deletions

diff --git a/firstboot/userdata_root_password.yaml b/firstboot/userdata_root_password.yaml
new file mode 100644
index 00000000..63dd5a9c
--- /dev/null
+++ b/firstboot/userdata_root_password.yaml
@@ -0,0 +1,38 @@
+heat_template_version: ocata
+
+description: >
+  Uses cloud-init to enable root logins and set the root password.
+  Note this is less secure than the default configuration and may not be
+  appropriate for production environments, it's intended for illustration
+  and development/debugging only.
+
+parameters:
+  NodeRootPassword:
+    description: Root password for the nodes
+    hidden: true
+    type: string
+
+resources:
+  userdata:
+    type: OS::Heat::MultipartMime
+    properties:
+      parts:
+      - config: {get_resource: root_config}
+
+  root_config:
+    type: OS::Heat::CloudConfig
+    properties:
+      cloud_config:
+        ssh_pwauth: true
+        disable_root: false
+        chpasswd:
+          list:
+            str_replace:
+              template: "root:PASSWORD"
+              params:
+                PASSWORD: {get_param: NodeRootPassword}
+          expire: False
+
+outputs:
+  OS::stack_id:
+    value: {get_resource: userdata}