Set/Change the “core” User Password In OpenShift Post-Install

Stop! Please don’t do it, go back …

While RedHat really don’t want you to access the OpenShift nodes directly (not via SSH or console access), it even warning you about it 🙂

❯ ssh [email protected]
Red Hat Enterprise Linux CoreOS 411.86.202212072103-0
  Part of OpenShift 4.11, RHCOS is a Kubernetes native operating system
  managed by the Machine Config Operator (`clusteroperator/machine-config`).

WARNING: Direct SSH access to machines is not recommended; instead,
make configuration changes via `machineconfig` objects:
  https://docs.openshift.com/container-platform/4.11/architecture/architecture-rhcos.html

But some time, we don’t have a choice, and we need console access, for example if we broke network connectivity to the node, and we need to log in via the console from a IPMI/VNC sessions. For that, we will have to set the password for the core account.
Here is an example of one way to achieve that, by using MachineConfig (node that you will have to change “worker” to “master” to also target the master nodes),
once the password is set, you can/need remove the MC, as you don’t need it once the node restart once and applied the change.

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  name: worker-core-password
  labels:
    machineconfiguration.openshift.io/role: worker
spec:
  config:
    ignition:
      version: 3.2.0
    systemd:
      units:
      - name: core-password.service
        enabled: true
        contents: |
          [Unit]
          Description=Changes core password
          [Service]
          Type=oneshot
          ExecStart=/bin/bash -c "echo core:redhat | chpasswd"
          [Install]
          WantedBy=multi-user.target

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *