Changing the root password in Triton
Because of the way that Triton boots (from USB key for the head node, and via PXE boot for the compute nodes), the following steps must be taken when changing the root password to ensure that the change persists across a reboot.
Joyent recommends the use of strong passwords in order to assist in securing Triton. However, please be aware that passwords alone do not replace the need for other effective security controls, such as two factor authorization and restricted access to key systems, such as the Triton head node and compute nodes.
Changing the root password is a two step process; you first change the password on the running head node, then you will use an Triton utility to synchronize the password back to the config file on the USB key.
To change the root password on the head node, first log in to the global zone of the head node as root. Then use the passwd(1) command without arguments to change the root password.
headnode# passwd New Password: xxxxxxx Re-enter new Password: xxxxxxx passwd: password successfully changed for root
Run the sdc-image-sync command to write the change back to the USB key.
headnode# sdc-image-sync Updating root password in the config file
This password will now persist across a reboot.
Note: If you have a version of gz-tools prior to TRITON-1415 you will need to manually update the
root_shadow parameter in
/usbkey/extra/joysetup/node.config. Use the same value as in
Since compute nodes PXE boot from the head node, the process of changing the root password is simply refreshing the configuration data from the headnode by restarting the
smartdc/init SMF service.
computenode# svcadm restart smartdc/init
You can also update the password on all compute nodes simultaneously.
headnode# sdc-oneachnode -c 'svcadm restart smartdc/init'