You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The graphical/serial console for QEMU images requires the user to log in with a password. Normally, no passwords are set because SSH keys are used for login.
To use the graphical/serial console the user needs to reboot the machine and manually append flatcar.autologin to the kernel command line parameters in GRUB.
Impact
A reboot is needed (assumed people actually know about that kernel parameter!) or a password needs to be configured via Ignition.
Ideal future situation flatcar.autologin is always part of the kernel command line for QEMU images. This is no security problem because a user with console access can add it in GRUB if wanted when the machine reboots.
Implementation options
A OEM package is created for QEMU, so that image_to_vm.sh --format=qemu (or =qemu_uefi or =qemu_uefi_secure) creates an OEM partition with the following contents.
grub.cfg:
set oem_id="qemu"
set linux_append="flatcar.autologin"
Current situation
The graphical/serial console for QEMU images requires the user to log in with a password. Normally, no passwords are set because SSH keys are used for login.
To use the graphical/serial console the user needs to reboot the machine and manually append
flatcar.autologin
to the kernel command line parameters in GRUB.Impact
A reboot is needed (assumed people actually know about that kernel parameter!) or a password needs to be configured via Ignition.
Ideal future situation
flatcar.autologin
is always part of the kernel command line for QEMU images. This is no security problem because a user with console access can add it in GRUB if wanted when the machine reboots.Implementation options
A OEM package is created for QEMU, so that
image_to_vm.sh --format=qemu
(or=qemu_uefi
or=qemu_uefi_secure
) creates an OEM partition with the following contents.grub.cfg
:oem-release
:(Where
x.y.z
is the built Flatcar CL version.)Additional information
flatcar.autologin
is also the default for the out-of-band console on, e.g., Packet.The text was updated successfully, but these errors were encountered: