Root password reset via cloud-config not working

[lucdekens]

Tried this with Photon v2 and v3, neither of these seems to handle a root password change via cloud-config.
The solution in #659 doesn't work.
Neither does using chpasswd.

The cloud-init.log contains "User root already exists, skipping".

[dcasota]

Bump. Does anyone have a working solution?

During the execution of cloud-init it already runs in root. Afaik using

users: 
 - name: root

means if that user is already present on the system, cloud-init would skip setting the password.

Cloud-Init should support plain-text chpasswd and hashed (#659) chpasswd as well. Passing the following user-data text didn't work for me. Any idea?

disable_root: false
ssh_pwauth: True
ssh_deletekeys: False
chpasswd:
   list: |
     root:changeme
   expire: False

[sooslaca]

Same problem here anyone found a solution yet?

Having a closer look on cloud-init.log, it looks like chpasswd cannot change password as it set to force expired.

2019-11-04 21:20:44,816 - util.py[WARNING]: Failed to set password for root
2019-11-04 21:20:44,816 - util.py[DEBUG]: Failed to set password for root
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/cloudinit/distros/__init__.py", line 583, in set_passwd
    util.subp(cmd, pass_string, logstring="chpasswd for %s" % user)
  File "/usr/lib/python3.7/site-packages/cloudinit/util.py", line 2027, in subp
    cmd=args)
cloudinit.util.ProcessExecutionError: Unexpected error while running command.
Command: ['chpasswd', '-e']
Exit code: 1
Reason: -
Stdout: 
Stderr: You are required to change your password immediately (administrator enforced)
        chpasswd: PAM: Authentication token is no longer valid; new one required
2019-11-04 21:20:44,819 - handlers.py[DEBUG]: finish: init-network/config-users-groups: FAIL: running config-users-groups with frequency once-per-instance 

My best guess for workaround would be to replace the whole root line in /etc/shadow, but that looks to be a bit hacky for me.

[ppadmavilasom]

you can build an ova with the password age turned off or set to a duration you like

Please see setting
https://github.com/vmware/photon/blob/3.0/support/image-builder/ova/config_ova.json#L7
and how its applied
https://github.com/vmware/photon/blob/master/installer/modules/m_updaterootpassword.py#L31

To build an ova, from the source root, do make image IMG_NAME=ova

[sooslaca]

If some wants to do it without build OVA (like me who needs on on rpi image, not vmware), here is the root enablement.

bootcmd:
  - /bin/sed -E -i 's/^root:([^:]+):.*$/root:\1:17532:0:99999:0:::/' /etc/shadow

[zwiy]

Got the same problem with v3 Revision 2. Any updates?
The solution in #659 doesn't work.