Openstack Queen版本之guestfish修改centos7云镜像解决ssh无法连接VM实例（打好镜像百度云）

centos镜像站：http://cloud.centos.org/centos/7/images/
原生qcow2镜像百度云：链接：https://pan.baidu.com/s/1hy2aR2hHCuSAR9GLdXaMuQ
提取码：lqen

强制修改后密码为000000百度云：链接：https://pan.baidu.com/s/1-QRgqja9JEbztJec97Sx2w
提取码：gv6t

原因：
用VirtualBox 以及Queen版本搭建 openstack， 创建了实例，用ssh怎么搞都不能够免密登陆进入创建的虚拟机，虽然可以ping通，所以打算尝试一下直接修改镜像ssh密码。

1.安装guestfish**
yum install guestfish libguestfs libguestfs-tools -y

2.打开镜像

guestfish --rw -a CentOS-7-x86_64-GenericCloud-1907.qcow23.执行修改
><fs> run
><fs> list-filesystems
/dev/sda1: xfs
><fs> mount /dev/sda1 /

修改配置文件

><fs> vi /etc/cloud/cloud.cfg
users:
- default

disable_root: 1    //允许root登陆
ssh_pwauth:   1    //ssh开启密码登陆

locale_configfile: /etc/sysconfig/i18n
mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
resize_rootfs_tmp: /dev
ssh_deletekeys:   0
ssh_genkeytypes:  ~
syslog_fix_perms: ~

cloud_init_modules:
- migrator
- bootcmd
- write-files
- growpart
- resizefs
- set_hostname
- update_hostname
- update_etc_hosts
- rsyslog
- users-groups
- ssh

cloud_config_modules:
- mounts
- locale
- set-passwords
- yum-add-repo
- package-update-upgrade-install
- timezone
- puppet
- chef
- salt-minion
- mcollective
- disable-ec2-metadata
- runcmd

cloud_final_modules:
- rightscale_userdata
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- phone-home
- final-message

system_info:
  default_user:
    name: centos
    lock_passwd: false    //修改
    plain_text_passwd: "000000"    //添加
    gecos: Cloud User
    groups: [wheel, adm, systemd-journal]
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    shell: /bin/bash
  distro: rhel
  paths:
    cloud_dir: /var/lib/cloud
    templates_dir: /etc/cloud/templates
  ssh_svcname: sshd


# vim:syntax=yaml

修改了如下，即允许管理员登陆

><fs> vi /etc/ssh/sshd_config
PermitRootLogin yes

通过获取000000的哈希值，修改密码，将root默认的随机密码替换成生成的加密密码

><fs> vi /etc/shadow
root:$1$bARY7N1a$1fG3.mOXHvv1sJXGFErdR.:16786:0:99999:7:::
[root@controller ~]# openssl passwd -1 000000
$1$bARY7N1a$1fG3.mOXHvv1sJXGFErdR.
[root@controller ~]#

问题及解决方案

><fs> run
libvirt: XML-RPC 错误 : 将插槽连接到 '/var/run/libvirt/libvirt-sock' 失败: 没有那个文件或目录
libguestfs: error: could not connect to libvirt (URI = qemu:///system): 将插槽连接到 '/var/run/libvirt/libvirt-sock' 失败: 没有那个文件或目录 [code=38 int1=2]
解决：因为libvirtd 没有启动，启动即可。
service libvirtd start问题2
><fs> run
◓ 25% ⟦▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒═════════════════════════════════════════════════════════⟧ --:--
libguestfs: error: could not create appliance through libvirt.

Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct

Original error from libvirt: Cannot access storage file '/root/CentOS-7-x86_64-GenericCloud-1907.qcow2' (as uid:107, gid:107): 权限不够 [code=38 int1=13]
><fs> quit
解决：修改/etc/libvirt/qemu.conf，把user 和group的注释#去掉，
vim /etc/libvirt/qemu.conf

# user = "100" # A user named "100" or a user with uid=100#
user = "root"

# The group for QEMU processes run by the system instance. It can be# specified in a similar way to user.
group = "root"

重启服务
systemctl restart libvirtd修改
[root@controller ~]# openssl passwd -1 123456
$1$.dtYmdL8$9yGo/gKaGWmJHwoIgJDVM/结果
用我们修改过的镜像，重新上传镜像，最终可以登陆到我们云平台建立的虚拟机，不过建立连接的过程会很缓慢，大概1-3分钟，等到你觉得不可能连上。。。源链接 https://www.cnblogs.com/Pan-xi-yi/p/12120876.html