Description of problem:

The root_password of the deployed systems remains same as the VM template when using Image Based Deployment on VMware via Red Hat Satellite 6.

The root password being defined at HostGroup\Host\Satellite settings are not at all used\honored in this specific build process.

Version-Release number of selected component (if applicable):

Satellite 6.10 [ Satellite 6.9 and 6.8 and 7.0\6.11 as well ]

How reproducible:

Always

Steps to Reproduce:
1. Create a VM, set "password@123" as its root password, and do the necessary steps to configure it as a VM template that can be used to deploy VMs.

Follow the "Preparing an Image to use the cloud-init Template" segment from https://access.redhat.com/documentation/en-us/red_hat_satellite/6.10/html-single/provisioning_guide/index#Provisioning_Virtual_Machines_in_VMware_vSphere-Provisioning_with_cloudinit_and_userdata_templates .

2. Import the same VM template as an USerdata enabled Image inside the Vmware compute resource of satellite and mention the password "password@123" during the same as well.

3. Now once the satellite is configured to deploy systems on Vmware as per the doc, Deploy a system using the Image-Based method by selecting the same Userdata enabled Image but On the "Operating Systems" tab mention the "Root Password *" as "Planetearth@123" and then submit the build.

Actual results:

Once the system build gets completed, The SSH to the root user of the system will only be happening via "password@123" password which is the password set in the OS template of VMWare.

Expected results:

As part of the system build process, The "Planetearth@123" password should be updated as the root password instead which was defined in the Operating Systems tab.

Additional info:

When i look into "Cloudinit default" or "UserData open-vm-tools" templates in Satellite UI, I see no code or snippet present that handles the root password change.

Our documentation also does not says, that users should not expect to see a change of root password, instead, they should use the root password of the template itself.

So based on these facts, I think the "Cloudinit default" should be updated to handle the root password modification as per the end-user's choice.

A viable workaround would be to have the following lines added just before the phone_home section at the end, after cloning the "Cloudinit default" template.

<% if @host.provision_method == 'image' && @host.root_pass.present? -%>

• echo 'root:<%= @host.root_pass -%>' | /usr/sbin/chpasswd -e
  <% end -%>

So it will look something like:

<% if @host.provision_method == 'image' && @host.root_pass.present? -%>

• echo 'root:<%= @host.root_pass -%>' | /usr/sbin/chpasswd -e
  <% end -%>
  phone_home:
  url: <%= foreman_url('built') %>
  post: []
  tries: 10

And needless to say that this new template should be associated with the right OS and selected as the Cloud-Init template to use during build as well.