Add a Root Password to Warewulf Compute Nodes

Introduction

The Warewulf project provides the ssh.authorized_keys overlay to distribute SSH keys to compute nodes. This allows users to securely authenticate to compute nodes without sharing or managing passwords. However, there are scenarios where root passwords may be required, such as for development, testing, or specific organizational needs.

Problem

When using pre-built images, such as those provided by the Warewulf community, the root password is not set by default. This can pose challenges when there is a need to login directly to a console.

Resolution

The simplest way to set a root password is to modify the image directly. Use the following command to open a prompt and set the root password for the image. Replace rockylinux-9 with the name of your image:

wwctl image exec rockylinux-9 -- /usr/bin/passwd root

Once the image is rebuilt, reboot your compute nodes to apply the changes and verify that the root password has been set successfully.

Notes

We recommend using a centralized user management solution such as LDAP or FreeIPA. You can follow this guide on how to install FreeIPA on Rocky Linux 9.

If you need to temporarily disable root passwords for console logins during testing or debugging, you can add the PasswordlessRoot tag to a node or profile:

wwctl node set n1 --tagadd PasswordlessRoot=True

---

⚠️ WARNING For security reasons, this is not recommended for production environments.

---

References & related articles

Warewulf Community Images
How to Install FreeIPA Server on Rocky Linux 9
Warewulf syncuser Documentation