Background
The following process can be used to set password protection to GRUB.
Steps
1. First, you must generate a strong password, and you can do this using the grub-md5-crypt command, for example
# /sbin/grub-md5-crypt
Password:
Retype password:
$1$BaV5k1$02kE6BCxzGRyByx.RWHEd1
#
2. After generating the hashed password, you can provide the value in the /etc/grub.conf file on both the head node and compute nodes
For the Head Node(s):
-
- Edit the
/etc/grub.conffile and add the password hash value below the timeout line, so that the file resembles:
- Edit the
# cat /etc/grub.conf
default 0
timeout 8
password -md5 $1$BaV5k1$02kE6BCxzGRyByx.RWHEd1 ...
For the Compute Nodes:
- You will need to perform the change above in
/cm/images/<software image>/etc/grub.confas well as in/tftpboot/cm-images/<softwareimage>/grub/grub.conf- You must carry out this change in all the software images being used.
- You must also make this change in the default software image, found at
/cm/images/default-image/etc/grub.conf- This image is used to boot nodes whose MAC address is unknown to CMDaemon