Packer is a fantastic tool that allows to automate a proccess of building machine images. I’ve been using Packer for many months at work and in my home lab. Majority of images I create (AMI, VM, vBox, Docker) is based on CentOS 7.x. The process of unattended installation require a kickstart file. One of the most important parameters defined in the kickstart file is root’s password.

The password can be set with the following command:

rootpw "password goes here"

The problem with this setup is that anyone can see the password as it is in plain text. Much better approach is to hash root’s password using the following command:

rootpw --iscrypted password_hash

The question is how to generate the password hash? My choice is to use sha512 and Python:

echo 'import crypt,getpass; print crypt.crypt(getpass.getpass(), "$6$16_CHARACTER_SALT")' | python -

where 16_CHARACTER_SALT is a random string, for example:

$ echo 'import crypt,getpass; print crypt.crypt(getpass.getpass(), "$6$iRghy7yferFdae3d")' | python -
Password:
$6d5L/.gfmN52