New Question


asked 2014-11-09 19:33:49 +0300

mabe gravatar image

Does cloudbase init support cloud-config so you can send it stuff like:

    name: foobar
password: FooBar
chpasswd: { expire: False }
ssh_pwauth: True

Our usecase is that we want to set username and password through Openstack API which works perfectly with the above for cloud-init enabled Linux dists.

If above is not supported, (which I don't think it is as I can find no references to it) any other ideas on how to accomplish this with cloudbase init?

Any special reason it's not supported?

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted

answered 2014-11-10 14:48:02 +0300

alexpilotti gravatar image

The #cloud-config user data format is mostly Linux specific. Although we are planning to add support in Cloudbase-Init for parts of it where it makes sense for Windows, it's not necessary for your Windows images requirements.

The main issue with your #cloud-config example is that it uses clear-text passwords, with a big security concern, as there is a non trivial risk that somebody can intercept it.

This is the reason why OpenStack supports encrypted passwords (since the Grizzly release). The main difference is that passwords are not provided by the user but generated by the instance and encrypted using the keypair passed as instance.

The general workflow is very simple:

  1. Boot an image providing a keypair
  2. wait for booting to complete and Cloudbase-Init to complete it's execution
  3. Retrieve the password with:

    nova get-password your-instance /path/to/id_rsa

    Note: this is also supported in Horizon since Icehouse.

  4. Login using the "Admin" user (or any alternative name configured when installing cloudbase-init) either via RDP or PowerShell and change password if needed.

The only drawback of this option is that it requires OpenStack HTTP metadata and it does not work with ConfigDrive or EC2 metadata.

Said that, if you still prefer to use clear-text passwords (e.g. for proof of concepts or scenarios where security is not a primary concern), you can use a simple userdata script:

net user Admin YourPassword

Hope this helps, a blog post will follow up soon to shed some more light on this recurrent topic :-)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools


Asked: 2014-11-09 19:33:49 +0300

Seen: 512 times

Last updated: Nov 10 '14