New Question

Revision history [back]

click to hide/show revision 1
initial version

The #cloud-config user data format is mostly Linux specific. Although we are planning to add support in Cloudbase-Init for parts of it where it makes sense for Windows, it's not necessary for your Windows images requirements.

The main issue with your #cloud-config example is that it uses clear-text passwords, with a big security concern, as there is a non trivial risk that somebody can intercept it.

This is the reason why OpenStack supports encrypted passwords (since the Grizzly release). The main difference is that passwords are not provided by the user but generated by the instance and encrypted using the keypair passed as instance.

The general workflow is very simple:

  1. Boot an image providing a keypair
  2. wait for booting to complete and Cloudbase-Init to complete it's execution
  3. Retrieve the password with:

    nova get-password your-instance /path/to/id_rsa

    Note: this is also supported in Horizon since Icehouse.

  4. Login using the "Admin" user (or any alternative name configured when installing cloudbase-init) either via RDP or PowerShell and change password if needed.

The only drawback of this option is that it requires OpenStack HTTP metadata and it does not work with ConfigDrive or EC2 metadata.

Said that, if you still prefer to use clear-text passwords (e.g. for proof of concepts or scenarios where security is not a primary concern), you can use a simple userdata script:

net user Admin YourPassword

Hope this helps, a blog post will follow up soon to shed some more light on this recurrent topic :-)