New Question
0

cloud-config

asked 2014-11-09 19:33:49 +0200

mabe gravatar image

Does cloudbase init support cloud-config so you can send it stuff like:

#cloud-config
system_info:
  default_user:
    name: foobar
password: FooBar
chpasswd: { expire: False }
ssh_pwauth: True

Our usecase is that we want to set username and password through Openstack API which works perfectly with the above for cloud-init enabled Linux dists.

If above is not supported, (which I don't think it is as I can find no references to it) any other ideas on how to accomplish this with cloudbase init?

Any special reason it's not supported?

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
0

answered 2014-11-10 14:48:02 +0200

alexpilotti gravatar image

The #cloud-config user data format is mostly Linux specific. Although we are planning to add support in Cloudbase-Init for parts of it where it makes sense for Windows, it's not necessary for your Windows images requirements.

The main issue with your #cloud-config example is that it uses clear-text passwords, with a big security concern, as there is a non trivial risk that somebody can intercept it.

This is the reason why OpenStack supports encrypted passwords (since the Grizzly release). The main difference is that passwords are not provided by the user but generated by the instance and encrypted using the keypair passed as instance.

The general workflow is very simple:

  1. Boot an image providing a keypair
  2. wait for booting to complete and Cloudbase-Init to complete it's execution
  3. Retrieve the password with:

    nova get-password your-instance /path/to/id_rsa
    

    Note: this is also supported in Horizon since Icehouse.

  4. Login using the "Admin" user (or any alternative name configured when installing cloudbase-init) either via RDP or PowerShell and change password if needed.

The only drawback of this option is that it requires OpenStack HTTP metadata and it does not work with ConfigDrive or EC2 metadata.

Said that, if you still prefer to use clear-text passwords (e.g. for proof of concepts or scenarios where security is not a primary concern), you can use a simple userdata script:

#ps1_sysnative
net user Admin YourPassword

Hope this helps, a blog post will follow up soon to shed some more light on this recurrent topic :-)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2014-11-09 19:33:49 +0200

Seen: 1,562 times

Last updated: Nov 10 '14