New Question
0

Windows password injection on windows based in openstack [closed]

asked 2020-07-31 21:22:34 +0200

jorgefrancoibanez gravatar image

updated 2020-07-31 21:47:37 +0200

Hi Guys I've been trying to create a base Windows image to be used in openstack. I'm providing the usermetadata via configdrive and the following are my configurations:|

> [DEFAULT]
> username=Administrator
> groups=Administrators
> inject_user_password=true
> config_drive_raw_hhd=true
> config_drive_cdrom=false
> config_drive_vfat=true
> bsdtar_path=C:\Program Files\CloudbaseSolutions\Cloudbase-Init\bin\bsdtar.exe
> mtools_path=C:\Program Files\CloudbaseSolutions\Cloudbase-Init\bin\
> verbose=true 
> debug=true
> logdir=C:\Program Files\CloudbaseSolutions\Cloudbase-Init\log\
> logfile=cloudbase-init-unattend.log
> default_log_levels=comtypes=INFO,suds=INFO,iso8601=WARN,requests=WARN
> logging_serial_port_settings=COM1,115200,N,8
> mtu_use_dhcp_config=true
> ntp_use_dhcp_config=true
> local_scripts_path=C:\ProgramFiles\Cloudbase\Solutions\Cloudbase-Init\LocalScripts\metadata_services=cloudbaseinit.metadata.services.configdrive.ConfigDriveService,cloudbaseinit.metadata.services.httpservice.HttpService,cloudbaseinit.metadata.services.ec2service.EC2Service,cloudbaseinit.metadata.services.maasservice.MaaSHttpService
> plugins=cloudbaseinit.plugins.common.mtu.MTUPlugin,cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin,cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin
> allow_reboot=false
> stop_service_on_exit=true
> check_latest_version=false
> first_logon_behaviour=no

I was applying at this point the Sysprep part with specific OOBE configurations on the autounattend.xml file for Sysprep at the end of the configuration of the OOBE configurations to avoid user interaction and leave cloudbaseinit to do all the magic.

<skipmachineoobe>true</skipmachineoobe> <skipuseroobe>true</skipuseroobe>

Since this didn't work I've decided at the end to go with the default autounnatend configurations on CloudBase-init. So these are the main tests and results (behavior on the image at first boot)

On default configurations Windows for cloudbase-init autounattend.xml and confs for the user Administrator keep asking for password: https://ibb.co/TvPCq54

On default configurations with firstlogonbehaviour enabled as documentation mentioned to be "no" to not ask the customers to change the password on first boot https://cloudbase-init.readthedocs.io...

Default autounatted plugin=cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin firstlogonbehaviour=cleartextinjected_only

On password test-3

Default autounatted

Added:

plugin=cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin

firstlogonbehaviour=no

https://ibb.co/fSLZXZy https://ibb.co/7zjm4DM

NOTE 1: All passwords are correctly generated and passed via config drive.

NOTE 2: This is working for linux images build with clod-init.

NOTE 3: For Windows before attempting to set a password using the password injection I'm able to see the config drive as a separate drive with all the latest user_metada including the same password retrieved by openstack during the creation of the servers.

I was checking as well the code mentioned on this previous question:

The previous question on mids of 2019 https://ask.cloudbase.it/question/306...

Review https://review.opendev.org/#/c/379354/

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by jorgefrancoibanez
close date 2020-11-01 21:21:49.946394

1 answer

Sort by » oldest newest most voted
0

answered 2020-08-03 17:25:33 +0200

avladu gravatar image

Hello,

To avoid some confusion, can you elaborate on what are you trying to achieve here (I mean, what is your goal)?

By default, if you install Cloudbase-Init using the installer, at the first run (during specialize step from sysprep), cloudbase-init is running using the cloudbase-init-unattend.conf. After the reboot controlled by sysprep, cloudbase-init runs under the service with the same name, using cloudbase-init.conf file. In the cloudbase-init conf file you can set the desired plugins to be run.

My assumption here (please correct me if I am wrong) is that you are trying to use the cloud-config user data format and try to create multiple users using that feature. If that is the case, you need to set in the enabled config list: https://cloudbase-init.readthedocs.io...

If this is not the case, please share the cloudbase-init logs and the config files, so that I can try to reproduce the issue.

Thank you,
Adrian Vladu

edit flag offensive delete link more

Comments

Hi Avladu. There were some issues on my side and I was not able to continue diggin on this issue. After two weeks of your response, I was able to make a valid image with password injection. The error was not on cloudbase-init itself, It was a bad declaration of the conf files path in packer.

jorgefrancoibanez gravatar imagejorgefrancoibanez ( 2020-11-01 21:21:22 +0200 )edit

Question Tools

1 follower

Stats

Asked: 2020-07-31 21:22:34 +0200

Seen: 2,116 times

Last updated: Aug 03 '20