We use cloudbase-init to inject windows password.Usually password injection is normal. Last week,we found a failure case. We checked the cloudbase-init log and found the following log :
Set user password failed: The password dose not meet the password policy requirements, check the minimum password length ,password complexity and password history requirements
This password is set for cloudbase-init.We use the Windows Server 2012 and also check the password policy as follow,
Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks are not case sensitive.
The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed to not be included in the password. Tokens that are less than three characters are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password.
url is https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994562%28v%3dws.11%29
def generate_random_password(self, length):
if length < 3:
raise exception.CloudbaseInitException(
"Password can not have less than 3 characters!")
while True:
pwd = super(WindowsUtils, self).generate_random_password(length)
# Make sure that the Windows complexity requirements are met:
# http://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx
valid = True
for r in ["[a-z]", "[A-Z]", "[0-9]"]:
if not re.search(r, pwd):
valid = False
if valid:
return pwd
password length is 20 by default and password complexity is met.
The most probable reason is that the random password for cloudbase-init contains 'init' string.
I suggest that when set user random password failed(either cloudbase-init or administrator),cloudbase-init need to retry to avoid this problem.Please consider this.
Thanks
