<div dir="ltr">Hi Razique,<div><br></div><div style>Please see inline:</div><div style><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 14, 2013 at 8:50 AM, Razique Mahroua <span dir="ltr"><<a href="mailto:razique.mahroua@gmail.com" target="_blank">razique.mahroua@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi guys,<br>
how do you manage the following items :<br>
• User password (do you know if it's possible to configure the instance so once the user spawn it for the first time, the user is asked to change his password)<br></blockquote><div><br></div><div style>We use the following system:</div>
<div style><a href="https://github.com/jordanrinke/openstack">https://github.com/jordanrinke/openstack</a><br></div><div style><br></div><div style>With this in place, when a user begins to launch a Windows instance, they type in the admin password in the Post-Creation Customization Script text box. Then when Windows boots, it will execute a runonce script that pulls the given password via the metadata service and sets the admin password on the instance. There are a few things wrong with this system:</div>
<div style><br></div><div style>1. The password is always available in the nova database</div><div style>2. The user will receive no error if the password does not meet Windows' standards (eg zaq1@WSX)</div><div style>
3. If they forget to type in a password, they must terminate their instance and start over</div><div style><br></div><div style>However, it allows the user to set their own password and allows us to provide Windows images without an embedded password - so that's good.</div>
<div style><br></div><div style>We tried the windows cloudinit service (<a href="http://www.cloudbase.it/cloud-init-for-windows-instances/">http://www.cloudbase.it/cloud-init-for-windows-instances/</a>) a few months ago but could not get it to work. If I remember right, one issue was that this service uses the admin_pass feature to provide disposable passwords, but this is not exposed to Horizon. Maybe that's changed. We also had issues just getting the service to run correctly, but the lack of admin_pass visibility killed it for us... we plan on revisiting it, though.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
• Recovery (do you have any way to debug your customers's instances, how do you connect to them (same applies for Linux-based images actually))<br></blockquote><div><br></div><div style>The OpenStack VNC service has come a long way since I first used it in Cactus. If, for some reason, we can't connect through that service, we will try to launch the instance outside of OpenStack and directly with KVM. That's actually rare nowadays, though.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
• Disk attachment (are your customers aware they need to go to the disk manager after they added a disk if they want to start to use it?<br></blockquote><div><br></div><div style>Yes, it's part of our training docs.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
• Updates (Are the updates managed by your user,or do you regularly update your images?<br></blockquote><div><br></div><div style>We refresh Windows images every few months. A side project of ours is to see if we can use SCCM or any of the other automation kits to automatically build up-to-date Windows images.</div>
<div style><br></div><div style>Once the image is deployed, though, the user is responsible for updating their instances.</div></div><div class="gmail_extra"><br></div>Hope that helps,</div><div class="gmail_extra">Joe<br clear="all">
<div><br></div>-- <br>Joe Topjian<div>Systems Administrator</div><div>Cybera Inc.</div><div><br></div><div><a href="http://www.cybera.ca" target="_blank">www.cybera.ca</a></div><div><br></div><div><font color="#666666"><span>Cybera</span><span> is a not-for-profit organization that works to spur and support innovation, for the economic benefit of Alberta, through the use of cyberinfrastructure.</span></font></div>
</div></div>