[Openstack] [Nova] What is the correct way to provide Windows instance password for user?

Georgios Dimitrakakis giorgis at acmac.uoc.gr
Tue Jan 21 07:44:38 UTC 2014 

 Indeed this is very interesting!
 I would also like to see it if possible!

 Best,

 G.

 On Tue, 21 Jan 2014 08:22:44 +0100, Joe Topjian wrote:
> Hi Juerg,
>
> Thats a really creative way of setting the password. Are you able to
> share your powershell script? 
>
> Thanks,
> Joe
>
> On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger  wrote:
>
>> On Tue, Jan 21, 2014 at 3:15 AM, jeffty wrote:
>>>
>>> Thanks Joe, It really helps.
>> >
>>> Will check them to find the proper way.
>> >
>>> Thanks.
>>>
>>> On 1/19/2014 3:32 PM, Joe Topjian wrote:
>>> > Hello,
>>> >
>>> > Weve used this in the past:
>>> >
>>> > https://github.com/jordanrinke/openstack [2]
>> > >
>>> > It allows a user to type in an Administrator password in the
>> Post Config
>>> > text box when launching an instance in Horizon. The password is
>> then
>>> > retrieved when Windows first boots via the metadata service.
>> > >
>>> > We stopped using it for two reasons, though:
>>> >
>>> > 1. The password was permanently stored in the metadata server
>>> > 2. There was no (default) way to let the user know that the
>> password
>> > > they chose was not a strong enough password
>>> >
>>> > We now just have users connect to the VNC console and set the
>> password
>>> > upon first boot.
>>> >
>>> > There have been a few discussions over the past year on the
>> > > openstack-operators list about the cloudbase Windows cloud-init
>> service.
>>> > I think one or two people have been able to get the password
>> injection
>>> > portion working. It might be worth a shot to search the
>> archives:
>> > >
>>> > http://www.gossamer-threads.com/lists/openstack/operators/ [3]
>>> >
>>> > Joe
>>> >
>>> >
>> > > On Sun, Jan 19, 2014 at 4:21 AM, jeffty > > wrote:
>>> >
>>> >     Thanks Jacob.
>>> >
>>> >     Is there any openstack API guide for send instance
>> password while
>> > >     launch it?
>>> >
>>> >     Thanks.
>>> >
>>> >     On 1/19/2014 11:08 AM, Jacob Godin wrote:
>>> >     > Yes, they must input a password every time. Its within
>> Windows, they
>> > >     > must use the console.
>>> >     >
>>> >     > Sent from my mobile device
>>> >     >
>>> >     > On Jan 18, 2014 10:51 PM, "jeffty" >    
>>> >     > >
>> > >     wrote:
>>> >     >
>>> >     >     Thanks Jacob.
>>> >     >
>>> >     >     Then the user must input a password for every
>> windows instance he
>>> >     >     launched?
>> > >     >
>>> >     >     In other word different instance owns different
>> password even
>>> >     they are
>>> >     >     launched at the same time? e.g. Input 3 while
>> launching
>>> >     instance in
>> > >     >     Horizon portal for this windows image.
>>> >     >
>>> >     >     If yes, how to send this password to the instance
>> in portal?
>>> >     That should
>>> >     >     be implemented by meta service.
>> > >     >
>>> >     >     If no, all of the instances have the same default
>> password, right?
>>> >     >
>>> >     >
>>> >     >     On 1/19/2014 10:02 AM, Jacob Godin wrote:
>> > >     >     > Weve used sysprep to have the administrator
>> provide a password
>>> >     >     when the
>>> >     >     > instance is first booted.
>>> >     >
>>
>> We use a simple powershell script that generates a random
>> Administrator password on first boot, pulls the SSH key from the
>> metadata server, encrypts the password with the key and writes the
>> encrypted password to the serial port.
>>
>> The user retrieves the encrypted password through the nova
>> console-log and decrypts it with his private key. The image is setup
>> such that the user is prompted to change the (random) password the
>> first time he logs into the instance.
>>
>> ...Juerg
>>
>>> >
>>> >     _______________________________________________
>>> >     Mailing list:
>>> >    
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [10]
>> > >     Post to     : openstack at lists.openstack.org [11]
>>> >    
>> > >     Unsubscribe :
>>> >    
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [13]
>>> >
>>> >
>> >
>>>
>> > _______________________________________________
>>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [14]
>> > Post to     : openstack at lists.openstack.org [15]
>> > Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [16]
>
>
>
> Links:
> ------
> [1] mailto:wantwatering at gmail.com
> [2] https://github.com/jordanrinke/openstack
> [3] http://www.gossamer-threads.com/lists/openstack/operators/
> [4] mailto:wantwatering at gmail.com
> [5] mailto:wantwatering at gmail.com
> [6] mailto:wantwatering at gmail.com
> [7] mailto:wantwatering at gmail.com
> [8] mailto:wantwatering at gmail.com
> [9] mailto:wantwatering at gmail.com
> [10] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> [11] mailto:openstack at lists.openstack.org
> [12] mailto:openstack at lists.openstack.org
> [13] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> [14] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> [15] mailto:openstack at lists.openstack.org
> [16] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> [17] mailto:juergh at gmail.com

--

More information about the Openstack mailing list