<div dir="ltr"><div>Hi Juerg,</div><div><br></div>That's a really creative way of setting the password. Are you able to share your powershell script? <div><br></div><div>Thanks,</div><div>Joe</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger <span dir="ltr"><<a href="mailto:juergh@gmail.com" target="_blank">juergh@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><div class="h5"><br>On Tue, Jan 21, 2014 at 3:15 AM, jeffty <<a href="mailto:wantwatering@gmail.com" target="_blank">wantwatering@gmail.com</a>> wrote:<br>><br>> Thanks Joe, It really helps.<br>
><br>> Will check them to find the proper way.<br>
><br>> Thanks.<br>><br>> On 1/19/2014 3:32 PM, Joe Topjian wrote:<br>> > Hello,<br>> ><br>> > We've used this in the past:<br>> ><br>> > <a href="https://github.com/jordanrinke/openstack" target="_blank">https://github.com/jordanrinke/openstack</a><br>
> ><br>> > It allows a user to type in an Administrator password in the Post Config<br>> > text box when launching an instance in Horizon. The password is then<br>> > retrieved when Windows first boots via the metadata service.<br>
> ><br>> > We stopped using it for two reasons, though:<br>> ><br>> > 1. The password was permanently stored in the metadata server<br>> > 2. There was no (default) way to let the user know that the password<br>
> > they chose was not a strong enough password<br>> ><br>> > We now just have users connect to the VNC console and set the password<br>> > upon first boot.<br>> ><br>> > There have been a few discussions over the past year on the<br>
> > openstack-operators list about the cloudbase Windows cloud-init service.<br>> > I think one or two people have been able to get the password injection<br>> > portion working. It might be worth a shot to search the archives:<br>
> ><br>> > <a href="http://www.gossamer-threads.com/lists/openstack/operators/" target="_blank">http://www.gossamer-threads.com/lists/openstack/operators/</a><br>> ><br>> > Joe<br>> ><br>> ><br>
> > On Sun, Jan 19, 2014 at 4:21 AM, jeffty <<a href="mailto:wantwatering@gmail.com" target="_blank">wantwatering@gmail.com</a><br>
> > <mailto:<a href="mailto:wantwatering@gmail.com" target="_blank">wantwatering@gmail.com</a>>> wrote:<br>> ><br>> > Thanks Jacob.<br>> ><br>> > Is there any openstack API guide for send instance password while<br>
> > launch it?<br>> ><br>> > Thanks.<br>> ><br>> > On 1/19/2014 11:08 AM, Jacob Godin wrote:<br>> > > Yes, they must input a password every time. It's within Windows, they<br>
> > > must use the console.<br>> > ><br>> > > Sent from my mobile device<br>> > ><br>> > > On Jan 18, 2014 10:51 PM, "jeffty" <<a href="mailto:wantwatering@gmail.com" target="_blank">wantwatering@gmail.com</a><br>
> > <mailto:<a href="mailto:wantwatering@gmail.com" target="_blank">wantwatering@gmail.com</a>><br>> > > <mailto:<a href="mailto:wantwatering@gmail.com" target="_blank">wantwatering@gmail.com</a> <mailto:<a href="mailto:wantwatering@gmail.com" target="_blank">wantwatering@gmail.com</a>>>><br>
> > wrote:<br>> > ><br>> > > Thanks Jacob.<br>> > ><br>> > > Then the user must input a password for every windows instance he<br>> > > launched?<br>
> > ><br>> > > In other word different instance owns different password even<br>> > they are<br>> > > launched at the same time? e.g. Input 3 while launching<br>> > instance in<br>
> > > Horizon portal for this windows image.<br>> > ><br>> > > If yes, how to send this password to the instance in portal?<br>> > That should<br>> > > be implemented by meta service.<br>
> > ><br>> > > If no, all of the instances have the same default password, right?<br>> > ><br>> > ><br>> > > On 1/19/2014 10:02 AM, Jacob Godin wrote:<br>
> > > > We've used sysprep to have the administrator provide a password<br>> > > when the<br>> > > > instance is first booted.<br>> > ><br><br></div>
</div>We use a simple powershell script that generates a random Administrator password on first boot, pulls the SSH key from the metadata server, encrypts the password with the key and writes the encrypted password to the serial port.<div>
<br></div><div>The user retrieves the encrypted password through the nova console-log and decrypts it with his private key. The image is setup such that the user is prompted to change the (random) password the first time he logs into the instance.</div>
<div><div><br></div><div>...Juerg</div><div><div class="im"><br><br><br>> ><br>> > _______________________________________________<br>> > Mailing list:<br>> > <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> > Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>> > <mailto:<a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a>><br>
> > Unsubscribe :<br>> > <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>> ><br>> ><br>
><br>><br>
> _______________________________________________<br>> Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br></div>
> Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a></div></div></div>
</blockquote></div><br></div>