Hi, Thanks, we'll see if we can migrate and go with cloud-init (doing that with Linux already.) Cheers, Kees On 11-12-2024 12:32, Sean Mooney wrote:
so there are two other ways to set that
you can use cloud-init cloudbase solutions provide cloudbase-init for windows to do the same thing as cloud-init or glean on linux.
https://cloudbase.it/cloudbase-init/
the other way is to install the qemu guest agent in the the windows image.
your correct that if you cant modify the windows image to include any agent (runtime (qemu) or first-boot (cloudbase-init)) then file injection based password setting is the final option but its not the only one.
openstack publishes a image guide for how to create image to use with openstack https://docs.openstack.org/image-guide/
and as part of that we direct opertors to use the cloud tooling produced by cloudbase
https://docs.openstack.org/image-guide/obtain-images.html#microsoft-windows
in the image requirement section we also call out tha tcloud image are expected to process user-data https://docs.openstack.org/image-guide/openstack-images.html#process-user-da...
so that the password among other things can be set in a portable way across cloud plathforms.
while you can use iamge that dont conform to this gudie, it still documents the best practice for operators and users to follow to ensure a good end to end experince. it sound like the windows image you mange dont follow those recommendations.
the file injection code path should eventually be removed form nova so long term keeping it for this use case when it does not work in a bunch of configurations i.e. booting from a cinder volume is not a permanent solution.
even for windows guest its generally recommend to use x509 cert instead of passwords for remote management the admin password is really for a VDI workflow where you would expect someone to connect to the vm via the instance console. This is not the primary workflow that nova was desgiend for as the console is really for debuging but its a supproted one and pretty common one if you are using spice too have a richer console experince.
note that we also have a write once mechanic where by a first boot agent can generate an admin password withing the guest and post that back to the metadta api to save it to the nova db. that was specificaly added for cloudbase-init if i recall and it only works if you have a x509 or ssh keypair assocated with the vm as that is used to encypet/decypt it