Open Stack

Hi Razique,

Please see inline:


On Tue, May 14, 2013 at 8:50 AM, Razique Mahroua
<razique.mahroua at gmail.com>wrote:

> Hi guys,
> how do you manage the following items :
>         • User password (do you know if it's possible to configure the
> instance so once the user spawn it for the first time, the user is asked to
> change his password)
>

We use the following system:
https://github.com/jordanrinke/openstack

With this in place, when a user begins to launch a Windows instance, they
type in the admin password in the Post-Creation Customization Script text
box. Then when Windows boots, it will execute a runonce script that pulls
the given password via the metadata service and sets the admin password on
the instance. There are a few things wrong with this system:

1. The password is always available in the nova database
2. The user will receive no error if the password does not meet Windows'
standards (eg zaq1 at WSX)
3. If they forget to type in a password, they must terminate their instance
and start over

However, it allows the user to set their own password and allows us to
provide Windows images without an embedded password - so that's good.

We tried the windows cloudinit service (
http://www.cloudbase.it/cloud-init-for-windows-instances/) a few months ago
but could not get it to work. If I remember right, one issue was that this
service uses the admin_pass feature to provide disposable passwords, but
this is not exposed to Horizon. Maybe that's changed. We also had issues
just getting the service to run correctly, but the lack of
admin_pass visibility killed it for us... we plan on revisiting it, though.


>         • Recovery  (do you have any way to debug your customers's
> instances, how do you connect to them (same applies for Linux-based images
> actually))
>

The OpenStack VNC service has come a long way since I first used it in
Cactus. If, for some reason, we can't connect through that service, we will
try to launch the instance outside of OpenStack and directly with KVM.
That's actually rare nowadays, though.


>         • Disk attachment (are your customers aware they need to go to the
> disk manager after they added a disk if they want to start to use it?
>

Yes, it's part of our training docs.


>         • Updates (Are the updates managed by your user,or do you
> regularly update your images?
>

We refresh Windows images every few months. A side project of ours is to
see if we can use SCCM or any of the other automation kits to automatically
build up-to-date Windows images.

Once the image is deployed, though, the user is responsible for updating
their instances.

Hope that helps,
Joe

-- 
Joe Topjian
Systems Administrator
Cybera Inc.

www.cybera.ca

Cybera is a not-for-profit organization that works to spur and support
innovation, for the economic benefit of Alberta, through the use
of cyberinfrastructure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130514/7e6ad16f/attachment.html>