[Openstack] Setting VM passwords when not running on Xen

John Garbutt John.Garbutt at citrix.com
Tue Jul 3 15:41:26 UTC 2012


This seemed to crop up quite a lot in different sessions at the Design summit. I am certainly interested in a standard way to inject information into VMs.

What I think we need is a cross hypervisor two-way guest communication channel that is fairly transparent to the user of that VM (i.e. ideally not a network connection).

If I understand things correctly, we currently have these setup ideas:

*         Config Drive (not supported by XenAPI, but not a two way transport)

*         Cloud-Init / Metadata service (depends on DHCP(?), and not a two-way transport)

But to set the password, we ideally want two way communication. We currently have these:

*         XenAPI guest plugin (XenServer specific, uses XenStore, but two way, no networking assumed )

*         Serial port (used by http://wiki.libvirt.org/page/Qemu_guest_agent but not supported on XenServer)

I like the idea of building a common interface (maybe write out to a known file system location) for the above two hypervisor specific mechanisms. The agent should be able to pick which mechanism works. Then on top of that, we could write a common agent that can be shared for all the different hypervisors. You could also fallback to the metadata service and config drive when no two way communication is available.

I would love this Guest Agent to be an OpenStack project that can then be up streamed into many Linux distribution cloud images.

Sadly, I don't have any time to work on this right now, but hopefully that will change in the near future.

Cheers,
John

From: openstack-bounces+john.garbutt=eu.citrix.com at lists.launchpad.net [mailto:openstack-bounces+john.garbutt=eu.citrix.com at lists.launchpad.net] On Behalf Of Day, Phil
Sent: 03 July 2012 3:07
To: openstack at lists.launchpad.net (openstack at lists.launchpad.net) (openstack at lists.launchpad.net)
Subject: [Openstack] Setting VM passwords when not running on Xen

Hi Folks,

Is anyone else looking at how to support images that need a password rather than an ssh key (windows) on hypervisors that don't support set_admin_password (e.g. libvirt) ?

Thanks
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120703/495f46b2/attachment.html>


More information about the Openstack mailing list