[Openstack] [Nova] What is the correct way to provide Windows instance password for user?

Joe Topjian joe at topjian.net
Tue Jan 21 07:22:44 UTC 2014 

Hi Juerg,

That's a really creative way of setting the password. Are you able to share
your powershell script?

Thanks,
Joe


On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger <juergh at gmail.com> wrote:

>
> On Tue, Jan 21, 2014 at 3:15 AM, jeffty <wantwatering at gmail.com> wrote:
> >
> > Thanks Joe, It really helps.
> >
> > Will check them to find the proper way.
> >
> > Thanks.
> >
> > On 1/19/2014 3:32 PM, Joe Topjian wrote:
> > > Hello,
> > >
> > > We've used this in the past:
> > >
> > > https://github.com/jordanrinke/openstack
> > >
> > > It allows a user to type in an Administrator password in the Post
> Config
> > > text box when launching an instance in Horizon. The password is then
> > > retrieved when Windows first boots via the metadata service.
> > >
> > > We stopped using it for two reasons, though:
> > >
> > > 1. The password was permanently stored in the metadata server
> > > 2. There was no (default) way to let the user know that the password
> > > they chose was not a strong enough password
> > >
> > > We now just have users connect to the VNC console and set the password
> > > upon first boot.
> > >
> > > There have been a few discussions over the past year on the
> > > openstack-operators list about the cloudbase Windows cloud-init
> service.
> > > I think one or two people have been able to get the password injection
> > > portion working. It might be worth a shot to search the archives:
> > >
> > > http://www.gossamer-threads.com/lists/openstack/operators/
> > >
> > > Joe
> > >
> > >
> > > On Sun, Jan 19, 2014 at 4:21 AM, jeffty <wantwatering at gmail.com
> > > <mailto:wantwatering at gmail.com>> wrote:
> > >
> > >     Thanks Jacob.
> > >
> > >     Is there any openstack API guide for send instance password while
> > >     launch it?
> > >
> > >     Thanks.
> > >
> > >     On 1/19/2014 11:08 AM, Jacob Godin wrote:
> > >     > Yes, they must input a password every time. It's within Windows,
> they
> > >     > must use the console.
> > >     >
> > >     > Sent from my mobile device
> > >     >
> > >     > On Jan 18, 2014 10:51 PM, "jeffty" <wantwatering at gmail.com
> > >     <mailto:wantwatering at gmail.com>
> > >     > <mailto:wantwatering at gmail.com <mailto:wantwatering at gmail.com>>>
> > >     wrote:
> > >     >
> > >     >     Thanks Jacob.
> > >     >
> > >     >     Then the user must input a password for every windows
> instance he
> > >     >     launched?
> > >     >
> > >     >     In other word different instance owns different password even
> > >     they are
> > >     >     launched at the same time? e.g. Input 3 while launching
> > >     instance in
> > >     >     Horizon portal for this windows image.
> > >     >
> > >     >     If yes, how to send this password to the instance in portal?
> > >     That should
> > >     >     be implemented by meta service.
> > >     >
> > >     >     If no, all of the instances have the same default password,
> right?
> > >     >
> > >     >
> > >     >     On 1/19/2014 10:02 AM, Jacob Godin wrote:
> > >     >     > We've used sysprep to have the administrator provide a
> password
> > >     >     when the
> > >     >     > instance is first booted.
> > >     >
>
> We use a simple powershell script that generates a random Administrator
> password on first boot, pulls the SSH key from the metadata server,
> encrypts the password with the key and writes the encrypted password to the
> serial port.
>
> The user retrieves the encrypted password through the nova console-log and
> decrypts it with his private key. The image is setup such that the user is
> prompted to change the (random) password the first time he logs into the
> instance.
>
> ...Juerg
>
>
>
> > >
> > >     _______________________________________________
> > >     Mailing list:
> > >     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > >     Post to     : openstack at lists.openstack.org
> > >     <mailto:openstack at lists.openstack.org>
> > >     Unsubscribe :
> > >     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > >
> > >
> >
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140121/bca4a9ce/attachment.html>

More information about the Openstack mailing list