[Openstack] [Nova] What is the correct way to provide Windows instance password for user?
jeffty
wantwatering at gmail.com
Tue Jan 21 09:23:46 UTC 2014
Me 2:)
Another question, how does customer decrypt the string with his private key?
It requires that he has an environment with OpenSSL installed?
On 1/21/2014 3:44 PM, Georgios Dimitrakakis wrote:
> Indeed this is very interesting!
> I would also like to see it if possible!
>
> Best,
>
> G.
>
> On Tue, 21 Jan 2014 08:22:44 +0100, Joe Topjian wrote:
>> Hi Juerg,
>>
>> Thats a really creative way of setting the password. Are you able to
>> share your powershell script?
>>
>> Thanks,
>> Joe
>>
>> On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger wrote:
>>
>>> On Tue, Jan 21, 2014 at 3:15 AM, jeffty wrote:
>>>>
>>>> Thanks Joe, It really helps.
>>> >
>>>> Will check them to find the proper way.
>>> >
>>>> Thanks.
>>>>
>>>> On 1/19/2014 3:32 PM, Joe Topjian wrote:
>>>> > Hello,
>>>> >
>>>> > Weve used this in the past:
>>>> >
>>>> > https://github.com/jordanrinke/openstack [2]
>>> > >
>>>> > It allows a user to type in an Administrator password in the
>>> Post Config
>>>> > text box when launching an instance in Horizon. The password is
>>> then
>>>> > retrieved when Windows first boots via the metadata service.
>>> > >
>>>> > We stopped using it for two reasons, though:
>>>> >
>>>> > 1. The password was permanently stored in the metadata server
>>>> > 2. There was no (default) way to let the user know that the
>>> password
>>> > > they chose was not a strong enough password
>>>> >
>>>> > We now just have users connect to the VNC console and set the
>>> password
>>>> > upon first boot.
>>>> >
>>>> > There have been a few discussions over the past year on the
>>> > > openstack-operators list about the cloudbase Windows cloud-init
>>> service.
>>>> > I think one or two people have been able to get the password
>>> injection
>>>> > portion working. It might be worth a shot to search the
>>> archives:
>>> > >
>>>> > http://www.gossamer-threads.com/lists/openstack/operators/ [3]
>>>> >
>>>> > Joe
>>>> >
>>>> >
>>> > > On Sun, Jan 19, 2014 at 4:21 AM, jeffty > > wrote:
>>>> >
>>>> > Thanks Jacob.
>>>> >
>>>> > Is there any openstack API guide for send instance
>>> password while
>>> > > launch it?
>>>> >
>>>> > Thanks.
>>>> >
>>>> > On 1/19/2014 11:08 AM, Jacob Godin wrote:
>>>> > > Yes, they must input a password every time. Its within
>>> Windows, they
>>> > > > must use the console.
>>>> > >
>>>> > > Sent from my mobile device
>>>> > >
>>>> > > On Jan 18, 2014 10:51 PM, "jeffty" >
>>>> > > >
>>> > > wrote:
>>>> > >
>>>> > > Thanks Jacob.
>>>> > >
>>>> > > Then the user must input a password for every
>>> windows instance he
>>>> > > launched?
>>> > > >
>>>> > > In other word different instance owns different
>>> password even
>>>> > they are
>>>> > > launched at the same time? e.g. Input 3 while
>>> launching
>>>> > instance in
>>> > > > Horizon portal for this windows image.
>>>> > >
>>>> > > If yes, how to send this password to the instance
>>> in portal?
>>>> > That should
>>>> > > be implemented by meta service.
>>> > > >
>>>> > > If no, all of the instances have the same default
>>> password, right?
>>>> > >
>>>> > >
>>>> > > On 1/19/2014 10:02 AM, Jacob Godin wrote:
>>> > > > > Weve used sysprep to have the administrator
>>> provide a password
>>>> > > when the
>>>> > > > instance is first booted.
>>>> > >
>>>
>>> We use a simple powershell script that generates a random
>>> Administrator password on first boot, pulls the SSH key from the
>>> metadata server, encrypts the password with the key and writes the
>>> encrypted password to the serial port.
>>>
>>> The user retrieves the encrypted password through the nova
>>> console-log and decrypts it with his private key. The image is setup
>>> such that the user is prompted to change the (random) password the
>>> first time he logs into the instance.
>>>
>>> ...Juerg
>>>
>>>> >
>>>> > _______________________________________________
>>>> > Mailing list:
>>>> >
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [10]
>>> > > Post to : openstack at lists.openstack.org [11]
>>>> >
>>> > > Unsubscribe :
>>>> >
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [13]
>>>> >
>>>> >
>>> >
>>>>
>>> > _______________________________________________
>>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [14]
>>> > Post to : openstack at lists.openstack.org [15]
>>> > Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [16]
>>
>>
>>
>> Links:
>> ------
>> [1] mailto:wantwatering at gmail.com
>> [2] https://github.com/jordanrinke/openstack
>> [3] http://www.gossamer-threads.com/lists/openstack/operators/
>> [4] mailto:wantwatering at gmail.com
>> [5] mailto:wantwatering at gmail.com
>> [6] mailto:wantwatering at gmail.com
>> [7] mailto:wantwatering at gmail.com
>> [8] mailto:wantwatering at gmail.com
>> [9] mailto:wantwatering at gmail.com
>> [10] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [11] mailto:openstack at lists.openstack.org
>> [12] mailto:openstack at lists.openstack.org
>> [13] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [14] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [15] mailto:openstack at lists.openstack.org
>> [16] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [17] mailto:juergh at gmail.com
>
More information about the Openstack
mailing list