[Openstack] [Nova] What is the correct way to provide Windows instance password for user?

Juerg Haefliger juergh at gmail.com
Thu Jan 23 07:41:03 UTC 2014


On Tue, Jan 21, 2014 at 8:22 AM, Joe Topjian <joe at topjian.net> wrote:
>
> Hi Juerg,
>
> That's a really creative way of setting the password. Are you able to
share your powershell script?

Sorry, missed this request earlier. Need to check with legal (sigh).

..Juerg


> Thanks,
> Joe
>
>
> On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger <juergh at gmail.com> wrote:
>>
>>
>> On Tue, Jan 21, 2014 at 3:15 AM, jeffty <wantwatering at gmail.com> wrote:
>> >
>> > Thanks Joe, It really helps.
>> >
>> > Will check them to find the proper way.
>> >
>> > Thanks.
>> >
>> > On 1/19/2014 3:32 PM, Joe Topjian wrote:
>> > > Hello,
>> > >
>> > > We've used this in the past:
>> > >
>> > > https://github.com/jordanrinke/openstack
>> > >
>> > > It allows a user to type in an Administrator password in the Post
Config
>> > > text box when launching an instance in Horizon. The password is then
>> > > retrieved when Windows first boots via the metadata service.
>> > >
>> > > We stopped using it for two reasons, though:
>> > >
>> > > 1. The password was permanently stored in the metadata server
>> > > 2. There was no (default) way to let the user know that the password
>> > > they chose was not a strong enough password
>> > >
>> > > We now just have users connect to the VNC console and set the
password
>> > > upon first boot.
>> > >
>> > > There have been a few discussions over the past year on the
>> > > openstack-operators list about the cloudbase Windows cloud-init
service.
>> > > I think one or two people have been able to get the password
injection
>> > > portion working. It might be worth a shot to search the archives:
>> > >
>> > > http://www.gossamer-threads.com/lists/openstack/operators/
>> > >
>> > > Joe
>> > >
>> > >
>> > > On Sun, Jan 19, 2014 at 4:21 AM, jeffty <wantwatering at gmail.com
>> > > <mailto:wantwatering at gmail.com>> wrote:
>> > >
>> > >     Thanks Jacob.
>> > >
>> > >     Is there any openstack API guide for send instance password while
>> > >     launch it?
>> > >
>> > >     Thanks.
>> > >
>> > >     On 1/19/2014 11:08 AM, Jacob Godin wrote:
>> > >     > Yes, they must input a password every time. It's within
Windows, they
>> > >     > must use the console.
>> > >     >
>> > >     > Sent from my mobile device
>> > >     >
>> > >     > On Jan 18, 2014 10:51 PM, "jeffty" <wantwatering at gmail.com
>> > >     <mailto:wantwatering at gmail.com>
>> > >     > <mailto:wantwatering at gmail.com <mailto:wantwatering at gmail.com
>>>
>> > >     wrote:
>> > >     >
>> > >     >     Thanks Jacob.
>> > >     >
>> > >     >     Then the user must input a password for every windows
instance he
>> > >     >     launched?
>> > >     >
>> > >     >     In other word different instance owns different password
even
>> > >     they are
>> > >     >     launched at the same time? e.g. Input 3 while launching
>> > >     instance in
>> > >     >     Horizon portal for this windows image.
>> > >     >
>> > >     >     If yes, how to send this password to the instance in
portal?
>> > >     That should
>> > >     >     be implemented by meta service.
>> > >     >
>> > >     >     If no, all of the instances have the same default
password, right?
>> > >     >
>> > >     >
>> > >     >     On 1/19/2014 10:02 AM, Jacob Godin wrote:
>> > >     >     > We've used sysprep to have the administrator provide a
password
>> > >     >     when the
>> > >     >     > instance is first booted.
>> > >     >
>>
>> We use a simple powershell script that generates a random Administrator
password on first boot, pulls the SSH key from the metadata server,
encrypts the password with the key and writes the encrypted password to the
serial port.
>>
>> The user retrieves the encrypted password through the nova console-log
and decrypts it with his private key. The image is setup such that the user
is prompted to change the (random) password the first time he logs into the
instance.
>>
>> ...Juerg
>>
>>
>>
>> > >
>> > >     _______________________________________________
>> > >     Mailing list:
>> > >     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> > >     Post to     : openstack at lists.openstack.org
>> > >     <mailto:openstack at lists.openstack.org>
>> > >     Unsubscribe :
>> > >     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> > >
>> > >
>> >
>> >
>> > _______________________________________________
>> > Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> > Post to     : openstack at lists.openstack.org
>> > Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140123/b001c754/attachment.html>


More information about the Openstack mailing list