On Thu Jan 23 07:54:23 2014, Juerg Haefliger wrote: > On Tue, Jan 21, 2014 at 8:22 AM, Joe Topjian <j...@topjian.net > <mailto:j...@topjian.net>> wrote: > > > > Hi Juerg, > > > > That's a really creative way of setting the password. Are you able > to share your powershell script? > > Sorry, missed this request earlier. Need to check with legal (sigh). > > ..Juerg > > > > Thanks, > > Joe > > > > > > On Tue, Jan 21, 2014 at 8:15 AM, Juerg Haefliger <jue...@gmail.com > <mailto:jue...@gmail.com>> wrote: > >> > >> > >> On Tue, Jan 21, 2014 at 3:15 AM, jeffty <wantwater...@gmail.com > <mailto:wantwater...@gmail.com>> wrote: > >> > > >> > Thanks Joe, It really helps. > >> > > >> > Will check them to find the proper way. > >> > > >> > Thanks. > >> > > >> > On 1/19/2014 3:32 PM, Joe Topjian wrote: > >> > > Hello, > >> > > > >> > > We've used this in the past: > >> > > > >> > > https://github.com/jordanrinke/openstack > >> > > > >> > > It allows a user to type in an Administrator password in the > Post Config > >> > > text box when launching an instance in Horizon. The password is > then > >> > > retrieved when Windows first boots via the metadata service. > >> > > > >> > > We stopped using it for two reasons, though: > >> > > > >> > > 1. The password was permanently stored in the metadata server > >> > > 2. There was no (default) way to let the user know that the > password > >> > > they chose was not a strong enough password > >> > > > >> > > We now just have users connect to the VNC console and set the > password > >> > > upon first boot. > >> > > > >> > > There have been a few discussions over the past year on the > >> > > openstack-operators list about the cloudbase Windows cloud-init > service. > >> > > I think one or two people have been able to get the password > injection > >> > > portion working. It might be worth a shot to search the archives: > >> > > > >> > > http://www.gossamer-threads.com/lists/openstack/operators/ > >> > > > >> > > Joe > >> > > > >> > > > >> > > On Sun, Jan 19, 2014 at 4:21 AM, jeffty <wantwater...@gmail.com > <mailto:wantwater...@gmail.com> > >> > > <mailto:wantwater...@gmail.com > <mailto:wantwater...@gmail.com>>> wrote: > >> > > > >> > > Thanks Jacob. > >> > > > >> > > Is there any openstack API guide for send instance password > while > >> > > launch it? > >> > > > >> > > Thanks. > >> > > > >> > > On 1/19/2014 11:08 AM, Jacob Godin wrote: > >> > > > Yes, they must input a password every time. It's within > Windows, they > >> > > > must use the console. > >> > > > > >> > > > Sent from my mobile device > >> > > > > >> > > > On Jan 18, 2014 10:51 PM, "jeffty" > <wantwater...@gmail.com <mailto:wantwater...@gmail.com> > >> > > <mailto:wantwater...@gmail.com <mailto:wantwater...@gmail.com>> > >> > > > <mailto:wantwater...@gmail.com > <mailto:wantwater...@gmail.com> <mailto:wantwater...@gmail.com > <mailto:wantwater...@gmail.com>>>> > >> > > wrote: > >> > > > > >> > > > Thanks Jacob. > >> > > > > >> > > > Then the user must input a password for every windows > instance he > >> > > > launched? > >> > > > > >> > > > In other word different instance owns different > password even > >> > > they are > >> > > > launched at the same time? e.g. Input 3 while launching > >> > > instance in > >> > > > Horizon portal for this windows image. > >> > > > > >> > > > If yes, how to send this password to the instance in > portal? > >> > > That should > >> > > > be implemented by meta service. > >> > > > > >> > > > If no, all of the instances have the same default > password, right? > >> > > > > >> > > > > >> > > > On 1/19/2014 10:02 AM, Jacob Godin wrote: > >> > > > > We've used sysprep to have the administrator > provide a password > >> > > > when the > >> > > > > instance is first booted. > >> > > > > >> > >> We use a simple powershell script that generates a random > Administrator password on first boot, pulls the SSH key from the > metadata server, encrypts the password with the key and writes the > encrypted password to the serial port. > >> > >> The user retrieves the encrypted password through the nova > console-log and decrypts it with his private key. The image is setup > such that the user is prompted to change the (random) password the > first time he logs into the instance. > >> > >> ...Juerg > >> > >> > >> > >> > > > >> > > _______________________________________________ > >> > > Mailing list: > >> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> > > Post to : openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org> > >> > > <mailto:openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org>> > >> > > Unsubscribe : > >> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> > > > >> > > > >> > > >> > > >> > _______________________________________________ > >> > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> > Post to : openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org> > >> > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > >
If it's not possible to release the script it shouldn't be to hard to re-create. Juerg has already described the tricky bit, which is the crypto stuff, the only piece missing is putting the password into Windows :) _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
