[mailto:openstack-bounces+john.garbutt=eu.citrix@lists.launchpad.net]
On Behalf Of Thierry Carrez
Sent: Wednesday, July 4, 2012 10:33 AM
To: openstack@lists.launchpad.net
Subject: Re: [Openstack] Setting VM passwords when not running on Xen
Scott Moser wrote:
Is it for some reason not possible to have
From: Scott Moser [mailto:ssmos...@gmail.com] On Behalf Of Scott Moser
* Cloud-Init / Metadata service (depends on DHCP(?), and not a
two-way
transport)
cloud-init does not require dhcp. It explicitly supports the passing of
network
interface definitions into it in Ubuntu
: [Openstack] Setting VM passwords when not running on Xen
Scott Moser wrote:
Is it for some reason not possible to have code that runs on first
instance boot that reads the metadata service (or config drive) and
sets the password appropriately?
I see no reason why you could not. Windows
Scott Moser wrote:
Is it for some reason not possible to have code that runs on first
instance boot that reads the metadata service (or config drive) and sets
the password appropriately?
I see no reason why you could not. Windows scripting supported both
running scripts at boot and setting
This seemed to crop up quite a lot in different sessions at the Design summit.
I am certainly interested in a standard way to inject information into VMs.
What I think we need is a cross hypervisor two-way guest communication channel
that is fairly transparent to the user of that VM (i.e.
On Tue, 3 Jul 2012, Day, Phil wrote:
Hi Folks,
Is anyone else looking at how to support images that need a password
rather than an ssh key (windows) on hypervisors that don't support
set_admin_password (e.g. libvirt) ?
I'm completely ignorant about windows.
Please forgive me.
Is it for
Thanks John,
One approach we were wondering about is to have an agent in Windows which:
o Generates a random password and sets it for the admin account
o Gets the public ssh key from the metadata service
o Encrypts the password with the public key
o Pushes the encrypted public key
Interesting idea, that seams reasonable.
The password is encrypted when it leaves the VM in the XenServer case too (if I
have understood the code correctly).
My only concerns are thinking about the more general solution:
* It only works on boot, so harder to change password if you
I like the security of this idea, but it would also require that metadata is
available outside the vm which it isn't. What about creating a security group
that opens a specific port, and run a little webserver on that port in the
guest that makes the key available. That would mean you don't
On Tue, 3 Jul 2012, John Garbutt wrote:
This seemed to crop up quite a lot in different sessions at the Design
summit. I am certainly interested in a standard way to inject information
into VMs.
What I think we need is a cross hypervisor two-way guest communication
channel that is fairly
10 matches
Mail list logo
