.. _password-and-ssh-key-injection: ============================== Password and SSH key injection ============================== .. index:: password .. contents:: :local: Nova configuration: ------------------- .. code-block:: bash [DEFAULT] force_config_drive = True .. _ssh-key-injection: Cloud-init ========== With the 2019.07 version we have implemented root password and ssh key injection trough cloud-init. The cloud-init configuration template is defined in base_settings.py with the following parameters: .. code-block:: bash INSTANCE_CLOUD_INIT_ROOT_PASSWORD_SET = """#cloud-config ssh_pwauth: True disable_root: false chpasswd: list: | root:{root_password} expire: False """ # noqa INSTANCE_CLOUD_INIT_SSH_KEYS_SET = """#cloud-config users: - default - name: {user} ssh-authorized-keys:\n""" # noqa INSTANCE_CLOUD_INIT_NEW_USER_AND_PASSWORD_SET = """#cloud-config ssh_pwauth: True disable_root: false users: - default - name: {new_user_name} sudo: ALL=(ALL) NOPASSWD:ALL lock_passwd: false chpasswd: list: | {new_user_name}:{new_user_password} expire: False """ # noqa INSTANCE_CLOUD_INIT_SSH_KEYS_SET_DEFAULT_USER = """#cloud-config users: - default ssh_authorized_keys:\n""" # noqa INSTANCE_CLOUD_INIT_DEFAULT_USER_PASSWORD_SET = """#cloud-config disable_root: true password: {password} ssh_pwauth: True chpasswd: expire: false """ # noqa Additional information ====================== If you want to be able to change the root password for already deployed instances, you will need to enable qemu-guest-agent installation trough cloud-init. We have added the following userdata settings in base_settings.py: .. code-block:: bash STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = None # userdata ran on staff launched instances ENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = None # userdata ran on end-user launched instances INSTANCE_REBUILD_ADDITIONAL_USER_DATA = None # userdata ran when a server is rebuilt Use the template defined below in above cloud-init additional userdata settings to automatically install qemu-guest-agent: .. code-block:: bash """#cloud-config packages: - qemu-guest-agent """ Also, the image must have the **hw_qemu_guest_agent='yes'** property enabled. Set password and SSH key for the image's default user ===================================================== In order to configure Fleio to set the password and the SSH key to the image's default user, you need to add the ``fleio_default_image_username`` property to the image. Note that the ``fleio_default_image_username`` property is treated as a flag in backend. If the ``fleio_default_image_username`` property is defined, then the SSH key and password will be set to default image user. If the property is not defined, then the SSH key and the password will be set to the root user. In frontend, the username configured in the ``fleio_default_image_username`` will be shown on the instance create form / rebuild / edit password form. Hide password input field for certain images ============================================ If you want to hide the password input field for certain images, you need to add the `fleio_do_not_ask_password` property on those images.