Password and SSH key injection

Note

This page only applies for Fleio OpenStack Edition or Fleio Full Edition.

Nova configuration:

[DEFAULT]
force_config_drive = True

Cloud-init

With the 2019.07 version we have implemented root password and ssh key injection trough cloud-init. The cloud-init configuration template is defined in base_settings.py with the following parameters:

INSTANCE_CLOUD_INIT_ROOT_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
chpasswd:
  list: |
    root:{root_password}
  expire: False
"""  # noqa

INSTANCE_CLOUD_INIT_SSH_KEYS_SET = """#cloud-config
users:
  - default
  - name: {user}
    ssh-authorized-keys:\n"""  # noqa

INSTANCE_CLOUD_INIT_NEW_USER_AND_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
users:
  - default
  - name: {new_user_name}
    sudo: ALL=(ALL) NOPASSWD:ALL
    lock_passwd: false

chpasswd:
  list: |
    {new_user_name}:{new_user_password}
  expire: False
"""  # noqa

INSTANCE_CLOUD_INIT_SSH_KEYS_SET_DEFAULT_USER = """#cloud-config
users:
  - default
ssh_authorized_keys:\n"""  # noqa

INSTANCE_CLOUD_INIT_DEFAULT_USER_PASSWORD_SET = """#cloud-config
disable_root: true
password: {password}
ssh_pwauth: True
chpasswd:
  expire: false
"""  # noqa

Additional information

If you want to be able to change the root password for already deployed instances, you will need to enable qemu-guest-agent installation trough cloud-init. The following variables can be defined in advanced settings file to specify additional cloud init user data:

  • STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA - userdata ran on staff launched instances

  • ENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA - userdata ran on end-user launched instances

  • INSTANCE_REBUILD_ADDITIONAL_USER_DATA - userdata ran when a server is rebuilt

Use the template defined below in above cloud-init additional userdata settings to automatically install qemu-guest-agent:

"""#cloud-config
packages:
  - qemu-guest-agent
"""

The final settings should look like this if you do not have any additional user data except for qemu-guest-agent:

STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = """#cloud-config
packages:
  - qemu-guest-agent
"""

ENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = """#cloud-config
packages:
  - qemu-guest-agent
"""

INSTANCE_REBUILD_ADDITIONAL_USER_DATA = """#cloud-config
packages:
  - qemu-guest-agent
"""

Also, the image must have the hw_qemu_guest_agent=’yes’ property enabled.

Set password and SSH key for the image’s default user

In order to configure Fleio to set the password and the SSH key to the image’s default user, you need to add the fleio_default_image_username property to the image.

Note that the fleio_default_image_username property is treated as a flag in backend.

If the fleio_default_image_username property is defined, then the SSH key and password will be set to default image user. If the property is not defined, then the SSH key and the password will be set to the root user.

In frontend, the username configured in the fleio_default_image_username will be shown on the instance create form / rebuild / edit password form.

Hide password input field for certain images

If you want to hide the password input field for certain images, you need to add the fleio_do_not_ask_password property on those images.