Password and SSH key injection¶
Note
This page only applies for Fleio OpenStack Edition or Fleio Full Edition.
Nova configuration:¶
[DEFAULT]
force_config_drive = True
Cloud-init¶
With the 2019.07 version we have implemented root password and ssh key injection trough cloud-init. The cloud-init configuration template is defined in base_settings.py with the following parameters:
INSTANCE_CLOUD_INIT_ROOT_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
chpasswd:
list: |
root:{root_password}
expire: False
""" # noqa
INSTANCE_CLOUD_INIT_SSH_KEYS_SET = """#cloud-config
users:
- default
- name: {user}
ssh-authorized-keys:\n""" # noqa
INSTANCE_CLOUD_INIT_NEW_USER_AND_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
users:
- default
- name: {new_user_name}
sudo: ALL=(ALL) NOPASSWD:ALL
lock_passwd: false
chpasswd:
list: |
{new_user_name}:{new_user_password}
expire: False
""" # noqa
INSTANCE_CLOUD_INIT_SSH_KEYS_SET_DEFAULT_USER = """#cloud-config
users:
- default
ssh_authorized_keys:\n""" # noqa
INSTANCE_CLOUD_INIT_DEFAULT_USER_PASSWORD_SET = """#cloud-config
disable_root: true
password: {password}
ssh_pwauth: True
chpasswd:
expire: false
""" # noqa
Additional information¶
If you want to be able to change the root password for already deployed instances, you will need to enable
qemu-guest-agent
installation trough cloud-init. The following variables can be defined in
advanced settings file to specify additional cloud init user data:
STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA
- userdata ran on staff launched instancesENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA
- userdata ran on end-user launched instancesINSTANCE_REBUILD_ADDITIONAL_USER_DATA
- userdata ran when a server is rebuilt
Use the template defined below in above cloud-init additional userdata settings to automatically install
qemu-guest-agent
:
"""#cloud-config
packages:
- qemu-guest-agent
"""
The final settings should look like this if you do not have any additional user data except for qemu-guest-agent
:
STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = """#cloud-config
packages:
- qemu-guest-agent
"""
ENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = """#cloud-config
packages:
- qemu-guest-agent
"""
INSTANCE_REBUILD_ADDITIONAL_USER_DATA = """#cloud-config
packages:
- qemu-guest-agent
"""
Also, the image must have the hw_qemu_guest_agent=’yes’ property enabled.
Set password and SSH key for the image’s default user¶
In order to configure Fleio to set the password and the SSH key to the image’s default user, you need to add the fleio_default_image_username
property to the image.
Note that the fleio_default_image_username
property is treated as a flag in backend.
If the fleio_default_image_username
property is defined, then the SSH key and password will be set to default image user.
If the property is not defined, then the SSH key and the password will be set to the root user.
In frontend, the username configured in the fleio_default_image_username
will be shown on the instance
create form / rebuild / edit password form.
Hide password input field for certain images¶
If you want to hide the password input field for certain images, you need to add the fleio_do_not_ask_password property on those images.