.. _password-and-ssh-key-injection: ============================== Password and SSH key injection ============================== .. note:: This page only applies for Fleio OpenStack Edition or Fleio Full Edition. .. index:: password .. contents:: :local: :backlinks: none Nova configuration: ------------------- .. code-block:: bash [DEFAULT] force_config_drive = True .. _ssh-key-injection: Cloud-init ========== With the 2019.07 version we have implemented root password and ssh key injection trough cloud-init. The cloud-init configuration template is defined in base_settings.py with the following parameters: .. code-block:: bash INSTANCE_CLOUD_INIT_ROOT_PASSWORD_SET = """#cloud-config ssh_pwauth: True disable_root: false chpasswd: list: | root:{root_password} expire: False """ # noqa INSTANCE_CLOUD_INIT_SSH_KEYS_SET = """#cloud-config users: - default - name: {user} ssh-authorized-keys:\n""" # noqa INSTANCE_CLOUD_INIT_NEW_USER_AND_PASSWORD_SET = """#cloud-config ssh_pwauth: True disable_root: false users: - default - name: {new_user_name} sudo: ALL=(ALL) NOPASSWD:ALL lock_passwd: false chpasswd: list: | {new_user_name}:{new_user_password} expire: False """ # noqa INSTANCE_CLOUD_INIT_SSH_KEYS_SET_DEFAULT_USER = """#cloud-config users: - default ssh_authorized_keys:\n""" # noqa INSTANCE_CLOUD_INIT_DEFAULT_USER_PASSWORD_SET = """#cloud-config disable_root: true password: {password} ssh_pwauth: True chpasswd: expire: false """ # noqa Additional information ====================== If you want to be able to change the root password for already deployed instances, you will need to enable ``qemu-guest-agent`` installation trough cloud-init. The following variables can be defined in :ref:`advanced settings file ` to specify additional cloud init user data: - ``STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA`` - userdata ran on staff launched instances - ``ENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA`` - userdata ran on end-user launched instances - ``INSTANCE_REBUILD_ADDITIONAL_USER_DATA`` - userdata ran when a server is rebuilt Use the template defined below in above cloud-init additional userdata settings to automatically install ``qemu-guest-agent``: .. code-block:: python """#cloud-config packages: - qemu-guest-agent """ The final settings should look like this if you do not have any additional user data except for ``qemu-guest-agent``: .. code-block:: python STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = """#cloud-config packages: - qemu-guest-agent """ ENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = """#cloud-config packages: - qemu-guest-agent """ INSTANCE_REBUILD_ADDITIONAL_USER_DATA = """#cloud-config packages: - qemu-guest-agent """ Also, the image must have the **hw_qemu_guest_agent='yes'** property enabled. Set password and SSH key for the image's default user ===================================================== In order to configure Fleio to set the password and the SSH key to the image's default user, you need to add the ``fleio_default_image_username`` property to the image. Note that the ``fleio_default_image_username`` property is treated as a flag in backend. If the ``fleio_default_image_username`` property is defined, then the SSH key and password will be set to default image user. If the property is not defined, then the SSH key and the password will be set to the root user. In frontend, the username configured in the ``fleio_default_image_username`` will be shown on the instance create form / rebuild / edit password form. Hide password input field for certain images ============================================ If you want to hide the password input field for certain images, you need to add the `fleio_do_not_ask_password` property on those images.