Password and SSH key injection¶
Nova configuration:¶
[DEFAULT]
force_config_drive = True
Cloud-init¶
With the 2019.07 version we have implemented root password and ssh key injection trough cloud-init. The cloud-init configuration template is defined in base_settings.py with the following parameters:
INSTANCE_CLOUD_INIT_ROOT_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
chpasswd:
list: |
root:{root_password}
expire: False
""" # noqa
INSTANCE_CLOUD_INIT_SSH_KEYS_SET = """#cloud-config
users:
- default
- name: {user}
ssh-authorized-keys:\n""" # noqa
INSTANCE_CLOUD_INIT_NEW_USER_AND_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
users:
- default
- name: {new_user_name}
sudo: ALL=(ALL) NOPASSWD:ALL
lock_passwd: false
chpasswd:
list: |
{new_user_name}:{new_user_password}
expire: False
""" # noqa
Additional information¶
If you want to be able to change the root password for already deployed instances, you will need to enable qemu-guest-agent installation trough cloud-init. We have added the following userdata settings in base_settings.py:
STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = None # userdata ran on staff launched instances
ENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = None # userdata ran on end-user launched instances
INSTANCE_REBUILD_ADDITIONAL_USER_DATA = None # userdata ran when a server is rebuilt
Use the template defined below in above cloud-init additional userdata settings to automatically install qemu-guest-agent:
"""#cloud-config
packages:
- qemu-guest-agent
"""
Also, the image must have the hw_qemu_guest_agent=’yes’ property enabled.