Password and SSH key injection

Nova configuration:

[DEFAULT]
force_config_drive = True

Cloud-init

With the 2019.07 version we have implemented root password and ssh key injection trough cloud-init. The cloud-init configuration template is defined in base_settings.py with the following parameters:

INSTANCE_CLOUD_INIT_ROOT_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
chpasswd:
  list: |
    root:{root_password}
  expire: False
"""  # noqa

INSTANCE_CLOUD_INIT_SSH_KEYS_SET = """#cloud-config
users:
  - default
  - name: {user}
    ssh-authorized-keys:\n"""  # noqa

INSTANCE_CLOUD_INIT_NEW_USER_AND_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
users:
  - default
  - name: {new_user_name}
    sudo: ALL=(ALL) NOPASSWD:ALL
    lock_passwd: false

chpasswd:
  list: |
    {new_user_name}:{new_user_password}
  expire: False
"""  # noqa

INSTANCE_CLOUD_INIT_SSH_KEYS_SET_DEFAULT_USER = """#cloud-config
users:
  - default
ssh_authorized_keys:\n"""  # noqa

INSTANCE_CLOUD_INIT_DEFAULT_USER_PASSWORD_SET = """#cloud-config
disable_root: true
password: {password}
ssh_pwauth: True
chpasswd:
  expire: false
"""  # noqa

Additional information

If you want to be able to change the root password for already deployed instances, you will need to enable qemu-guest-agent installation trough cloud-init. We have added the following userdata settings in base_settings.py:

STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = None  # userdata ran on staff launched instances
ENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = None  # userdata ran on end-user launched instances
INSTANCE_REBUILD_ADDITIONAL_USER_DATA = None  # userdata ran when a server is rebuilt

Use the template defined below in above cloud-init additional userdata settings to automatically install qemu-guest-agent:

"""#cloud-config
packages:
  - qemu-guest-agent
"""

Also, the image must have the hw_qemu_guest_agent=’yes’ property enabled.

Set password and SSH key for the image’s default user

In order to configure Fleio to set the password and the SSH key to the image’s default user, you need to add the fleio_default_image_username property to the image.

Note that the fleio_default_image_username property is treated as a flag in backend.

If the fleio_default_image_username property is defined, then the SSH key and password will be set to default image user. If the property is not defined, then the SSH key and the password will be set to the root user.

In frontend, the username configured in the fleio_default_image_username will be shown on the instance create form / rebuild / edit password form.