Password and SSH key injection

Nova configuration:

[DEFAULT]
force_config_drive = True

Cloud-init

With the 2019.07 version we have implemented root password and ssh key injection trough cloud-init. The cloud-init configuration template is defined in base_settings.py with the following parameters:

INSTANCE_CLOUD_INIT_ROOT_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
chpasswd:
  list: |
    root:{root_password}
  expire: False
"""  # noqa

INSTANCE_CLOUD_INIT_SSH_KEYS_SET = """#cloud-config
users:
  - default
  - name: {user}
    ssh-authorized-keys:\n"""  # noqa

INSTANCE_CLOUD_INIT_NEW_USER_AND_PASSWORD_SET = """#cloud-config
ssh_pwauth: True
disable_root: false
users:
  - default
  - name: {new_user_name}
    sudo: ALL=(ALL) NOPASSWD:ALL
    lock_passwd: false

chpasswd:
  list: |
    {new_user_name}:{new_user_password}
  expire: False
"""  # noqa

Additional information

If you want to be able to change the root password for already deployed instances, you will need to enable qemu-guest-agent installation trough cloud-init. We have added the following userdata settings in base_settings.py:

STAFF_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = None  # userdata ran on staff launched instances
ENDUSER_INSTANCE_ADDITIONAL_CLOUD_INIT_USERDATA = None  # userdata ran on end-user launched instances
INSTANCE_REBUILD_ADDITIONAL_USER_DATA = None  # userdata ran when a server is rebuilt

Use the template defined below in above cloud-init additional userdata settings to automatically install qemu-guest-agent:

"""#cloud-config
packages:
  - qemu-guest-agent
"""

Also, the image must have the hw_qemu_guest_agent=’yes’ property enabled.