OpenStack Windows 虚拟机密码修改
- OpenStack 版本: Juno
- Hypervisor: KVM/QEMU
- Windows 版本: Server 2008
Cloudbase-Init 是类似 Cloud-Init 可以用于Windows的云初始化程序,能够在启动时获取Metadata对虚拟机进行一些设置。
0x00 安装
Cloudbase-Init 下载地址: https://cloudbase.it/cloudbase-init/#download
Username为需要修改密码的用户。如果用户名不存在,会先创建,然后设置密码。
最后一步选择Run Sysprep
0x01 配置
添加 setuserpassword Plugin
修改配置文件\PATH\TO\Cloudbase Solutions\Cloubase-Init\conf\cloudbase-init-unattend.conf
, plugins项添加cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin。
[DEFAULT]
username=Administrator
groups=Administrators
inject_user_password=true
config_drive_raw_hhd=true
config_drive_cdrom=true
config_drive_vfat=true
bsdtar_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\bsdtar.exe
mtools_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\
verbose=true
debug=true
logdir=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\log\
logfile=cloudbase-init-unattend.log
default_log_levels=comtypes=INFO,suds=INFO,iso8601=WARN,requests=WARN
logging_serial_port_settings=
mtu_use_dhcp_config=true
ntp_use_dhcp_config=true
local_scripts_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts\
metadata_services=cloudbaseinit.metadata.services.configdrive.ConfigDriveService,cloudbaseinit.metadata.services.httpservice.HttpService,cloudbaseinit.metadata.services.ec2service.EC2Service,cloudbaseinit.metadata.services.maasservice.MaaSHttpService
plugins=cloudbaseinit.plugins.common.mtu.MTUPlugin,cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin
allow_reboot=false
stop_service_on_exit=false
check_latest_version=false下次启动强制重新设置密码
这个功能默认是打开的,要关闭下次启动强制重新设置密码需要修改\PATH\TO\Cloudbase Solutions\Cloubase-Init\Python\Lib\site-packages\cloudbaseinit\plugins\common\setuserpassword.py:
def _set_password(self, service, osutils, user_name, shared_data):
if service.can_update_password and not service.is_password_changed():
LOG.info('Updating password is not required.')
return None
password, injected = self._get_password(service, shared_data)
if not password:
LOG.debug('Generating a random user password')
maximum_length = osutils.get_maximum_password_length()
password = osutils.generate_random_password(
maximum_length)
osutils.set_user_password(user_name, password)
# self._change_logon_behaviour(user_name, password_injected=injected)
return password将self._change_logon_behaviour(user_name, password_injected=injected)注释掉
不传入admin_pass不使用随机密码
默认情况下,装了 Cloudbase-Init 在不传入admin_pass启动虚拟机,将会使用随机密码。要取消使用随机密码需要修改\PATH\TO\Cloudbase Solutions\Cloubase-Init\Python\Lib\site-packages\cloudbaseinit\plugins\common\setuserpassword.py:
def _set_password(self, service, osutils, user_name, shared_data):
if service.can_update_password and not service.is_password_changed():
LOG.info('Updating password is not required.')
return None
password, injected = self._get_password(service, shared_data)
if not password:
return None
# LOG.debug('Generating a random user password')
# maximum_length = osutils.get_maximum_password_length()
# password = osutils.generate_random_password(
maximum_length)
osutils.set_user_password(user_name, password)
self._change_logon_behaviour(user_name, password_injected=injected)
return password自动重启导致密码失效
修改\PATH\TO\Cloudbase Solutions\Cloubase-Init\Python\Lib\site-packages\cloudbaseinit\init.py
def configure_host(self):
......
......
if reboot_required and CONF.allow_reboot:
try:
LOG.info("Rebooting")
# osutils.reboot()
except Exception as ex:
LOG.error('reboot failed with error \'%s\'' % ex)
else:
LOG.info("Plugins execution done")
if CONF.stop_service_on_exit:
LOG.info("Stopping Cloudbase-Init service")
osutils.terminate()将osutils.reboot()注释掉即可
0x02 测试
nova boot --image=image_id --flavor=flavor_id --nic net-id=net_id --availability-zone=az_name --meta admin_pass=password instance_name密码需要符合Windows密码规则。
[...]https://kurisu.love/index.php/archives/47/[...]