cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <...@li.nux.ro>
Subject Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init way
Date Tue, 26 Aug 2014 21:44:03 GMT
Hi Erik and thanks for your effort. Using user data is a nice idea.
Let's see what more experienced programmers have to say on this.

One thing that I noticed; though it might have been OK in your particular case, "rm -rf /var/lib/cloud/"
is a bad idea as it can include various useful scripts along that path. As you noticed I copy
the cloudstack-set-password script in /var/lib/cloud/scripts/per-boot, so that's one example.
:-)

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro


----- Original Message -----
> From: "Erik Weber" <terbolous@gmail.com>
> To: "dev" <dev@cloudstack.apache.org>
> Sent: Tuesday, 26 August, 2014 9:34:44 PM
> Subject: [DISCUSS] Changing the way password reset works, or allowing the cloud-init
way
> 
> If I understand correctly, we currently deploy a web server on port 8080 on
> the VR and send a specially crafted request to retrieve the password.
> 
> This requires special made scripts or software on the guest vms to execute
> the password reset.
> 
> At the same time cloud-init has become the de facto standard of pushing
> configuration to guest vms.
> 
> cloud-init does support password resets out of the box, through the usage
> of user-data.
> 
> There are a couple of issues with this that I can think of, and there are
> probably more that I currently cannot think of, but hopefully someone else
> might :-)
>  - we cannot change/update user-data (yet) in acs (i think?)
>  - if the vm has an existing user-data, we have to modify it. how to handle
> custom scripts as user-data?
>  - should we clean up the user-data after some time? how to pick up that
> the cloud-init has run?
> 
> If you want to test how this works you can deploy a machine with cloud-init
> installed.
> I used this[1] from Lucian as source for its configuration.
> 
> After that, you have to manually log on to the VR, go to
> /var/www/html/userdata/<vm ip>/ and modify the user-data file. Example
> content is here[2].
> 
> Then on your test machine, issue: rm -rf /var/lib/cloud/ && cloud-init init
> && cloud-init modules --mode config && cloud-init modules --mode final
> 
> If you chose to use the random password generator it will display on the
> screen.
> 
> This is most likely beyond my programming skills, so I cannot say what
> amount of effort it would take to accomplish.
> 
> 
> [1] http://dl.openvm.eu/cloudstack/centos/ks/vanilla/7/post_cloudstack.ks
> [2] https://gist.github.com/terbolous/e0ab09afaa6be2a5f3bb
> 
> --
> Erik
> 

Mime
View raw message