openstack team mailing list archive

Thread
Date

Re: Setting VM passwords when not running on Xen

To: "'Day, Phil'" <philip.day@xxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx) (openstack@xxxxxxxxxxxxxxxxxxx)" <openstack@xxxxxxxxxxxxxxxxxxx>
From: John Garbutt <John.Garbutt@xxxxxxxxxx>
Date: Tue, 3 Jul 2012 16:41:26 +0100
Accept-language: en-US
Acceptlanguage: en-US
In-reply-to: <C49B6B58853ACD4E96677F24DD9C446C73A29BFE73@GVW1114EXC.americas.hpqcorp.net>
Thread-index: Ac1ZJKDTAPXrWXgzTveLFAf2q4rT3AACNyNw
Thread-topic: Setting VM passwords when not running on Xen

This seemed to crop up quite a lot in different sessions at the Design summit. I am certainly interested in a standard way to inject information into VMs.

What I think we need is a cross hypervisor two-way guest communication channel that is fairly transparent to the user of that VM (i.e. ideally not a network connection).

If I understand things correctly, we currently have these setup ideas:

*         Config Drive (not supported by XenAPI, but not a two way transport)

*         Cloud-Init / Metadata service (depends on DHCP(?), and not a two-way transport)

But to set the password, we ideally want two way communication. We currently have these:

*         XenAPI guest plugin (XenServer specific, uses XenStore, but two way, no networking assumed )

*         Serial port (used by http://wiki.libvirt.org/page/Qemu_guest_agent but not supported on XenServer)

I like the idea of building a common interface (maybe write out to a known file system location) for the above two hypervisor specific mechanisms. The agent should be able to pick which mechanism works. Then on top of that, we could write a common agent that can be shared for all the different hypervisors. You could also fallback to the metadata service and config drive when no two way communication is available.

I would love this Guest Agent to be an OpenStack project that can then be up streamed into many Linux distribution cloud images.

Sadly, I don't have any time to work on this right now, but hopefully that will change in the near future.

Cheers,
John

From: openstack-bounces+john.garbutt=eu.citrix.com@xxxxxxxxxxxxxxxxxxx [mailto:openstack-bounces+john.garbutt=eu.citrix.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Day, Phil
Sent: 03 July 2012 3:07
To: openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx) (openstack@xxxxxxxxxxxxxxxxxxx)
Subject: [Openstack] Setting VM passwords when not running on Xen

Hi Folks,

Is anyone else looking at how to support images that need a password rather than an ssh key (windows) on hypervisors that don't support set_admin_password (e.g. libvirt) ?

Thanks
Phil

Follow ups

Re: Setting VM passwords when not running on Xen
From: Scott Moser, 2012-07-03
Re: Setting VM passwords when not running on Xen
From: Day, Phil, 2012-07-03

References

Setting VM passwords when not running on Xen
From: Day, Phil, 2012-07-03