← Back to team overview

openstack team mailing list archive

Re: Setting VM passwords when not running on Xen

 

> -----Original Message-----
> From: openstack-bounces+john.garbutt=eu.citrix.com@xxxxxxxxxxxxxxxxxxx
> [mailto:openstack-bounces+john.garbutt=eu.citrix.com@lists.launchpad.n
> et]
> On Behalf Of Thierry Carrez
> Sent: Wednesday, July 4, 2012 10:33 AM
> To: openstack@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openstack] Setting VM passwords when not running on Xen
> 
> Scott Moser wrote:
> > Is it for some reason not possible to have code that runs on first 
> > instance boot that reads the metadata service (or config drive) and 
> > sets the password appropriately?
> 
> I see no reason why you could not. Windows scripting supported both 
> running scripts at boot and setting user passwords last time I looked 
> :)
> 

>From a security perspective we want to keep the un-encrypted password (or an encrypted password and the means to decrypt it) out of Nova - hence generating it inside the VM and encrypting with the public key during boot seems stronger.

   


References