admin_pass via MAAS
See original GitHub issueI can successfully use an SSL certificate and WinRM to set the Admin user password after a Windows image has been deployed by MAAS.
I understand that setting it via meta data is not really “secure”, but that works in our trusted environment. I’ve tried with the following user data passed in to user_data as a base64 encoded string:
#cloud-config
cloudbase-config
admin_pass: password
with cloudbase-init.conf:
[DEFAULT]
username=Admin
groups=Administrators
inject_user_password=true
first_logon_behaviour=no
config_drive_raw_hhd=true
config_drive_cdrom=true
config_drive_vfat=true
bsdtar_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\bsdtar.exe
mtools_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\
verbose=true
debug=true
logdir=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\log\
logfile=cloudbase-init.log
default_log_levels=comtypes=INFO,suds=INFO,iso8601=WARN,requests=WARN
logging_serial_port_settings=COM1,115200,N,8
mtu_use_dhcp_config=true
ntp_use_dhcp_config=true
local_scripts_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts\
and cloudbase-init-unattend.conf:
[DEFAULT]
username=Admin
groups=Administrators
inject_user_password=true
first_logon_behaviour=no
config_drive_raw_hhd=true
config_drive_cdrom=true
config_drive_vfat=true
bsdtar_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\bsdtar.exe
mtools_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\
verbose=true
debug=true
logdir=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\log\
logfile=cloudbase-init-unattend.log
default_log_levels=comtypes=INFO,suds=INFO,iso8601=WARN,requests=WARN
logging_serial_port_settings=COM1,115200,N,8
mtu_use_dhcp_config=true
ntp_use_dhcp_config=true
local_scripts_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts\
metadata_services=cloudbaseinit.metadata.services.configdrive.ConfigDriveService,cloudbaseinit.metadata.services.httpservice.HttpService,cloudbaseinit.metadata.services.ec2service.EC2Service,cloudbaseinit.metadata.services.maasservice.MaaSHttpService
plugins=cloudbaseinit.plugins.common.mtu.MTUPlugin,cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin
allow_reboot=false
stop_service_on_exit=false
check_latest_version=false
But each time I’m still prompted to change the password when host first boots. This is problematic for us as the devices are headless Intel NUCs with no IPMI (we are using a custom Eaton power driver to control power state - see: https://code.launchpad.net/~adacre/maas/+git/maas/+merge/377439)
Issue Analytics
- State:
- Created 4 years ago
- Comments:7 (5 by maintainers)
Top Results From Across the Web
How to manage user accounts - MAAS
An administrator can manage all aspects of MAAS, whereas a ... MAAS limits the details a non-admin user can view, such as nodes...
Read more >4. Bare Metal Installation - Anuket Documentation
Use ubuntu as username as password, as this matches the MAAS credentials installed later. ... This section will guide you through the MAAS...
Read more >Bug #1663324 “MAAS Region Controller fails to install using ...
MAAS Region Controller fails to install using external postgres via debconf. Bug #1663324 reported by Dan Offord on 2017-02-09.
Read more >Setting the Windows admin password in OpenStack
This post clarifies how to set the admin password in OpenStack Windows instances, using both the Horizon dashboard and the command line.
Read more >Configuring administrator settings in the MaaS360 Portal - IBM
MaaS360 administrators can configure basic settings that alert administrators about important events (new device discovery, permanent user deletion), ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Once https://review.opendev.org/#/c/379354 gets merged, there should not be any configuration change from your side. You just need to define the userdata in cloud=config format similar to:
Note that cloudbase-init beta installer gets rebuilt once a day.
After user/groups support for cloud-config gets merged, when a user gets created using the cloud-config information, its password does not expire.
Hello @dacron,
Did you manage to solve your requirements by using users/groups cloud-config directives?
Thank you, Adrian Vladu