Cloud-Init for Windows instances

Post 13 of 19

The automated initialization of a new instance is a task that needs to be split between the cloud infrastructure and the guest OS. OpenStack provides the required metadata via HTTP or via ConfigDrive and cloud-init takes care of configuring the instance on Linux… but what happens on Windows guests?

Well, until recently there were very limited options, but the great news is that we just released cloudbase-init, an open source project that brings the features that are handled by cloud-init on Linux to Windows (and soon FreeBSD as well)!

Some quick facts about it:

  • Supports HTTP and ConfigDriveV2 metadata sources
  • Provides out the box: user creation, password injection, static networking configuration, hostname, SSH public keys and userdata scripts (Powershell, Cmd or Bash)
  • It’s highly modular and can be easily extended to provide support for a lot of features and metadata sources.
  • Works on any hypervisor (Hyper-V, KVM, Xen, etc)
  • Works on Windows Server 2003 / 2003 R2 / 2008 / 2008 R2 / 2012 and Windows 7 and 8.
  • It’s platform independent, meaning that we plan to add other OSs, e.g.: FreeBSD
  • Written in Python
  • Open source, Apache 2 licensed

 

To simplify things even more, here’s a free installer:

Download the x64 version or the x86 version.

 

The installer takes care of everything, including installing a dedicated Python environment, generating a configuration file and creating a Windows service that runs at boot time. Configuration settings like the username, group membership and the network adapter to be configured can be specified during setup or later by editing the configuration file (cloudbase-init.conf).

 

 

After the setup finishes, you’ll find a new service called “Cloud Initialization Service”. The service is not started yet, it wil start automatically at the next boot. All you have to do now is shutting down your VM and upload the image to Glance.

 

 

When the service runs for the first time at boot, it will look for a metadata data source by checking the available ones in the order provided in the cloudbase-init.conf file. By default it looks for the ConfigDrive and then for the classic HTTP Url on 169.254.169.254 (IP address configurable in the conf file).

After retrieving the metadata, the service executes a list of plugins:

 

cloudbaseinit.plugins.windows.sethostname.SetHostNamePlugin

Sets the instance’s hostname. It triggers an automatic reboot to apply it.

 

cloudbaseinit.plugins.windows.createuser.CreateUserPlugin

Creates / updates a local user, setting the password provided in the metadata (admin_pass). The user is then added to a set of local groups. The following configuration parameters control the behaviour of this plugin:

  • username: default: Admin
  • groups: Comma separated list of groups. Default: Administrators
  • inject_user_password: Can be set to false to avoid the injection of the password provided in the metadata. Default: True

 

cloudbaseinit.plugins.windows.networkconfig.NetworkConfigPlugin

Configures static networking.

  • network_adapter: Network adapter to configure. If not specified, the first available ethernet adapter will be chosen. Default: None

 

cloudbaseinit.plugins.windows.sshpublickeys.SetUserSSHPublicKeysPlugin

Creates an “authorized_keys” file in the user’s home directory containing the SSH keys provided in the metadata.

Note: on Windows, starting with Grizzly, the public key is needed to encrypt the user’s password.

 

cloudbaseinit.plugins.windows.userdata.UserDataPlugin

Executes custom scripts provided with the user_data metadata (plain text or compressed with gzip).

Supported formats:

Windows batch

The file is executed in a cmd.exe shell (can be changed with the COMSPEC environment variable). The user_data first line must be: rem cmd

Powershell

Scripting is automatically enabled if not set (RemoteSigned). The user_data first line must be: #ps1

Bash

A bash shell needs to be installed in the system and available in the PATH in order to use this feature. The user_data first line must start with: #!

 

When the configuration is done, the service saves a value in the Windows registry to avoid the execution of the same plugins on the next boot. In order to trigger again the execution of the configuration scripts, just remove the following Registry key and restart the service or reboot:

Note: on 64 bit versions of Windows, the key is:

 

Unattended setup

The setup can be done in silent mode as well, which means that it can be easily integrated in a Puppet, Chef or Windows GPO deployment strategy.

Here’s the basic syntax, with an additional optional log file to verify that everything worked fine:

 

You can also pass parameters, for example to specify the ethernet adapter to be configured:

 

, ,

This article was written by apilotti

104 comments:

JoeVDecember 5, 2012 at 22:33Reply

How does the code base for cloudbase relate to the cloud-init project code base? (https://help.ubuntu.com/community/CloudInit)
Did cloudbase start as a fork of cloud-init?

Cloudbase SolutionsDecember 9, 2012 at 07:45Reply

Hi, porting cloud-init to Windows requires some consistent refactoring. For this reason this project is not a fork (with the additional benefit of having Apache 2 licensing). We already agreed with the cloud-init folks to merge our effort with theirs in order to have a single project

Cloud-Init for Windows instances – Cloudbase Solutions | OpenStack news | Scoop.itDecember 8, 2012 at 13:08Reply

[...]   [...]

Openstack 资料 » 陈沙克日志December 10, 2012 at 09:21Reply

[...] http://www.cloudbase.it/cloud-init-for-windows-instances/ [...]

GeorgeDecember 19, 2012 at 19:21Reply

Hi,

I installed the package on a Windows 2012 and the “Cloud Initialization Service” doesn’t automatically start at boot.

I have to login using the VNC console or RDP using the default credentials and manually start this service, which causes the server to reboot in order to apply the hostname change.

Before manually starting the service, there is a Windows event logged that says:
“The Cloud Initialization Service service terminated unexpectedly. It has done this 1 time(s).”

And these are the contents of “C:Program Files (x86)Cloudbase SolutionsCloudbase-Initlog”:

2012-12-19 16:03:50 1112 DEBUG cloudbaseinit.utils [-] Loading class ‘cloudbaseinit.osutils.windows.WindowsUtils’ load_class C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitutils.py:24
2012-12-19 16:03:56 1112 DEBUG cloudbaseinit.utils [-] Loading class ‘cloudbaseinit.plugins.windows.sethostname.SetHostNamePlugin’ load_class C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitutils.py:24
2012-12-19 16:03:56 1112 DEBUG cloudbaseinit.utils [-] Loading class ‘cloudbaseinit.plugins.windows.createuser.CreateUserPlugin’ load_class C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitutils.py:24
2012-12-19 16:03:56 1112 DEBUG cloudbaseinit.utils [-] Loading class ‘cloudbaseinit.plugins.windows.networkconfig.NetworkConfigPlugin’ load_class C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitutils.py:24
2012-12-19 16:03:56 1112 DEBUG cloudbaseinit.utils [-] Loading class ‘cloudbaseinit.plugins.windows.sshpublickeys.SetUserSSHPublicKeysPlugin’ load_class C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitutils.py:24
2012-12-19 16:03:56 1112 DEBUG cloudbaseinit.utils [-] Loading class ‘cloudbaseinit.plugins.windows.userdata.UserDataPlugin’ load_class C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitutils.py:24
2012-12-19 16:03:56 1112 DEBUG cloudbaseinit.utils [-] Loading class ‘cloudbaseinit.metadata.services.configdrive.configdrive.ConfigDriveService’ load_class C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitutils.py:24
2012-12-19 16:03:56 1112 DEBUG cloudbaseinit.metadata.services.configdrive.manager [-] Looking for Config Drive in raw HDDs get_config_drive_files C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesconfigdrivemanager.py:161
2012-12-19 16:03:56 1112 DEBUG cloudbaseinit.metadata.services.configdrive.manager [-] Looking for Config Drive in cdrom drives get_config_drive_files C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesconfigdrivemanager.py:166
2012-12-19 16:03:56 1112 DEBUG cloudbaseinit.utils [-] Loading class ‘cloudbaseinit.metadata.services.httpservice.HttpService’ load_class C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitutils.py:24
2012-12-19 16:03:57 1112 DEBUG cloudbaseinit.metadata.services.httpservice [-] Getting metadata from: http://169.254.169.254/openstack/latest/meta_data.json _get_data C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataserviceshttpservice.py:47
2012-12-19 16:04:18 1112 DEBUG cloudbaseinit.metadata.services.httpservice [-] Metadata not found at URL ‘http://169.254.169.254/’ load C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataserviceshttpservice.py:42
2012-12-19 16:04:18 1112 DEBUG cloudbaseinit.utils [-] Loading class ‘cloudbaseinit.metadata.services.ec2service.EC2Service’ load_class C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitutils.py:24
2012-12-19 16:04:18 1112 DEBUG cloudbaseinit.metadata.services.ec2service [-] Getting data for the path: openstack/latest/meta_data.json _get_data C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py:54
2012-12-19 16:04:18 1112 DEBUG cloudbaseinit.metadata.services.ec2service [-] Getting metadata from: http://169.254.169.254/2009-04-04/meta-data/ami-id _get_data C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py:59
2012-12-19 16:04:39 1112 DEBUG cloudbaseinit.metadata.services.ec2service [-] load C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py:46
2012-12-19 16:04:39 1112 DEBUG cloudbaseinit.metadata.services.ec2service [-] Traceback (most recent call last):
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py”, line 43, in load
self.get_meta_data(‘openstack’)
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesbase.py”, line 55, in get_meta_data
data = self._get_cache_data(path)
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesbase.py”, line 38, in _get_cache_data
data = self._get_data(path)
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py”, line 61, in _get_data
response = urllib2.urlopen(req)
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27liburllib2.py”, line 126, in urlopen
return _opener.open(url, data, timeout)
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27liburllib2.py”, line 400, in open
response = self._open(req, data)
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27liburllib2.py”, line 418, in _open
‘_open’, req)
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27liburllib2.py”, line 378, in _call_chain
result = func(*args)
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27liburllib2.py”, line 1207, in http_open
return self.do_open(httplib.HTTPConnection, req)
File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27liburllib2.py”, line 1177, in do_open
raise URLError(err)
URLError:
load C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py:47
2012-12-19 16:04:39 1112 DEBUG cloudbaseinit.metadata.services.ec2service [-] Metadata not found at URL ‘http://169.254.169.254/2009-04-04/’ load C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py:49
2012-12-19 16:04:39 1112 CRITICAL cloudbaseinit [-] No available service found
2012-12-19 16:04:39 1112 TRACE cloudbaseinit Traceback (most recent call last):
2012-12-19 16:04:39 1112 TRACE cloudbaseinit File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27Scriptscloudbase-init-script.py”, line 8, in
2012-12-19 16:04:39 1112 TRACE cloudbaseinit load_entry_point(‘cloudbase-init==0.9.0′, ‘console_scripts’, ‘cloudbase-init’)()
2012-12-19 16:04:39 1112 TRACE cloudbaseinit File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitshell.py”, line 32, in main
2012-12-19 16:04:39 1112 TRACE cloudbaseinit init.configure_host()
2012-12-19 16:04:39 1112 TRACE cloudbaseinit File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitinit.py”, line 47, in configure_host
2012-12-19 16:04:39 1112 TRACE cloudbaseinit service = MetadataServiceFactory().get_metadata_service()
2012-12-19 16:04:39 1112 TRACE cloudbaseinit File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadatafactory.py”, line 51, in get_metadata_service
2012-12-19 16:04:39 1112 TRACE cloudbaseinit raise Exception(“No available service found”)
2012-12-19 16:04:39 1112 TRACE cloudbaseinit Exception: No available service found
2012-12-19 16:04:39 1112 TRACE cloudbaseinit

After the restart, the hostname changed but the password I provided in the “user-data” tab in Dashboard was not applied.

This is the content of “cloudbase-init.conf”:

[DEFAULT]
username=Admin
groups=Administrators
inject_user_password=true
network_adapter=Red Hat VirtIO Ethernet Adapter
config_drive_raw_hhd=true
config_drive_cdrom=true
verbose=true
logdir=C:Program Files (x86)Cloudbase SolutionsCloudbase-Initlog

Any idea what’s wrong?

Can you please provide more details about the possible options in “cloudbase-init.conf”?

Thank you,
George

Sergio MafraJanuary 14, 2013 at 22:00Reply

I tried in an AWS Instance (Windows 2008 R2) and it stucks after boot. If I delete the registry entry, it runs the user data command. Next boot, it hangs again.

KeanJanuary 31, 2013 at 03:13Reply

I tried in Windows 2012 R2 on EC2 instance, it works perfectly.

But It didn’t work on VPC instance.

Found out that it failed on looking for …meta-data/public-ipv4….

Could you please make the “public-ipv4″ optional, because under the VPC instance might not have elastic IP assign during the start up.

Below are the log for your references

For EC2 instance log:

2013-01-30 03:18:50 1340 DEBUG cloudbaseinit.metadata.services.ec2service [-] Getting metadata from: http://169.254.169.254/2009-04-04/meta-data/public-hostname _get_data C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py:59

2013-01-30 03:18:50 1340 DEBUG cloudbaseinit.metadata.services.ec2service [-] Getting metadata from: http://169.254.169.254/2009-04-04/meta-data/public-ipv4 _get_data C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py:59

2013-01-30 03:18:50 1340 INFO cloudbaseinit.init [-] Metadata service loaded: ‘EC2Service’

2013-01-30 03:18:50 1340 INFO cloudbaseinit.init [-] Executing plugin ‘SetHostNamePlugin’

2013-01-30 03:18:50 1340 DEBUG cloudbaseinit.metadata.services.base [-] Using cached copy of metadata: ‘openstack/latest/meta_data.json’ _get_cache_data C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesbase.py:35

For VPC log:

2013-01-30 22:34:39 1168 DEBUG cloudbaseinit.metadata.services.ec2service [-] Getting metadata from: http://169.254.169.254/2009-04-04/meta-data/public-hostname _get_data C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py:59

2013-01-30 22:34:39 1168 DEBUG cloudbaseinit.metadata.services.ec2service [-] HTTP Error 404: Not Found load C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py:46

2013-01-30 22:34:39 1168 DEBUG cloudbaseinit.metadata.services.ec2service [-] Traceback (most recent call last):

File “C:Program Files (x86)Cloudbase SolutionsCloudbase-InitPython27libsite-packagescloudbase_init-0.9.0-py2.7.eggcloudbaseinitmetadataservicesec2service.py”, line 43, in load

self.get_meta_data(‘openstack’)

GeorgyMarch 5, 2013 at 01:22Reply

Hi,
This issue is fixed in the last commit. Should be available in as soon as Alessandro merges the code.

Virtualization Adapted » Blog Archive » windows on devstack on ubuntu nova hyper-v cloudbase openstackFebruary 6, 2013 at 22:12Reply

[...] how to provision windows VMs with OpenStack - http://www.cloudbase.it/cloud-init-for-windows-instances/ [...]

NuxApril 28, 2013 at 01:04Reply

Hello,

I’m trying to use your program to get Windows 2008R2 in working condition with Openstack, but have some problems. I have run your “free installer” and run sysprep, all good. The hostname gets set but not the password for the user Admin.
After the initial reboot(s) I notice the service is not started, started it manually, but it still does not set the password for user Admin.

Here’s my logs: http://fpaste.org/zx4m/

Alessandro PilottiApril 29, 2013 at 08:19Reply

The link that you provided for the log is not valid. Can you paste it here http://paste.openstack.org and post the link?

What version of Openstack are you using? For metadata, are you using HTTP or ConfigDrive?

Please note also that there’s a new version of the installer available today.

NuxApril 29, 2013 at 09:52Reply

Thanks Alessandro.
Fpaste played a nice one on me.
I’ll try your new installer today and if the problems persists I’ll come back with fresh logs.
Ciao

Alessandro PilottiApril 29, 2013 at 10:02Reply

I’m also typically online on IRC: alexpilotti on Freenode. #openstack-hyper-v or #openstack-dev

NuxApril 29, 2013 at 20:35Reply

Alex,

Looks like you’re not on irc. I have generated a new log here: http://pastie.org/7738738

Details are: Openstack Grizzly on Centos 6 (installed from Redhat’s RDO) running the metadata API (have never used configdrive).
I’ve used this installer: http://www.cloudbase.it/downloads/CloudbaseInitSetup_Beta.msi
VM: Windows 2008R2 SP1 + updates (14 GB image, takes ages to test … )

As stated previously, the hostname gets set correctly, but not the Admin password, in Services the Cloudbase service has no status and I have to start it manually.
Also, is there a way to set the password for Administrator user instead of Admin one, it will create confusion among users.
Another “also”, the VM reboots after booting initially, probably it’s sysprep’s doing, any way around it?

Alessandro PilottiApril 29, 2013 at 21:58Reply

Hi Nux, your log looks fine.

About your Admin password, by looking at the log I see:

2013-04-29 17:15:57 1320 INFO cloudbaseinit.plugins.windows.createuser [-] No SSH public key available for password encryption

The “nova get-password” feature introduced in Grizzly requires an SSH public key to encrypt the password, just provide it during boot as you would do with a Linux instance.

About Admin vs Administrator, you have the choice to set the user name in the installer, see the screenshot in this blog post. For security reasons providing a username different from “administrator” is a good idea, but it’s not mandatory.

Note that the service terminates once done with the configuration, so unless you find errors in the registry or in the cloudbase-init log, the service executed correctly.

To answer your last question, the VM reboots because of sysprep AND because setting the hostname requires a reboot on Windows (during cloudbase-init execution). I know, it’s amazing but this is how it still works unfortunately.

Alessandro PilottiApril 30, 2013 at 12:28Reply

I found the cause for the password issue, it’s a Quantum metadata proxy bug:
https://bugs.launchpad.net/quantum/+bug/1092311

NuxMay 2, 2013 at 13:01Reply

Alessandro,

I’m not using Quantum. Redhat’s RDO comes with nova-network by default. I’ll do some more testing, maybe it’s some bug in my setup.
Here’s a fresh log: http://pastie.org/7752149

hwMay 14, 2013 at 10:32Reply

Cloudbase-init is really a nice tool for windows. I just wonder if there is a way to run some user script per-boot by Cloudbase-init. In Cloud-init for linux, you can achieve this by putting the script in the /var/lib/cloudinit/scripts/per-boot/ .

thanks,

–hw

feedmymindAugust 5, 2013 at 19:36Reply

I am having errors problem installing CloudbaseInitSetup_Beta

error installing pythoncom27.dll

If you have any python applications running, please close them now and select retry

The process cannot access the file because it is used by another process.

*This is a fresh installation

Hyper-V 2012 running on VirtualBox
1 ethernet
60GB HD
4096 RAM

I stop the Nova and SCSI process..

Alessandro PilottiAugust 5, 2013 at 20:49Reply

Hi, Nova compute should be installed on a Hyper-V host, while cloudbase-init should be installed in guest instances.
Having them both on the same machine is quite uncommon.

Anyway, an easy way to kill all the python processes in PowerShell is:

get-process python | kill

feedmymindAugust 6, 2013 at 10:11Reply

Hi Allesandro,

Good day, thank you for your prompt response. I was thinking of putting it all in one virtual box. So I think I assume I need three virtual box for Glance, Nova and Horizon right? Kindly please provide the link or system requirements for setting up the whole openstack environment.

Thank you in advance.

Alessandro PilottiAugust 8, 2013 at 23:50Reply

For this type of questions it’s better if you join our community on IRC: #openstack-hyper-v or #openstack-dev (Freenode).
As a starting point, take a look also at: http://www.cloudbase.it/rdo-multi-node/

DanielSeptember 9, 2013 at 12:25Reply

I can’t launch this image. With other Unix instances it works. What Falvors do you use?

Alessandro PilottiSeptember 9, 2013 at 14:16Reply

Make sure that you use a flavor with at least 16GB for the local storage (better if you can assign at least 20GB) and at least 1024MB RAM.

PabloSeptember 9, 2013 at 22:22Reply

Hi,
I am using cloudbase for customizing HpCloud windows servers.
I am facing an issue in the execution of the user_data script. The script adds registry entries, but they are not there when I login as an administrator. I checked the cloudbase logs, and the execution of the “reg add” is successful. Any idea?
Thanks in advance.

Alessandro PilottiSeptember 9, 2013 at 23:57Reply

Most probably the script executes as x86, so the registry keys end up in SysWow64.

Currently to execute x64 Powershell scripts the first line of the script must be:
#ps1_sysnative

We plan to modify this behaviour and execute all scripts as x64 by default.

PabloSeptember 10, 2013 at 14:33Reply

Yes, this was the issue. Thanks a lot!

rob hawkerSeptember 17, 2013 at 04:09Reply

I am currently running rdo with the onboard compute disabled and hyper-v server 2012 as the active compute. I am running a windows 7 image and have installed the init beta. When it doesn’t seem to be able to find the config file even tho it is mounted.. The log shows a no such file or directory error on c:\\windows\\temp\\….. I am wondering if the issue is that it is adding the “\\” instead of just “\”

as a separate question, once I get this config working, should I be able to get it to assign a static IP to the nic?

-totally confused
-Rob

Alessandro PilottiSeptember 17, 2013 at 11:12Reply

Can you please copy your log in paste.openstack.org and paste the link here?

Thanks

Rob HawkerSeptember 17, 2013 at 15:31Reply

I have pasted the log here
http://pastie.org/8332847

Rob HawkerSeptember 17, 2013 at 17:17Reply

digging through the log more, it looks like it is pulling info from the metadata file in the config drive but it is missing any sort of IP info. can you point me in a direction to fix that?

Alessandro PilottiSeptember 17, 2013 at 18:39Reply

This is correct. Depending on your config, DHCP is used in Quantum or Nova network, which means that the IP address is not included in the metadata.

There are a few options here, depending if you are using Quantum or Nova networking.
I suggest to ask about the proper settings for your configuration on the OpenStack mailing list and/or IRC #openstack channel.

PabloSeptember 17, 2013 at 17:57Reply

Hi, I am interested on cloudbase for running a userData script, can I customize cloudbase not to run the rest of the plugins?
In particular, I would like to avoid the rebooting of the machine due to cloudbaseinit.plugins.windows.sethostname.SetHostNamePlugin.

Alessandro PilottiSeptember 17, 2013 at 18:26Reply

Sure, just specify in the cloudbase-init.conf config file the following option:

plugins=cloudbaseinit.plugins.windows.sethostname.SetHostNamePlugin

There’s also a way to avoid the extra reboot that we are testing now and it’s going to be part of cloudbase-init soon.
The idea consists in putting the hostname step as part of the unattended setup process during the first boot.

You can achieve that by modifying the unattend.xml used during sysprep by adding the following snippet. It’s going to be added to the installer as soon as we are done with the tests, possibly already this week.


“C:\Program Files(x86)\CloudbaseSolutions\Cloudbase-Init\Python27\Scripts\cloudbase-init.exe” –config-file “C:\Program Files(x86)\CloudbaseSolutions\Cloudbase-Init\conf\cloudbase-init.conf”
1

For details about the available plugins:
https://github.com/cloudbase/cloudbase-init/blob/master/cloudbaseinit/plugins/factory.py#L22

PabloSeptember 17, 2013 at 20:55Reply

Then:

plugins=cloudbaseinit.plugins.windows.sethostname.SetHostNamePlugin

ignores that plugin? It seems the other way around.

Thanks for your response!

Alessandro PilottiSeptember 17, 2013 at 21:15Reply

My bad, it was meant to be:

plugins=cloudbaseinit.plugins.windows.userdata.UserDataPlugin

I hope it makes more sense now! :-)

PabloSeptember 17, 2013 at 23:50Reply

It works!
Thanks again and congrats for the good work.

Oskar SenftSeptember 18, 2013 at 00:12Reply

Hi Alessandro

I’m working together with Rob. I think we found what was keeping us from getting the network adapter configured. In cloudbaseinit\osutils\windows.py, line 240 we query WMI to find the right network adapter. I did the same query via PowerShell and found that for some reason our Windows 7 image actually has two network adapters with the same name (“Microsoft Hyper-V Network Adapter”). Printing them out in PowerShell, I found that only one actually has a MACAddress configured and can be configured with an IP address. Trying to configure the other one results in error 97 (Interface not configurable). I could fix the issue by changing the WQL query to only return adapters with a MACAddress.

So instead of doing
“where Name = …”
I now do
“where MACAddress is not null and Name = …”

Does that make sense

Thanks
Oskar.

Alessandro PilottiSeptember 18, 2013 at 00:15Reply

Good catch! Would you like to send a pull request?

Oskar SenftSeptember 18, 2013 at 15:46Reply

Thanks, and done.

Oskar SenftSeptember 18, 2013 at 15:51Reply

Oh, I meant to ask: How often do you usually re-generate the MSI installer? We can obviously patch the installed version easy enough for now, but I was curious.

Thanks
Oskar.

Alessandro PilottiSeptember 18, 2013 at 15:57Reply

The installer is generated automatically every night. So for example if a commit gets merged now, tomorrow is already available with the installer.

Alessandro PilottiSeptember 18, 2013 at 20:10Reply

Just updated the installer with this fix. Thanks!

Oskar SenftSeptember 18, 2013 at 21:28Reply

Excellent, thanks a lot!

CloudInit for Windows is really an awesome tool and you’re providing such great help. Thank you!!

Oskar.

Alessandro PilottiSeptember 18, 2013 at 21:30Reply

Thanks! :-)

PabloOctober 8, 2013 at 03:40Reply

Hi, I am using cloudbase but I am facing an issue in the last days.

Userdata is not executed (see logs output):
2013-10-08 00:02:26 1312 DEBUG cloudbaseinit.init [-] Plugin ‘UserDataPlugin’ execution already done, skipping _exec_plugin C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\init.py:45

But I delete the registry keys before booting the server. Might it have another reason to avoid the execution of userdata?

This is the full log output:

2013-10-08 00:01:05 1312 DEBUG cloudbaseinit.utils.classloader [-] Loading class ‘cloudbaseinit.osutils.windows.WindowsUtils’ load_class C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\utils\classloader.py:24
2013-10-08 00:01:09 1312 DEBUG cloudbaseinit.utils.classloader [-] Loading class ‘cloudbaseinit.metadata.services.httpservice.HttpService’ load_class C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\utils\classloader.py:24
2013-10-08 00:01:09 1312 DEBUG cloudbaseinit.utils.classloader [-] Loading class ‘cloudbaseinit.osutils.windows.WindowsUtils’ load_class C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\utils\classloader.py:24
2013-10-08 00:01:12 1312 DEBUG cloudbaseinit.metadata.services.httpservice [-] Getting metadata from: http://169.254.169.254/openstack/latest/meta_data.json _get_data C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\metadata\services\httpservice.py:97
2013-10-08 00:01:37 1312 DEBUG cloudbaseinit.metadata.services.httpservice [-] Getting metadata from: http://169.254.169.254/openstack/latest/meta_data.json _get_data C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\metadata\services\httpservice.py:97
2013-10-08 00:02:24 1312 DEBUG cloudbaseinit.metadata.services.httpservice [-] Getting metadata from: http://169.254.169.254/openstack/latest/meta_data.json _get_data C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\metadata\services\httpservice.py:97
2013-10-08 00:02:26 1312 DEBUG cloudbaseinit.metadata.services.base [-] Using cached copy of metadata: ‘openstack/latest/meta_data.json’ _get_cache_data C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\metadata\services\base.py:79
2013-10-08 00:02:26 1312 INFO cloudbaseinit.init [-] Metadata service loaded: ‘HttpService’
2013-10-08 00:02:26 1312 DEBUG cloudbaseinit.utils.classloader [-] Loading class ‘cloudbaseinit.plugins.windows.userdata.UserDataPlugin’ load_class C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\utils\classloader.py:24
2013-10-08 00:02:26 1312 DEBUG cloudbaseinit.plugins.windows.userdata_plugins [-] Trying to load user data plug-in from file: C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\plugins\windows/userdata-plugins\cloudconfig.py load C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\plugins\windows\userdata_plugins.py:67
2013-10-08 00:02:26 1312 INFO cloudbaseinit [-] Cloud-config part handler is loaded.
2013-10-08 00:02:26 1312 INFO cloudbaseinit.plugins.windows.userdata_plugins [-] Plugin ‘Cloud-config userdata plugin’ loaded.
2013-10-08 00:02:26 1312 DEBUG cloudbaseinit.plugins.windows.userdata_plugins [-] Trying to load user data plug-in from file: C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\plugins\windows/userdata-plugins\heathandler.py load C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\plugins\windows\userdata_plugins.py:67
2013-10-08 00:02:26 1312 INFO cloudbaseinit [-] Heat user data part handler is loaded.
2013-10-08 00:02:26 1312 INFO cloudbaseinit.plugins.windows.userdata_plugins [-] Plugin ‘Heat userdata plugin’ loaded.
2013-10-08 00:02:26 1312 DEBUG cloudbaseinit.plugins.windows.userdata_plugins [-] Trying to load user data plug-in from file: C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\plugins\windows/userdata-plugins\parthandler.py load C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\plugins\windows\userdata_plugins.py:67
2013-10-08 00:02:26 1312 INFO cloudbaseinit [-] Part-handler script part handler is loaded.
2013-10-08 00:02:26 1312 INFO cloudbaseinit.plugins.windows.userdata_plugins [-] Plugin ‘Part-handler userdata plugin’ loaded.
2013-10-08 00:02:26 1312 DEBUG cloudbaseinit.plugins.windows.userdata_plugins [-] Trying to load user data plug-in from file: C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\plugins\windows/userdata-plugins\shellscript.py load C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\plugins\windows\userdata_plugins.py:67
2013-10-08 00:02:26 1312 INFO cloudbaseinit [-] Shell-script part handler is loaded.
2013-10-08 00:02:26 1312 INFO cloudbaseinit.plugins.windows.userdata_plugins [-] Plugin ‘Shell-script userdata plugin’ loaded.
2013-10-08 00:02:26 1312 DEBUG cloudbaseinit.init [-] Plugin ‘UserDataPlugin’ execution already done, skipping _exec_plugin C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\init.py:45
2013-10-08 00:02:29 1312 DEBUG cloudbaseinit.osutils.windows [-] Stopping service cloudbase-init _stop_service C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.1-py2.7.egg\cloudbaseinit\osutils\windows.py:319

Thanks!

Alessandro PilottiOctober 8, 2013 at 16:04Reply

Hi Pablo,

You need to mount the ConfigDrive as a CDROM, not as a raw HDD. This is done by default on KVM starting with Grizzly 2013.1.2. As an alternative, you need to specify:
config_drive_cdrom=true in nova.conf: http://docs.openstack.org/user-guide/content/config-drive.html

Let me know if this solves your issue!

alexOctober 16, 2013 at 09:50Reply

I try to deploy your windows image on hyper-v server.
I have 1 problem – network settings are not configured inside VM.
In openstack network config dhcp is disabled, but VM try to use dhcp.
In meta file i dont see any information about ip.
I use neutron for networking.

Alessandro PilottiOctober 30, 2013 at 07:16Reply

Hi alex,

This sounds more like a Neutron issue and we need more context to help identifying it. I suggest to ask on the #OpenStack channel on IRC (FreeNode) or on the OpenStack ML.

PabloOctober 17, 2013 at 18:07Reply

Hi, when I start a windows server with cloudbase installed, the hostname is set to ‘cloudbase’.
How can I avoid it? I want to keep the original server name (SAPIDES).

This is my configuration file:

[DEFAULT]
username=Admin
groups=Administrators
plugins=cloudbaseinit.plugins.windows.userdata.UserDataPlugin
inject_user_password=false
network_adapter=Red Hat VirtIO Ethernet Adapter
config_drive_raw_hhd=true
config_drive_cdrom=true
verbose=true
logdir=C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\log\
logfile=cloudbase-init.log

Thanks!

Alessandro PilottiOctober 30, 2013 at 07:15Reply

This is done by Cloudbase-Init, during boot. Please make sure that your metadata service is accessible or that you are using ConfigDrive.

VinayOctober 31, 2013 at 22:52Reply

Hi Alessandro,

Thanks a lot for this great post. However, I have a few questions:

1. Is it possible to install the cloudbase-init software on a mounted disk image. i.e I have a disk image file that I want to upload to openstack, but don’t want to boot up the image etc. I’d like to just mount the disk image and install the cloudbase-init software. Is this possible?

2. Do windows images uploaded to openstack need to be sysprepped?

Thanks for your assistance.
- Vinay

Alessandro PilottiOctober 31, 2013 at 23:31Reply

Hi Vinay,

1) Yes it is. It’s a regular Windows service, so all you need to do is to mount your image in loopback, copy the content of “%ProgramFiles% (x86)\Cloudbase Solutions\Cloudbase-Init” from a VM where you installed it. Open the HKLM registry hive and copy the settings from the cloudbase-init service.
One day or the other we’ll provide a script for this ;-)

2) Yes and no. They should be sysprepped in order to consider all the possible cases, but the Sysprep requirement is really overrated. See for example this article to get an idea: http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

AndyNovember 5, 2013 at 01:45Reply

Hi, may i know where to find a list of complete plugins? Say extending C volume for example, am i right to understand cloud-init would extend the C volume to the max of the instance size by default? Thanks.

Alessandro PilottiNovember 6, 2013 at 10:59Reply

By default all volumes are automatically extended. This can be fine tuned by setting the “VolumeToExtend” configuration file option.

For details please see:
https://github.com/cloudbase/cloudbase-init/blob/master/cloudbaseinit/plugins/windows/extendvolumes.py#L30

AndyNovember 7, 2013 at 13:26Reply

Thank you Alessandro for your reply. It is good to know that all volumes are automatically extended.

Can i have your advice for the following?

- Join server to Domain automatically. What is the best way to achieve this? User Data? Sysprep? or…

- Fix a password for the default local Administrator account and use the same password for all future instances. Is this possible? If yes, how do i do so? If no, can this be done on another local admin account?

- Name server automatically based on a list of server names provided. Is this possible? If yes, how may i do so?

Thanks

Alessandro PilottiNovember 11, 2013 at 18:58Reply

Join a domain:

Please see this thread https://github.com/cloudbase/cloudbase-init/issues/24

Administrator with a fixed password:

You can set the password in the unattend.xml passed to sysprep.

Name server automatically based on a list of server names provided. Is this possible? If yes, how may i do so?

The server name is assigned by Nova during boot. Cloudbase-Init uses the name provided in the metadata.
This means that as an example you could do a simple script that uses “nova list” to obtain the list of running instances, compare their names with your list of names and choose a new name for the next “nova boot”.

Jay MedinaNovember 5, 2013 at 19:49Reply

Hello,

We are trying to test Cloud-Init for Windows and we don’t seem to be having much luck. We have installed the Cloud-Init software on a Windows 2008 R2 VM, and we have run Sysprep on the machine. We have uploaded to Glance and when we try to launch an instance, the password injection doesn’t appear to be working.

When the instance launches, the password we attempted to inject isn’t the password that works. In fact, we cannot seem to get into the instance at all.

To test the image and subsequent instances, I launched an instance from the same image from the Horizon dashboard. During spin up of he instance, during the mini-wizard phase of the spin up process, I am prompted to enter the Administrator password before proceeding. Normally, the screen will wait there until I enter in a password. However, with Cloud-Init installed, it will begin to shut down the VM at that screen and the VM reboots itself.

When the VM comes back online, I am at the Administrator login screen, and none of the passwords I try will allow me access. So, it seems that Cloud-Init initiates some sort of random password and reboots the machine. This is unexpected behavior and I don’t know what the password is.

It cannot be injection because our Horizon dashboard does not have the metadata fields enabled to pass the data in the field to the password injection module.

While I am not the Linux guy, I am the Windows guy, I can say that we are using OpenStack on Ubuntu KVM with compute node, Nova Network, and config drive.

Any help in this would be greatly appreciated. Oh, and as I cannot access the Windows machine, I’m not sure what logs I should obtain or where to obtain them.

Thank you in advance for any help, direction, or documentation you can provide.

Best regards,

-Jay

Alessandro PilottiNovember 6, 2013 at 10:07Reply

Hi Jay,

After the VM boots, it reaches for the metadata HTTP service, timing out after 2 minutes if it’s not found. At that point it will look for the configdrive and get the metadata from there.

A change in the VM name requires a reboot, which triggers when all the plugins have been processed, this is what happened while you were trying to log in as administrator.
Windows unfortunately requires a reboot when the hostname is changed, we are trying to find a way to get around this.

The Administrator user is still available but is disabled until the password is changed in the VNC console (not remotely via RDP).

The password for the Admin user is generated randomly, encrypted with the keypair’s public key assigned to the VM and uploaded to the metadata service.
This way it can be retrieved with “nova get-password”. This is of course not available in case of metadata on CDRom drive.
If no keypair has been assigned to the VM, the password cannot be retrieved.

Can you please log in with the administrator account (as descrived above) and send me a copy of the log in “C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Log”?

It could be useful to check if the metadata service is available by opening a web browser in the vm and point it to http://169.254.169.254

Jay MedinaNovember 6, 2013 at 19:46Reply

Hi Alessandro,

Thank you so much for your quick reply. I’ll work with my team to see if we can gain access via the method you describe and obtain the logs. Thank you for your helpful information.

Best regards,

-Jay

ChimaNovember 6, 2013 at 09:50Reply

Hi,
I tried –mete admin_pass=xxxxxxx. But this password is not set. Instead the new password is set from metadata api.

So every time i have to nova get-password to retrieve the password.

Also when create a VM with nova boot with out –mete admin_pass option, i am not able to retrieve the password using get-password. It returns blank output. So i am not able to login o VM itself.

I am using openstack Grizzly on Ubuntu and CloudbaseInitSetup_Beta cloud base.

Alessandro PilottiNovember 6, 2013 at 10:10Reply

it’s “–meta admin_pass”, not “–mete” :-)

Please make sure to:

1) boot the instance with a keypair assigned, otherwise the password cannot be encrypted and posted to the metadata service.
2) verify that the HTTP metadata service is available (e.g. in the VM open a web browser and access http://169.254.169.254)

ChimaNovember 6, 2013 at 12:37Reply

Hi,
Thank you. Its typo error. Yes I am using along with ssh key and i am able to reach http://169.254.169.254 from VM.

Also found i am able to login with password passed with –meta admin_pass. But it got changed after initial reboot after setting the hostname.

When is new cloudbase-init base which will not reboot the server, going to release.

Alessandro PilottiNovember 18, 2013 at 18:33Reply

Hi, we just released a new version of cloudbase-init that avoids the extra reboot after setting the hostname.

This is obtained by running cloudbase-init a first time during sysprep’s specialize phase setting the host name only.
This way when the system starts after the setup finishes, the cloudbase-init service can run all the remaining plugins without additional reboots.

ChimaNovember 20, 2013 at 15:23Reply

Thank you for update.

Tried 0.9.3. the hostname was not changed , till i reboot the server manually.

Alessandro PilottiNovember 20, 2013 at 17:33Reply

In all our tests, Sysprep triggered a reboot automatically after the “specialize” phase when the hostname is set, but most probably this didn’t apply to your case.
Since the unattended process can esplicitly force a reboot as well, we just added a Always to the unattend.xml used by the Cloudbase-Init installer.

The MSI installer has already been updated. Please let me know if this solution works for you.

ChimaNovember 8, 2013 at 08:31Reply

Hi,

Is there a way i can mention cloudbase to run only cloudbaseinit.plugins.windows.userdata.UserDataPlugin and cloudbaseinit.plugins.windows.createuser.CreateUserPlugin plugin only.

In the older post i can see an example to configure with one plugin. If i want more than one, how to configure it.

Alessandro PilottiNovember 18, 2013 at 18:27Reply

Just separate the plugin classes with a comma. For example:

plugins=cloudbaseinit.plugins.windows.userdata.UserDataPlugin,cloudbaseinit.plugins.windows.createuser.CreateUserPlugin

MarioNovember 20, 2013 at 16:32Reply

Hi,
I try to inject a password for the user “admin” into the instance during creation, but there seems to be a problem with the syntax I use, as the password isn’t working when I want to log on ;)
This is the relevant part of the log from the server:

2013-11-20 10:20:53 1968 INFO cloudbaseinit.init [-] Executing plugin ‘UserDataPlugin’
2013-11-20 10:20:53 1968 DEBUG cloudbaseinit.metadata.services.httpservice [-] Getting metadata from: http://169.254.169.254/openstack/latest/user_data _get_data C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.3-py2.7.egg\cloudbaseinit\metadata\services\httpservice.py:96
2013-11-20 10:20:53 1968 DEBUG cloudbaseinit.plugins.windows.userdata [-] User data content:
-meta admin_pass=Start123 _process_userdata C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.3-py2.7.egg\cloudbaseinit\plugins\windows\userdata.py:66
2013-11-20 10:20:53 1968 DEBUG cloudbaseinit.utils.classloader [-] Loading class ‘cloudbaseinit.osutils.windows.WindowsUtils’ load_class C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.3-py2.7.egg\cloudbaseinit\utils\classloader.py:24
2013-11-20 10:20:53 1968 WARNING cloudbaseinit.plugins.windows.userdata [-] Unsupported user_data format
2013-11-20 10:20:53 1968 INFO cloudbaseinit.init [-] Executing plugin ‘SetUserPasswordPlugin’
2013-11-20 10:20:53 1968 DEBUG cloudbaseinit.metadata.services.httpservice [-] Getting metadata from: http://169.254.169.254/openstack/2013-04-04/password _get_data C:\Program Files (x86)\Cloudbase Solutions\Cloudbase-Init\Python27\lib\site-packages\cloudbase_init-0.9.3-py2.7.egg\cloudbaseinit\metadata\services\httpservice.py:96
2013-11-20 10:20:53 1968 ERROR cloudbaseinit.init [-] plugin ‘SetUserPasswordPlugin’ failed with error ”
2013-11-20 10:20:53 1968 ERROR cloudbaseinit.init [-]

I’m working around this problem by adding a user via Windows CMD, but I’d like to use the “easier way” with admin_pass :)
Thanks for your support!
Mario

Alessandro PilottiNovember 20, 2013 at 17:42Reply

Hi Mario, is the password that you’re using respecting the Windows complexity requirements?
The password requires a mixture of: uppercase chars, lowercase chars, numbers and/or special chars.

The nova client syntax is:

nova boot –meta admin_pass=Passw0rd …

Grant ANovember 26, 2013 at 23:02Reply

Hi there,

I was wondering if it would be at all possible to set the name of the account via a meta name, similar to what you do for the password (admin_name perhaps?). This way, we could disable the administrator account (for security purposes), and have the user choose their own username and password, and THEN provision the windows VM to be set up for that.

Alessandro PilottiNovember 27, 2013 at 00:27Reply

Interesting idea! It’s possible, we are going to do some tests. The idea is:

nova boot … –meta admin_user CustomUserName

Alex BlackNovember 27, 2013 at 08:36Reply

Hi Alessandro,

I’ve given this cloudbase-init package a try multiple times but fail to successfully set the Administrator password. I have it set to modify the existing ‘Administrator’ account rather than create an ‘Admin’ account. Logs indicate that it executed the user creation script, then went on to the set user password script. In the logs it shows that a randomly generated password was created and set, even though I have specified the password and have verified it works in other linux instances in our stack. Mind you, I am executing these image creations through Horizon. Additionally, I can pull the randomly generated password with the ‘nova get-password’ command when I provide the .pem key, and it accepts the password when I log into the instance.

Am I missing something here? Shouldn’t this apply my password as specified in Horizon rather than generating a random password? Please help!

Alessandro PilottiNovember 27, 2013 at 22:40Reply

The password can be passed with the following metadata key:

nova boot … –meta admin_pass YourPassword

Note: Make sure that the password meets Windows complexity requirements.

Grant ANovember 27, 2013 at 23:18Reply

Follow up questions:

I installed cloudbase-init on Windows 2008 R2. I then ran sysprep and restarted the system. Most of the time, it didn’t work. Logs say “Cannot set the password in the metadata as it is not supported by this service”. I tried it a few times, and it did work once. I can force it to work by running “SetSetupComplete.cmd” in the bin folder, and logging out. The account is then there waiting with the proper password. Is there a way I can get it to work consistently after running sysprep?

The time it did work (or if I force it to work by running SetSetupComplete.cmd), the user account that gets created doesn’t have access to the C:\ drive. I get the message “C:\ is not accessible. Access is denied.” Navigating via command prompt after running it as administrator does work, though. Any ideas on how to fix this?

Alessandro PilottiNovember 27, 2013 at 23:36Reply

The error “Cannot set the password in the metadata as it is not supported by this service” means typically that you are using ConfigDrive metadata.
Only the HTTP metadata service supports posting the password.

There’s another way to set the password which involves passing the password in clear text:

nova boot … –meta admin_pass YourPassword

About your second error, is the user that you create part of the Administrators group?

Grant ANovember 27, 2013 at 23:32Reply

Also forgot to mention some other factors in my last message.

I’m wondering about the security of injecting through the –meta command line argument, since it’s stored in plain text. The problem is, the password will end up being shown in the meta section of the overview of the instance on Horizon.

Would bit be possible to instead pass a configuration file via the –meta command line argument (that then goes on the config drive) instead? And if so, is there a way of encrypting the password so the user couldn’t just navigate to the config drive to see what the password is?

Thanks for your time! You guys are really quick to respond and I greatly appreciate that.

Alessandro PilottiNovember 28, 2013 at 04:22Reply

This is the reason why the password is generated by the instance, encrypted with the user’s public key, posted and retrieved via nova get-password.

There are other solutions to mitigate the problem, but this is the only effective one from a security standpoint.

KevinDecember 7, 2013 at 05:16Reply

Will it work on XP? Is it untested or known not to work?

Thanks,
Kevin

Alessandro PilottiDecember 7, 2013 at 18:44Reply

Hi, it’s tested and working on Windows XP SP3 (both x86 and x64), with a couple of limitations:

1) Sysprep must be executed separately, as it’s available in a separate cab package

2) on x86, volume resize is not available

DanDecember 27, 2013 at 00:37Reply

Is anyone else having issues with Windows Server 2008 (not R2) booting? I have tried every version of VirtIO drivers. The instance blue screens on boot every time. Not sure if this is a cloud-init issue or not.

Alessandro PilottiDecember 27, 2013 at 00:47Reply

Can you add some details? Are you booting from volume?

Cloudbase-Init is a service so it has nothing to do with booting or not, so it’s quite probably a VirtIO drivers issue. What version did you use?

MramosJanuary 13, 2014 at 23:53Reply

Guys, is there a place where I could get the latest MSI installer version (0.9.4…. I believe)??

Alessandro PilottiFebruary 6, 2014 at 15:40Reply

The installer is built automatically anytime a new patch gets deployed on github and is available here:

http://www.cloudbase.it/downloads/CloudbaseInitSetup_Beta.msi

Michael S. MoodyJanuary 24, 2014 at 09:52Reply

We’re running into a problem where HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\SysprepStatus\GeneralizationState isn’t changing from 7, and thus wait_for_boot_completion never triggers. Our cloudbase-init logs get filled with wait_for_boot_completion, and sometimes user-data is executed (powershell in this case), and sometimes it’s not. Is looking at generalizationstate the most effective and reliable way to determine this?

Alessandro PilottiFebruary 6, 2014 at 15:22Reply

Hi, do you use a custom Unattend.xml for sysprepping or are you using the one provided with the Cloudbase-Init MSI installer?
What version of Windows are you deploying?

JulienFebruary 3, 2014 at 19:51Reply

HI,
I tried to run a POwershell command when deploying the instance with heat but it does not work.
My user data is :
“UserData” : { “Fn::Base64″ : { “Fn::Join” : ["", [
"\n",
"#ps1_sysnative\n",
"Add-WindowsFeature -Name Web-Common-Http -IncludeAllSubFeature\n",
""
]]}}

It deploy the windows 2012 instance but does not run the powershell command.
Do you have any example for heat ?

Thanks

Alessandro PilottiFebruary 5, 2014 at 00:47Reply

You have an extra “\n” before the ps1_sysnative line.

David MedberryFebruary 7, 2014 at 23:23Reply

Alessandro,

Does disk resize work the same in cloudbase-init as cloud-init (for Win2012R2)? Ie, can I put up a single cloud-image of Win2012R2 and then have it resize on first boot with cloudbase-init? (I didn’t see that feature mentioned and only a single comment that it doesn’t work for XP). Or, instead, do I need to create N different cloud-images each representing a different size root/boot/C device to get different instance sizes?

Alessandro PilottiFebruary 7, 2014 at 23:54Reply

Hi David,

There’s a plugin executed by default called “cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin” that will resize partitions automatically for you, no need for configuring it.
Beside XP, it works on any version of Windows.

Alex BlackFebruary 14, 2014 at 01:00Reply

Hey Alessandro,

Excellent work. Definitely a step forward in the right direction for Windows instances on openstack!

I’m running into one problem with the passwords, however. I have selected the option at install to not inject the password from metadata, but it still randomly generates the password and pushes it to the instance. Is there a way I can make the instance by default run all other script except for the password generation? We will have customers using our openstack environment and we’d like to keep this as ‘vanilla’ as possible to ensure that when users log in that the instances prompt them for a new password on first-boot.

Much appreciated!

Alessandro PilottiFebruary 19, 2014 at 14:14Reply

Hi Alex, thanks!

Talking about “vanilla” password management, the support for encrypted passwords is going to be merged hopefully in time for Icehouse in Horizon:
https://review.openstack.org/#/c/61032/

For existing scenarios, Cloudbase-init uses the unencrypted password if “inject_user_password” is set to true in the configuration file.
This is definitely not a good practice form a security perspective, but it’s also the only easy way to deploy Windows instances in Horizon today.

Niraj KumarMarch 2, 2014 at 10:50Reply

I have installed the cloud base installer installed successfully. I have been using heat to spin multiple instances at a time. But what i see is that all the hostname gets the same name and how do i avoid these. I have to sign puppet agent but due to same hostname it reflects a conflict. How do i overcome this ?

My User-data section of heat is as below :-

“UserData”: {
“Fn::Base64″: {
“Fn::Join”: [
"",
[
"#ps1\n",
"powershell.exe -Command (New-Object System.Net.WebClient).DownloadFile('https://s3.amazonaws.com/pe-builds/released/3.1.3/puppet-enterprise-3.1.3.msi','C:\\Users\\administrator\\puppet.msi')",
"powershell.exe -Command msiexec /qn /i C:\\Users\\administrator\\puppet.msi PUPPET_MASTER_SERVER=puppetserver.com\n"

]
]
}
}

Please help me out.

Alessandro PilottiMarch 2, 2014 at 13:37Reply

Can you post a sample of your hostnames, both expected and assigned?
By default cloudbase-init truncates the host name to 15 chars for Netbios compatibility, but this can be avoided by setting “netbios_host_name_compatibility = False” in cloudbase-init-unattended.conf and cloudbase-init.conf.

Niraj KumarMarch 3, 2014 at 09:29Reply

@Alessandro: My sample hostname will be like below:-

Assigned :-

Windows80uu6u6

Expected hostnames:-

niraj-test-app1
niraj-test-app2
niraj-test-web1
niraj-test-web2

Alessandro PilottiMarch 7, 2014 at 18:50Reply

Hi Niraj,

I’ll need to take a look at the metadata that you received. Can you send us the cloudbase-init.log and a copy of your latest/meta_data.json?

Thanks,

Alessandro

Technology Short Take #39 – blog.scottlowe.org – The weblog of an IT pro specializing in virtualization, networking, cloud, servers, & MacsMarch 7, 2014 at 16:52Reply

[…] to run Hyper-V in your OpenStack environment? Check this out. Also from the same folks is a version of cloud-init for Windows instances in cloud environments. I’m testing this in my OpenStack home lab now, and hope to have more […]

LukeJuly 9, 2014 at 16:18Reply

After running the program, my windows installation go from being activated to un-activated.

I installed server 2012, 2008, 2012R2, 2008R2 … activated each copy with my license key’s, and then after running the cloudbase init sysprep utility, when I boot up the machines, windows prompt’s me to activate.

Is there a solution or something I need to do to retain the activation status of the operating systems?

Alessandro PilottiJuly 9, 2014 at 17:27Reply

Hi, there’s a plugin for activation called WindowsLicensingPlugin which looks for a configuration called “activate_windows” and activates Windows if set to True:
https://github.com/cloudbase/cloudbase-init/blob/master/cloudbaseinit/plugins/windows/licensing.py#L34

To let cloudbase-init activate you Windows instance, set “activate_windows = True” in cloudbase-init.conf

Note: the plugin show also you licensing status in the log, look for “Microsoft Windows license info” in the text.

greenmoon55July 25, 2014 at 09:46Reply

Thanks! We’ve been using it for months. Recently we modified the code to suit our needs. How to build an installer for our code?

Alessandro PilottiJuly 25, 2014 at 15:26Reply

Hi,

The installer is meant to be released for upstream code only. Please send one or more pull requests in case you’d like to contribute your work.

Thanks

Grant ADecember 19, 2013 at 19:42Reply

Looks like I finally got the HTTP metadata service working!

I’m on the final piece, just need it to prompt for a new password after a password is injected.

Alessandro PilottiDecember 19, 2013 at 21:00Reply

Here you go. Boot with the following user_data script:

#PS1
$user = [ADSI](“WinNT://./Administrator,user”)
$user.PasswordExpired = 1
$user.SetInfo()

Where also adding a new plugin to execute custom scripts in the guest without the need of passing them per instance.

Alessandro PilottiDecember 19, 2013 at 21:03Reply

One more thing:

Now Cloudbase-Init supports also password-less logins: http://www.cloudbase.it/windows-without-passwords-in-openstack/

For technical questions & support please visit ask.cloudbase.it

Menu