how to disable the creation of the default Admin user?

[rgl]

My base image already has an administrator (the vagrant user) with a specific password and I do not want to change it or create a new administrator user.

To disable this behavior do I have to somehow blacklist the following plugins or is there other way?

cloudbaseinit.plugins.windows.createuser.CreateUserPlugin                                                                       
cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin                                                              

Does cloudbase-init internally (or its plugins) use/need this user? Or is this just an user that will be used by an human?

---

For reference this is how I got the default plugins:

$cloudbaseInitHome = 'C:\Program Files\Cloudbase Solutions\Cloudbase-Init'
&"$cloudbaseInitHome\Python\python.exe" -c 'import json, sys; from cloudbaseinit import conf; json.dump(conf.CONF.plugins, sys.stdout)' | ConvertFrom-Json

And currently, this list is:

cloudbaseinit.plugins.common.mtu.MTUPlugin                                                                                      
cloudbaseinit.plugins.windows.ntpclient.NTPClientPlugin                                                                         
cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin                                                                      
cloudbaseinit.plugins.windows.createuser.CreateUserPlugin                                                                       
cloudbaseinit.plugins.common.networkconfig.NetworkConfigPlugin                                                                  
cloudbaseinit.plugins.windows.licensing.WindowsLicensingPlugin                                                                  
cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin                                                           
cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin                                                                 
cloudbaseinit.plugins.common.userdata.UserDataPlugin                                                                            
cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin                                                              
cloudbaseinit.plugins.windows.winrmlistener.ConfigWinRMListenerPlugin                                                           
cloudbaseinit.plugins.windows.winrmcertificateauth.ConfigWinRMCertificateAuthPlugin                                             
cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin                 

[rgl]

At least the ConfigWinRMCertificateAuthPlugin seems to need the password. Is this expected?

2019-10-20 16:54:11.765 2648 INFO cloudbaseinit.init [-] Executing plugin 'ConfigWinRMCertificateAuthPlugin'
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init [-] plugin 'ConfigWinRMCertificateAuthPlugin' failed with error 'Cannot execute plugin as the password has not been set in the plugins shared data, nor it was retrieved from the metadata service.': cloudbaseinit.exception.CloudbaseInitException: Cannot execute plugin as the password has not been set in the plugins shared data, nor it was retrieved from the metadata service.
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init [-] Cannot execute plugin as the password has not been set in the plugins shared data, nor it was retrieved from the metadata service.: cloudbaseinit.exception.CloudbaseInitException: Cannot execute plugin as the password has not been set in the plugins shared data, nor it was retrieved from the metadata service.
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init Traceback (most recent call last):
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init   File "c:\program files\cloudbase solutions\cloudbase-init\python\lib\site-packages\cloudbaseinit\init.py", line 66, in _exec_plugin
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init     shared_data)
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init   File "c:\program files\cloudbase solutions\cloudbase-init\python\lib\site-packages\cloudbaseinit\plugins\windows\winrmcertificateauth.py", line 58, in execute
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init     user_name, password = self._get_credentials(service, shared_data)
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init   File "c:\program files\cloudbase solutions\cloudbase-init\python\lib\site-packages\cloudbaseinit\plugins\windows\winrmcertificateauth.py", line 47, in _get_credentials
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init     "Cannot execute plugin as the password has not been set "
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init cloudbaseinit.exception.CloudbaseInitException: Cannot execute plugin as the password has not been set in the plugins shared data, nor it was retrieved from the metadata service.
2019-10-20 16:54:11.765 2648 ERROR cloudbaseinit.init

[rgl]

In the mean time, I've worked around this at https://github.com/rgl/cloudbase-init/tree/add-no-cloud by implementing the get_admin_username and get_admin_password methods that get the information from the nocloud service and now all plugins can be used without a blacklist.

My terraform file now looks like:

# a cloudbase-init cloud-config disk.
# NB this creates an iso image that will be used by the NoCloud cloudbase-init datasource.
# see https://github.com/dmacvicar/terraform-provider-libvirt/blob/master/website/docs/r/cloudinit.html.markdown
# see https://github.com/dmacvicar/terraform-provider-libvirt/blob/v0.6.0/libvirt/cloudinit_def.go#L133-L162
resource "libvirt_cloudinit_disk" "example_cloudinit" {
  name = "${var.prefix}_example_cloudinit.iso"
  meta_data = jsonencode({
    "admin-username": var.winrm_username,
    "admin-password": var.winrm_password,
    "public-keys": [trimspace(file("~/.ssh/id_rsa.pub"))],
  })
}

[ader1990]

you can easily redefine the metadata plugins list in the cloudbase-init config file, an example is already done in the unattend cloudbase-init config file. You can put there the exact set of plugins you require in your environment.

ConfigWinRMCertificateAuthPlugin is expected to have the username/password requirement, as the certificate mapping can be done only with the user credential.

[rgl]

OK, so we are really expected to edit that configuration file. Did that at https://github.com/rgl/windows-2016-vagrant/blob/master/provision-cloudbase-init.ps1. Thank you!