Closed dacron closed 4 years ago
MAAS does not support setting a password for the user in the metadata.
There are several ways you can achieve this:
#ps1
net user Admin Passw0rd
Ok. That's awesome and seems super easy. Are there any configuration changes required to cloudbase-init{-unattend}.conf so that cloudbase-init will not stomp on the changes and require the password to be changed on first login?
Once https://review.opendev.org/#/c/379354 gets merged, there should not be any configuration change from your side. You just need to define the userdata in cloud=config format similar to:
Note that cloudbase-init beta installer gets rebuilt once a day.
#cloud-config
users:
-
name: Admin
primary_group: Administrators
passwd: StrongPassw0rd
After user/groups support for cloud-config gets merged, when a user gets created using the cloud-config information, its password does not expire.
@dacron I will notify you on this thread when the patch gets merged: https://review.opendev.org/#/c/379354
this run single for instanse?
@f-andrey the UserData plugin runs only once per instance.
@dacron the users/groups patch is merged, the cloudbase-init beta installer should have the new code.
Hello @dacron,
Did you manage to solve your requirements by using users/groups cloud-config directives?
Thank you, Adrian Vladu
I can successfully use an SSL certificate and WinRM to set the Admin user password after a Windows image has been deployed by MAAS.
I understand that setting it via meta data is not really "secure", but that works in our trusted environment. I've tried with the following user data passed in to user_data as a base64 encoded string:
with cloudbase-init.conf:
and cloudbase-init-unattend.conf:
But each time I'm still prompted to change the password when host first boots. This is problematic for us as the devices are headless Intel NUCs with no IPMI (we are using a custom Eaton power driver to control power state - see: https://code.launchpad.net/~adacre/maas/+git/maas/+merge/377439)