Table of Contents |
---|
In private cloud datacenters, Abiquo supports guest setup with cloud init or hypervisor tools. In public cloud providers, Abiquo supports cloud init. The Abiquo Chef integration also uses cloud-init. , and in AWS it also supports provider setup tools.
Guest setup runs the first time you deploy a VM. The hypervisor tools guest setup also runs on Linux VMs in datacenters when you add a NIC. If the guest setup is not successful, the VM deploy or reconfigure will fail and roll back.
For private cloud datacenters, the guest setup functionality is described in this table.
...
Expand | ||
---|---|---|
| ||
Editing a VM with a FQDN set by Abiquo based on the VM UUID (with the default localdomain) and the Guest initial password option selected |
Prepare templates for guest setup
To prepare templates for guest setup
- Load templates with support for cloud-init (configuration drive) support or hypervisor guest tools installed
- In the Apps library, edit the template:
- Select the appropriate guest setup option (Cloud-Init or Hypervisor tools)
- Optionally select "Set initial guest password"
Expand | ||
---|---|---|
| ||
|
Windows guest tools configuration
Abiquo will use an unattend file with the variables $adminPassword, $domain and $hostName. You can configure the path to your own Windows unattend file on the Abiquo Remote Services by setting the following property and placing the file at that location.
Code Block |
---|
// Path to Windows unattend file
com.abiquo.esxi.experimental.customize.win.unattendfile=/root/windows_unattend.xml |
The default Abiquo unattend file is supplied here. You may wish to create a custom file to change attributes such as the time zone (TimeZone) and the workgroup name (JoinWorkgroup).
...
title | Click here to show the default unattend file |
---|
Code Block |
---|
<?xml version='1.0' encoding='utf-8'?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize" wasPassProcessed="false">
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
</component>
</settings>
<settings pass="oobeSystem" wasPassProcessed="false">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<SkipMachineOOBE>true</SkipMachineOOBE>
<HideEULAPage>true</HideEULAPage>
<SkipUserOOBE>true</SkipUserOOBE>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<TimeZone>W. Europe Standard Time</TimeZone>
<UserAccounts>
<AdministratorPassword>
<Value>$adminPassword</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
</UserAccounts>
</component>
</settings>
<settings pass="specialize" wasPassProcessed="false">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RegisteredOwner>Administrator</RegisteredOwner>
<RegisteredOrganization>Organization</RegisteredOrganization>
<ComputerName>$hostName</ComputerName>
</component>
<component name="Microsoft-Windows-DNS-Client" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DNSDomain>$domain</DNSDomain>
</component>
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<JoinWorkgroup>WORKGROUP</JoinWorkgroup>
</Identification>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Path>C:\sysprep\guestcustutil.exe cleanBootExecute</Path>
<Order>1</Order>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Path>C:\sysprep\guestcustutil.exe flagComplete</Path>
<Order>2</Order>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Path>C:\sysprep\guestcustutil.exe deleteContainingFolder</Path>
<Order>3</Order>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
</unattend> |
Set initial guest password
The platform can set an initial password for a VM before it deploys. The administrator can configure this option in a VM template but the user can edit the VM to change the option.
Before you begin, perform the following configuration on the platform.
...
- Enable password emails in Configuration view, see Configuration View#Security
- Abiquo will mail the password to the VM owner, so on the Abiquo Server, check that you have set the mail properties with the address of the mail server and mail user. See Abiquo Configuration Properties#mail.
- To customize the email template, see Configure Email Templates
- Check that all VM owners have a valid email address
...
- Optionally customize the SMS template, see Configure Email Templates
- Enter SMS gateway address to enable password SMS in Configuration view, see Configuration View#Security. The platform will send the password email to {{user phone number}}@{{sms gateway}}
- Check that all VM owners have a valid phone number. Check the documentation of your SMS gateway provider for format requirements
To prevent user access to VMs while waiting for Windows password on ESXi set the following abiquo.properties on the Remote Services server
Code Block |
---|
# Time to wait for guest tools to get up and running after power on
# This value is 15 minutes
com.abiquo.esxi.experimental.customize.configure.timeoutms=900000
# Polling interval for checking if guest tools is up and running after power on
# This value is 10 seconds
com.abiquo.esxi.experimental.customize.configure.periodms=30000 |
...
- The VM owner can view their own VM password
- Users with the privilege to Display initial virtual machine password can display passwords of all VMs they can access
Prepare templates
To prepare a template to generate a random password in the VM, for the first time it deploys:
- Edit an appropriate template and select the Guest setup option
- Select the Guest initial password checkbox
- Set the appropriate username for the template
- On Linux, enter "root"
- On Windows, enter "Administrator"
Note that the user can edit the VM before it deploys and change the Guest initial password option.
The platform does not save the initial password, so on Linux, before deploying an instance template, edit the instance's password to set it to the current VM password.
Tip |
---|
Enter the user SSH public key before you deploy VMs. Some connections will require the SSH key pair, for example, the remote access connection to Windows VMs in public cloud via RDP. |
Set fully qualified domain name
Abiquo can set a fully qualified domain name (FQDN) before the VM is deployed, with one of the following options:
- The FQDN that the user manually enters for the VM, which has the highest priority
- A hostname based on the Abiquo database ID, plus VM network domain name (from VM NIC or VDC default VLAN), or localdomain (automatic)
- A hostname that is the VM_uuid (or Abiquo database ID on Windows), plus VM network domain name, or localdomain (automatic)
To select the type of automatic hostname, use the following property on the Abiquo API server
Code Block |
---|
// Generate VM name from database ID. If false use VM_uuid on Linux and VM_database ID on Windows
abiquo.api.experimental.hostname13charsFromVirtualMachineDatabaseId=true |
The user can set the FQDN when creating the VM using the API. The user can edit the VM and change the FQDN when the VM is not deployed. In this case, the API will check that the FQDN is valid.
After the VM is deployed, the user can change the FQDN in the VM operating system. In this case, Abiquo will update the FQDN stored in the platform.
Chef templates
In private cloud datacenters, the Abiquo Chef integration now works with cloud init. You will need a cloud-init or cloud-base-init compatible template.
In all public cloud providers, Chef is always available and supported, even if you do not select the Guest setup option in the template.
Configure the Chef server for your enterprise as usual. See Abiquo Chef Integration Guide
Mermaid | ||||||
---|---|---|---|---|---|---|
| ||||||
{"diagramDefinition":"flowchart \nA1[<font color=ffffff>Cloud-init</br>or similar]-->|Deploy|B1{<font color=ffffff>Provider}-->|Public|C1[/<font color=ffffff>Metadata/]-->D1{<font color=ffffff>AWS +</br>win}-->|yes|E1[<font color=ffffff>AWS guest</br>set up]\nB1-->|Hypervisor or VCD|F1[/<font color=ffffff>Configuration</br>drive/]-->G1[<font color=ffffff>Network via DCHP </br>or Static IP injection]\n\nA2[<font color=ffffff>Hypervisor</br>tools]-->|Deploy </br> </br> Reconfigure: no DHCP|B2{<font color=ffffff>OS}-->|Win|Z-->c2[/<font color=ffffff>Unattend file/]-->D2[<font color=ffffff>Network via </br>DHCP only]\nZ(( ))\nstyle Z fill:#g1g,stroke:#100,stroke-width:2px\nZ-->f2[/<font color=ffffff>Custom</br>specification/]-->G2[<font color=ffffff>Network via DHCP </br>or Static IP injection] \nB2-->|Linux|h2[/<font color=ffffff>Custom</br>specification/]-->I2[<font color=ffffff>Network via DHCP </br>or Static IP injection] \n \n \n \n\nstyle A1 fill: #ff9f3c,stroke: #ff9f3c\nstyle B1 fill: #ff9f3c,stroke: #ff9f3c\nstyle D1 fill: #ff9f3c,strfke: #ff9f3c\nstyle E1 fill: #ff9f3c,stroke: #ff9f3c\nstyle F1 fill: #ff9f3c,stroke: #ff9f3c\nstyle C1 fill: #ff9f3c,stroke: #ff9f3c\nstyle G1 fill: #ff9f3c,stroke: #ff9f3c\nstyle A2 fill: #ff9f3c,stroke: #ff9f3c\nstyle B2 fill: #ff9f3c,stroke: #ff9f3c\nstyle c2 fill: #ff9f3c,stroke: #ff9f3c\nstyle D2 fill: #ff9f3c,stroke: #ff9f3c\nstyle f2 fill: #ff9f3c,stroke: #ff9f3c\nstyle h2 fill: #ff9f3c,stroke: #ff9f3c\nstyle G2 fill: #ff9f3c,stroke: #ff9f3c\nstyle I2 fill: #ff9f3c,stroke: #ff9f3c"} |
Table of guest setup functionality
Functionality | Hypervisor | Cloud-init | Cloud-init |
---|---|---|---|
Set fully qualified domain name (FQDN) | |||
Generate a random password at deploy and | Azure | ||
Inject network configuration if no DHCP server is available |
| ||
Inject SSH keys into guest. | |||
Configuration drive with environment variables and |
| ||
VM variables as metadata |
| ||
Bootstrap script or cloud configuration |
Notes:
- For Windows with hypervisor tools, use a custom specification instead of an unattend file. See Limitations of a custom specification to configure Windows
- For Linux with hypervisor tools, the platform will inject a global DNS configuration that will apply to all NICs on the VM
- See Configuration drive
Configure guest setup
To configure guest setup, see:
Child pages (Children Display) |
---|
User guest setup functionality
For user guest setup functionality see: