Cloudbase Solutions Wiki

User Tools

Site Tools

Trace:
heat-windows

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
heat-windows [2014/02/10 14:11]
admin 		heat-windows [2014/04/14 22:23]
admin
Line 63: Line 63:
 ==== Password-less authentication ==== ==== Password-less authentication ====
  
-Access to Linux instances can be performed via SSH without using a password by employing public key authentication and a keypair deployed via Nova. Windows can use client certificate authentication with WinRM for this objective, as described [[http://www.cloudbase.it/windows-without-passwords-in-openstack/|here]]. This is already supported by Cloudbase-Init and a Nova blueprint for handling certificates in a way similar to keypairs is under development and will require integration in Heat. As an alternative, the certificate could be passed in the Nova metadata multipart user_data.+Access to Linux instances can be performed via SSH without using a password by employing public key authentication and a keypair deployed via Nova. Windows can use client certificate authentication with WinRM for this objective, as described [[http://www.cloudbase.it/windows-without-passwords-in-openstack/|here]]. This is already supported by Cloudbase-Init and a Nova blueprint for handling certificates in a way similar to keypairs is under development and can be easily supported by Heat. As an alternative, the certificate could be passed in the Nova metadata multipart user_data for compatibility with the existing OpenStack deployments.
  
 ==== Domain join passwords ==== ==== Domain join passwords ====
Line 72: Line 72:
  
 A partial solution for avoiding the need to specify clear text passwords as template parameters is to deploy a keypair in the instance, use the public key to encrypt the sensitive data and subsequently the private key during user data script execution for decryption. The main security limit of this option is that all instances of a given image will share the same keypair. A partial solution for avoiding the need to specify clear text passwords as template parameters is to deploy a keypair in the instance, use the public key to encrypt the sensitive data and subsequently the private key during user data script execution for decryption. The main security limit of this option is that all instances of a given image will share the same keypair.
 +
 +==== Volumes ====
 +
 +New volumes are attached unpartitioned, so they are not directly visible from applications or command line.
 +A new volume must be set online, initialized and partitioned. New partitions need also to be formatted and if necessary a drive letter can be assigned as well.
 +
 +The following example performs all the required activities, including assigning the "E" drive letter to the new partition, labelled "Volume1". In case an automatic drive letter assignment should be preferred, just replace -DriveLetter <letter> with -AssignDriveLetter.
 +
 +<code powershell>
 +$d = Get-Disk | where {$_.OperationalStatus -eq "Offline" -and $_.PartitionStyle -eq 'raw'}
 +$d | Set-Disk -IsOffline $false
 +$d | Initialize-Disk -PartitionStyle MBR
 +$p = $d | New-Partition -UseMaximumSize -DriveLetter "E"
 +$p | Format-Volume -FileSystem NTFS -NewFileSystemLabel "Volume1" -Confirm:$false
 +</code>
  
 ==== Install ISOs ==== ==== Install ISOs ====
heat-windows.txt ยท Last modified: 2014/04/14 22:23 by admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki