Ask Your Question
1

nova get-password [closed]

asked 2014-06-16 04:13:49 -0600

sameer gravatar image

Suppose I want to do my own image customization (no cloud-init), including generating a password and posting it to the metadata password url. How do I encrypt it with the public key obtained from the instance metadata such that 'nova get-password' can decrypt it.

Thanks,

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2014-06-17 06:48:26.126409

1 answer

Sort by ยป oldest newest most voted
2

answered 2014-06-16 20:45:33 -0600

sameer gravatar image

Answering my own question. The script below explains it.

https://gist.github.com/vishvananda/4008762 (https://gist.github.com/vishvananda/4...)

#!/usr/bin/env bash
SSH_KEYFILE=`tempfile`
SSL_KEYFILE=`tempfile`
if ! curl -s -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > $SSH_KEYFILE; then
  echo  "Failed to get key"
fi
cat $SSH_KEYFILE
PASSWORD=`openssl rand -base64 48 | tr -d '/+' | cut -c1-16`
sudo usermod ubuntu -p `openssl passwd -1 $PASSWORD`

ssh-keygen -e -f $SSH_KEYFILE -m PKCS8 > $SSL_KEYFILE
ENCRYPTED=`echo "$PASSWORD" | openssl rsautl -encrypt -pubin -inkey $SSL_KEYFILE -keyform PEM | openssl base64 -e -A`
echo $'\n'"ENCRYPTED_PASSWORD:$ENCRYPTED" | sudo tee /dev/console
curl -X POST http://169.254.169.254/openstack/2013-04-04/password -d $ENCRYPTED || true
rm $SSH_KEYFILE $SSL_KEYFILE
# get the script
# curl -sOL https://raw.github.com/gist/4008762/getpass.sh
# add keypair
# nova add-key --pub-key .ssh/id_rsa.pub mykey
# boot instance
# nova boot --flavor <flavor-id> --image <image-uuid> --key-name mykey --user-data getpass.sh test
# Get the password on the client side:
# nova get-password test .ssh/id_rsa
# Or with an older nova install:
# nova console-log test | grep 'ENCRYPTED_PASSWORD' | cut -d':' -f2 | tail -n 1 | openssl base64 -d -A | openssl rsautl -decrypt -inkey .ssh/id_rsa
edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-06-16 04:13:49 -0600

Seen: 2,514 times

Last updated: Jun 16 '14