Updated on 2024-03-15 GMT+08:00

(Optional) Installing Cloudbase-Init

To ensure that you can inject initial custom information into ECSs created from the image, for example, setting the login password, you are advised to install Cloudbase-Init on the VM which is used as the image source. If you do not install it, you can log in to the ECSs only with the password specified in the image.

Cloudbase-Init is open-source software. If the installed version has security vulnerabilities, you are advised to upgrade it to the latest version.

Install Cloudbase-Init

  1. Download the Cloudbase-Init installation package from http://www.cloudbase.it/cloud-init-for-windows-instances/.

    The version of Cloudbase-Init may vary depending on the OS bit. The downloaded package must be saved to a local shared folder.

  2. On the VirtualBox Windows VM, choose Computer > Network > VBOXSVR.
  3. Double-click the shared folder, copy the Cloudbase-Init installation package to the VM, and double-click the installation package.

    In this section, CloudbaseInitSetup_0_9_11_x64 is used as an example.

Configure Cloudbase-Init

  1. Edit the configuration file C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf in the Cloudbase-Init installation path.
    1. Add netbios_host_name_compatibility=false to the last line of the file so that the hostname supports a maximum of 63 characters.

      NetBIOS contains no more than 15 characters due to Windows system restrictions.

    2. Add metadata_services=cloudbaseinit.metadata.services.httpservice.HttpService to enable the agent to access the IaaS OpenStack data source.
    3. Add plugins to configure the plugins that will be loaded. Separate different plugins with commas (,). The information in bold is the keyword of each plugin.
      • The following plugins are loaded by default. You can keep all or some of them as needed.
        plugins=cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin,cloudbaseinit.plugins.common.mtu.MTUPlugin,cloudbaseinit.plugins.windows.createuser.CreateUserPlugin,cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin,cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin,cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin,cloudbaseinit.plugins.common.userdata.UserDataPlugin,cloudbaseinit.plugins.windows.licensing.WindowsLicensingPlugin

        Plugin functions:

        • LocalScriptsPlugin configures scripts.
        • MTUPlugin configures MTU network interfaces.
        • CreateUserPlugin creates a user.
        • SetUserPasswordPlugin configures a password.
        • SetUserSSHPublicKeysPlugin configures a key.
        • SetHostNamePlugin configures a hostname.
        • ExtendVolumesPlugin expands disk space.
        • UserDataPlugin injects user data.
        • WindowsLicensingPlugin activates Windows instances.

        If you may change the hostname of ECSs after they are created from this image and services on the ECSs are sensitive to hostname changes, you are not advised to configure the SetHostNamePlugin here.

      • Optional plugins:
        plugins=cloudbaseinit.plugins.windows.winrmlistener.ConfigWinRMListenerPlugin,cloudbaseinit.plugins.windows.winrmcertificateauth.ConfigWinRMCertificateAuthPlugin

        Plugin functions:

        • ConfigWinRMListenerPlugin configures listening to remote logins.
        • ConfigWinRMCertificateAuthPlugin configures remote logins without password authentication.

          The WinRM plug-ins use weak cryptographic algorithm, which may cause security risks. So, you are advised not to load the plug-ins.

    4. (Optional) Add the following configuration items to configure the number of retry times and interval for obtaining metadata:
      retry_count=40
      retry_count_interval=5
    5. (Optional) Add the following configuration item to prevent metadata network disconnections caused by the default route added by Windows:
      [openstack]
      add_metadata_private_ip_route=False
    6. (Optional) If the Cloudbase-Init version is 0.9.12 or later, you can customize the length of the password.

      Change the value of user_password_length to customize the password length.

    7. (Optional) Add the following configuration item to disable password changing upon first login:

      first_logon_behaviour=no

    8. (Optional) Add the following configuration item to ensure that time synchronization from BIOS persists through system restarts:

      real_time_clock_utc=true

      The registry entry RealTimeIsUniversal=1 allows the system to synchronize time from BIOS. If real_time_clock_utc=true is not configured, Cloudbase-Init will revert RealTimeIsUniversal back to 0. As a result, the system cannot synchronize time from BIOS after a restart.

  2. Release the current DHCP address so that the created ECSs can obtain correct addresses.

    In the Windows command line, run the following command to release the current DHCP address:

    ipconfig /release

    This operation will interrupt network connection and adversely affect ECS use. The network will automatically recover after the ECSs are started again.

  3. When creating an image using a Windows ECS, you need to change the SAN policy of the ECS to OnlineAll. Otherwise, EVS disks attached to the ECSs created from the image may be offline.

    Windows has three types of SAN policies: OnlineAll, OfflineShared, and OfflineInternal.

    Table 1 SAN policies

    Type

    Description

    OnlineAll

    All newly detected disks are automatically brought online.

    OfflineShared

    All disks on sharable buses, such as iSCSI and FC, are left offline by default, while disks on non-sharable buses are kept online.

    OfflineInternal

    All newly detected disks are left offline.

    1. Execute cmd.exe and run the following command to query the current SAN policy of the ECS using DiskPart:

      diskpart

    2. Run the following command to view the SAN policy of the ECS:
      san
      • If the SAN policy is OnlineAll, run the exit command to exit DiskPart.
      • If the SAN policy is not OnlineAll, go to 3.c.
    3. Run the following command to change the SAN policy of the ECS to OnlineAll:

      san policy=onlineall