Preparing Windows templates
Windows guests have neither Cloudbase-Init nor OpenSSH Server preinstalled by default. You need to install and configure them manually.
To install Cloudbase-Init and OpenSSH Server inside a Windows virtual machine
Log in to a Windows VM.
Create a new administrator account that will be used for SSH connections and log in with it.
To install and configure OpenSSH Server:
Run Windows PowerShell with administrator privileges and set the execution policy to unrestricted to be able to run scripts:
> Set-ExecutionPolicy Unrestricted
Download OpenSSH Server (for example, from the GitHub repository), extract the archive into the C:\Program Files directory, and then install it by running:
> & 'C:\Program Files\OpenSSH-Win64\install-sshd.ps1'
Start the
sshd
service and set its startup type to “Automatic”:> net start sshd > Set-Service sshd -StartupType Automatic
Open TCP port 22 for the OpenSSH service in the Windows Firewall:
On Windows 8.1, Windows Server 2012, and newer versions, run:
> New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName OpenSSH
On Windows Server 2008/2008 R2, run:
> netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
Open the C:\ProgramData\ssh\sshd_config file:
> notepad 'C:\ProgramData\ssh\sshd_config'
Comment out the following lines at the end of the file:
#Match Group administrators #AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
Save the changes.
Create the .ssh directory in C:\Users\<current_user> and an empty authorized_keys file inside it:
> cd C:\Users\<current_user> > mkdir .ssh > notepad .\.ssh\authorized_keys
Remove the .txt extension from the created file:
> move .\.ssh\authorized_keys.txt .\.ssh\authorized_keys
Modify the permissions for the created file to disable inheritance:
> icacls .\.ssh\authorized_keys /inheritance:r
Download Cloudbase-Init from https://cloudbase.it/cloudbase-init/#download, and then install it by following the procedure from the Installation section at https://cloudbase.it/cloudbase-init/.
The password for the user specified during the Cloudbase-Init installation will be reset on the next VM startup. If this user does not exist, a new user account will be created. You will be able to log in with this account by using the key authentication method or you can set a new password with a customization script. If there are multiple Windows users at the image preparation time, the passwords for other users will not be changed.
When the Cloudbase-Init installation is complete, do not select the option to run Sysprep before clicking Finish. Otherwise, you will not be able to modify cloudbase-init.conf.
Run Windows PowerShell with administrator privileges and open the file C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf:
> notepad 'C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf'
Add
metadata_services
andplugins
on two lines:metadata_services=\ cloudbaseinit.metadata.services.configdrive.ConfigDriveService,\ cloudbaseinit.metadata.services.httpservice.HttpService plugins=cloudbaseinit.plugins.common.mtu.MTUPlugin,\ cloudbaseinit.plugins.windows.ntpclient.NTPClientPlugin,\ cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,\ cloudbaseinit.plugins.windows.createuser.CreateUserPlugin,\ cloudbaseinit.plugins.common.networkconfig.NetworkConfigPlugin,\ cloudbaseinit.plugins.windows.licensing.WindowsLicensingPlugin,\ cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin,\ cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin,\ cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin,\ cloudbaseinit.plugins.common.userdata.UserDataPlugin,\ cloudbaseinit.plugins.windows.winrmlistener.ConfigWinRMListenerPlugin,\ cloudbaseinit.plugins.windows.winrmcertificateauth.\ ConfigWinRMCertificateAuthPlugin,\ cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin
Make sure to remove all backslashes in the lines above.
Save the changes.
Last updated
Was this helpful?