Preparing Windows templates

PreviousPreparing Linux templates NextEnabling logging for virtual machines

Last updated 2 years ago

Was this helpful?

Preparing Windows templates

Windows guests have neither Cloudbase-Init nor OpenSSH Server preinstalled by default. You need to install and configure them manually.

To install Cloudbase-Init and OpenSSH Server inside a Windows virtual machine

Log in to a Windows VM.
Create a new administrator account that will be used for SSH connections and log in with it.
To install and configure OpenSSH Server:
1. Run Windows PowerShell with administrator privileges and set the execution policy to unrestricted to be able to run scripts:
  > Set-ExecutionPolicy Unrestricted
2. Download OpenSSH Server (for example, from the ), extract the archive into the C:\Program Files directory, and then install it by running:
  > & 'C:\Program Files\OpenSSH-Win64\install-sshd.ps1'
3. Start the sshd service and set its startup type to “Automatic”:
  > net start sshd > Set-Service sshd -StartupType Automatic
4. Open TCP port 22 for the OpenSSH service in the Windows Firewall:
  - On Windows 8.1, Windows Server 2012, and newer versions, run:
    > New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName OpenSSH
  - On Windows Server 2008/2008 R2, run:
    > netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
5. Open the C:\ProgramData\ssh\sshd_config file:
  > notepad 'C:\ProgramData\ssh\sshd_config'
  Comment out the following lines at the end of the file:
  #Match Group administrators #AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
  Save the changes.
6. Create the .ssh directory in C:\Users\<current_user> and an empty authorized_keys file inside it:
  > cd C:\Users\<current_user> > mkdir .ssh > notepad .\.ssh\authorized_keys
  Remove the .txt extension from the created file:
  > move .\.ssh\authorized_keys.txt .\.ssh\authorized_keys
7. Modify the permissions for the created file to disable inheritance:
  > icacls .\.ssh\authorized_keys /inheritance:r
Download Cloudbase-Init from , and then install it by following the procedure from the Installation section at .
1. The password for the user specified during the Cloudbase-Init installation will be reset on the next VM startup. If this user does not exist, a new user account will be created. You will be able to log in with this account by using the key authentication method or you can set a new password with a customization script. If there are multiple Windows users at the image preparation time, the passwords for other users will not be changed.
2. When the Cloudbase-Init installation is complete, do not select the option to run Sysprep before clicking Finish. Otherwise, you will not be able to modify cloudbase-init.conf.

Run Windows PowerShell with administrator privileges and open the file C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf:

> notepad 'C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf'

Add metadata_services and plugins on two lines:

metadata_services=\
cloudbaseinit.metadata.services.configdrive.ConfigDriveService,\
cloudbaseinit.metadata.services.httpservice.HttpService
plugins=cloudbaseinit.plugins.common.mtu.MTUPlugin,\
cloudbaseinit.plugins.windows.ntpclient.NTPClientPlugin,\
cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,\
cloudbaseinit.plugins.windows.createuser.CreateUserPlugin,\
cloudbaseinit.plugins.common.networkconfig.NetworkConfigPlugin,\
cloudbaseinit.plugins.windows.licensing.WindowsLicensingPlugin,\
cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin,\
cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin,\
cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin,\
cloudbaseinit.plugins.common.userdata.UserDataPlugin,\
cloudbaseinit.plugins.windows.winrmlistener.ConfigWinRMListenerPlugin,\
cloudbaseinit.plugins.windows.winrmcertificateauth.\
ConfigWinRMCertificateAuthPlugin,\
cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin

Make sure to remove all backslashes in the lines above.

Save the changes.

PreviousPreparing Linux templates NextEnabling logging for virtual machines

Last updated 2 years ago

Was this helpful?

Windows guests have neither Cloudbase-Init nor OpenSSH Server preinstalled by default. You need to install and configure them manually.

To install Cloudbase-Init and OpenSSH Server inside a Windows virtual machine

Log in to a Windows VM.
Create a new administrator account that will be used for SSH connections and log in with it.
To install and configure OpenSSH Server:
1. Run Windows PowerShell with administrator privileges and set the execution policy to unrestricted to be able to run scripts:
  > Set-ExecutionPolicy Unrestricted
2. Download OpenSSH Server (for example, from the ), extract the archive into the C:\Program Files directory, and then install it by running:
  > & 'C:\Program Files\OpenSSH-Win64\install-sshd.ps1'
3. Start the sshd service and set its startup type to “Automatic”:
  > net start sshd > Set-Service sshd -StartupType Automatic
4. Open TCP port 22 for the OpenSSH service in the Windows Firewall:
  - On Windows 8.1, Windows Server 2012, and newer versions, run:
    > New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName OpenSSH
  - On Windows Server 2008/2008 R2, run:
    > netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
5. Open the C:\ProgramData\ssh\sshd_config file:
  > notepad 'C:\ProgramData\ssh\sshd_config'
  Comment out the following lines at the end of the file:
  #Match Group administrators #AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
  Save the changes.
6. Create the .ssh directory in C:\Users\<current_user> and an empty authorized_keys file inside it:
  > cd C:\Users\<current_user> > mkdir .ssh > notepad .\.ssh\authorized_keys
  Remove the .txt extension from the created file:
  > move .\.ssh\authorized_keys.txt .\.ssh\authorized_keys
7. Modify the permissions for the created file to disable inheritance:
  > icacls .\.ssh\authorized_keys /inheritance:r
Download Cloudbase-Init from , and then install it by following the procedure from the Installation section at .
1. The password for the user specified during the Cloudbase-Init installation will be reset on the next VM startup. If this user does not exist, a new user account will be created. You will be able to log in with this account by using the key authentication method or you can set a new password with a customization script. If there are multiple Windows users at the image preparation time, the passwords for other users will not be changed.
2. When the Cloudbase-Init installation is complete, do not select the option to run Sysprep before clicking Finish. Otherwise, you will not be able to modify cloudbase-init.conf.

Run Windows PowerShell with administrator privileges and open the file C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf:

> notepad 'C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf'

Add metadata_services and plugins on two lines:

metadata_services=\
cloudbaseinit.metadata.services.configdrive.ConfigDriveService,\
cloudbaseinit.metadata.services.httpservice.HttpService
plugins=cloudbaseinit.plugins.common.mtu.MTUPlugin,\
cloudbaseinit.plugins.windows.ntpclient.NTPClientPlugin,\
cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,\
cloudbaseinit.plugins.windows.createuser.CreateUserPlugin,\
cloudbaseinit.plugins.common.networkconfig.NetworkConfigPlugin,\
cloudbaseinit.plugins.windows.licensing.WindowsLicensingPlugin,\
cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin,\
cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin,\
cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin,\
cloudbaseinit.plugins.common.userdata.UserDataPlugin,\
cloudbaseinit.plugins.windows.winrmlistener.ConfigWinRMListenerPlugin,\
cloudbaseinit.plugins.windows.winrmcertificateauth.\
ConfigWinRMCertificateAuthPlugin,\
cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin

Make sure to remove all backslashes in the lines above.

Save the changes.