Hi,
When creating many virtual machines from a template (disk image), you often
need to set some different parameters for each vm. Those usually include root
passwords and/or ssh public keys for login, ssh Host keys (so that a) not all
the VMs have the same host key and b) the user can know the real host key for
his vm before connecting for the first time) plus any number of user-defined
parameters.
IP addresses and hostnames can be set via DHCP.
Obviously, some of those parameters need to be treated as confidential, so you
cannot just grab them from some FTP server somewhere. In fact, as long as you
haven't set any authentication credentials (like an SSL Client Certificate
for
example) that the vm can use to uniquely and securely identify itself to some
server, you cannot securely get any of these parameters over the network.
How do people usually solve that sort of problem? What is considered best
practice here?
Currently, my own plans are to write these parameters to a floppy image, use
Unix file permissions to make sure nobody else can read the image, and then
hook up that image to a virtual floppy drive in the respective vm. A shell
script in the vm template can then read and apply all those parameter at some
early stage during the very first boot.
Unfortunately, this means mounting the image in the host system, writing the
parameters and then unmounting it again - which seems sort of error prone to
me in a fully automated environment. (What if two vms are being created
simultaneously? What if the script crashes or hangs somewhere between mounting
and unmounting the image?)
Regards
Guido Winkelmann