Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Table of Contents

Abiquo 3.10.4+ can generate a random password at deploy time on ESXi and inject the password into the VM using guest customizations. This feature supports Linux and Windows virtual machines and it requires VM guest tools on the VM template. After Abiquo has successfully set a password, it will email the password to the user. If Abiquo cannot perform the customization, then the configure will fail and Abiquo will delete the VM.

From Abiquo 3.10.6, you can set properties to prevent the user from logging in to the virtual machine until the guest customizations are finished. The virtual machine will remain in a locked state until the password is set. The administrator can configure properties for the time to wait between checks and an overall timeout period. 

From Abiquo 3.10.7, the FQDN is supplied in the guest password email.

Prepare templates

To prepare Windows and Linux templates do the following steps:

  • Install the guest tools
  • In Abiquo, set the correct osType attribute
  • In Abiquo, for Linux, set the correct template credentials
  • In Abiquo 3.10.6+, for Windows templates, set the User (API loginUser) to "Administrator".  In order to deploy a virtual machine, you must set this attribute if the wait for guest customizations is configured

Configure Abiquo properties

On the Abiquo Remote Services, set the following properties in /opt/abiquo/config/abiquo.properties

Code Block
# Enable virtual machine guest configuration after configure in the hypervisor
com.abiquo.esxi.experimental.customize.configure=true 

# Time to wait for guest tools to get up and running after power on
# This value is 15 minutes
com.abiquo.esxi.experimental.customize.configure.timeoutms=900000 
# Polling interval for checking if guest tools is up and running after power on 
# This value is 10 seconds
com.abiquo.esxi.experimental.customize.configure.periodms=10000
 
# List of osTypes to trigger guest configuration, in CSV format
com.abiquo.esxi.experimental.customize.ostypes=CENTOS,SLES,RHEL,WIN
 
# Optional path to custom unattend file on the Remote Services server.
# Abiquo will replace the variables $adminPassword and $hostName
com.abiquo.esxi.experimental.customize.win.unattendfile=/opt/abiquo/config/my_unattend.xml
 
# Prevent the user from logging in before the guest customizations have applied the password.
# Wait in milliseconds between checks for the password set by guest customizations
com.abiquo.esxi.experimental.customize.waitpassword.periodms=10000
 
# Timeout in milliseconds for checks for the password set by guest customizations.
# The default value of 0 means that the timeout is not activated.
# To activate it set a value, such as 9000000 ms (15 minutes)
com.abiquo.esxi.experimental.customize.waitpassword.timeoutms=0 

On the Abiquo Server, set the following properties in /opt/abiquo/config/abiquo.properties with the same values you set on the Remote Services:

Code Block
com.abiquo.esxi.experimental.customize.configure=true 
com.abiquo.esxi.experimental.customize.ostypes=CENTOS,SLES,RHEL,WIN

Also on the Abiquo Server, check that you have set the mail properties with the address of the mail server and mail user. See Abiquo Configuration Properties#mail

Optionally customize Windows unattend file

Abiquo will use an unattend file with the variables $adminPassword and $hostName.

The default Abiquo unattend file is supplied below. You can copy this file to create a custom unattend file on the Remote Services server (Virtual Factory), and change attributes such as the time zone (TimeZone) and the workgroup name (JoinWorkgroup).

Expand
Code Block
languagehtml/xml
<?xml version='1.0' encoding='utf-8'?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
   <settings pass="generalize" wasPassProcessed="false">
      <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
      </component>
   </settings>
   <settings pass="oobeSystem" wasPassProcessed="false">
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <OOBE>
            <SkipMachineOOBE>true</SkipMachineOOBE>
            <HideEULAPage>true</HideEULAPage>
            <SkipUserOOBE>true</SkipUserOOBE>
            <ProtectYourPC>1</ProtectYourPC>
         </OOBE>
         <TimeZone>W. Europe Standard Time</TimeZone>
         <UserAccounts>
            <AdministratorPassword>               
               <Value>$adminPassword</Value>
               <PlainText>true</PlainText>
            </AdministratorPassword>               
         </UserAccounts>
      </component>
   </settings>
   <settings pass="specialize" wasPassProcessed="false">
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <RegisteredOwner>Administrator</RegisteredOwner>
         <RegisteredOrganization>Organization</RegisteredOrganization>
         <ComputerName>$hostName</ComputerName>
      </component>
      <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <Identification>
            <JoinWorkgroup>WORKGROUP</JoinWorkgroup>
         </Identification>
      </component>
      <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <RunSynchronous>
            <RunSynchronousCommand wcm:action="add">
               <Path>C:\sysprep\guestcustutil.exe cleanBootExecute</Path>
               <Order>1</Order>
            </RunSynchronousCommand>
            <RunSynchronousCommand wcm:action="add">
               <Path>C:\sysprep\guestcustutil.exe flagComplete</Path>
               <Order>2</Order>
            </RunSynchronousCommand>
            <RunSynchronousCommand wcm:action="add">
               <Path>C:\sysprep\guestcustutil.exe deleteContainingFolder</Path>
               <Order>3</Order>
            </RunSynchronousCommand>
         </RunSynchronous>
      </component>
   </settings>
</unattend>

 

Optionally customize emails

To customize the email message:

  1. copy the following files to the /opt/abiquo/config/mail folder on the Abiquo server:
    • Email template: guestPasswordTemplate.mustache
    • Variable file: guestPassword_en_US.properties
  2. Modify them according to your environment

Email template: guestPasswordTemplate.mustache

Code Block
languagehtml/xml
<p>Hi {{username}},</p>
<p>Your new virtual machine is up and running. You can access it using the following credentials:</p>
<p>
Virtual machine: {{vmname}}<br/>
FQDN: {{fqdn}}<br/>
Username: {{loginuser}}<br/>
Password: {{loginpassword}}
</p>
<p>The Abiquo Team</p> 

Variable file: guestPassword_en_US.properties

Code Block
subject=New Virtual machine {0}

Limitations

Abiquo does not store the generated password, which introduces the following limitations:

  • On Windows, Abiquo cannot apply another customization without resetting the password. So "customize.addnic" to perform customization after adding a NIC now only applies to Linux guests
  • On Linux, before deploying an instance template, edit the instance's password to set it to the current VM password