Preparing Windows templates

Windows guests have neither Cloudbase-Init nor OpenSSH Server preinstalled by default. You need to install and configure them manually.

To install Cloudbase-Init and OpenSSH Server inside a Windows virtual machine

  1. Log in to a Windows VM.
  2. Create a new administrator account that will be used for SSH connections and log in with it.
  3. To install and configure OpenSSH Server:

    1. Run Windows PowerShell with administrator privileges and set the execution policy to unrestricted to be able to run scripts:

      > Set-ExecutionPolicy Unrestricted
      
    2. Download OpenSSH Server (for example, from the GitHub repository), extract the archive into the C:\Program Files directory, and then install it by running:

      > & 'C:\Program Files\OpenSSH-Win64\install-sshd.ps1'
      
    3. Start the sshd service and set its startup type to “Automatic”:

      > net start sshd
      > Set-Service sshd -StartupType Automatic
    4. Open TCP port 22 for the OpenSSH service in the Windows Firewall:

      • On Windows 8.1, Windows Server 2012, and newer versions, run

        > New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName OpenSSH
        
      • On Windows 7, Windows Server 2008, and Windows Server 2008 R2, run

        > netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
        
    5. Open the C:\ProgramData\ssh\sshd_config file:

      > notepad 'C:\ProgramData\ssh\sshd_config'
      

      Comment out the following lines at the end of the file:

      #Match Group administrators
      #AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

      Save the changes.

    6. Create the .ssh directory in C:\Users\<current_user> and an empty authorized_keys file inside it:

      > cd C:\Users\<current_user>
      > mkdir .ssh
      > notepad .\.ssh\authorized_keys

      Remove the .txt extension from the created file:

      > move .\.ssh\authorized_keys.txt .\.ssh\authorized_keys
      
    7. Modify the permissions for the created file to disable inheritance:

      > icacls .\.ssh\authorized_keys /inheritance:r
      
  4. Download Cloudbase-Init (for example, from the official site), launch the installation, and then follow the on-screen instructions:

    1. In the Configuration options window, enter the current username in the Username field:

      The user account password will be reset on the next VM startup. You will be able to log in with this account by using the key authentication method or you can set a new password with a customization script.

    2. When the installation is complete, do not run Sysprep and click Finish:

    3. Run Windows PowerShell with administrator privileges and open the file C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf:

      > notepad 'C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf'
      

      Add metadata_services and plugins on two lines:

      metadata_services=\
      cloudbaseinit.metadata.services.configdrive.ConfigDriveService,\
      cloudbaseinit.metadata.services.httpservice.HttpService\
      plugins=cloudbaseinit.plugins.common.mtu.MTUPlugin,\
      cloudbaseinit.plugins.windows.ntpclient.NTPClientPlugin,\
      cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,\
      cloudbaseinit.plugins.windows.createuser.CreateUserPlugin,\
      cloudbaseinit.plugins.common.networkconfig.NetworkConfigPlugin,\
      cloudbaseinit.plugins.windows.licensing.WindowsLicensingPlugin,\
      cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin,\
      cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin,\
      cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin,\
      cloudbaseinit.plugins.common.userdata.UserDataPlugin,\
      cloudbaseinit.plugins.windows.winrmlistener.ConfigWinRMListenerPlugin,\
      cloudbaseinit.plugins.windows.winrmcertificateauth.\
      ConfigWinRMCertificateAuthPlugin,\
      cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin

      Make sure to remove all backslashes in the lines above.

      Save the changes.