[libvirt-users] VM parameters best practice?

[Guido Winkelmann]

Hi,

When creating many virtual machines from a template (disk image), you often 
need to set some different parameters for each vm. Those usually include root 
passwords and/or ssh public keys for login, ssh Host keys (so that a) not all 
the VMs have the same host key and b) the user can know the real host key for 
his vm before connecting for the first time) plus any number of user-defined 
parameters.

IP addresses and hostnames can be set via DHCP.

Obviously, some of those parameters need to be treated as confidential, so you 
cannot just grab them from some FTP server somewhere. In fact, as long as you 
haven't set any authentication credentials (like an SSL Client Certificate for 
example) that the vm can use to uniquely and securely identify itself to some 
server, you cannot securely get any of these parameters over the network.

How do people usually solve that sort of problem? What is considered best 
practice here?

Currently, my own plans are to write these parameters to a floppy image, use 
Unix file permissions to make sure nobody else can read the image, and then 
hook up that image to a virtual floppy drive in the respective vm. A shell 
script in the vm template can then read and apply all those parameter at some 
early stage during the very first boot.

Unfortunately, this means mounting the image in the host system, writing the 
parameters and then unmounting it again - which seems sort of error prone to 
me in a fully automated environment. (What if two vms are being created 
simultaneously? What if the script crashes or hangs somewhere between mounting 
and unmounting the image?)

Regards

	Guido Winkelmann