How to access CMP provisioned Nodes

Venky VA · ‎09-14-2019

CMP Provisioned VM access approach based on the cloud provider.

Cloud Provider: AWS

Linux in AWS:

Key-based authentication will be used.
Create basic auth type credential and Set only the username and leave the password blank.
In Cloud Admin Portal -->Manage --> Resource Profiles -->OS profile --> Os Template details set above created credentials.
The user private key will be used for accessing the provisioned VM.

Note: Go through the image details find out ssh username for the image.

Windows in AWS:

Password-based authentication will be used.
Create basic auth type credential and Set username and password blank. ex: UserName: Administrator
In OS template details set above created credentials.
An auto-generated password will be retrieved and displayed in stack details.
Use the auto-generated password to access VM.
Do not set the password in OS template details for AWS images.

Cloud Provider: AZURE

Linux:

For azure VM's we support both key and password-based authentication.
Create basic auth type credential and Set username and password blank. ex: UserName: azureuser/SNOW@1232$%
In Cloud Admin Portal -->Manage --> Resource Profiles -->OS profile --> OS Template details set above created credentials.
Use the user private key to access provisioned VM.
You can also use an os template credentials[configure in step2] to access VM[username and password]

Windows:

We support only password-based authentication.
Create basic auth type credential and Set username and password blank. ex: UserName: azureuser/SNOW@1232$%
In Cloud Admin Portal -->Manage --> Resource Profiles -->OS profile --> Os Template details set above created credentials.
Use the os template credentials to access VM[username and password].

Note: Create a password is as per the azure VM password guidelines.

Cloud Provider: VMware

Linux:

We support both key and password-based authentication.
Create basic auth type credential and Set username and password blank. ex: UserName: azureuser/SNOW@1232$%
In Cloud Admin Portal -->Manage --> Resource Profiles -->OS profile --> Os Template details set above created credentials.
Use the user private key to access provisioned VM and you can also use the os template credentials[username and password] to access VM.

Windows:

We support only password-based authentication.
Create basic auth type credential and Set username and password blank. ex: UserName: azureuser/SNOW@1232$%
In Cloud Admin Portal -->Manage --> Resource Profiles -->OS profile --> Os Template details set above created credentials.
Use the os template credentials to access VM[username and password].

Note:

Download user private key from Cloud User Portal --> Activities -->Keys and run the following

> chmod 400 downloadedkeyname.pem

SSH using the key:

ssh -i privatekey imageusername@VMIPaddress

SSH using the password:

ssh imageusername@VMIPaddress

jain2 · ‎09-15-2019

Hi Venky,

Thank for this Article

1.you have described the steps of AWS, Azure, VM but in the steps you said leave the password blank but in the example shown, you have used the username and password both hence it is confusing whether Password has to leave blank or do we need to set it?

2. i didn't see steps for GCP provisioned VM from CMP? are you going to add steps or is the same as AWS and Azure?

Venky VA · ‎09-15-2019

Thank you for the feedback.

for AWS VM's do not set a password in os template, even if you set it no harm system will never use it to access VM.for Azure VM's please set the password in os templates. [I have already updated article].

I will add steps for GCP VM.

jain2 · ‎04-29-2020

Hi Venky,

Just a follow, steps for GCP VM access.

1. follow-up question on Image Username and Password, don't you think setting up password on image and use it for every VM provisioned from CMP? isn't security concern? specially for Windows VM.

2. Image username and password, does CMP system add user to Local Admin group on VM (Windows) and Sudo access (Linux VM)?

Venky VA · ‎04-29-2020

1. follow-up question on Image Username and Password, don't you think setting up password on image and use it for every VM provisioned from CMP? isn't security concern? specially for Windows VM.

>>> this not true in case of AWS and Azure, in case of vmware we mainly use image username /pwd for windows. its up to customer how they want to secure their infra.

>>> if security is concern you can go for third party authentication tools like cyber ark.

2. Image username and password, does CMP system add user to Local Admin group on VM (Windows) and Sudo access (Linux VM)?

>>> CMP expects user should have sudo/admin role.

jain2 · ‎04-30-2020

Thanks Venky for prompt response. I am clear on Security part.

point 1: are you saying that Azure Windows VM is also do auto generate password? so we can leave password blank?

Point 2: are we not creating username and password in CMP provisioned VM Windows/Linux(configured in OS template )? and adding them sudo/admin role. so isn't true?

Abhishek Jain8 · ‎05-11-2020

Hi Venky,

AWS Windows Machine: An auto-generated password will be retrieved and displayed in stack details.

the above statement is only true, when we are not using custom Image (from snapshot ). otherwise CMP doesn't retrieved auto-generate password and it will try to retrieve password for 30 minutes and resource provision delayed by 30 minutes because AWS is not supported Auto-generate password on custom image.

for custom image CMP should bypass the retrieve pass and process to next step instead of keep trying for auto- generated password for 30 minutes.

jain2 · ‎07-03-2020

Hi Venky,

i am awaiting reply on 2 question

1. AWS custom image, CMP should not try auto-generate password mechanism.

2. GCP Provisioned VM access.