To enable automated password reset on Linux virtual machines, you must install Cloud-Init on each OS template and configure it to run on every boot.

1. Install Cloud-Init (per Operating System)

Ubuntu (18.04 → 24.04):

sudo apt update
sudo apt install -y cloud-init
sudo systemctl enable cloud-init
sudo systemctl start cloud-init
reboot

Debian (10/11/12):

sudo apt update
sudo apt install -y cloud-init
sudo systemctl enable cloud-init
sudo systemctl start cloud-init
reboot

Almalinux (8/9):

sudo dnf install -y cloud-init
sudo systemctl enable cloud-init
sudo systemctl start cloud-init

Important (AlmaLinux):
sudo systemctl disable NetworkManager-wait-online
reboot

CentOS Stream (8 / 9):

sudo dnf install -y cloud-init
sudo systemctl enable cloud-init
sudo systemctl start cloud-init

CentOS 7 (EOL, but still used):

sudo yum install -y epel-release
sudo yum install -y cloud-init
sudo systemctl enable cloud-init
sudo systemctl start cloud-init

2. Cloud-Init Configuration for Auto Password Reset

After installing Cloud-Init, follow the steps below to configure automatic re-run on every boot and enable VMware GuestInfo datasource.

Step 1: Force Cloud-Init Modules to Run on Every Boot

Create or modify:

sudo nano /etc/cloud/cloud.cfg.d/99-run-always.cfg

Paste:

# Force Cloud-Init modules to run on every boot
cloud_init_modules:
- migrator
- seed_random
- bootcmd
- write_files

cloud_config_modules:
- timezone
- locale
- set-passwords # <- RUN EVERY TIME
- ssh

cloud_final_modules:
- scripts-per-once
- scripts-per-boot
- scripts-per-instance # <- run every instance
- scripts-user

Step 2: Configure VMware GuestInfo Datasource

Create or modify:

sudo nano /etc/cloud/cloud.cfg.d/99-guestinfo.cfg

Paste:

datasource_list: [VMware, None]
datasource:
VMware:
provider: guestinfo

3. Auto-Clean Cloud-Init When Password Reset Request Arrives

This script detects when VMware sends new userdata (new password hash) and automatically performs a safe cloud-init clean so password reset works every time.

Step 3: Create Auto-Clean Script

This script detects when VMware sends new userdata (new password hash) and automatically performs a safe cloud-init clean so password reset works every time.

sudo nano /usr/local/bin/wgs-cloudinit-autoclean.sh

Paste:

#!/bin/bash

# Read new hash from VMware guestinfo
NEW_HASH=$(vmtoolsd --cmd 'info-get guestinfo.userdata.hash' 2>/dev/null)

# File where we store the old hash
HASH_FILE="/var/lib/cloud/wgs_last_userdata_hash"

# If hash missing, exit
[ -z "$NEW_HASH" ] && exit 0

# If hash file does not exist OR hash changed
if [ ! -f "$HASH_FILE" ] || [ "$(cat $HASH_FILE)" != "$NEW_HASH" ]; then

echo "$(date): Detected new userdata. Auto-cleaning Cloud-Init." >> /var/log/wgs-cloudinit.log

# Store new hash immediately
echo "$NEW_HASH" > "$HASH_FILE"

# SAFE clean (does not delete config)
cloud-init clean --logs --seed

# Re-run cloud-init re-bootstrap (non-destructive)
cloud-init init
cloud-init modules --mode=config
cloud-init modules --mode=final

fi

Save and make script executable:

sudo chmod +x /usr/local/bin/wgs-cloudinit-autoclean.sh

Step 4: Create Systemd Service to Trigger Script on Boot

Create service:

sudo nano /etc/systemd/system/wgs-cloudinit-autoclean.service

Paste:

[Unit]
Description=WGS Auto Cloud-Init Clean on Userdata Change
After=network-online.target vmtoolsd.service

[Service]
ExecStart=/usr/local/bin/wgs-cloudinit-autoclean.sh
Type=oneshot

[Install]
WantedBy=multi-user.target

Step 5: Enable service

sudo systemctl daemon-reload

sudo systemctl enable wgs-cloudinit-autoclean

Step 6: Final Step — Reboot

reboot