Introduction
Cloud instances are based on default cloud images. Because each instance uses a template operating system, it is up to the user to configure and configure a single instance using user data.
Instead of configuring each one after it runs, there’s an open-source tool that automates initialization: cloud-init. What is cloud-init? Cloud-init
is
a service used to customize Linux-based operating systems in the cloud. Allows you to customize virtual machines provided by a cloud provider by modifying generic operating system settings at boot. Canonical initially developed cloud-init for Ubuntu, but expanded to most major Linux and FreeBSD operating systems. Today, it officially supports 8 Unix operating systems: Ubuntu, Arch Linux, CentOS, Red Hat, FreeBSD, Fedora, Gentoo Linux and openSUSE.
The service is used as an industry standard for early-stage initialization of a virtual machine once it has been provisioned. Therefore, it allows you to configure a virtual machine to work as needed on first boot.
Most vendors have the service preinstalled on Unix operating system images. When creating a virtual machine using the cloud provider’s control panel, you will most likely have a user data section or cloud-init to specify the desired configuration.
Cloud-init is used to install packages, configure users and security, write files, and perform other tasks that you want to be handled automatically on first or subsequent boots.
How does cloud-init work?
Cloud-init is a service that configures your VM instance with the desired configuration and software out of the box. The service starts at startup and uses metadata provided by the cloud provider or direct user.
It does this by running scripts, most commonly from the cloud-config file. Therefore, to change the default settings, you must edit the cloud-config file in the virtual machine image. This is a YAML file that follows basic YAML syntax rules, such as:
- Relationships between elements are defined by indentations with white spaces
- A pipe character (|) before a text indicates that it should be interpreted as is
- Text blocks are indented
- An initial hyphen (–) identifies the members of a list.
- Two colons (:) + space + value are used to create associative array entries.
.
.
.
You can add the cloud-config file:
- In the control plane interface, by selecting additional options. The provider will have a cloud-init or User Data option where you can paste the configuration file.
- Through a file in the JSON object in an API request.
Cloud-init
capabilities The cloud-init service is used for a variety of things, including:
Add
- users and groups
- Write arbitrary files
- Add YUM repositories
- Execution of commands on first boot
.
.
.
.
To understand the syntax used for each capability, read the following subsections.
Add users and groups
using cloud-init
To add users and groups to a virtual machine during provisioning, use the following syntax in the cloud-config file: #cloud-config # Add groups to
system. groups: – group_name: [member1,member2] # Add users to the system. users: – default – name: User’s login name. geckos: Real name of the user. primary_group: The primary group to which the user belongs. If omitted, a new group is created with the user’s name. Groups: Additional groups to which you want to add the user. selinux_user: The SELinux user for user login. If omitted, the system selects the default SELinux user. expiredate: ‘year-month-day’ – Data when the user’s account should be disabled. ssh_import_id: SSH ID that you want to import. lock_passwd: Use true or false to define whether you want to lock the password to disable password login. By default, the value is set to true. inactive: ‘x’ – The number of days until the account is disabled after a password expires. passwd: The hash of the password you want to use. ssh_authorized_keys: Add keys to the user’s authorized key file: – <ssh pub key 1> – <ssh pub key 2> system: Use true or false to define the new user as a system user. sudo: Use sudo rule strings to define user privileges. The user does not have privileges by default, but can accept one or more sudo rule strings. For example, add ALL=(ALL) NOPASSWD:ALL to give the user unrestricted access. To prevent sudo access, type: False. – snapuser: Specify your Ubuntu SSO account email to allow snap to import a username and public keys into the system.
You do not need to include all options when adding a new user. The settings listed above only apply if the user is new. If the user already exists, the system only modifies the following options:
- plain_text_passwd
- hashed_passwd
- lock_passwd
- sudo
- ssh_authorized_keys ssh_redirect_user
Write files
You can write arbitrary files using the yaml configuration syntax. Content can be encoded (base64 or gzip) and specified in plain or binary text. Before the data is written to the defined path, it is decoded. The module is compatible with all distributions and has a once-per-instance frequency module.
To write arbitrary files
with cloud-init, use the following syntax: #cloud-config # Write arbitrary files
write_files: path: The path of the file to which the content is added. content: The content you want to add to the path. owner: The user/group that owns the property. By default, the owner is root:root. permissions: The permission of the specified path, defined with the appropriate octal string. The default permission is ‘0644’. Append: Use true or false to choose whether to append the specified content to an existing file if the path provided exists. The default value is false.
Add YUM repositories
You may need to set up a yum repository to ensure that you are using the correct packages to install the desired software. Use cloud-init to add yum repository configurations to your system. The configuration file is added to /etc/yum.repos.d.
To add a yum repository configuration, use the syntax
: yum_repos: <repo_name>: baseurl: URL of the repository. name: Name of the repository. Enabled: true/false + any other repository configuration option Executing commands on
first
boot To run
arbitrary commands early in the boot process, you can use the bootcmd or runcmd module. bootcmd
Execute specific commands on each boot, after running a boothook. It supports all distributions and accepts commands specified as lists or strings. The syntax is
: bootcmd: – array of (array of string)/(string)
For example
: bootcmd: – echo 192.168.1.130 us.archive.ubuntu.com >> /etc/hosts – [cloud-init-per, once, mymkfs, mkfs, /dev/vdb ]
runcmd executes a command only on first boot. You can execute commands specified as lists or strings. All commands must be in the yaml syntax (so be sure to cite any problematic characters). The syntax is
: runcmd: – array of (array of string)/(string) As in the
following example
: runcmd: – [ ls, -l, / ] – [ sh, -xc, “echo $(date) ‘: hello world!'” ] – [ sh, -c, echo “========= hello world’========” ] – ls -l /root Configure SSH keys
You can manage SSH settings using cloud-init
. Authorized keys are
SSH keys
stored in the user’s home directory at .ssh/authorized_keys . They define which keys can connect to that specific user account in the system. Add the public keys as a list when configuring a user using ssh_authorized_key
: ssh_authorized_keys: – ssh_pub_key_1 – ssh_pub_key_2 The
listed keys will belong to the configured user or the first user defined in the user’s module
.
If you already have pre-generated private SSH keys, you can store them on the server. Cloud-init supports RSA, DSA, and ECDS public key cryptosystems. Be sure to pay attention to formatting when adding SSH keys: use line breaks, blocks, pipe keys, and always specify the INITIAL PRIVATE KEY and the FINAL PRIVATE KEY.
ssh_keys: rsa_private: | -BEGIN RSA PRIVATE KEY- your_rsa_private_key -END RSA PRIVATE KEY- rsa_public: your_rsa_public_key
Configure
a locale
To configure and apply a system-wide system locale, use the cc_locale module. Use the following configuration shema to define
the locale: what you want to configure as the system locale. locale_configfile: The path to the file where you want to enter the locale.
Define
the host name
With cloud-init, you can set the host name and FQDN (fully qualified domain name). There are several ways to do this:
Specify the fully qualified domain name using the fqdn key. Define the host name using the hostname key. Use the hostname key to define fqdn
- (not recommended). Use the hostname key and the fqdn
- key
- .
The configuration keys to define
The host name includes: preserve_hostname: Use true or false to set whether to keep the host name or allow modification. prefer_fqdn_over_hostname: Use true or false to set whether to force the use of FQDNs on all distributions. fqdn: Hostname FQDN: FQDN/hostname
Conclusion Use the cloud-init package to seamlessly initialize your cloud instances with configuration and software configured and ready to use. Add users and groups, write arbitrary files, add yum repositories or run commands on first boot with the help of this powerful tool.