Cloud-init integration
Cloudstack and cloud-init integration provide Instances with advanced management features such as:
Password management
SSH keys management
Partition management
User-data input
Examples for relevant features are listed for different distributions.
Linux with Cloud-init
These features can be implemented in “Linux Template creation process”. where they are executed just before the Template cleanup step.
Install and configure cloud-init
Install cloud-init and mentioned auxiliary packages.
~ CentOS
yum install -y cloud-init wget
~ Ubuntu
apt-get install -y cloud-init wget
Configure cloud-init to detect Cloudstack data source during runtime.
Cloud-init data sources can be specified in /etc/cloud/cloud.cfg.d/ directory. Add the following config in /etc/cloud/cloud.cfg.d/99_cloudstack.cfg.
datasource_list: [ ConfigDrive, CloudStack, None ] datasource: CloudStack: {} None: {}
Note
For the vm instances running on VMware or XenServer/XCP-ng hypervisors, if there are multiple cloud-init data sources, it is a known issue that ds-identify is not able to detect if “CloudStack” DataSource is enabled. To fix the problem, please run the following command to enable cloud-init without any aid from ds-identify.
echo "policy: enabled" > /etc/cloud/ds-identify.cfg
Password management
Cloudstack integration with cloud-init set-passwords module will enable the platform to set a password for each Instance created from the Main Template. Additionally it will allow to reset the user password through the GUI.
Enable set_passwords module on every boot
By default the set-passwords module runs only on first boot of the Instance, change that to run on every boot.
sudo sed -i s/" - set[_|-]passwords"/" - [set_passwords, always]"/g /etc/cloud/cloud.cfg
Specify the managed user
Cloudstack will create the user, set a password and reset it when requested. To do that set the following configuration in /etc/cloud/cloud.cfg.d/80_user.cfg
system_info: default_user: name: cloud-user lock_passwd: false # disable user password login - true/false sudo: [\"ALL=(ALL) ALL\"] # User permissions disable_root: 0 # root remote login is 0 - enabled, 1 - disabled ssh_pwauth: 1 # password login is 0 - disabled, 1- enabled
SSH keys management
Cloud-init ssh module can automatically install new SSH keys when set or reset from Cloudstack GUI. By default the module runs once during Instance creation and will fetch Cloudstack keys without any additional configuration. To enable Cloudstack reset SSH keys feature configure cloud-init ssh module to run on every boot.
sudo sed -i s/" - ssh$"/" - [ssh, always]"/g /etc/cloud/cloud.cfg
Warning
If the cloud-init ssh module is set to run every boot, it will regenerate the certificate fingerprint of the host. This will cause a warning to anyone that logs in the system and also bring trouble to anyone trying to automate ssh access.
Disable cloud-init regenerating host certificates on boot. If Template certificates are deleted they will be regenerated by the OS on instnace first boot.
echo "ssh_deletekeys: false" > /etc/cloud/cloud.cfg.d/49_hostkeys.cfgNote that if this instance is moved or snapshotted, it will be vulnerable to man-in-the-middle attacks if the behavior is not re-enabled first.
Partition management
Cloud-init can detect and resize one or more existing partitions automatically after reboot. This guide will cover root partition and volume. First install the Growpart module as it is not shipped with cloud-init.
~ Centos
yum install cloud-utils-growpart -y
~ Ubuntu
apt-get install cloud-initramfs-growroot -y
Detect and extend MBR partitions
Locate the root partition.
Note
Root partition can differ per OS type, version and partition setup.
[root@localhost ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root centos -wi-ao---- <17.00g swap centos -wi-ao---- 2.00g [root@localhost ~]# vgs VG #PV #LV #SN Attr VSize VFree centos 1 2 0 wz--n- <19.00g 0 [root@localhost ~]# pvs PV VG Fmt Attr PSize PFree /dev/xvda2 centos lvm2 a-- <19.00g 0
On the current setup root is on /dev/xvda2 partition. Define the configuration below in /etc/cloud/cloud.cfg.d/50_growpartion.cfg
growpart: mode: auto devices: - \"/dev/xvda2\" ignore_growroot_disabled: falseNow on every boot growpart will check and extend /dev/xvda2 if there is change in size.
Extend Physical volume, Volume group and root lvm
After partition is extended the upper layers should also be resized. This can be automated with cloud-init runcmd module . Set the configuration below in /etc/cloud/cloud.cfg.d/51_extend_volume.cfg.
~ CentOS
CentOS root volume is /dev/centos/root if no changes are done during installation. Change the value accordingly if setup is different.
runcmd: - [ cloud-init-per, always, grow_VG, pvresize, /dev/xvda2 ] - [ cloud-init-per, always, grow_LV, lvresize, -l, '+100%FREE', /dev/centos/root ] - [ cloud-init-per, always, grow_FS, xfs_growfs, /dev/centos/root ]
~ Ubuntu
Ubuntu 20 root volume is /dev/ubuntu-vg/ubuntu-lv if no changes are done during installation. Change the value accordingly if setup is different.
runcmd: - [ cloud-init-per, always, grow_VG, pvresize, /dev/xvda3 ] - [ cloud-init-per, always, grow_LV, lvresize, -l, '+100%FREE', /dev/ubuntu-vg/ubuntu-lv ] - [ cloud-init-per, always, grow_FS, xfs_growfs, /dev/ubuntu-vg/ubuntu-lv ]
Warning
The example code above is based on XFS parition type. If ext4 partitioning is utilized replace xfs_growfs with resize2fs in the last code line. It is possible to also use cloud-init resize2fs module .
Enable autoresize on every boot
By default cloud-init runcmd module executes defined commands on first boot only. Commands will run on every boot only if both runcmd and user-scripts modules are configured to run on every boot.
sudo sed -i s/" - runcmd"/" - [runcmd, always]"/g /etc/cloud/cloud.cfg sudo sed -i s/" - scripts-user"/" - [scripts-user, always]"/g /etc/cloud/cloud.cfg
User-data
Cloud-init can parse and execute user-data form Cloud-stack during Instance creation. This feature works as is without additional configuration.
Network configuration with ConfigDrive
Cloud-init can fetch network configuration from ConfigDrive. To enable this, ensure network configuration is not disabled in cloud-init configuration.
echo -e "\nnetwork: {}" >> /etc/cloud/cloud.cfg
Note
Adding/removing nic to/from an instance or updating the ip address of a nic will not be reflected in the instance if the instance is already running. To do so, run cloud-init clean –machine-id -s to clean the machine id and seed data. Then reboot the instance to apply the changes.
Cleanup
Once desired cloud-init features are implemented, clean cloud-init tracker files.
cloud-init clean
Or do it manually.
rm -rf /var/lib/cloud/*
If Password management feature is used clean /etc/sudoers from any cloud-init user setups.
rm -rf /etc/sudoers.d/*
Finalize Template
Proceed with “Linux Template creation process” continuing with Template cleanup step.