.. Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information# regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Cloud-init integration ------------------------- Cloudstack and cloud-init integration provide Instances with advanced management features such as: * Password management * SSH keys management * Partition management * User-data input * `Other modules `_ Examples for relevant features are listed for different distributions. ~~~~~~~~~~~~~~~~~~~~~~ Linux with Cloud-init ---------------------- These features can be implemented in `“Linux Template creation process” <_create_linux.html#creating-a-linux-template>`_. where they are executed just before the **Template cleanup** step. #. **Install and configure cloud-init** Install cloud-init and mentioned auxiliary packages. ~ CentOS .. code:: bash yum install -y cloud-init wget ~ Ubuntu .. code:: bash apt-get install -y cloud-init wget Configure cloud-init to detect Cloudstack data source during runtime. Cloud-init data sources can be specified in /etc/cloud/cloud.cfg.d/ directory. Add the following config in /etc/cloud/cloud.cfg.d/99_cloudstack.cfg. .. code:: bash datasource_list: [ ConfigDrive, CloudStack, None ] datasource: CloudStack: {} None: {} .. note:: For the vm instances running on VMware or XenServer/XCP-ng hypervisors, if there are multiple cloud-init data sources, it is a known issue that ds-identify is not able to detect if "CloudStack" DataSource is enabled. To fix the problem, please run the following command to enable cloud-init without any aid from ds-identify. .. code:: bash echo "policy: enabled" > /etc/cloud/ds-identify.cfg #. **Password management** Cloudstack integration with cloud-init `set-passwords module `_ will enable the platform to set a password for each Instance created from the Main Template. Additionally it will allow to reset the user password through the GUI. - **Enable set_passwords module on every boot** By default the set-passwords module runs only on first boot of the Instance, change that to run on every boot. .. code:: bash sudo sed -i s/" - set[_|-]passwords"/" - [set_passwords, always]"/g /etc/cloud/cloud.cfg - **Specify the managed user** Cloudstack will create the user, set a password and reset it when requested. To do that set the following configuration in /etc/cloud/cloud.cfg.d/80_user.cfg .. code:: bash system_info: default_user: name: cloud-user lock_passwd: false # disable user password login - true/false sudo: [\"ALL=(ALL) ALL\"] # User permissions disable_root: 0 # root remote login is 0 - enabled, 1 - disabled ssh_pwauth: 1 # password login is 0 - disabled, 1- enabled #. **SSH keys management** Cloud-init `ssh module `_ can automatically install new SSH keys when set or reset from Cloudstack GUI. By default the module runs once during Instance creation and will fetch Cloudstack keys without any additional configuration. To enable Cloudstack reset SSH keys feature configure cloud-init ssh module to run on every boot. .. code:: bash sudo sed -i s/" - ssh$"/" - [ssh, always]"/g /etc/cloud/cloud.cfg ======= .. warning:: If the cloud-init ssh module is set to run every boot, it will regenerate the certificate fingerprint of the host. This will cause a warning to anyone that logs in the system and also bring trouble to anyone trying to automate ssh access. Disable cloud-init regenerating host certificates on boot. If Template certificates are deleted they will be regenerated by the OS on instnace first boot. .. code:: bash echo "ssh_deletekeys: false" > /etc/cloud/cloud.cfg.d/49_hostkeys.cfg Note that if this instance is moved or snapshotted, it will be vulnerable to man-in-the-middle attacks if the behavior is not re-enabled first. #. **Partition management** Cloud-init can detect and resize one or more existing partitions automatically after reboot. This guide will cover root partition and volume. First install the `Growpart module `_ as it is not shipped with cloud-init. ~ Centos .. code:: bash yum install cloud-utils-growpart -y ~ Ubuntu .. code:: bash apt-get install cloud-initramfs-growroot -y - **Detect and extend MBR partitions** Locate the root partition. .. note:: Root partition can differ per OS type, version and partition setup. .. code:: bash [root@localhost ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root centos -wi-ao---- <17.00g swap centos -wi-ao---- 2.00g [root@localhost ~]# vgs VG #PV #LV #SN Attr VSize VFree centos 1 2 0 wz--n- <19.00g 0 [root@localhost ~]# pvs PV VG Fmt Attr PSize PFree /dev/xvda2 centos lvm2 a-- <19.00g 0 On the current setup root is on /dev/xvda2 partition. Define the configuration below in /etc/cloud/cloud.cfg.d/50_growpartion.cfg .. code:: bash growpart: mode: auto devices: - \"/dev/xvda2\" ignore_growroot_disabled: false Now on every boot growpart will check and extend /dev/xvda2 if there is change in size. - **Extend Physical volume, Volume group and root lvm** After partition is extended the upper layers should also be resized. This can be automated with cloud-init `runcmd module `_ . Set the configuration below in /etc/cloud/cloud.cfg.d/51_extend_volume.cfg. ~ CentOS Centos 7 root volume is /dev/centos/root if no changes are done during installation. Change the value accordingly if setup is different. .. code:: bash runcmd: - [ cloud-init-per, always, grow_VG, pvresize, /dev/xvda2 ] - [ cloud-init-per, always, grow_LV, lvresize, -l, '+100%FREE', /dev/centos/root ] - [ cloud-init-per, always, grow_FS, xfs_growfs, /dev/centos/root ] ~ Ubuntu Ubuntu 20 root volume is /dev/ubuntu-vg/ubuntu-lv if no changes are done during installation. Change the value accordingly if setup is different. .. code:: bash runcmd: - [ cloud-init-per, always, grow_VG, pvresize, /dev/xvda3 ] - [ cloud-init-per, always, grow_LV, lvresize, -l, '+100%FREE', /dev/ubuntu-vg/ubuntu-lv ] - [ cloud-init-per, always, grow_FS, xfs_growfs, /dev/ubuntu-vg/ubuntu-lv ] .. warning:: The example code above is based on XFS parition type. If ext4 partitioning is utilized replace **xfs_growfs** with **resize2fs** in the last code line. It is possible to also use cloud-init `resize2fs module `_ . - **Enable autoresize on every boot** By default cloud-init **runcmd** module executes defined commands on first boot only. Commands will run on every boot only if both **runcmd** and **user-scripts** modules are configured to run on every boot. .. code:: bash sudo sed -i s/" - runcmd"/" - [runcmd, always]"/g /etc/cloud/cloud.cfg sudo sed -i s/" - scripts-user"/" - [scripts-user, always]"/g /etc/cloud/cloud.cfg #. **User-data** Cloud-init can parse and execute user-data form Cloud-stack during Instance creation. This feature works as is without additional configuration. #. **Cleanup** Once desired cloud-init features are implemented, clean cloud-init tracker files. .. code:: bash cloud-init clean Or do it manually. .. code:: bash rm -rf /var/lib/cloud/* If **Password management** feature is used clean /etc/sudoers from any cloud-init user setups. .. code:: bash rm -rf /etc/sudoers.d/* #. **Finalize Template** Proceed with `“Linux Template creation process” <_create_linux.html>`_ continuing with **Template cleanup** step.