By: Himabindu P J
RSI Consulting Limited
Cloud-init is an open-source package which will configure a newly deployed virtual machine on first boot. Cloud-init is available for AIX and Linux, but is currently not available for IBM i. It is not an OpenStack technology but is a package that is designed to support multiple cloud providers. The goal is to enable consistent virtual machine customization technology across different cloud environments with little modification.
When cloud-init is used to deploy a VM, it configures some of the settings like:
1. Setting a default locale
2. Setting the hostname
3. Generating ssh private keys
4. Adding ssh keys to the user's .ssh/authorized_keys so they can log in
5. Updating the hostname
6. Resetting RMC
Overview of the cloud.cfg file
When we install the cloud-init package, the cloud.cfg file will be generated. This file controls customization of the virtual machine. It is written in YAML data serialization format.
Below is the content of cloud-init.cfg file taken from an AIX virtual machine instance. By default the cloud.cfg file is found in in the /opt/freeware/etc/cloud directory
root@testaix:/etc# vi /opt/freeware/etc/cloud/cloud.cfg
"/opt/freeware/etc/cloud/cloud.cfg" 107 lines, 2536 characters
# The top level settings are used as module
# and system configuration.
# A set of users which may be applied and/or used by various modules
# when a 'default' entry is found it will reference the 'default_user'
# from the distro configuration specified below
users:
- default
# If this is set, 'root' will not be able to ssh in and they
# will get a message to login instead as the above $user (ubuntu)
disable_root: true
# Allow SSH password authorization
ssh_pwauth: true
# Delete existing SSH host keys
ssh_deletekeys: true
# Regen RSA and DSA host keys
ssh_genkeytypes: ['rsa', 'dsa']
# This will cause the set+update hostname module to not operate (if true)
preserve_hostname: false
datasource_list: ['ConfigDrive']
# Example datasource config
# datasource:
# Ec2:
# metadata_urls: [ 'blah.com' ]
# timeout: 5 # (defaults to 50 seconds)
# max_wait: 10 # (defaults to 120 seconds)
# The modules that run in the 'init' stage
cloud_init_modules:
- migrator
- seed_random
- bootcmd
- write-files
- growpart
- resizefs
- set_hostname
- update_hostname
- update_etc_hosts
- ca-certs
- rsyslog
- users-groups
- ssh
# The modules that run in the 'config' stage
cloud_config_modules:
# Emit the cloud config ready event
# this can be used by upstart jobs for 'start on cloud-config'.
- emit_upstart
- disk_setup
- mounts
- ssh-import-id
- locale
- set-passwords
- grub-dpkg
- apt-pipelining
- apt-configure
- package-update-upgrade-install
- landscape
- timezone
- puppet
- chef
- salt-minion
- mcollective
- disable-ec2-metadata
- runcmd
- bylupstart_dir: /etc/rc.d/init.d/tc/cloud/templates/
ssh_svcname: sshere will be given to the distro class and/or path classes
paths:date-bootlist
- ibm-set-multipath-hcheck-interval
- ibm-restore-volume-groups
# The modules that run in the 'final' stage
cloud_final_modules:
- rightscale_userdata
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- phone-home
- final-message
- power-state-change
# System and/or distro specific settings
# (not accessible to handlers/transforms)
system_info:
# This will affect which distro class gets used
distro: aix
# Default user name + that default users groups (if added/used)
default_user:
Cloud-init.cfg file Structure
The organization structure of cloud-init configuration file is diagrammatically shown below.
There are three sets of modules in cloud.cfg file in the order once the instance is booted up: cloud_init_modules, cloud_config_modules, and cloud_final_modules.
Initial instance configuration section
The users key will contain information about the users that we want to create and their properties.
The default user is 'cloud-user' .
disable_root key is used if you want to be able to SSH in to the system as the root user. It will be enabled if set to 0 and disabled if set to 1.
ssh_pwauth is used if we need to enable password login via SSH.
locale_config file is the locale that is set. If we need to specifically set the locale we can add the key value pair as “locale : en_US.UTF-8”
ssh_deletekeys: true
boolean Indicates whether existing SSH keys should be deleted on a per-instance basis. On a public image, this should absolutely be set to 'True'. These are host SSH keys and it should be reset every time on every image to give each VM its own set of keys. Otherwise, each VM will have the same public and private keys.
ssh_genkeytypes: ~
a list of the ssh key types that should be generated. These are passed to 'ssh-keygen -t'. Possible values are ['rsa', 'dsa', 'ecdsa'].
preserve_hostname: false
Used in synchronization with set_hostname and update_hostname module under cloud_init_modules section.
Datasourcelist:[Config Drive]
The config drive can be used by any guest operating system that is capable of mounting an ISO9660 or VFAT file system.
We can pass DHCP configuration information in the config drive using PowerVC. So once we capture the image using the static IP address, we can deploy it using a DHCP network.
Cloud_init module
This contains list of modules that runs immediately when a data source is found. They are initiated once the VM instance is started
They can't rely on network being up. These modules run at the 'init' stage.
Cloud_config module
This list runs almost immediately when a static network comes up (where "static" means any network with an explicit configuration in /etc, including DHCP). These modules run in the 'config' stage.
Cloud Config is the simplest way to accomplish things via user-data. This syntax is built through modules (written in python). The default modules can be found in /usr/lib/python-'version'/site-packages/cloudinit/CloudConfig/. Cloud-init knows what modules are there to be processed through the file /opt/freeware/etc/cloud/cloud.cfg, which has the list of all the python modules.
Cloud-config module example
For example, let's assume that we wanted to add a new module called mymodule. We can either write the file cc_mymodule.py directly in the modules directory (inside the instance) or write it somewhere else (your personal computer, for example) and copy it to the instance's modules directory. After doing this, edit the "cloud.cfg" file and add our module's name. The resulting file will have the“mymodule” section added to cloud_config.
Wiki link Developing Custom Cloud-Init Modules explains how to write your own module.
Cloud_final_module
This list runs at unix rc.local time frame, ie "very late in boot" These modules run in the 'final' stage . For example, rebooting an instance.
Installation and configuration of Cloud-init on AIX:
The cloud-init script is written in Python language. So before installing cloud-init, we need to have python and its dependent packages.
We can install cloud init dependent packages either in two ways:
Manually download all the RPMs in order from the link AIX cloud-init support using “rpm -Uvh <name of rpm>”.
Execute the cloudinst.sh script from ftp://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/cloudinit/cloudinst.sh
Once dependent packages are installed, install the cloud-init RPM from ftp://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/cloudinit/
After the successful installation, the cloud.cfg file will be created under /opt/freeware/etc/cloud/.
This is the actual file where we can perform customization of a virtual machine.
Refer to this topic for information about updating the optional settings:
Cloud-init install on PowerVM
Debugging Cloud-init installation on PowerVM
For debugging cloud-init related issues,we can check the logs which will be written in /var/log/cloud-init-output.log.
Installation and configuration of Cloud-init on Red Hat Enterprise Linux:
Before we install cloud-int for the first time we need to install the dependent packages.
For RHEL, we need to download the EPEL repository using wget command and install it. EPEL(Extra packages for enterprise linux) repository contains couple of Linux add-on packages that is required for cloud-init RPM install.
The EPEL RPM's varies depending upon the RHEL server version used.
Below is the link for getting the EPEL RPMs for different versions of RHEL server.
http://dl.fedoraproject.org/pub/epel/
RHEL6 Example:
wget http://dl.fedoraproject.org/pub/epel/6Server/ppc64/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6*.rpm
RHEL7 Example:
wget http://dl.fedoraproject.org/pub/epel/7/ppc64/e/epel-release-7-5.noarch.rpm
rpm -Uvh epel-release-7*.rpm
Once the EPEL is installed, register and connect to it to Red Hat satellite network.
Install cloud init RPM using “yum install cloud-init*.rpm” . Yum will install all the dependent packages from EPEL repository which is required for cloud-init install. This cloud-init RPM can be taken from from a system that has PowerVC installed. The packages will be here: /opt/ibm/powervc/images/cloud-init/rhel
eg:
cloud-init-0.7.4-5.el6.noarch.rpm – This is for rhel 6
cloud-init-0.7.4-5.el7.noarch.rpm – This is for rhel 7
After installing the cloud-init package, modify the cloud.cfg file /etc/cloud/cloud.cfg with the following values:
disable_root: 0
ssh_pwauth: 1
ssh_deletekeys: 1
Then add the following parameters:
disable_ec2_metadata: True
datasource_list: ['ConfigDrive']
For RHEL 6.6 and above, ensure the following conditions are set:
Set SELinux to permissive or disabled on the virtual machine you are capturing or deploying.
The Network Manager should not be enabled.
Ensure that the net-tools package is installed.
Remove the MAC address information from /etc/sysconfig/network-scripts/ifcfg-eth0.
For RHEL server versions 7.0 and earlier:
Debugging Cloud-init on RHEL
For debugging cloud-init related issues, edit /etc/cloud/cloud.cfg.d/05_logging.cfg and change the level from WARNING to DEBUG in order to get log entries written to /var/log/messages.
[handler_consoleHandler]
class=StreamHandler
level=WARNING
Once all the changes have been made, we can use the above created image and save it as the base image for future deployments.
For additional information about installing cloud-init including information on Ubuntu and SLES, refer to these topics in the PowerVC Knowledge Center
Cloud-init install on PowerVM
Cloud-init install on PowerKVM