Updated at: 2022-02-22 GMT+08:00

Configuring Cloud-Init

Scenarios

You need to configure Cloud-Init after it is installed.

Prerequisites

  • Cloud-Init has been installed.
  • An EIP has been bound to the ECS.
  • You have logged in to the ECS.
  • The IP address obtaining mode of the ECS is DHCP.

Procedure

The following operations are required:

  1. Configure Cloud-Init.

    For details, see Configure Cloud-Init.

  2. Check whether Cloud-Init is successfully configured.

    For details, see Check the Cloud-Init Configuration.

Configure Cloud-Init

  1. Configure the user permissions for logging in to the ECS. If you select user root, enable the SSH permissions of user root and enable remote login to the ECS using a password.
    • If you inject a password, use it to log in to the ECS remotely using SSH or noVNC.
    • If you inject a private key, use it to log in to the ECS remotely using SSH.

    Run the following command to open the /etc/cloud/cloud.cfg file using the vi editor:

    vi /etc/cloud/cloud.cfg

  2. (Optional) In /etc/cloud/cloud.cfg, set apply_network_config to false.

    This step is only for Cloud-Init 18.3 or later.

    Figure 1 Example configuration
  3. Enable remote login using the password of user root and enable the SSH permissions of user root. Take CentOS 6.7 as an example. If the value of disable_root in the configuration file is 1, the permissions are disabled. If the value is 0, the permissions are enabled. (In some OSs, value true indicates that the permissions are disabled, and false indicates that the permissions are enabled). Set disable_root to 0, ssh_pwauth to 1, and lock_passwd to false (indicating that user passwords are not locked).
    users:
     - name: root
       lock_passwd: False
    
    disable_root: 0
    ssh_pwauth: 1
  1. Enable the hostname update. Do not comment or delete the -update_hostname statement.
    cloud_init_modules:
     - migrator
     - bootcmd
     - write-files
     - growpart
     - resizefs
     - set_hostname
     - update_hostname
     - update_etc_hosts
     - rsyslog
     - users-groups
     - ssh
  2. Run the following command to open the /etc/ssh/sshd_config file using the vi editor:

    vi /etc/ssh/sshd_config

  3. Change the value of PasswordAuthentication in the sshd_config file to yes.

    For SUSE and openSUSE, change the values of the following parameters in the sshd_config file to yes:

    • PasswordAuthentication
    • ChallengeResponseAuthentication
  4. Delete user linux and the /home/linux directory from the image template.

    userdel linux

    rm -fr /home/linux

  1. Enable the agent to access the IaaS OpenStack data source.
    Add the following information to the last line of /etc/cloud/cloud.cfg:
    datasource_list: [ OpenStack ]
    datasource:
      OpenStack:
        metadata_urls: ['http://169.254.169.254']
        max_wait: 120
        timeout: 5
    • You can decide whether to set max_wait and timeout. The values of max_wait and timeout in the preceding command output are only for reference.
    • If the OS version is earlier than Debian 8 or CentOS 5, you cannot enable the agent to access the IaaS OpenStack data source.
    • The default zeroconf route must be disabled for CentOS and EulerOS ECSs for accurate access to the IaaS OpenStack data source.

      echo "NOZEROCONF=yes" >> /etc/sysconfig/network

  2. Prevent Cloud-Init from taking over the network in /etc/cloud/cloud.cfg.

    If the Cloud-Init version is 0.7.9 or later, add the following content to /etc/cloud/cloud.cfg:

    network:
      config: disabled

    The added content must be in the YAML format.

    Figure 2 Preventing Cloud-Init from taking over the network
  3. Add the following content to /etc/cloud/cloud.cfg:

    manage_etc_hosts: localhost

    This prevents the system from staying in the Waiting for cloudResetPwdAgent state for a long time during ECS startup.

    Figure 3 Adding manage_etc_hosts: localhost
  4. Modify the cloud_init_modules configuration file.

    Move ssh from the bottom to the top to speed up the SSH login.

    Figure 4 Speeding up the SSH login to the ECS
  5. Modify the configuration so that the hostname of the ECS created from the image does not contain the .novalocal suffix and can contain a dot (.).
    1. Run the following command to modify the __init__.py file:

      vi /usr/lib/python2.7/site-packages/cloudinit/sources/__init__.py

      Press i to enter editing mode. Search for toks. The following information is displayed:

      if toks:
          toks = str(toks).split('.')
      else:
          toks = ["ip-%s" % lhost.replace(".", "-")]
      else:
          toks = lhost.split(".novalocal")
      
      if len(toks) > 1:
          hostname = toks[0]
          #domain = '.'.join(toks[1:])
      else:
          hostname = toks[0]
      
      if fqdn and domain != defdomain:
          return "%s.%s" % (hostname, domain)
      else:
          return hostname

      After the modification is complete, press Esc to exit editing mode and enter :wq! to save the settings and exit.

      Figure 5 Modifying the __init__.py file
    2. Run the following command to switch to the cloudinit/sources folder:

      cd /usr/lib/python2.7/site-packages/cloudinit/sources/

    3. Run the following commands to delete the __init__.pyc file and the optimized __init__.pyo file:

      rm -rf __init__.pyc

      rm -rf __init__.pyo

    4. Run the following commands to clear the logs:

      rm -rf /var/lib/cloud/*

      rm -rf /var/log/cloud-init*

  6. Run the following command to edit the /etc/cloud/cloud.cfg.d/05_logging.cfg file to use cloudLogHandler to process logs:

    vim /etc/cloud/cloud.cfg.d/05_logging.cfg

    Figure 6 Setting the parameter value to cloudLogHandler

Check the Cloud-Init Configuration

Run the following command to check whether Cloud-Init has been properly configured:

cloud-init init --local

If Cloud-Init has been properly installed, the version information is displayed and no error occurs. For example, messages indicating lack of files will not be displayed.

(Optional) Run the following command to set the password validity period to the maximum:

chage -M 99999 $user_name

user_name is a system user, such as user root.

You are advised to set the password validity period to 99999.

close