Updated on 2024-09-09 GMT+08:00

Configuring Cloud-Init

Scenarios

You need to configure Cloud-Init after it is installed.

Prerequisites

  • Cloud-Init has been installed.
  • An EIP has been bound to the ECS.
  • You have logged in to the ECS.
  • The ECS obtains its IP address using DHCP.

Procedure

The following operations are required:

  1. Configure Cloud-Init.

    For details, see Configure Cloud-Init.

  2. Check whether Cloud-Init is successfully configured.

    For details, see Check the Cloud-Init Configuration.

Configure Cloud-Init

  1. Configure the user permissions for logging in to the ECS. If you select user root, enable the SSH permissions of user root and enable remote login to the ECS using a password.
    • If you inject a password, use it to log in to the ECS remotely using SSH or noVNC.
    • If you inject a key, use it to log in to the ECS remotely using SSH.
  2. Enable remote login using the password of user root and enable the SSH permissions of user root.
    Take CentOS 6.7 as an example. If the value of disable_root in the /etc/cloud/cloud.cfg file is 0, the permissions are enabled. (In some OSs, value true indicates that the permissions are disabled, and false indicates that the permissions are enabled). Set ssh_pwauth to 1, and lock_passwd to False (indicating that user passwords are not locked).
    users:
     - name: root
       lock_passwd: False
    
    disable_root: 0
    ssh_pwauth: 1
  1. Prevent Cloud-Init from taking over the network in /etc/cloud/cloud.cfg.

    If the Cloud-Init version is 0.7.9 or later, add the following content to /etc/cloud/cloud.cfg:

    Figure 1 Preventing Cloud-Init from taking over the network

    The added content must be in the YAML format.

  2. Enable the agent to access the IaaS OpenStack data source.
    Add the following information to the last line of /etc/cloud/cloud.cfg:
    datasource_list: [ OpenStack ]
    datasource:
      OpenStack:
        metadata_urls: ['http://169.254.169.254']
        max_wait: 120
        timeout: 5
        apply_network_config: false
    • You can decide whether to set max_wait and timeout. The values of max_wait and timeout in the preceding command output are only for reference.
    • If the OS version is earlier than Debian 8 or CentOS 5, you cannot enable the agent to access the IaaS OpenStack data source.
    • The default zeroconf route must be disabled for CentOS and EulerOS ECSs for accurate access to the IaaS OpenStack data source.

      echo "NOZEROCONF=yes" >> /etc/sysconfig/network

    • apply_network_config: false is only requited by users who use Cloud-Init 18.3 or later.
  3. Add the following content to /etc/cloud/cloud.cfg:

    manage_etc_hosts: localhost

    This prevents the system from staying in the Waiting for cloudResetPwdAgent state for a long time during ECS startup.

    Figure 2 Adding manage_etc_hosts: localhost
  4. Run the vi /etc/ssh/sshd_config command to open the /etc/ssh/sshd_config file using the vi editor.
    Change the value of PasswordAuthentication in the sshd_config file to yes.

    For SUSE and openSUSE, change the values of the following parameters in the sshd_config file to yes:

    • PasswordAuthentication
    • ChallengeResponseAuthentication
  5. Modify cloud_init_modules in the cloud.cfg configuration file.
    • Move ssh from the bottom to the top to speed up the SSH login.
    • Enable the hostname update. Do not comment out or delete the -update_hostname statement.
      cloud_init_modules:
       - ssh
       - migrator
       - bootcmd
       - write-files
       - growpart
       - resizefs
       - set_hostname
       - update_hostname
       - update_etc_hosts
       - rsyslog
       - users-groups
  6. Modify the configuration so that the hostname of the ECS created from the image does not contain the .novalocal suffix and can contain a dot (.).
    1. Run the following command to modify the __init__.py file:

      vi /usr/lib/python*.*/site-packages/cloudinit/sources/__init__.py

      The Python version varies depending on the OS.

      Press i to enter editing mode. Modify the file content as follows based on the keyword toks:

      if toks:
          toks = str(toks).split('.')
      else:
          #toks = ["ip-%s" % lhost.replace(".", "-")] # Comment out this line.
          toks = lhost.split(".novalocal")    # Add this line.
      
      if len(toks) > 1:
          hostname = toks[0]
          #domain = '.'.join(toks[1:]) # Comment out this line.
      else:
          hostname = toks[0]
      
      if fqdn and domain != defdomain:
          #return hostname   # Comment out this line.
          return "%s.%s" % (hostname, domain)   # Add this line.
      else:
          return hostname

      After the modification is complete, press Esc to exit the editing mode and enter :wq! to save the settings and exit.

    2. Run the following command to switch to the cloudinit/sources folder:

      cd /usr/lib/python*.*/site-packages/cloudinit/sources/

      The Python version varies depending on the OS.

    3. Run the following commands to delete the __init__.pyc file and the optimized __init__.pyo file:

      rm -rf __init__.pyc

      rm -rf __init__.pyo

    4. Run the following commands to clear the logs:

      rm -rf /var/lib/cloud/*

      rm -rf /var/log/cloud-init*

  7. Run the following command to edit the /etc/cloud/cloud.cfg.d/05_logging.cfg file to use cloudLogHandler to process logs:

    vim /etc/cloud/cloud.cfg.d/05_logging.cfg

    [logger_cloudinit]
    level=DEBUG
    qualname=cloudinit
    handlers=cloudLogHandler
    propagate=1
  8. Delete user linux and the /home/linux directory from the image template.

    userdel linux

    rm -fr /home/linux

  9. Ensure that Cloud-Init is enabled.

    Delete the /etc/cloud/cloud-init.disabled file by running cloud-init clean --machine-id. If there is no such a file, skip this step.

Check the Cloud-Init Configuration

Run the following command to check whether Cloud-Init has been properly configured:

cloud-init init --local

If Cloud-Init has been properly installed, the version information is displayed and no error occurs. For example, messages indicating lack of files will not be displayed.

(Optional) Run the following command to set the password validity period to the maximum:

chage -M 99999 $user_name

user_name is a system user, such as user root.

You are advised to set the password validity period to 99999.