Kubic:MicroOS/cloud-init

Jump to: navigation, search

Configuration of openSUSE MicroOS and openSUSE Kubic with cloud-init

The system will be configured with cloud-init during the boot phase. The following datasources are configured and called in this order: LocalDisk, NoCloud, OpenStack, None.

Datasource LocalDisk

This datasource reads the configuration files from the local disk. The directory is /cloud-init-config, the required configuration files are meta-data, user-data and optional vendor-data.

Datasource NoCloud

The NoCloud datasource can be configured to look for configuration data on a local storage or a remote network source.

Remote Network Source

For a remote network source, the URL needs to be specified during boot at the kernel command line: cloud-init-url=http://my.example.com/cloud.cfg

The format of the file is:

 #cloud-config
 datasource:
   NoCloud:
     # default seedfrom is None
     # if found, then it should contain a url with:
     #    <url>user-data and <url>meta-data
     # seedfrom: http://my.example.com/<path>/


The content of the URL is stored in /etc/cloud/cloud.cfg.d/91_kernel_cmdline_url.cfg and will not be overwritten, even if the URL on the kernel commandline changes.

Local Storage

To setup the network to access configuration files on the network local configuration files can be used. NoCloud will search on all devices, which do not contain a partition table and contain a vfat or iso9660 filesystem. The filesystem volume label must be cidata.

So this could be a ISO-image, USB-Stick or an unpartitioned harddisk.

meta-data

 instance-id: iid-abcde001
 network-interfaces: |
   auto eth0
   iface eth0 inet dhcp

The instance-id is used to determine if this is "first boot”. So if changes are made to the configuration, this has to be changed.

The auto eth0 in the network configuration part means, that the network configuration should be started automatically during boot phase. In this example, the interface `eth0` is configured for dhcp.

A static network configuration would look like:

 network-interfaces: |
   auto eth0
   iface eth0 inet static
   address 192.168.1.10
   network 192.168.1.0
   netmask 255.255.255.0
   broadcast 192.168.1.255
   gateway 192.168.1.1

user-data

Header

 #cloud-config
 debug: True
 disable_root: False

All user-data configuration files have to start with the line #cloud-config. To get debug output, set debug: True. If you want to login with a root password and not only ssh keys, set disable_root: False.

Add Authorized SSH Keys

 ssh_deletekeys: False
 ssh_pwauth: True
 ssh_authorized_keys:
   - ssh-rsa XXXKEY mail@example.com

ssh_deletekeys: False tells cloud-init not to delete old private and public keys of the host. The default is True, which means existing keys will be deleted and new ones generated. This is a bad idea, since ssh will complain about changed or wrong keys the next time you try to login after the cloud-init configuration has changed.

ssh_authorized_keys adds the public ssh keys to the authorized_keys file of of the default user. If not specified otherwise, this is root.

ssh_pwauth: True allows to login via ssh with a password, if a password is set. ssh_pwauth: False would prevent that.

Set Passwords

 chpasswd:
   list: |
     root:linux
   expire: True

This will set the password for root to linux. The variable expire defines, if the user as to change the password at the first login or not. expire: True means, he has to change the password with the first login. Instead of a clear text password it's also possible to specify a hashed password:

 chpasswd:
   list: |
     account:$6$salt$hash

Upstream documentation

Add custom repository and configure zypper

Here is how you can add a custom repository of your choice:

       zypper:
         repos:
           - id: tumbleweed-oss
             name: os-oss
             baseurl: http://download.opensuse.org/tumbleweed/repo/oss/
             enabled: 1
             autorefresh: 1
           - id: tumbleweed-oss-sources
             name: os-oss-sources
             baseurl: http://download.opensuse.org/tumbleweed/repo/src-oss/
             enabled: 0
           - id: tumbleweed-update
             name: os-update
             baseurl: http://download.opensuse.org/update/tumbleweed/
             enabled: 1
             autorefresh: 1
         config:
           reposdir: /etc/zypp/repos.dir
           servicesdir: /etc/zypp/services.d
           download.use_deltarpm: true
           # any setting in /etc/zypp/zypp.conf

This option adds an additional custom software repository to the system, in this case the Tumbleweed OSS and update repositories. All options valid for *.repo files for zypper are valid options.

Timezone

 timezone: Europe/Berlin

Set the timezone for this instance. The value of timezone must exist in /usr/share/zoneinfo.

Hostname

 hostname: myhost
 fqdn: myhost.example.com

Nameserver

 manage_resolv_conf: true
 resolv_conf:
   nameservers: ['8.8.4.4', '8.8.8.8']
   searchdomains:
     - foo.example.com
     - bar.example.com
   domain: example.com
   options:
     rotate: true
     timeout: 1

Salt Minion

 salt_minion:
   conf:
     master: salt.example.com
 
   public_key: |
     -----BEGIN PUBLIC KEY-----
     XXX
     -----END PUBLIC KEY-----
 
   private_key: |
     -----BEGIN RSA PRIVATE KEY-----
     XXX
    -----END RSA PRIVATE KEY-----

The Salt Minion is only available and used with openSUSE Kubic, not with openSUSE MicroOS

NTP Server

 ntp:
   servers:
     - ntp1.example.com
     - ntp2.example.com
     - ntp3.example.com
 runcmd:
   - /usr/bin/systemctl enable --now ntpd

With this configuration, ntp is configured during the first boot to use three ntp servers. Additionally, the ntp service is enabled and started immediately. There can only be one time service running on a system at the same time. systemd-timesyncd, chrony or other time services need to be disabled first.

Upstream documentation

Keyboard layout

 runcmd:
   - /usr/bin/localectl set-keymap de-latin1-nodeadkeys

The keyboard layout is set to the German layout with nodeadkeys.

openSUSE Kubic Administration Node

To enable and run the openSUSE Kubic administration dashboard, the following statement is needed in user-data:

 suse_caasp:
   role: admin

This defines, that the machine will have the system role Administration Node, will import the container needed for the administrative dashboard and start the needed services. Additionally, a NTP server needs to be configured. chrony and ntpd are NTP servers, systemd-timesyncd cannot act as server, only as client.

openSUSE Kubic Cluster Node

To enable and run the machine as Cluster Node, the following lines are needed in the user-data config file:

 suse_caasp:
   role: cluster
   admin_node: admin.example.com

This defines, that the system role of this machine is a Cluster Node. The machine itself will register itself as salt minion on the administration node and configure a timesync service with the administration node as reference. No additional NTP server is needed. If a NTP server is wanted, the systemd-timesyncd service needs to be disabled first. admin.example.com is either the DNS name of the administration node, or could be an IP address.

runcmd statement

There can only be one runcmd: statement in the user-data file. All different ones have to be grouped together to one.

Upstream documentation

Example configuration for openSUSE MicroOS

If you install with YaST2 or autoyast, you don't need to configure the network, update channel, user accounts and passwords or something similar. But you could still use cloud-init for fine tuning and additional configurations. If you use ready-to-run virtualisation images, you need something like the following. This example can be enhanced with all other valid cloud-init options.

meta-data

 instance-id: iid-MICROOS01
 network-interfaces: |
   auto eth0
   iface eth0 inet dhcp

user-data

 #cloud-config
 debug: True
 disable_root: False
 ssh_pwauth: True
 ssh_deletekeys: False
 ssh_authorized_keys:
   - ssh-rsa AAAAxxx== mail@exmaple.com
 chpasswd:
   list: |
     root:$6$salt$hash
   expire: False
 zypper:
   repos:
     - id: tumbleweed-oss
       name: os-oss
       baseurl: http://download.opensuse.org/tumbleweed/repo/oss/
       enabled: 1
       autorefresh: 1
     - id: tumbleweed-update
       name: os-update
       baseurl: http://download.opensuse.org/update/tumbleweed/
       enabled: 1
       autorefresh: 1
   config:
     download.use_deltarpm: true

Example configuration for openSUSE Kubic

If you install with YaST2 or autoyast, you don't need to configure the network, update channel, user accounts and passwords, system role or something similar. But you could still use cloud-init for fine tuning and additional configurations. If you use ready-to-run virtualisation images, you need something like the following. This example can be enhanced with all other valid cloud-init options.

meta-data (Admin Node and Cluster Node)

 instance-id: iid-MICROOS01
 network-interfaces: |
   auto eth0
   iface eth0 inet dhcp

user-data (Admin Node)

 #cloud-config
 debug: True
 disable_root: False
 ssh_pwauth: True
 ssh_deletekeys: False
 ssh_authorized_keys:
   - ssh-rsa AAAAxxx== mail@exmaple.com
 chpasswd:
   list: |
     root:$6$salt$hash
   expire: False
 zypper:
   repos:
     - id: tumbleweed-oss
       name: os-oss
       baseurl: http://download.opensuse.org/tumbleweed/repo/oss/
       enabled: 1
       autorefresh: 1
     - id: tumbleweed-update
       name: os-update
       baseurl: http://download.opensuse.org/update/tumbleweed/
       enabled: 1
       autorefresh: 1
   config:
     download.use_deltarpm: true
 suse_caasp:
   role: admin
 ntp:
   pools:
 runcmd:
   - /usr/bin/systemctl enable --now ntpd

user-data (Cluster Node)

 #cloud-config
 debug: True
 disable_root: False
 ssh_pwauth: True
 ssh_deletekeys: False
 ssh_authorized_keys:
   - ssh-rsa AAAAxxx== mail@exmaple.com
 chpasswd:
   list: |
     root:$6$salt$hash
   expire: False
 zypper:
   repos:
     - id: tumbleweed-oss
       name: os-oss
       baseurl: http://download.opensuse.org/tumbleweed/repo/oss/
       enabled: 1
       autorefresh: 1
     - id: tumbleweed-update
       name: os-update
       baseurl: http://download.opensuse.org/update/tumbleweed/
       enabled: 1
       autorefresh: 1
   config:
     download.use_deltarpm: true
 suse_caasp:
   role: cluster
   admin_node: admin.example.com