The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/

Portal:MicroOS/cloud-init

Jump to: navigation, search

Configuration of openSUSE MicroOS and openSUSE Kubic with cloud-init

The system will be configured with cloud-init during the boot phase. The following datasources are configured and called in this order: LocalDisk, NoCloud, OpenStack, None.

Datasource LocalDisk

This datasource reads the configuration files from the local disk. The required configuration files are meta-data, user-data and optional vendor-data, and must be located at the root of your local disk.

Datasource NoCloud

The NoCloud datasource can be configured to look for configuration data on a local storage or a remote network source.

Remote Network Source

For a remote network source, the URL needs to be specified during boot at the kernel command line: cloud-init-url=http://my.example.com/cloud.cfg

The format of the file is:

#cloud-config
datasource:
  NoCloud:
    # default seedfrom is None
    # if found, then it should contain a url with:
    #    <url>user-data and <url>meta-data
    # seedfrom: http://my.example.com/<path>/

The content of the URL is stored in /etc/cloud/cloud.cfg.d/91_kernel_cmdline_url.cfg and will not be overwritten, even if the URL on the kernel commandline changes.

Local Storage

To setup the network to access configuration files on the network local configuration files can be used. NoCloud will search on all devices, which do not contain a partition table and contain a vfat or iso9660 filesystem. The filesystem volume label must be cidata.

So this could be a ISO-image, USB-Stick or an unpartitioned harddisk.

meta-data

instance-id: iid-abcde001
network-interfaces: |
  auto eth0
  iface eth0 inet dhcp

The instance-id is used to determine if this is "first boot”. So if changes are made to the configuration, this has to be changed.

The auto eth0 in the network configuration part means, that the network configuration should be started automatically during boot phase. In this example, the interface `eth0` is configured for dhcp.

A static network configuration would look like:

network-interfaces: |
  auto eth0
  iface eth0 inet static
  address 192.168.1.10
  network 192.168.1.0
  netmask 255.255.255.0
  broadcast 192.168.1.255
  gateway 192.168.1.1

user-data

Header

#cloud-config
debug: True
disable_root: False

All user-data configuration files have to start with the line #cloud-config. To get debug output, set debug: True. If you want to login with a root password and not only ssh keys, set disable_root: False.

Add Authorized SSH Keys

ssh_deletekeys: False
ssh_pwauth: True
ssh_authorized_keys:
  - ssh-rsa XXXKEY mail@example.com

ssh_deletekeys: False tells cloud-init not to delete old private and public keys of the host. The default is True, which means existing keys will be deleted and new ones generated. This is a bad idea, since ssh will complain about changed or wrong keys the next time you try to login after the cloud-init configuration has changed.

ssh_authorized_keys adds the public ssh keys to the authorized_keys file of of the default user. If not specified otherwise, this is root.

ssh_pwauth: True allows to login via ssh with a password, if a password is set. ssh_pwauth: False would prevent that.

Set Passwords

chpasswd:
  list: |
    root:linux
  expire: True

This will set the password for root to linux. The variable expire defines, if the user as to change the password at the first login or not. expire: True means, he has to change the password with the first login. Instead of a clear text password it's also possible to specify a hashed password:

chpasswd:
  list: |
    account:$6$salt$hash

Upstream documentation

Add custom repository and configure zypper

Here is how you can add a custom repository of your choice:

      zypper:
        repos:
          - id: tumbleweed-oss
            name: os-oss
            baseurl: http://download.opensuse.org/tumbleweed/repo/oss/
            enabled: 1
            autorefresh: 1
          - id: tumbleweed-oss-sources
            name: os-oss-sources
            baseurl: http://download.opensuse.org/tumbleweed/repo/src-oss/
            enabled: 0
          - id: tumbleweed-update
            name: os-update
            baseurl: http://download.opensuse.org/update/tumbleweed/
            enabled: 1
            autorefresh: 1
        config:
          reposdir: /etc/zypp/repos.dir
          servicesdir: /etc/zypp/services.d
          download.use_deltarpm: true
          # any setting in /etc/zypp/zypp.conf

This option adds an additional custom software repository to the system, in this case the Tumbleweed OSS and update repositories. All options valid for *.repo files for zypper are valid options.

Timezone

timezone: Europe/Berlin

Set the timezone for this instance. The value of timezone must exist in /usr/share/zoneinfo.

Hostname

hostname: myhost
fqdn: myhost.example.com

Nameserver

manage_resolv_conf: true
resolv_conf:
  nameservers: ['8.8.4.4', '8.8.8.8']
  searchdomains:
    - foo.example.com
    - bar.example.com
  domain: example.com
  options:
    rotate: true
    timeout: 1

Salt Minion

salt_minion:
  conf:
    master: salt.example.com

  public_key: |
    -----BEGIN PUBLIC KEY-----
    XXX
    -----END PUBLIC KEY-----

  private_key: |
    -----BEGIN RSA PRIVATE KEY-----
    XXX
    -----END RSA PRIVATE KEY-----

The Salt Minion is only available and used with openSUSE Kubic, not with openSUSE MicroOS

NTP Server

ntp:
  servers:
    - ntp1.example.com
    - ntp2.example.com
    - ntp3.example.com
runcmd:
  - /usr/bin/systemctl enable --now ntpd

With this configuration, ntp is configured during the first boot to use three ntp servers. Additionally, the ntp service is enabled and started immediately. There can only be one time service running on a system at the same time. systemd-timesyncd, chrony or other time services need to be disabled first.

Upstream documentation

Keyboard layout

runcmd:
  - /usr/bin/localectl set-keymap de-latin1-nodeadkeys

The keyboard layout is set to the German layout with nodeadkeys.

openSUSE Kubic Kubeadm Node

Configuration of the openSUSE Kubic kubeadm node is currently not implemented.

openSUSE Kubic Cluster Node

Configuration of an openSUSE Kubic Cluster Node with cloud-init is currently not implemented.

runcmd statement

There can only be one runcmd: statement in the user-data file. All different ones have to be grouped together to one.

Upstream documentation

Example configuration for openSUSE MicroOS

If you install with YaST2 or autoyast, you don't need to configure the network, update channel, user accounts and passwords or something similar. But you could still use cloud-init for fine tuning and additional configurations. If you use ready-to-run virtualisation images, you need something like the following. This example can be enhanced with all other valid cloud-init options.

meta-data

instance-id: iid-MICROOS01
network-interfaces: |
  auto eth0
  iface eth0 inet dhcp

user-data

#cloud-config
debug: True
disable_root: False
ssh_pwauth: True
ssh_deletekeys: False
ssh_authorized_keys:
  - ssh-rsa AAAAxxx== mail@exmaple.com
chpasswd:
  list: |
    root:$6$salt$hash
  expire: False
zypper:
  repos:
    - id: tumbleweed-oss
      name: os-oss
      baseurl: http://download.opensuse.org/tumbleweed/repo/oss/
      enabled: 1
      autorefresh: 1
    - id: tumbleweed-update
      name: os-update
      baseurl: http://download.opensuse.org/update/tumbleweed/
      enabled: 1
      autorefresh: 1
  config:
    download.use_deltarpm: true