Custom config / cloud-init

acebmxer

So i am trying to learn how to use the Custom config / cloud-init for ubuntu.

If I add my ssh-key to my user account in Xen orchestra (XOA or XO-CE) I can select that during the vm creation and that works but the VM is stuck with the username ubuntu. I would to change that.

I am not sure if I am messing up the user creation or the ssh-key as i am not able to log in do to authentication error.

My config ---

#cloud-config
hostname: {name}
users:
  - newusername
ssh_authorized_keys:
      - ssh-rsa AAAAB3NzaC1.....XbZH6muQrfegKoTsuw== Generated By Termius

The above is not my actual key. In the key saved in user profile stops before the"==" and as stated that key works. So i assume if I correct the config to remove the "==" and after that key should work as well. So my assumption is the user name is the issue.

I would like to make the username to my desire but have the same permission as the user account ubuntu has when just inserting ssh-key.

acebmxer

Think I figured it out. first i was using the wrong key. A lot of going back and forth trying new keys forgot to swap back to original...

new config...

#cloud-config
hostname: {name}
users:
  - name: newusername
    gecos: New User
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: users, admin
    shell: /bin/bash
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3....18ZbA

Any suggestions should I not use something in the above config if the server was in production?

acebmxer

So I started with a Ubuntu 24.4 image from XOA hub. I create a new vm from that image with my cloud config from above. I start the vm up. Once booted I shut it down and remove the Cloud config drive. leaving 1 single os drive. I boot the vm up and fully update the vm and install a few minor tweaks. Then shut the vm down. Networking is configure dhcp.

If convert this newly created vm to a template. Then create another vm from this template. Even though the VM is generating a new mac address when the vm boots its still getting / using the same ip from vm used to create the template.

If i put either network configs in during vm creation from new template i get no ip address. I cant log into console because the user does not have a password. I have tried to put password: userspassword in the config but that does not work.

network:
  version: 1
  config:
  - type: physical
    name: eth0
    subnets:
      - type: dhcp

or

network:
  version: 2
  ethernets:
    eno1:
      dhcp4: true

Pilow

@acebmxer said in Custom config / cloud-init:

#cloud-config
hostname: {name}
users:

• name: newusername
  gecos: New User
  sudo: ALL=(ALL) NOPASSWD:ALL
  groups: users, admin
  shell: /bin/bash
  ssh_authorized_keys:
  • ssh-ed25519 AAAAC3....18ZbA

thank you for that, I stole your user creation and SSH Key attribution with cloudinit config, it's working perfect

Pilow

@acebmxer on my Windows VMs with cloudbase init I use these :

version: 1
config:
  - type: physical
    name: Ethernet2
    subnets:
      - type: dhcp4

or

version: 1
config:
  - type: physical
    name: Ethernet2
    subnets:
      - type: static
        address: 10.x.x.x
        netmask: 255.255.255.0
        gateway: 10.x.x.x
        dns_nameservers:
          - 10.x.x.x
          - 8.8.8.8

beware of TYPE, i put dhcp4, not dhcp
and the NAME of your nic needs to be exactly the one of the template !
IPs are obsfucated with x.x.x in the static version

acebmxer

@Pilow I try the dhcp4 vs dhcp

bvitnik

@acebmxer said in Custom config / cloud-init:

Think I figured it out. first i was using the wrong key. A lot of going back and forth trying new keys forgot to swap back to original...

new config...

#cloud-config
hostname: {name}
users:
  - name: newusername
    gecos: New User
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: users, admin
    shell: /bin/bash
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3....18ZbA

Any suggestions should I not use something in the above config if the server was in production?

• Well... NOPASSWD:ALL can be considered a security issue because user is not required to type a password to gain root privileges. If someone gains access to this user via for example stolen SSH key or some exploit, it will automatically have access to the root user.

• It is enough to put the user into "sudo" group for it to gain sudo privileges (with password required) because there is already this global sudoers rule:

  %sudo ALL=(ALL:ALL) ALL

• Adding the user to users and admin groups is a little bit contradictory. It should either be users or admin. Also, admin group does not exist on Ubuntu 24.04. It existed in some earlier versions but I'm not sure when and why it disappeared. It's best to just add the user to the sudo group so it can run commands as root and adm group (yes adm, not "admin") so it can view system logs (/var/log) without using sudo. This is if you are creating admin type user. If the user is just a regular user, you can add it to the users group but it's not necessary. If you are confused, don't worry, I'm too .

This is for Ubuntu, other operating systems have other principles and rules so there is no universal solution.

bvitnik

@acebmxer said in Custom config / cloud-init:

If convert this newly created vm to a template. Then create another vm from this template. Even though the VM is generating a new mac address when the vm boots its still getting / using the same ip from vm used to create the template.

You will have to carefully read cloud-init documentation to understand how it works and what phases it has.

Short answer is that VM template creation is a bit more work than just preparing some base VM and than converting it to the template or use it to clone other VMs. For a start, cloud-init has to be "cleaned" so that it is reset to the initial state.

cloud-init, or better said most of it's modules, run only once - just on first boot. So... when you create a VM from a hub template, cloud-init will run but if you use that VM to clone another VM, cloud-init will not run like on first boot of the original VM. Aside from that, to prepare some VM to be a template for other VMs, other "stuff" beside cloud-init has to be cleaned up like machine-id, SSH host keys, network configuration, logs... There is some official documentation on this here:

https://docs.xcp-ng.org/guides/create-use-custom-xcpng-ubuntu-templates/

and some forum addendum here:

https://xcp-ng.org/forum/topic/11008/ubuntu-22.04.5-custom-template-additional-steps-missing-from-documentation

read carefully

acebmxer

@bvitnik thanks for that info. There is so much to learn with linux. Not that there is alot to learn with windows. I am still learning new stuff every day but still know just enough to get myself in trouble with Linux.

Pilow

@bvitnik said in Custom config / cloud-init:

https://docs.xcp-ng.org/guides/create-use-custom-xcpng-ubuntu-templates/

I noticed in the documentation, they put "password:" for user password creation.

what is working for me :

plain_text_passwd: 'myverysecureplaintextpassword'

more secure, use a SHA 512 encrypted password, but with :

passwd: QChUQYy14yOv_encrypted_password_mgnEFL6TRPIsJ/4

make it encrypted with

# mkpasswd --method=SHA-512

bvitnik

@Pilow password: as a global option and passwd: or plain_text_passwd: under users: key are two different things. The first one sets the password for the default user, ubuntu on Ubuntu if I recall correctly, while the others set password for the user specified in the users: key.

Read the docs people

Pilow

@bvitnik indeed, RTFM

i'm a newb on cloud-init, and should follow more this good advice !

acebmxer

So I have had some more time to play around with this, and I think I got it working except for one part.

After I convert the vm to a template and go deploy new vm with newly created template. Even if i put in the network config as such.

#cloud-config
network:                                                                                                                                              
   version: 2                                                                                                                                          
   ethernets:
    enX0:
      dhcp4: true
      dhcp6: false
      set-name: "enX0"

The new vm does not get IP address. When i log into new vm it does not have /etc/netplan/50-cloud-init.yaml with the above network config.

If i manually create the file with the above config and reboot the vm gets an IP address and a different one then previous vm

bvitnik

@acebmxer Did you do:

cloud-init clean --logs --seed

before converting the VM to template?

Also, network configuration is not part of the cloud-config (aka user data). In XO, there is a separate field called "Network config" where it should be specified. See examples at the end of the guide I pasted earlier. network: key should also be removed (commented in the examples).

acebmxer

@bvitnik
This is creating new vm from Hub template. If i try the below network config the VM hangs on boot. Think previously it would eventually boot but have not networking as stated previously.

#cloud-config
# network:                                                                                                                                              
   version: 2                                                                                                                                          
   ethernets:
    enX0:
      dhcp4: true
      dhcp6: false
      set-name: "enX0"

This is copy pasted from the link you provided about additional infomation to add to documentation. does not show network: commented out. When i use this with ips corrected to my network the vm boots fast but again still no networking. Even if i comment out network. Still no networking. I have to leave blank during vm creation. Can you past your working network config?

#cloud-config
network:
  version: 2
  ethernets:
    eth0:
      dhcp4: false
      addresses:
        - 10.0.2.6/27
      gateway4: 10.0.2.1
      nameservers:
        addresses:
          - 10.0.2.1
          - 1.1.1.1

EDIT -

This is a working config for new vm from Ubuntu Hub template. VM boots and gets IP address. Its not much different then my original. I dont know. Still learning this stuff.

network:
  version: 2
  ethernets:
    enX0:      # or whatever your interface name is
      dhcp4: true

Edit -2 while the above works for dhcp the below does not work for static. VM does not get static ip

network:
  version: 2
  ethernets:
    enX0:      # or whatever your interface name is
      dhcp4: false
      addresses: - 10.100.10.206/24
      gateway4: 10.100.10.254
      nameservers:
          addresses:
               - 10.100.10.254
               - 1.1.1.1

acebmxer

@bvitnik said in Custom config / cloud-init:

@acebmxer Did you do:

cloud-init clean --logs --seed

before converting the VM to template?

Also, network configuration is not part of the cloud-config (aka user data). In XO, there is a separate field called "Network config" where it should be specified. See examples at the end of the guide I pasted earlier. network: key should also be removed (commented in the examples).

besides getting it working on fresh vm from the ubuntu template from the Hub. I do have that command in script to prepare the vm to create a template from it. AI says this will cause the vm not to recreate the 50-cloud-init.yaml file. So how do I work around that also.

bvitnik

@acebmxer said in Custom config / cloud-init:

...

network:
  version: 2
  ethernets:
    enX0:      # or whatever your interface name is
      dhcp4: false
      addresses: - 10.100.10.206/24
      gateway4: 10.100.10.254
      nameservers:
          addresses:
               - 10.100.10.254
               - 1.1.1.1

Address should be on the next line:

      addresses:
      - 10.100.10.206/24

Regarding 50-cloud-init.yaml, AI is lying .

acebmxer

@bvitnik that worked.

bvitnik

@acebmxer Great. These are some YAML basics. You should read more about it . Following AI instructions without understanding is not going to take you far.