Custom config / cloud-init

Pilow

@acebmxer said in Custom config / cloud-init:

#cloud-config
hostname: {name}
users:

name: newusername
gecos: New User
sudo: ALL=(ALL) NOPASSWD:ALL
groups: users, admin
shell: /bin/bash
ssh_authorized_keys:

ssh-ed25519 AAAAC3....18ZbA

thank you for that, I stole your user creation and SSH Key attribution with cloudinit config, it's working perfect

Pilow

@acebmxer on my Windows VMs with cloudbase init I use these :

version: 1
config:
  - type: physical
    name: Ethernet2
    subnets:
      - type: dhcp4

or

version: 1
config:
  - type: physical
    name: Ethernet2
    subnets:
      - type: static
        address: 10.x.x.x
        netmask: 255.255.255.0
        gateway: 10.x.x.x
        dns_nameservers:
          - 10.x.x.x
          - 8.8.8.8

beware of TYPE, i put dhcp4, not dhcp
and the NAME of your nic needs to be exactly the one of the template !
IPs are obsfucated with x.x.x in the static version

acebmxer

@Pilow I try the dhcp4 vs dhcp

bvitnik

@acebmxer said in Custom config / cloud-init:

Think I figured it out. first i was using the wrong key. A lot of going back and forth trying new keys forgot to swap back to original...

new config...
#cloud-config
hostname: {name}
users:
  - name: newusername
    gecos: New User
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: users, admin
    shell: /bin/bash
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3....18ZbA
Any suggestions should I not use something in the above config if the server was in production?

Well... NOPASSWD:ALL can be considered a security issue because user is not required to type a password to gain root privileges. If someone gains access to this user via for example stolen SSH key or some exploit, it will automatically have access to the root user.
It is enough to put the user into "sudo" group for it to gain sudo privileges (with password required) because there is already this global sudoers rule:

%sudo ALL=(ALL:ALL) ALL
Adding the user to users and admin groups is a little bit contradictory. It should either be users or admin. Also, admin group does not exist on Ubuntu 24.04. It existed in some earlier versions but I'm not sure when and why it disappeared. It's best to just add the user to the sudo group so it can run commands as root and adm group (yes adm, not "admin") so it can view system logs (/var/log) without using sudo. This is if you are creating admin type user. If the user is just a regular user, you can add it to the users group but it's not necessary. If you are confused, don't worry, I'm too .

This is for Ubuntu, other operating systems have other principles and rules so there is no universal solution.

bvitnik

@acebmxer said in Custom config / cloud-init:

If convert this newly created vm to a template. Then create another vm from this template. Even though the VM is generating a new mac address when the vm boots its still getting / using the same ip from vm used to create the template.

You will have to carefully read cloud-init documentation to understand how it works and what phases it has.

Short answer is that VM template creation is a bit more work than just preparing some base VM and than converting it to the template or use it to clone other VMs. For a start, cloud-init has to be "cleaned" so that it is reset to the initial state.

cloud-init, or better said most of it's modules, run only once - just on first boot. So... when you create a VM from a hub template, cloud-init will run but if you use that VM to clone another VM, cloud-init will not run like on first boot of the original VM. Aside from that, to prepare some VM to be a template for other VMs, other "stuff" beside cloud-init has to be cleaned up like machine-id, SSH host keys, network configuration, logs... There is some official documentation on this here:

https://docs.xcp-ng.org/guides/create-use-custom-xcpng-ubuntu-templates/

and some forum addendum here:

https://xcp-ng.org/forum/topic/11008/ubuntu-22.04.5-custom-template-additional-steps-missing-from-documentation

read carefully

acebmxer

@bvitnik thanks for that info. There is so much to learn with linux. Not that there is alot to learn with windows. I am still learning new stuff every day but still know just enough to get myself in trouble with Linux.

Pilow

@bvitnik said in Custom config / cloud-init:

https://docs.xcp-ng.org/guides/create-use-custom-xcpng-ubuntu-templates/

I noticed in the documentation, they put "password:" for user password creation.

what is working for me :

plain_text_passwd: 'myverysecureplaintextpassword'

more secure, use a SHA 512 encrypted password, but with :

passwd: QChUQYy14yOv_encrypted_password_mgnEFL6TRPIsJ/4

make it encrypted with

# mkpasswd --method=SHA-512

bvitnik

@Pilow password: as a global option and passwd: or plain_text_passwd: under users: key are two different things. The first one sets the password for the default user, ubuntu on Ubuntu if I recall correctly, while the others set password for the user specified in the users: key.

Read the docs people

Pilow

@bvitnik indeed, RTFM

i'm a newb on cloud-init, and should follow more this good advice !

acebmxer

So I have had some more time to play around with this, and I think I got it working except for one part.

After I convert the vm to a template and go deploy new vm with newly created template. Even if i put in the network config as such.

#cloud-config
network:                                                                                                                                              
   version: 2                                                                                                                                          
   ethernets:
    enX0:
      dhcp4: true
      dhcp6: false
      set-name: "enX0"

The new vm does not get IP address. When i log into new vm it does not have /etc/netplan/50-cloud-init.yaml with the above network config.

If i manually create the file with the above config and reboot the vm gets an IP address and a different one then previous vm