Custom config / cloud-init
-
So i am trying to learn how to use the Custom config / cloud-init for ubuntu.
If I add my ssh-key to my user account in Xen orchestra (XOA or XO-CE) I can select that during the vm creation and that works but the VM is stuck with the username ubuntu. I would to change that.
I am not sure if I am messing up the user creation or the ssh-key as i am not able to log in do to authentication error.
My config ---
#cloud-config hostname: {name} users: - newusername ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1.....XbZH6muQrfegKoTsuw== Generated By TermiusThe above is not my actual key. In the key saved in user profile stops before the"==" and as stated that key works. So i assume if I correct the config to remove the "==" and after that key should work as well. So my assumption is the user name is the issue.
I would like to make the username to my desire but have the same permission as the user account ubuntu has when just inserting ssh-key.
-
Think I figured it out. first i was using the wrong key. A lot of going back and forth trying new keys forgot to swap back to original...
new config...
#cloud-config hostname: {name} users: - name: newusername gecos: New User sudo: ALL=(ALL) NOPASSWD:ALL groups: users, admin shell: /bin/bash ssh_authorized_keys: - ssh-ed25519 AAAAC3....18ZbAAny suggestions should I not use something in the above config if the server was in production?
-
So I started with a Ubuntu 24.4 image from XOA hub. I create a new vm from that image with my cloud config from above. I start the vm up. Once booted I shut it down and remove the Cloud config drive. leaving 1 single os drive. I boot the vm up and fully update the vm and install a few minor tweaks. Then shut the vm down. Networking is configure dhcp.
If convert this newly created vm to a template. Then create another vm from this template. Even though the VM is generating a new mac address when the vm boots its still getting / using the same ip from vm used to create the template.
If i put either network configs in during vm creation from new template i get no ip address. I cant log into console because the user does not have a password. I have tried to put
password: userspasswordin the config but that does not work.network: version: 1 config: - type: physical name: eth0 subnets: - type: dhcpor
network: version: 2 ethernets: eno1: dhcp4: true -
@acebmxer said in Custom config / cloud-init:
#cloud-config
hostname: {name}
users:- name: newusername
gecos: New User
sudo: ALL=(ALL) NOPASSWD:ALL
groups: users, admin
shell: /bin/bash
ssh_authorized_keys:- ssh-ed25519 AAAAC3....18ZbA
thank you for that, I stole your user creation and SSH Key attribution with cloudinit config, it's working perfect
- name: newusername
-
@acebmxer on my Windows VMs with cloudbase init I use these :
version: 1 config: - type: physical name: Ethernet2 subnets: - type: dhcp4or
version: 1 config: - type: physical name: Ethernet2 subnets: - type: static address: 10.x.x.x netmask: 255.255.255.0 gateway: 10.x.x.x dns_nameservers: - 10.x.x.x - 8.8.8.8beware of TYPE, i put dhcp4, not dhcp
and the NAME of your nic needs to be exactly the one of the template !
IPs are obsfucated with x.x.x in the static version -
@Pilow I try the dhcp4 vs dhcp
-
@acebmxer said in Custom config / cloud-init:
Think I figured it out. first i was using the wrong key. A lot of going back and forth trying new keys forgot to swap back to original...
new config...
#cloud-config hostname: {name} users: - name: newusername gecos: New User sudo: ALL=(ALL) NOPASSWD:ALL groups: users, admin shell: /bin/bash ssh_authorized_keys: - ssh-ed25519 AAAAC3....18ZbAAny suggestions should I not use something in the above config if the server was in production?
-
Well...
NOPASSWD:ALLcan be considered a security issue because user is not required to type a password to gain root privileges. If someone gains access to this user via for example stolen SSH key or some exploit, it will automatically have access to the root user. -
It is enough to put the user into "sudo" group for it to gain sudo privileges (with password required) because there is already this global sudoers rule:
%sudo ALL=(ALL:ALL) ALL
-
Adding the user to
usersandadmingroups is a little bit contradictory. It should either beusersoradmin. Also,admingroup does not exist on Ubuntu 24.04. It existed in some earlier versions but I'm not sure when and why it disappeared. It's best to just add the user to thesudogroup so it can run commands as root andadmgroup (yesadm, not "admin") so it can view system logs (/var/log) without using sudo. This is if you are creating admin type user. If the user is just a regular user, you can add it to theusersgroup but it's not necessary. If you are confused, don't worry, I'm too
.
This is for Ubuntu, other operating systems have other principles and rules so there is no universal solution.
-
-
@acebmxer said in Custom config / cloud-init:
If convert this newly created vm to a template. Then create another vm from this template. Even though the VM is generating a new mac address when the vm boots its still getting / using the same ip from vm used to create the template.
You will have to carefully read cloud-init documentation to understand how it works and what phases it has.
Short answer is that VM template creation is a bit more work than just preparing some base VM and than converting it to the template or use it to clone other VMs. For a start, cloud-init has to be "cleaned" so that it is reset to the initial state.
cloud-init, or better said most of it's modules, run only once - just on first boot. So... when you create a VM from a hub template, cloud-init will run but if you use that VM to clone another VM, cloud-init will not run like on first boot of the original VM. Aside from that, to prepare some VM to be a template for other VMs, other "stuff" beside cloud-init has to be cleaned up like machine-id, SSH host keys, network configuration, logs... There is some official documentation on this here:
https://docs.xcp-ng.org/guides/create-use-custom-xcpng-ubuntu-templates/
and some forum addendum here:
read carefully
