How To Boot A Cloud Instance On Ubuntu (Oracle) On Ubuntusa 2.2.2 (Orca) On A Ubuntu 2.3.2 Cloud Instance (Ora) On An Ubuntu 3.5

Bootstrapping servers with cloud-init John Leach Brightbox February 2013 John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 1 / 29

Bootstrapping servers Introduction Customise image before server build Partitions, filesystems etc. Where do you do the build securely? Big, slow Immature toolkit Debian live-build Guestfish Customise image after server build On boot, in the virtual machine Small, fast, re-useable Ubuntu automates customisation with cloud-init John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 2 / 29

Introduction What is cloud-init? early initialisation of a cloud instance runs early in boot process installed in generic Ubuntu Cloud Images (and Brightbox, EC2 images) Python, Upstart John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 3 / 29

Introduction What is cloud-init? $ cat /etc/rc.local curl http://example.com/script.sh sh John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 4 / 29

Introduction The basics retrieves metadata in various ways sets default locale sets hostname resizes filesystem to fill partition generates sshd private ssh keys installs public ssh keys for login John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 5 / 29

Introduction Metadata and configuration you (or your cloud) provide the metadata cloud-init retrieves the metadata plugins read the metadata and do things John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 6 / 29

Retrieving metadata DataSource get_hostname get_instance_id get_locale get_public_ssh_keys get_userdata John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 7 / 29

Retrieving metadata EC2 DataSource http://169.254.169.254/latest $ curl http://169.254.169.254/latest/meta-data/instance-id srv-hd3iu $ curl http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key ssh-dss AAAAB3NzaC1k...QL+ecQ2nNNU3pI8= public key $ curl http://169.254.169.254/latest/user-data arbitrary data you can provide, up to 16k in size. John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 8 / 29

CloudStack DataSource Retrieving metadata http://<default-gateway-ip>/latest/ John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 9 / 29

Retrieving metadata MAAS DataSource MAAS is part of Ubuntu s Orchestra server management system Physical server support Retrieves from a url using oauth tokens (via a seed dir) John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 10 / 29

Retrieving metadata NoCloud DataSource Retrieves metadata from local filesystem You have to get the metadata in there somehow Retrieves metadata via an iso mounted as a CDROM cloud-localds tool for creating the iso ## create the iso disk with NoCloud data on it. $ cloud-localds my-seed.img my-user-data.txt ## Boot a kvm $ kvm -hda disk.img -hdb my-seed.img John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 11 / 29

Providing metadata with Brightbox Providing metadata with Brightbox $ brightbox-servers create --user-data="hello World" img-mvunm Creating a nano server with image Ubuntu Precise with 0.02k of user data id status type zone created_on image_id cloud_ip_ids name ----------------------------------------------------------------------------- srv-6uo7o creating nano gb1-a 2013-02-20 img-mvunm ----------------------------------------------------------------------------- $ ssh ubuntu@ipv6.srv-6uo7o.gb1.brightbox.com ubuntu@srv-6uo7o:~$ curl http://169.254.169.254/latest/meta-data/instance-id srv-6uo7ou ubuntu@srv-6uo7o:~$ curl http://169.254.169.254/latest/user-data Hello World John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 12 / 29

Doing things with metadata simple shell script as user data cat <<EOF config.txt #!/bin/sh echo "I m running on boot" echo "I m basically /etc/rc.local" EOF $ brightbox-servers create --user-data=config.txt img-mvunm John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 13 / 29

users and passwords Doing things with metadata #cloud-config chpasswd: ssh_pwauth: false list: ubuntu:mysecret root:random John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 14 / 29

write files Doing things with metadata #cloud-config write_files: content: Hello World path: /etc/motd perm: 0644 John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 15 / 29

Doing things with metadata ssh key installation from launchpad https://launchpad.net/ johnleach/+sshkeys #cloud-config user: root ssh_import_id: johnleach John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 16 / 29

ssh configuration Doing things with metadata #cloud-init ssh_deletekeys: false disable_root: true John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 17 / 29

Doing things with metadata install packages with apt #cloud-config apt_sources: - source: "ppa:brightbox/ruby-ng" apt_update: true apt_upgrade: true packages: - ruby1.9 - nginx-full John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 18 / 29

rsyslog Doing things with metadata #cloud-config rsyslog: - "*.* @@10.55.66.77" John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 19 / 29

phone home Doing things with metadata #cloud-init phone_home: url: http://example.com/callback tries: 3 John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 20 / 29

combine them Doing things with metadata cat <<EOF cloudconfig.txt #cloud-config user: root ssh_import_id: johnleach apt_sources: - source: "ppa:brightbox/ruby-ng" apt_update: true apt_upgrade: true packages: - ruby1.9 - nginx-full rsyslog: - "*.* @@10.55.66.77" EOF $ brightbox-servers create --user-data=cloudconfig.txt img-mvunm John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 21 / 29

shit puppet Doing things with metadata So cloud-init is a shit Puppet John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 22 / 29

puppet Doing things with metadata #cloud-init conf: agent: server: "puppetmaster.example.com" ca_cert:... John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 23 / 29

chef Doing things with metadata #cloud-init chef: server_url: "https://chef.example.com:4000" environment: production run_list: - "recipe[apache2]" John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 24 / 29

mcollective Doing things with metadata #cloud-config mcollective: conf: plugin.stomp.host: 10.88.44.33 public-cert:... private-cert:... John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 25 / 29

Salt Doing things with metadata #cloud-config salt_minion: conf: master: 10.88.44.33 public_key:... private_key:... John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 26 / 29

puppetapply module puppetapply code def handle(_name, cfg, cloud, log, _args): if puppetapply not in cfg: return puppet_cfg = cfg[ puppetapply ] cc.install_packages(("puppet",)) puppet_data_dir = tempfile.mkdtemp( cloud-init-puppetapply ) manifests_dir = puppet_data_dir + /manifests if modules_git_url in puppet_cfg: cc.install_packages(("git",)) cmd = [ git, clone, puppet_cfg[ modules_git_url ], puppet_data_dir] subprocess.check_call(cmd) if manifest in puppet_cfg: if not os.path.exists(manifests_dir): os.makedirs(manifests_dir) manifest_fh = open(manifests_dir + /site.pp, w ) manifest_fh.write(puppet_cfg[ manifest ]) manifest_fh.close() # Apply the manifests using puppet cmd = [ puppet, apply, --confdir= +puppet_data_dir, manifests_dir+ /site.pp subprocess.check_call(cmd) John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 27 / 29

puppetapply example puppetapply module #cloud-init puppetapply: modules_git_url: https://github.com/brightbox/puppet.git manifest: include apt include apache class { "elasticsearch": minimum_master_nodes => 2, discovery_hosts => ["srv-aaaaa", "srv-bbbbb"] } John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 28 / 29

user-data formatting user-data formatting base64 encoding gzip multi-part archive write-mime-multipart tool include file #include https://raw.github.com/gist/3129203/puppet-git-receiver-install John Leach (Brightbox) Bootstrapping servers with cloud-init February 2013 29 / 29