Generic cloud or qcow

Rocky Linux Tech Help
10

Hi,

Since these are cloud images they very likely run cloud-init.
All devs who use cloud-init take the following info for granted and assume you already know all this.
Hence the really poorly written documentation on this subject.

You probably need to provide user-data and meta-data to configure the pubkey for root and/or any other user
also the root account is default disabled and only pubkey auth is allowed.

So you either unlock the root account or add a user that is allowed to do sudo.
Also provide pubkeys or enable password auth.

I personally use the nocloud way to do this
ie: on an iso image with the label cidata (the label MUST be cidata or CIDATA)
containing two files: meta-data and user-data (when using redhat family distros the file network-config won’t work)

[root@home~]#cat meta-data
instance-id: 7fb51d52-b760-59f9-af13-eb63a61b0afb

network-interfaces: |
  auto eth0  
  iface eth0 inet static
  address 192.168.100.3
  network 192.168.100.0
  netmask 255.255.255.0
  broadcast 192.168.100.255
  gateway 192.168.100.1
  dns-nameservers 192.168.100.2
  dns-search linux.lab

[root@home~]#cat user-data
#cloud-config
preserve_hostname: false
hostname: rocky8
fqdn: rocky8.linux.lab
ssh_pwauth: True
users:
  - name: root
    hashed_passwd: $6$h1yH04xTmMdzeQoL$1CurwduV5JjozaxnrsHj/UaO7PIrnI89l0s.2/jdesNtHwf6tmUs5fK9HH38wikGXyzY2u1fOoBQ.TVTdTWEl/
    lock_passwd: false
    ssh_authorized_keys:
      - ssh-rsa <your pubkey here>
runcmd:
  - echo 'hello world 1'
  - echo 'hello world 2'
  - echo 'hello world 3'

then create the iso

genisoimage -volid cidata -joliet -rock -output /path/to/my_config.iso  /path/to/user-data /path/to/meta-data

this will create the iso
mount it in the cdrom of the vm running the qcow then (re)boot it.

some details
meta-data

  • when using redhat family distros, this depricated debian config is the only way to get it to work
    with a nocloud setup
    google for the interfaces man pages for details
    or try the ubuntu network config instructions for ubuntu 16.04 they kinda match
  • this is a yaml file, indenting is important
  • yaml … do NOT use tabs in yaml files
  • the ‘|’ is the last character on that line
  • if you want to use dhcp, only keep the line with instance-id:
    the instance-id needs to match that in the cloud of azure/aws/googlecompute/cubernetes/etc
    in your kvm/libvirt/virtualbox/vmware environment you can put anything in there that is a string without whitespace (I think)

user-data

  • Do NOT modify the line ‘#cloud-config
  • this is a yaml file ( or rather , what the devs of cloud-init think what a yaml file is supposed to look like)
  • the root password wil be reset to ‘rocky84’ ( it is a sha512sum hash of rocky84 in the user-data)
    I use ansible to hash this for me, as usual there are many ways to do this happy googling
    any hash that your distro accepts in the shadow file will do in this location
  • fill in whatever pub key you like and you can do passwordless login
    that is whatever is in your ~/.ssh/id_rsa.pub starting with ssh-rsa ( it will be added to the authorized_keys of the user)
  • ssh_pwauth: true enables password login ( leave it out or set to false if you don’t want that)
  • lock_password: false enables the account ( leave it out or set to true if you don’t want that)
  • runcmd: is a list of commands that will be run in the order mentioned
    runcmd is optional and only needed for stuff that needs to be done really early in the boot process
    there is also a more intelligent way to put scripts in there called write-files

details about everything can be found in the cloud-init docs
which are horrible to read (they really do take this stuff for granted), but they do contain an awfull lot detailed information.
Which you will realize after you googled for weeks on how to use them.

Rob

2 Likes