当时的项目用到了cloud-init 进行本机系统启动后的配置,替代之前Ansible的配置操作(也可以做ansible之前的一些更为基础的配置,比如设置network, SSH等),使其在boot后到达可用状态。其实和Ansible 一样都是configuration management tool, Ansible is push-based, cloud-init is pull-based.
LXD/LXC container can be used with cloud-init.
Cloud-init
cloud-init official document, User data config example.
这段话解释得很清楚了:
Cloud images are operating system templates and every instance starts out as an identical clone of every other instance. It is the user data that gives every cloud instance its personality and cloud-init is the tool that applies user data to your instances automatically.
To use cloud-init, need to install packages, for example in CentOS:
1 | yum install -y cloud-init |
See this IBM post for how to install cloud-init on Centos
目前各大云厂商都支持cloud-init, 在infra as code中,cloud-init可以通过传递一个cloud-init.tpl metadata file 到 Terraform instance resource metadate的 user-data 中进行设置. 这样在instance 启动时,相应的就会自动配置了。
1 | data "template_file" "setup" { |
If you are working on gcloud, go to instance detail page, check Custom metadata -> user data will display the rendered script.
要点是如何写这个cloud-init.tpl metadata file, notice that must include this line at very beginning and no space after #:
1 | #cloud-config |
Debug Cloud-init
Troubleshooting VM provisioning with cloud-init
The log of cloud-init is in /var/log/cloud-init.log. It will show you errors if something failed.
上次还遇到一个问题,就是当时#cloud-config格式没对,导致cloud-init 无法解析这个文件,所以user metadata没有得到执行,这时如果看log file 不是很明显,需要查看/var/log/boot.log文件,通过对比发现这个错误:
1 | Unhandled non-multipart (text/x-not-multipart) userdata ... |
这说明格式错了,当时这个问题卡了几个小时,一直没注意到这个地方。
Others
在构造user的password的时候,需要一个hash的数值: openssl passwd Why is the output of “openssl passwd” different each time?
1 | # -1: MD5 |