Cloud-init is a cloud server configuration tool that allows you to pass user parameters (user-data) when initializing a virtual machine, thus speeding up and automating the server configuration process.
With cloud-init you can customize the server configuration, install the software, create directories and users, manage access and much more.
You can pass cloud-init scripts as #cloud-config
text files or #!/bin/sh
shell scripts.
When using shell scripts, keep in mind:
The shell script will be automatically converted to cloud-config with the runcmd
directive;
runcmd
is executed once, so if you edit the script and reboot the server, the script will not be executed.
If you need to execute the script at every boot, use cloud-config
scripts with the bootcmd
directive.
Scripts are run as root
, so you do not need to add sudo
to the commands.
All files and directories created will belong to the root
user. If you want another user to have access, set the appropriate permissions for that user in the script.
The script runs automatically, so you cannot use commands that require action from the user. For commands that require confirmation during execution, use the -y
flag (for example, apt upgrade -y
).
The script execution log is written to the /var/log/cloud-init-output.log
file.
On Ubuntu, cloud-init
will create the ubuntu
user by default if there is no users
directive. To avoid it, use the directive: users: []
.
You can pass the cloud-init
script:
When you create a new server. The cloud-config
parameters will be applied during installation.
When you reinstall the server. The parameters will be applied during installation.
At the reboot. In this case, you can pass the script in the Plan section and then reboot the server. For the parameters to apply, you must restart the system with the command: cloud-init clean --reboot
.
You can modify the already uploaded cloud-init
script in the server settings.
For the updated parameters to be applied at the next reboot, you must reboot the system with the command: cloud-init clean --reboot
.
Go to the Plan tab.
Click Edit in the Cloud-init block.
Make the changes and save them.
The script will be applied the next time the server is rebooted.
The file must begin with the #cloud-config
in the first line.
Installing packages
#cloud-config
package_update: true
packages:
- apache2
- mariadb-server
- mariadb-client
Creating users
#cloud-config
users:
- name: username
- name: new_username
Adding SSH keys
#cloud-config
ssh_authorized_keys:
- ssh-rsa PUBLIC_KEY username@server
You can add several keys at once:
#cloud-config
ssh_authorized_keys:
- ssh-rsa PUBLIC_KEY username@server
- ssh-rsa PUBLIC_KEY_2 username2@desktop
Creating a sudo user, adding SSH keys, and configuring the bash shell
#cloud-config
users:
- name: username
groups: sudo
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
ssh-authorized-keys:
- PUBLIC_KEY username@server
- PUBLIC_KEY_2 username2@desktop
Installing LAMP on Ubuntu
#cloud-config
package_update: true
packages:
- apache2
- php-mysql
- mysql-server
- libapache2-mod-php
- php-gd
- php-curl
runcmd:
- [ find, /var/www, -type, d, -exec, chmod, 2775, {}, \; ]
- [ find, /var/www, -type, f, -exec, chmod, 0664, {}, \; ]
write_files:
- path: /var/www/html/phpinfo.php
owner: www-data:www-data
content: |
""
Once the configuration is complete, the link http://server_ip/phpinfo.php will display a page with PHP parameters.
More examples can be found in the cloud-init documentation.
The script must start with the #!/bin/sh
in the first line.
Installing packages
#!/bin/sh
apt -y update
apt -y install fail2ban
Installing LAMP on CentOS
#!/bin/sh
##Installing PHP 7.2
yum -y install epel-release
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php72
yum update -y
yum install -y php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-process php-ldap php-mbstring
##Installing MariaDB 11.02
wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
chmod +x mariadb_repo_setup
bash mariadb_repo_setup
yum install -y httpd mariadb-server
##Enabling the services
systemctl start mariadb
systemctl enable mariadb
systemctl start httpd
systemctl enable httpd
##Setting permissions
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
## Outputting phpinfo
echo "" > /var/www/html/phpinfo.php
## Opening the port
iptables -t filter -I INPUT -p tcp --dport 80 -j ACCEPT