Cloud-init

Cloud-init is a cloud server configuration tool that allows you to pass user parameters (user-data) when initializing a virtual machine, thus speeding up and automating the server configuration process.

With cloud-init you can customize the server configuration, install the software, create directories and users, manage access and much more. 

Formats

You can pass cloud-init scripts as #cloud-config text files or #!/bin/sh shell scripts.

When using shell scripts, keep in mind:

• The shell script will be automatically converted to cloud-config with the runcmd directive;

• runcmd is executed once, so if you edit the script and reboot the server, the script will not be executed.

If you need to execute the script at every boot, use cloud-config scripts with the bootcmd directive.

Important notes

• Scripts are run as root, so you do not need to add sudo to the commands. 

• All files and directories created will belong to the root user. If you want another user to have access, set the appropriate permissions for that user in the script.

• The script runs automatically, so you cannot use commands that require action from the user. For commands that require confirmation during execution, use the -y flag (for example, apt upgrade -y).

• The script execution log is written to the /var/log/cloud-init-output.log file.

• On Ubuntu, cloud-init will create the ubuntu user by default if there is no users directive. To avoid it, use the directive: users: [].

Passing the script

You can pass the cloud-init script:

• When you create a new server. The cloud-config parameters will be applied during installation.

• When you reinstall the server. The parameters will be applied during installation.

• At the reboot. In this case, you can pass the script in the Plan section and then reboot the server. For the parameters to apply, you must restart the system with the command: cloud-init clean --reboot.

Editing the script

You can modify the already uploaded cloud-init script in the server settings.

For the updated parameters to be applied at the next reboot, you must reboot the system with the command: cloud-init clean --reboot.

1. Go to the Plan tab.

2. Click Edit in the Cloud-init block.

3. Make the changes and save them.

The script will be applied the next time the server is rebooted. 

Cloud-config examples

The file must begin with the #cloud-config in the first line.

Installing packages

#cloud-config
package_update: true
packages:
 - apache2
 - mariadb-server
 - mariadb-client

Creating users    

#cloud-config
users:
  - name: username
  - name: new_username

Adding SSH keys

#cloud-config
ssh_authorized_keys:
  - ssh-rsa PUBLIC_KEY username@server

You can add several keys at once:

#cloud-config
ssh_authorized_keys:
  - ssh-rsa PUBLIC_KEY username@server
  - ssh-rsa PUBLIC_KEY_2 username2@desktop

Creating a sudo user, adding SSH keys, and configuring the bash shell

#cloud-config
users:
  - name: username
    groups: sudo
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh-authorized-keys:
      - PUBLIC_KEY username@server
      - PUBLIC_KEY_2 username2@desktop

Installing LAMP on Ubuntu

#cloud-config
package_update: true
packages:
  - apache2
  - php-mysql
  - mysql-server
  - libapache2-mod-php
  - php-gd
  - php-curl
runcmd:
  - [ find, /var/www, -type, d, -exec, chmod, 2775, {}, \; ]
  - [ find, /var/www, -type, f, -exec, chmod, 0664, {}, \; ]
write_files:
  - path: /var/www/html/phpinfo.php
    owner: www-data:www-data
    content: |
      ""

Once the configuration is complete, the link http://server_ip/phpinfo.php will display a page with PHP parameters.

More examples can be found in the cloud-init documentation.

Shell scripts examples

The script must start with the #!/bin/sh in the first line.

Installing packages

#!/bin/sh
apt -y update
apt -y install fail2ban

Installing LAMP on CentOS

#!/bin/sh
##Installing PHP 7.2
yum -y install epel-release
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php72
yum update -y
yum install -y php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-process php-ldap php-mbstring
##Installing MariaDB 11.02
wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
chmod +x mariadb_repo_setup
bash mariadb_repo_setup
yum install -y httpd mariadb-server
##Enabling the services
systemctl start mariadb
systemctl enable mariadb
systemctl start httpd
systemctl enable httpd
##Setting permissions
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
## Outputting phpinfo
echo "" > /var/www/html/phpinfo.php
## Opening the port
iptables -t filter -I INPUT -p tcp --dport 80 -j ACCEPT