This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
host:cloud-init [2017/01/14 01:05]
jbicha install openssh-server in case some weird instance has cloud-init but not ssh
host:cloud-init [2017/01/14 08:13] (current)
jbicha lxd isn't in the Debian repos so limit that to Ubuntu
Line 1: Line 1:
 +===== Debops host requirements =====
 +Although Debops has very few requirements for a host((The machine you are managing from debops)), it does need a few things:
 +  - First, the host must be running a supported version of Debian or Ubuntu.
 +  - The host must have **python** installed ((Ubuntu 16.04 LTS only has python3 pre-installed. While ansible 2.2 has some python3 support, ansible'​s default and more complete implementation is python)).
 +  - The host must have **openssh-server** installed and running.
 +  - You need to be able to log in to the server with an **SSH key**.
 +  - The login account must be able to elevate to root privileges with sudo without entering a password.
 +  - The login account should //not// have one of these blacklisted names: ​
 +     * admin
 +     * ansible
 +     * debian
 +     * root
 +     * ubuntu
 +     * user
 +One easy way to pre-configure your host for use with Debops is with **cloud-init**. cloud-init is pre-installed in all Ubuntu server images and all official Debian images hosted with cloud and Virtual Private Server providers.
 +===== Sample cloud-init config file =====
 +  - name: bob
 +    gecos: Bob Builder
 +    groups: sudo,​adm,​admin
 +    shell: /bin/bash
 +    sudo: ALL=(ALL) NOPASSWD:​ALL
 +    ssh-import-id:​ ssh-rsa AAAAB3NzaC1yc2EAAAABIwA bob@example
 +disable_root:​ true
 +fqdn: server1.example.com
 +manage_etc_hosts:​ true
 +package_upgrade:​ true
 +package_reboot_if_required:​ true
 +  - openssh-server
 +  - python
 +timezone: America/​New_York
 +===== Explanation of the sample file =====
 +Save the file to your computer and name it something like ''​cloud-init-config.yml''​ .
 +The first line must contain ''#​cloud-config''​ . This is cloud-init'​s "​shebang"​.
 +On the third and fourth lines, enter your desired username in the **name** field and full name in the **gecos** field.
 +If you don't enter a **shell**, ''/​bin/​sh''​ will be used which is probably not what you want.
 +The **sudo** line enables this account to elevate to root privileges without entering the user's password. This is important because ansible'​s default is to not prompt for a password. Also, this account that we're creating does not even have a password. The only way to log in with this account is with the SSH key.
 +In the next line, provide your public SSH key. Do not enter your private SSH key here. If you have added your SSH key to your Launchpad account, you can use this shorthand:
 +<​code>​ssh-import-id:​ lp:​bobbuilder</​code>​
 +Or you can try using the GitHub shorthand:
 +<​code>​ssh-import-id:​ github:​bobbuilder</​code>​
 +Debops is designed to work with a **FQDN**. A simple hostname will not work.
 +If **''​manage_etc_hosts''​** is not set to ''​true'',​ cloud-init will only set the hostname and not the fqdn.
 +The next four package lines ensure that **python** and **openssh-server** are installed, **update** all packages to their latest version, and **reboot** if any of the updates indicate that a reboot is required to fully apply the updates.
 +If you do not set a **timezone**,​ UTC will be used.
 +You can do much more with cloud-init, but since we're using debops to manage our server, it's probably better to make those changes in your debops project instead.
 +===== When to apply the cloud-init file =====
 +The cloud-init config file must be present **before** the first boot since many of the things cloud-init does only happens the first time a machine is started. Below are some instructions for specific providers.
 +===== Use cloud-init with DigitalOcean =====
 +When you create a Droplet with **DigitalOcean**,​ be sure to check the **''​User data''​** box and paste your cloud-init config in the box. To prevent a root password from being emailed to you, you should also associate an **''​SSH key''​** with your account and make sure the box is checked next to that SSH key.
 +===== Use cloud-init with DigitalOcean API =====
 +You can also use cloud-init if you use the **DigitalOcean API**. Here's an example of the syntax you could use.
 +First, apply for an API key. Keep that key secret since it's essentially a username and password to your account.
 +Next, we need to lookup the ID of our SSH key. Replace SECRETAPIKEY with the long string of letters and numbers that is your key. Look for the "​id"​ number that is part of the response you get.
 +<​code>​curl -X GET "​https://​api.digitalocean.com/​v2/​account/​keys"​ -H Type: "​Content-Type:​ application/​json"​ -H "​Authorization:​ Bearer SECRETAPIKEY"​ </​code>​
 +Now replace MYSSHIDNUMBER with that number before entering this line:
 +<​code>​curl -X POST "​https://​api.digitalocean.com/​v2/​droplets"​ -H "​Content-Type:​ application/​json"​ -H "​Authorization:​ Bearer SECRETAPIKEY"​ \
 +-d '​{"​name":"​server1.example.com","​region":"​nyc3","​size":"​512mb","​image":"​ubuntu-16-04-x64","​ssh_keys":​["​MYSSHIDNUMBER"​],​ \
 +"​backups":​false,"​monitoring":​false,"​ipv6":​true,"​user_data":"'"​$(cat /​home/​bob/​cloud-init-config.yml)"'"​}'</​code>​
 +===== Use cloud-init with Amazon'​s EC2 Cloud =====
 +When you launch an Instance on **Amazon'​s Elastic Compute Cloud (EC2)** using the website, be sure to select **''​Configure Instance''​**. On the ''​Configure''​ page, select **''​Advanced Details''​**. Paste your cloud-init config file in the **''​User data''​** box. If you would prefer to upload your file, select **''​As file''​** and then **''​Browse''​**.
 +===== Use cloud-init with lxd =====
 +If your Ansible Controller((The machine you are running debops from)) is running Ubuntu 16.04 LTS or newer, you can use **lxd**.
 +Substitute EXAMPLE with your preferred hostname.
 +sudo apt install lxd
 +lxc init ubuntu:​16.04 EXAMPLE
 +lxc config set EXAMPLE user.user-data - < /​path/​to/​cloud-init-config.yml
 +lxc start EXAMPLE
 +After a few moments, running ''​lxd ls''​ will show you the IP address for your instance.
 +If you want to use ''​lxc shell''​ to manage your debops host, be sure to set this variable: ''​[[https://​docs.debops.org/​en/​latest/​ansible/​roles/​debops.console.html#​role-variables|console_serial:​ True]]''​
 +===== Check the status of cloud-init =====
 +It will take a few minutes to configure your host. When it is finished, the final line in ''/​var/​log/​cloud-init-output.log''​ will say ''​finished''​.
 +===== Further reading =====
 +  * [[https://​cloudinit.readthedocs.io/​en/​latest/​ | cloud-init Documentation]]
 +  * [[https://​www.digitalocean.com/​community/​tutorials/​an-introduction-to-droplet-metadata | DigitalOcean:​ An Introduction to Droplet Metadata]]
 +  * [[https://​developers.digitalocean.com/​documentation/​v2/​ | DigitalOcean API Documentation]]
 +  * [[https://​docs.aws.amazon.com/​AWSEC2/​latest/​UserGuide/​user-data.html | Amazon: Running Commands on Your Linux Instance at Launch ]]
 +  * [[https://​www.stgraber.org/​2016/​03/​11/​lxd-2-0-blog-post-series-012/​ | LXD 2.0 Blog Series ]]