cloudops cloudstack days, austin april 2015

cloudops.com @cloudops_

Cloud-Init and CloudStack

April 16, 2015

Pierre-Luc Dion @pdion891 pdion891


Introduction to Cloud-Init

What’s the current capability of it in CloudStack

Some usage examples

Agenda


Let’s learn more about us.

About Us

cloudops.com @cloudops_ Page

About Us

4

“Since 2005, CloudOps has enabled hundreds of enterprises and web-based companies to build their business in the cloud.”

We provide private, public and hybrid cloud solutions for businesses seeking scalability and for enterprises making their move to the cloud. Our best-in-class cloud architecture allows companies to confidently, securely, and reliably achieve new levels of business performance.


About cloud.ca

5

“cloud.ca is a self-service utility IaaS platform designed for applications, workspaces and data.”

CloudOps operates cloud.ca a Canadian cloud service for businesses requiring that all or some of their data remain in Canada for reasons of complicance, performance, cost or privacy.


CloudMC

6

CloudMC is a multi-cloud services management and orchestration software that supports Apache CloudStack

CloudOps has built its own proprietary cloud services “CloudMC” front end software for cloud service providers (used by cloud.ca) and enterprises looking to offer hybrid IaaS. It supports Apache Cloudstack based private clouds and public clouds, and we are building support for large utility clouds such as AWS.


What is it? Cloud-Init


Cloud-Init

8

Collection of tools to initialize Virtual Machine at is first boot.

●  Python based ●  Started by Scott Moser ●  Backed by Canonical ●  Widely used by public cloud

providers (AWS, Azure, rackspace) ●  Provide easy access to meta-data

exposed by the cloud provider


Operating System Supported

9

-  CentOS / RHEL -  Ubuntu -  OpenSuse -  Debian -  CoreOS -  Others?


Out of the Box

10

Per instance: •  Generate new SSH server keys •  Refresh /dev/urandom •  Set hostname and domain •  Disable ssh access from root (force close) •  Configure “ubuntu” ssh access

Your scripts: /var/lib/cloud/scripts /per-boot /per-instance /per-once


Basic Usage of Cloud-Init

11

1.  Create user “cloud-user” 2.  password set to “cloud-user” 3.  sshkey apply to root and “cloud-user” 4.  enable sudo

/etc/cloud/cloud.cfg system_info: default_user: name: cloud-‐user sudo: ["ALL=(ALL) NOPASSWD:ALL"] gecos: Generic cloud user

Configuration thru YAML file


bzr branch lp:cloud-‐init

cd cloud-‐init

cd packages ./bddeb -‐-‐init-‐system systemd -‐-‐python2

bzr branch lp:cloud-‐init

cd cloud-‐init

python setup.py build

python setup.py install

Quick and dirty

12

0.7.7 .deb package

from the upstream


And CloudStack in this story?


What information is retrieved?


meta-data from VR

15

●  Random user password generated by CloudStack

●  user SSH public key ●  VM meta-data ●  user-data: user define text

meta-data: ●  service-offering ●  availability-zone ●  local-ipv4 ●  local-hostname ●  public-ipv4 ●  public-hostname ●  instance-id

Documentation ref: http://goo.gl/HzbKM7


VR urls

16

http://{VR-IP}/latest/meta-data/{metadata-type} http://10.10.0.1/latest/meta-data/availability-zone http://{VR-IP}/latest/user-data http://10.10.0.1/latest/user-data


user-data methods

GET

POST ●  base64 encoded string ●  limited to 32KB string ●  POST payload contain all

params.

●  base64 encoded string ●  limited to 2KB string


What can I do with user-data?


Deploy RabbitMQ into a Virtual-Machine

19

#cloud-‐config package: - rabbitmq-server runcmd: - echo "wait for rabbitmq-server to start" - sleep 10 - export HOME=/var/lib/rabbitmq - rabbitmq-plugins enable rabbitmq_management - service rabbitmq-server restart


CloudStack simulator on CoreOS

20

#cloud-config coreos: units: - name: simulator.service command: start content: | [Unit] Description=Cloudstack Simulator After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker kill cloudstack ExecStartPre=-/usr/bin/docker rm cloudstack ExecStartPre=/usr/bin/docker pull cloudstack/simulator ExecStart=/usr/bin/docker run -d --name cloudstack -p 80:8080 cloudstack/simulator:4.5 [Install] WantedBy=multi-user.target


user-data as bash script

21

#!/bin/bash yum upgrade -‐y shutdown -‐r now


http POST?

22

POST /client/api HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Jersey/2.13 (HttpUrlConnection 1.7.0_67) Cache-Control: no-cache Pragma: no-cache Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-Length: 551 Host: coe-cs01-dev1.lab.local:8080 apiKey=WQJoN8bX05jrb5_1MOrfAAbCqF8Ym3IgPMTliQK142oGlnqHGx2mL49GFpPcTbEn7diSGYHSqv6R-zCLGELRsQ&command=deployVirtualMachine&name=i-orgadmin-E47&networkIds=4485b91d-c772-414a-a3dd-d973aebe841b&response=json&serviceofferingId=d2415ca3-9552-44c5-a097-0404c19dc513&templateId=4cdeea05-ae6e-49e8-8385-00502d29e55c&userdata=IyEvYmluL2Jhc2gKc3VkbyBzdSAtCnl1bSB1cGRhdGUKeXVtIGluc3RhbGwgbmdpbngKc2VydmljZSBuZ2lueCBzdGFydA%3D%3D&zoneId=2c62ab1e-eef9-4aa3-8626-faf37d65c5ea&signature=%2BMc2GpfnP7Ie82BoVi6Bst/FA7w%3D


Cloud-Init + CloudStack


State of the Doc


State of the Doc

25


Datasource: CloudStack

26

/etc/cloud/cloud.cfg.d/99_cloudstack.cfg

datasource:

CloudStack: {}

None: {}

datasource_list:

-‐ CloudStack


deploy VM with CloudMonkey

27

deploy virtualmachine keypair=user1 name=rabbit01 displayname=rabbitmq-‐server serviceofferingid=52814243-‐b91f-‐4514-‐b556-‐37d7a3bebfb1 networkids=71080f3e-‐9a57-‐488a-‐b070-‐30155e2c8328 zoneid=c1509f9c-‐c230-‐4c6c-‐b2b4-‐303c59988553 templateid=e8582a77-‐9f76-‐4fe4-‐9af3-‐c3a8e9523687 userdata=I2Nsb3VkLWNvbmZpZw0KcGFja2FnZV91cGdyYWRlOiB0cnVlDQo=

#cloud-‐config package_upgrade: true

Base64 encoded string:


Useful testing tricks

28

CloudMonkey

update virtualmachine id=afbc1c41-‐92a0-‐4b6f-‐b562-‐5e6d63e24721 userdata=I2Nsb3VkLWNvbmZpZw0KcGFja2FnZV91cGdyYWRlOiB0cnVlDQo= restore virtualmachine virtualmachineid=afbc1c41-‐92a0-‐4b6f-‐b562-‐5e6d63e24721


Please login as the user "cloud-user" rather than the user "root".

29

/etc/ssh/sshd_config Match User root ForceCommand cat /etc/issue.root ForceCommand exit

SSH as root auto logout when using Password


Few issues :-(


URL trailing slash

31

CLOUDSTACK-7405

●  Using cloudstack older than 4.4.1 require cloud-init 0.7.5+

●  Latest ACS ( 4.4.2+), older cloud-

init work (0.6.5)


change SSHkey for VM user

32

resetSSHKeyForVirtualMachine CloudStack can change SSHkey on the VR, but not considered by cloud-init at reboot

https://bugs.launchpad.net/cloud-init/+bug/1440265


change password for VM user

33

resetPasswordForVirtualMachine CloudStack can reset password on the VR, but not considered by cloud-init at reboot

https://bugs.launchpad.net/cloud-init/+bug/1440263 •  Potential fix posted on 2015-04-15


Recent updates

34

●  Cloud-Init upstream support password. cloud-init-0.7.7 ○  resetPasswordForVirtualMachine still not working

●  CloudStack documentation now include Cloud-Init

●  Documentation Pull request submit to Cloud-Init upstream


Alternatives


cloud-set-guest-sshkey.in cloud-set-guest-password.in

https://github.com/fifthecho/CloudStack-Template init-scripts using Ansible

36

CloudStack default init-scripts

!=Cloud-Init


References

37

●  openvm.eu templates: http://www.openvm.eu/ ●  Cloud-Init documentation:

https://cloudinit.readthedocs.org/en/latest/ ●  CloudStack documentation: goo.gl/HzbKM7

●  CoreOS: goo.gl/HktCJT


DEMO


Questions?


Thank you!

cloudops cloudstack days, austin april 2015

Technology

user clouduser

page cloudinit

clouduser sudo

cloudinit whats

cloud service providers

canadian cloud service

apache cloudstack cloudops

page basic usage of