Versions Compared

Old Version 2

changes.mady.by.user Lars Erik Pedersen

Saved on

compared with

New Version Current

changes.mady.by.user Lars Erik Pedersen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Cloud-config let you send additional configuration to the cloud-init process running within your virtual machine. This can be a useful tool to ensure updates are installed as the VM is created, that custom users are created and lots of other possibilities. We recommend to check out the Cloud-Config documentation even though we have some examples on this page

Cloud-config snippets / examples

Create more users than the image default on instance creation

Code Block
#cloud-config
users:
  - default
  - name: username
    gecos: Full Name Here
    groups: sudo
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash
    ssh_authorized_keys:
      - ssh-ed25519 <key> <comment>
      - ssh-rsa <key> <comment>
      - ...

If you don't include the "default" entry first in the users-block, the default user for the given image will NOT be created. Therefore: keep it. Full documentation on this, here

Add additional SSH keys to the default user

Code Block
#cloud-config
ssh_authorized_keys:
    - ssh-rsa <key> <comment>
    - ssh-ed25519 <key> <comment>

Upgrade packages on boot

Code Block
#cloud-config
package_upgrade: true

Set timezone

Code Block
#cloud-config
timezone: "Europe/Oslo"

Enable NTNU login via LDAP

Info

This is only tested and verified on Ubuntu Server 20.04 and 22.04


If you want to run package upgrades as a part of the first boot, uncomment at the commented lines

NOTE:

The following config is optional:

  • Group filter in nslcd.conf
  • Sudo config
  • sshd_config

If you leave those out, everyone with an NTNU will be able to login, and no-one but the default ubuntu-user will have sudo.

If you decide to make limitations, please keep the "ubuntu"-user in the AllowUser-section of sshd_config

Code Block
languageyml
#cloud-config
#package_upgrade: true
timezone: "Europe/Oslo"
ssh_pwauth: true
packages:
  - libnss-ldapd
  - nscd

write_files:
  - encoding: b64
    content: IwojIC9ldGMvbnNjZC5jb25mCiMKIyBBbiBleGFtcGxlIE5hbWUgU2VydmljZSBDYWNoZSBjb25maWcgZmlsZS4gIFRoaXMgZmlsZSBpcyBuZWVkZWQgYnkgbnNjZC4KIwojIExlZ2FsIGVudHJpZXMgYXJlOgojCiMJbG9nZmlsZQkJCTxmaWxlPgojCWRlYnVnLWxldmVsCQk8bGV2ZWw+CiMJdGhyZWFkcwkJCTxpbml0aWFsICN0aHJlYWRzIHRvIHVzZT4KIwltYXgtdGhyZWFkcwkJPG1heGltdW0gI3RocmVhZHMgdG8gdXNlPgojCXNlcnZlci11c2VyICAgICAgICAgICAgIDx1c2VyIHRvIHJ1biBzZXJ2ZXIgYXMgaW5zdGVhZCBvZiByb290PgojCQlzZXJ2ZXItdXNlciBpcyBpZ25vcmVkIGlmIG5zY2QgaXMgc3RhcnRlZCB3aXRoIC1TIHBhcmFtZXRlcnMKIyAgICAgICBzdGF0LXVzZXIgICAgICAgICAgICAgICA8dXNlciB3aG8gaXMgYWxsb3dlZCB0byByZXF1ZXN0IHN0YXRpc3RpY3M+CiMJcmVsb2FkLWNvdW50CQl1bmxpbWl0ZWR8PG51bWJlcj4KIwlwYXJhbm9pYQkJPHllc3xubz4KIwlyZXN0YXJ0LWludGVydmFsCTx0aW1lIGluIHNlY29uZHM+CiMKIyAgICAgICBlbmFibGUtY2FjaGUJCTxzZXJ2aWNlPiA8eWVzfG5vPgojCXBvc2l0aXZlLXRpbWUtdG8tbGl2ZQk8c2VydmljZT4gPHRpbWUgaW4gc2Vjb25kcz4KIwluZWdhdGl2ZS10aW1lLXRvLWxpdmUgICA8c2VydmljZT4gPHRpbWUgaW4gc2Vjb25kcz4KIyAgICAgICBzdWdnZXN0ZWQtc2l6ZQkJPHNlcnZpY2U+IDxwcmltZSBudW1iZXI+CiMJY2hlY2stZmlsZXMJCTxzZXJ2aWNlPiA8eWVzfG5vPgojCXBlcnNpc3RlbnQJCTxzZXJ2aWNlPiA8eWVzfG5vPgojCXNoYXJlZAkJCTxzZXJ2aWNlPiA8eWVzfG5vPgojCW1heC1kYi1zaXplCQk8c2VydmljZT4gPG51bWJlciBieXRlcz4KIwlhdXRvLXByb3BhZ2F0ZQkJPHNlcnZpY2U+IDx5ZXN8bm8+CiMKIyBDdXJyZW50bHkgc3VwcG9ydGVkIGNhY2hlIG5hbWVzIChzZXJ2aWNlcyk6IHBhc3N3ZCwgZ3JvdXAsIGhvc3RzLCBzZXJ2aWNlcwojCgoKIwlsb2dmaWxlCQkJL3Zhci9sb2cvbnNjZC5sb2cKIwl0aHJlYWRzCQkJNAojCW1heC10aHJlYWRzCQkzMgojCXNlcnZlci11c2VyCQlub2JvZHkKIwlzdGF0LXVzZXIJCXNvbWVib2R5CglkZWJ1Zy1sZXZlbAkJMAojCXJlbG9hZC1jb3VudAkJNQoJcGFyYW5vaWEJCW5vCiMJcmVzdGFydC1pbnRlcnZhbAkzNjAwCgoJZW5hYmxlLWNhY2hlCQlwYXNzd2QJCXllcwoJcG9zaXRpdmUtdGltZS10by1saXZlCXBhc3N3ZAkJNjAwCgluZWdhdGl2ZS10aW1lLXRvLWxpdmUJcGFzc3dkCQkyMAoJc3VnZ2VzdGVkLXNpemUJCXBhc3N3ZAkJMjExCgljaGVjay1maWxlcwkJcGFzc3dkCQl5ZXMKCXBlcnNpc3RlbnQJCXBhc3N3ZAkJeWVzCglzaGFyZWQJCQlwYXNzd2QJCXllcwoJbWF4LWRiLXNpemUJCXBhc3N3ZAkJMzM1NTQ0MzIKCWF1dG8tcHJvcGFnYXRlCQlwYXNzd2QJCXllcwoKCWVuYWJsZS1jYWNoZQkJZ3JvdXAJCXllcwoJcG9zaXRpdmUtdGltZS10by1saXZlCWdyb3VwCQkzNjAwCgluZWdhdGl2ZS10aW1lLXRvLWxpdmUJZ3JvdXAJCTYwCglzdWdnZXN0ZWQtc2l6ZQkJZ3JvdXAJCTIxMQoJY2hlY2stZmlsZXMJCWdyb3VwCQl5ZXMKCXBlcnNpc3RlbnQJCWdyb3VwCQl5ZXMKCXNoYXJlZAkJCWdyb3VwCQl5ZXMKCW1heC1kYi1zaXplCQlncm91cAkJMzM1NTQ0MzIKCWF1dG8tcHJvcGFnYXRlCQlncm91cAkJeWVzCgoJZW5hYmxlLWNhY2hlCQlob3N0cwkJeWVzCglwb3NpdGl2ZS10aW1lLXRvLWxpdmUJaG9zdHMJCTM2MDAKCW5lZ2F0aXZlLXRpbWUtdG8tbGl2ZQlob3N0cwkJMjAKCXN1Z2dlc3RlZC1zaXplCQlob3N0cwkJMjExCgljaGVjay1maWxlcwkJaG9zdHMJCXllcwoJcGVyc2lzdGVudAkJaG9zdHMJCXllcwoJc2hhcmVkCQkJaG9zdHMJCXllcwoJbWF4LWRiLXNpemUJCWhvc3RzCQkzMzU1NDQzMgoKCWVuYWJsZS1jYWNoZQkJc2VydmljZXMJeWVzCglwb3NpdGl2ZS10aW1lLXRvLWxpdmUJc2VydmljZXMJMjg4MDAKCW5lZ2F0aXZlLXRpbWUtdG8tbGl2ZQlzZXJ2aWNlcwkyMAoJc3VnZ2VzdGVkLXNpemUJCXNlcnZpY2VzCTIxMQoJY2hlY2stZmlsZXMJCXNlcnZpY2VzCXllcwoJcGVyc2lzdGVudAkJc2VydmljZXMJeWVzCglzaGFyZWQJCQlzZXJ2aWNlcwl5ZXMKCW1heC1kYi1zaXplCQlzZXJ2aWNlcwkzMzU1NDQzMgoKIyBuZXRncm91cCBjYWNoaW5nIGlzIGtub3duLWJyb2tlbiwgc28gZGlzYWJsZSBpdCBpbiB0aGUgZGVmYXVsdCBjb25maWcsCiMgc2VlOiBodHRwczovL2J1Z3MubGF1bmNocGFkLm5ldC91YnVudHUvK3NvdXJjZS9lZ2xpYmMvK2J1Zy8xMDY4ODg5CgllbmFibGUtY2FjaGUJCW5ldGdyb3VwCW5vCglwb3NpdGl2ZS10aW1lLXRvLWxpdmUJbmV0Z3JvdXAJMjg4MDAKCW5lZ2F0aXZlLXRpbWUtdG8tbGl2ZQluZXRncm91cAkyMAoJc3VnZ2VzdGVkLXNpemUJCW5ldGdyb3VwCTIxMQoJY2hlY2stZmlsZXMJCW5ldGdyb3VwCXllcwoJcGVyc2lzdGVudAkJbmV0Z3JvdXAJeWVzCglzaGFyZWQJCQluZXRncm91cAl5ZXMKCW1heC1kYi1zaXplCQluZXRncm91cAkzMzU1NDQzMgo=
    owner: root:root
    path: /etc/nscd.conf
    mode: '0600'
  - encoding: b64
    content: IyAvZXRjL25zbGNkLmNvbmYKIyBuc2xjZCBjb25maWd1cmF0aW9uIGZpbGUuIFNlZSBuc2xjZC5jb25mKDUpCiMgZm9yIGRldGFpbHMuCgojIFRoZSB1c2VyIGFuZCBncm91cCBuc2xjZCBzaG91bGQgcnVuIGFzLgp1aWQgbnNsY2QKZ2lkIG5zbGNkCgojIFRoZSBsb2NhdGlvbiBhdCB3aGljaCB0aGUgTERBUCBzZXJ2ZXIocykgc2hvdWxkIGJlIHJlYWNoYWJsZS4KdXJpIGxkYXBzOi8vYXQubnRudS5ubwoKIyBUaGUgc2VhcmNoIGJhc2UgdGhhdCB3aWxsIGJlIHVzZWQgZm9yIGFsbCBxdWVyaWVzLgpiYXNlIGRjPW50bnUsZGM9bm8KYmFzZSBncm91cCBvdT1ncm91cHMsZGM9bnRudSxkYz1ubwpiYXNlIHBhc3N3ZCBvdT11c2VycyxkYz1udG51LGRjPW5vCgptYXAgcGFzc3dkIGhvbWVEaXJlY3RvcnkgIi9ob21lL2xvY2FsLyR1aWQiCgojIEdlY29zLWZlbHRldCBpIExEQVAgZXIgNy1iaXQgQVNDSUksIHPDpSB2aSBsZXNlciBDTiBpIHN0ZWRldAptYXAgcGFzc3dkIGdlY29zIGNuCgojIFRoZSBMREFQIHByb3RvY29sIHZlcnNpb24gdG8gdXNlLgojbGRhcF92ZXJzaW9uIDMKCiMgVGhlIEROIHRvIGJpbmQgd2l0aCBmb3Igbm9ybWFsIGxvb2t1cHMuCiNiaW5kZG4gY249YW5ub255bW91cyxkYz1leGFtcGxlLGRjPW5ldAojYmluZHB3IHNlY3JldAoKIyBUaGUgRE4gdXNlZCBmb3IgcGFzc3dvcmQgbW9kaWZpY2F0aW9ucyBieSByb290Lgojcm9vdHB3bW9kZG4gY249YWRtaW4sZGM9ZXhhbXBsZSxkYz1jb20KCiMgU1NMIG9wdGlvbnMKI3NzbCBvZmYKdGxzX3JlcWNlcnQgZGVtYW5kCnRsc19jYWNlcnRmaWxlIC9ldGMvc3NsL2NlcnRzL2NhLWNlcnRpZmljYXRlcy5jcnQKCiMgVGhlIHNlYXJjaCBzY29wZS4KI3Njb3BlIHN1YgoKIyBEb24ndCBzZWFyY2ggbGRhcCBmb3Igc3lzdGVtIHVzZXJzCm5zc19taW5fdWlkIDEwMDAK
    owner: root:root
    path: /etc/nslcd.conf
    mode: '0400'
  - encoding: b64
    content: IwojIC9ldGMvbnNzd2l0Y2guY29uZgojCiMgQW4gZXhhbXBsZSBOYW1lIFNlcnZpY2UgU3dpdGNoIGNvbmZpZyBmaWxlLiBUaGlzIGZpbGUgc2hvdWxkIGJlCiMgc29ydGVkIHdpdGggdGhlIG1vc3QtdXNlZCBzZXJ2aWNlcyBhdCB0aGUgYmVnaW5uaW5nLgojCiMgVGhlIGVudHJ5ICdbTk9URk9VTkQ9cmV0dXJuXScgbWVhbnMgdGhhdCB0aGUgc2VhcmNoIGZvciBhbgojIGVudHJ5IHNob3VsZCBzdG9wIGlmIHRoZSBzZWFyY2ggaW4gdGhlIHByZXZpb3VzIGVudHJ5IHR1cm5lZAojIHVwIG5vdGhpbmcuIE5vdGUgdGhhdCBpZiB0aGUgc2VhcmNoIGZhaWxlZCBkdWUgdG8gc29tZSBvdGhlciByZWFzb24KIyAobGlrZSBubyBOSVMgc2VydmVyIHJlc3BvbmRpbmcpIHRoZW4gdGhlIHNlYXJjaCBjb250aW51ZXMgd2l0aCB0aGUKIyBuZXh0IGVudHJ5LgojCiMgTGVnYWwgZW50cmllcyBhcmU6CiMKIyAgICAgICBjb21wYXQgICAgICAgICAgICAgICAgICBVc2UgTGliYzUgY29tcGF0aWJpbGl0eSBzZXR1cAojICAgICAgIG5pc3BsdXMgICAgICAgICAgICAgICAgIFVzZSBOSVMrIChOSVMgdmVyc2lvbiAzKQojICAgICAgIG5pcyAgICAgICAgICAgICAgICAgICAgIFVzZSBOSVMgKE5JUyB2ZXJzaW9uIDIpLCBhbHNvIGNhbGxlZCBZUAojICAgICAgIGRucyAgICAgICAgICAgICAgICAgICAgIFVzZSBETlMgKERvbWFpbiBOYW1lIFNlcnZpY2UpIGZvciBJUHY0IG9ubHkKIyAgICAgICBkbnM2ICAgICAgICAgICAgICAgICAgICBVc2UgRE5TIGZvciBJUHY0IGFuZCBJUHY2CiMgICAgICAgZmlsZXMgICAgICAgICAgICAgICAgICAgVXNlIHRoZSBsb2NhbCBmaWxlcwojICAgICAgIGRiICAgICAgICAgICAgICAgICAgICAgIFVzZSB0aGUgL3Zhci9kYiBkYXRhYmFzZXMKIyAgICAgICBbTk9URk9VTkQ9cmV0dXJuXSAgICAgICBTdG9wIHNlYXJjaGluZyBpZiBub3QgZm91bmQgc28gZmFyCiMKIyBGb3IgbW9yZSBpbmZvcm1hdGlvbiwgcGxlYXNlIHJlYWQgdGhlIG5zc3dpdGNoLmNvbmYuNSBtYW51YWwgcGFnZS4KIwoKcGFzc3dkOiAgICAgICAgIGZpbGVzIGxkYXAKZ3JvdXA6ICAgICAgICAgIGZpbGVzIGxkYXAKc2hhZG93OiAgICAgICAgIGZpbGVzCmhvc3RzOiAgICAgICAgICBmaWxlcyBkbnMKbmV0d29ya3M6ICAgICAgIGZpbGVzCgpzZXJ2aWNlczogICAgICAgZmlsZXMKcHJvdG9jb2xzOiAgICAgIGZpbGVzCnJwYzogICAgICAgICAgICBmaWxlcwpldGhlcnM6ICAgICAgICAgZmlsZXMKbmV0bWFza3M6ICAgICAgIGZpbGVzCnB1YmxpY2tleTogICAgICBmaWxlcwpib290cGFyYW1zOiAgICAgZmlsZXMKYXV0b21vdW50OiAgICAgIGZpbGVzCmFsaWFzZXM6ICAgICAgICBmaWxlcwoKbmV0Z3JvdXA6ICAgICAgIGZpbGVzIG5pcwoKaXBub2RlczogICAgICAgIGZpbGVzIGRucwpzZW5kbWFpbHZhcnM6ICAgZmlsZXMKcHJpbnRlcnM6ICAgICAgIHVzZXIgZmlsZXMKCmF1dGhfYXR0cjogICAgICBmaWxlcwpwcm9mX2F0dHI6ICAgICAgZmlsZXMKcHJvamVjdDogICAgICAgIGZpbGVzCg==
    owner: root:root
    path: /etc/nsswitch.conf
    mode: '0400'
  - path: /etc/nslcd.conf
    content: |
      filter passwd (ntnuMemberOf=GROUPNAME)
      # Dummy comment to prevent errors
    append: true
  - path: /etc/sudoers.d/10_administrators
    content: | 
      USERNAME ALL=(ALL) NOPASSWD:ALL
      %GROUPNAME ALL=(ALL) NOPASSWD:ALL
    owner: root:root
    mode: '0440'
  - path: /etc/ssh/sshd_config
    content: |
      AllowUsers ubuntu
      Match group GROUPNAME
        AllowUsers *
    append: true

runcmd:
  - pam-auth-update --enable mkhomedir
  - pam-auth-update --force
  - systemctl restart sshd

#power_state:
#  delay: "now"
#  mode: reboot
#  message: Finished - rebooting
#  timeout: 30
#  condition: True