Configure OpenStack Instance at boot using cloud-init and user data

onfigure OpenStack Instance at boot using cloud-init and user data
OpenStack Instance operating system can be configured right after the Instance boot using cloud-init package and user data mechanism. For example we can inject a configuration file to the Instance to set some system variables, set hostname or install a package upon Instance boot time. cloud-init supports few input formats of user data, for example: BASH scripts or cloud config files.

In the below tutorial we will pass some information to the OpenStack Instance upon boot using BASH script.


1. Download Instance Cloud Image

Many Linux distributions (RedHat, CentOS, Ubuntu, Debian, etc…) provide their own ready-to-use generic cloud images based on qcow2 format with pre-installed cloud-init, so we don’t need to create our own image and install cloud-init, unless we have particular reason to do it. Anyway cloud-init must be installed on cloud image in order to be able to accept user data upon Instance boot.

Below the image list for main Linux distros:

Let’s pick up Debian_8.4.0 64_bit image and download it to Controller node:

[root@controller ~(keystone_tuxfixer)]# wget

2. Import Cloud Image to OpenStack

[root@controller ~(keystone_tuxfixer)]# glance image-create --file debian-8.4.0-openstack-amd64.qcow2 --disk-format qcow2 --container-format bare --name debian-8.4.0-openstack-amd64

Verify Image:

[root@controller ~(keystone_tuxfixer)]# nova image-list
| ID                                   | Name                         | Status | Server |
| a888f8dd-179a-400f-8143-c5e414184868 | cirros                       | ACTIVE |        |
| 8e9d0a01-3255-4cb4-a26a-9baabc4b5203 | debian-8.4.0-openstack-amd64 | ACTIVE |        |
| 90bc957d-7bea-42bb-baca-a564c6909942 | rhel7.2                      | ACTIVE |        |

3. Prepare simple user data script

Let’s create some simple BASH script on Controller node to configure Instance upon boot:

[root@controller ~(keystone_tuxfixer)]# touch
[root@controller ~(keystone_tuxfixer)]# vim

sudo hostname debian-instance
touch /tmp/example_file.txt

4. Create and import SSH key pair

Note: Cloud Images in most cases do not have password set for root or any other user, so we can’t log in to the instance via SSH using password, only passwordless login is available, that’s why we need to create SSH key pair in order to be able to SSH to the Instance

Generate SSH key pair on Controller node:

[root@controller ~(keystone_tuxfixer)]# ssh-keygen -t rsa -f /root/.ssh/cloud.key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/cloud.key.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
57:0e:32:57:af:04:46:89:91:07:ad:27:38:f4:a7:12 root@controller
The key's randomart image is:
+--[ RSA 2048]----+
|        oB+..    |
|      . o.+o .   |
|     . oooo o .  |
|      E ++o= .   |
|       oS=. o    |
|      . ..       |
|       .         |
|                 |
|                 |

Modify file permissions for SSH public key:

[root@controller ~(keystone_tuxfixer)]# chmod 600 /root/.ssh/ 

Import SSH key pair to OpenStack:

[root@controller ~(keystone_tuxfixer)]# nova keypair-add --pub-key /root/.ssh/ cloud_key

5. Launch Instance

Launch Instance using cloud_key and configuration script:

[root@controller ~(keystone_tuxfixer)]# nova boot --flavor m1.small --image debian-8.4.0-openstack-amd64 --nic net-id=beac6101-91d4-4917-b5ee-c7116f4a76c5 --key-name cloud_key --user-data debian_instance

Don’t forget to associate Floating IP to the Instance in order to be accessible from outside:

[root@controller ~(keystone_tuxfixer)]# nova floating-ip-associate debian_instance

Try to SSH to the instance using private SSH key (cloud.key):

[root@controller ~(keystone_tuxfixer)]# ssh -i /root/.ssh/cloud.key debian@
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is f3:a5:f1:90:cd:19:62:71:1e:4b:b4:c2:65:9d:99:52.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

6. Verify user data passed to the instance

Let’s check, if our script worked upon Instance boot:

debian@debian-instance:~$ hostname
debian@debian-instance:~$ ls -l /tmp
total 0
-rw-r--r-- 1 root root 0 May  3 22:30 example_file.txt

7. Brief overview of cloud.cfg

cloud-init itself also gives us some configuration possibility (beside user data script configuration). We can configure SSH root login policy, modify hostname or decide which modules to load during Instance boot.

cloud-init configuration is stored in cloud.cfg file:

debian@debian-instance:~$ sudo vim /etc/cloud/cloud.cfg
# The top level settings are used as module
# and system configuration.

# A set of users which may be applied and/or used by various modules
# when a 'default' entry is found it will reference the 'default_user'
# from the distro configuration specified below
   - default

# If this is set, 'root' will not be able to ssh in and they
# will get a message to login instead as the above $user (ubuntu)
disable_root: true

# This will cause the set+update hostname module to not operate (if true)
preserve_hostname: false

# Example datasource config
# datasource:
#    Ec2:
#      metadata_urls: [ '' ]
#      timeout: 5 # (defaults to 50 seconds)
#      max_wait: 10 # (defaults to 120 seconds)

# The modules that run in the 'init' stage
 - migrator
 - bootcmd
 - write-files
 - resizefs
 - set_hostname
 - update_hostname

Feel free to modify cloud.cfg file according to your preferences.

3 thoughts on “Configure OpenStack Instance at boot using cloud-init and user data

  1. ung thu xuong May 16, 2016 at 04:53

    I’m curious to find out what blog system you happen to be
    utilizing? I’m having some small security problems with my latest site
    and I’d like to find something more safeguarded.
    Do you have any solutions?

  2. jlan421 July 23, 2016 at 06:26

    Hello, excellent tutorial! You mentioned at the beginning about cloud config files as another method of injecting configuration during boot time, can you give an example of cloud-init using a cloud-config,yml file? Interested in puppet or chef module example. Thanks.

Leave a Reply

Name *
Email *

This site uses Akismet to reduce spam. Learn how your comment data is processed.