Howto Use Centos Cloud Images With Cloud-init on KVM/libvirtd
Images versus unattended setup
In a traditional environment, systems are installed from a CDROM. The configuration is executed by the system administrator through the installer. This soon becomes a borning and unpractical task when we need to set up a lot of systems also it is important that systems are configured in same - and hopefully correct - way.
In a traditional environment, this can be automated by booting via BOOTP/PXE boot and configured is by a system that “feeds” the installer. Examples are:
In a cloud environment, we use images to install systems. The system automation is generally done by cloud-init. Cloud-init was originally developed for Ubuntu GNU/Linux on the Amazon EC2 cloud. It has become the de facto installation configuration tool for most Unix like systems on most cloud environments.
Cloud-init uses a YAML file to configure the system.
Most GNU/Linux distributions provide images that can be used to provision a new system.
You can find the complete list on the OpenStack website
[staf@centos7 iso]$ gpg --verify sha256sum.txt.asc
gpg: Signature made Thu 31 Jan 2019 04:28:30 PM CET using RSA key ID F4A80EB5
gpg: Good signature from "CentOS-7 Key (CentOS 7 Official Signing Key) <email@example.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6341 AB27 53D7 8A78 A7C2 7BB1 24C6 A8A7 F4A8 0EB5
The key fingerprint must match the one of RPM-GPG-KEY-CentOS-7.
Verify the iso file
[staf@centos7 iso]$ xz -d CentOS-7-x86_64-GenericCloud-1901.qcow2.xz
[staf@centos7 iso]$ sha256sum -c sha256sum.txt.asc 2>&1 | grep OK
The image we download is a normal qcow2 image, we can see the image information with qemu-info
[root@centos7 iso]# qemu-img info CentOS-7-x86_64-GenericCloud-1901.qcow2
file format: qcow2
virtual size: 8.0G (8589934592 bytes)
disk size: 895M
Format specific information:
Copy & resize
The default image is small - 8GB - we might be using the image to provision other systems so it better to leave it untouched.
Copy the image to the location where we’ll run the virtual system.
We’ll create a simple cloud-init configuration file and generate an iso image with cloud-localds. This iso image holds the cloud-init configuration and will be used to setup the system during the bootstrap.
It’s important to NOT install cloud-init on your KVM host machine. This creates a cloud-init service that runs during the boot and tries to reconfigure your host. Something that you probably don’t want on your KVM hypervisor host.
The cloud-util package has all the tool we need to convert the cloud-init configuration files to an iso image.
We’ll create a cloud-init configuration file to update all the packages - which is always a good idea - and to add a user to the system.
A cloud-init configuration file has to start with #cloud-config, remember this is YAML so only use spaces…
We’ll create a password hash that we’ll put into your cloud-init configuration, it’s also possible to use a plain-text password in the configuration with chpasswd or to set the password for the default user. But it’s better to use a hash so nobody can see the password. Keep in mind that is still possible to brute-force the password hash.
Some GNU/Linux distributions have the mkpasswd utility this is not available on centos. The mkpasswd utility is part of the expect package and is something else…
I used a python one-liner to generate the SHA512 password hash