Cloud-Init - lets do it - Sat, Jul 3, 2021
Seems we now have a file to make cloud-init.yaml
logs
/var/log/cloud-init-output.log - Output of each running stage /n /var/log/cloud-init.log - Detailed debug log /n /run/cloud-init - how cloud-init decided to enable or disable itself/platform detection
Config files
/etc/cloud/cloud.cfg /n /etc/cloud/cloud.cfg.d/*.cfg
passwd =
mkpasswd –method=SHA-512 –stdin openssl passwd -6 -salt xyz yourpass
My config
#cloud-config
repo_update: true
repo_upgrade: all
package_update: true
package_upgrade: true
package_reboot_if_required: true
write_files:
- content: |
br_netfilter
owner: root:root
permissions: '0644'
path: /etc/modules-load.d/k8s.conf
- content: |
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
owner: root:root
permissions: '0644'
path: /etc/sysctl.d/k8s.conf
- content: |
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
owner: root:root
permissions: '0644'
path: /etc/docker/daemon.json
packages:
- nmap
- htop
- nano
- python3
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
runcmd:
#SwapOff
- swapoff -a
#Reload modules we created some files already :)
- sysctl --system
# install docker following the guide: https://docs.docker.com/install/linux/docker-ce/ubuntu/
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- apt-get -y update
- apt-get -y install docker-ce docker-ce-cli containerd.io
- systemctl enable docker
# install docker-compose following the guide: https://docs.docker.com/compose/install/
- curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
- chmod +x /usr/local/bin/docker-compose
- mkdir -p /etc/systemd/system/docker.service.d
# Install k8's stuff
#- sudo apt-get install -y apt-transport-https ca-certificates curl
- curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
- echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
- apt-get -y update
- apt-get install -y kubelet kubeadm kubectl
- apt-mark hold kubelet kubeadm kubectl
- systemctl daemon-reload
- systemctl restart docker
- systemctl enable docker
users:
- name: tj
groups: users
shell: /bin/bash
sudo: ALL=(ALL) NOPASSWD:ALL
expiredate: '2032-09-01'
ssh_import_id: tj
lock_passwd: false
passwd: $6$c4bT6smg4Ev2$M1yeFOVye1zG.g3HqRuW7tsJocgcm5bC9sZDJr6HrRI3rvNTMiFBrvwnmniU/ay89bWwslAJVBkjJHgx5rVgW0
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCV7ZNRgc8VcMaFJTlR9UvBcNgowvgNvcumnU5tbaNFGlx1T37HXXfNCAasyy8iURmQomEHuqbHbo1HiUbI0WlkdsH4Nq//dWIptFg6vIF2RCzg3Ps2Ojopy96CgyRotHlNnnohs5JsyTop9knS5YQZJQa81mT7bHfBHgzqJQAhQ0zDpkGdyFtLmJ/CMKthShrMX48XRqo11zmw3Co6khcT2SQ5lqouwGuWVbvzcJlkL5sCSr/0sENCKFqyzn5l+X+RBkK1DzcZGQIk+iyD+LdaqOv5hXsdmQ23rwJR6EpuwzCrQLcuCQlPk8oQuayMB3uCoFnOFljbZUZ0iDVNQK6F imported-openssh-key
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCb2ppfdlSLv/Yxe3gC86/NfhwcAgFajw9awKpM4HUcJTqlzZAGKvVyNRO07WVHIa+5I01QY7niqx+88EP91NaJ1RlpqvyIi+UxXUlZPS3pqKDkpaTD2AzwfkWzvPC9p8EEoOsOatFngJrQpPZEDJzboLT5/fqdb2pnhd55ORCQ6HJ6dUNAcrtBmGeb/WMnTQQmmYRs7uFhds+j3tXA58sxmgPvY9qd3erpc4hpW1R43X19f+w+I/YQ05aXztlQQU770J9xE+RYVAF0JNM74wLXsOrgHM5WCTUpfbdUl/WB8Rt7CZe68+mQHq/cqlkSjmBOx0jnXDmWHCBfseyZXip7 imported-openssh-key
ca-certs:
# If present and set to True, the 'remove-defaults' parameter will remove
# all the default trusted CA certificates that are normally shipped with
# Ubuntu.
# This is mainly for paranoid admins - most users will not need this
# functionality.
remove-defaults: false
# If present, the 'trusted' parameter should contain a certificate (or list
# of certificates) to add to the system as trusted CA certificates.
# Pay close attention to the YAML multiline list syntax. The example shown
# here is for a list of multiline certificates.
trusted:
- |
-----BEGIN CERTIFICATE-----
MIIJ+zCCBeOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBdMQ4wDAYDVQQDEwVsb3dj
YTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkFaMREwDwYDVQQHEwhHbGVuZGFsZTEL
MAkGA1UEChMCVk4xETAPBgNVBAsTCFNlY3VyaXR5MB4XDTIwMDQwNDIwMzAyNloX
DTMwMDQwMjIwMzAyNlowXTEOMAwGA1UEAxMFbG93Y2ExCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJBWjERMA8GA1UEBxMIR2xlbmRhbGUxCzAJBgNVBAoTAlZOMREwDwYD
VQQLEwhTZWN1cml0eTCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBAPUS
9PSxMrF6dq83QraRiY1yKgS5ZDX8sDrd8jOjhGoN/7zwg48WnNJ1mK2Eup8Y/Xn8
KA9QQ20tB6/omNkoFmdN7YTsbx1HK45Yw11qKvn5QCr8HaUf3u6O2ci3Z9PoBAbr
VmeSnxhUB8Y0NcrCy7XjWlCSlW60MwxPWBa0h+N23YDR6uB2vJlIltL2cKjFNIUH
BA0Qiz0KG6tboovoD0+TS8P1MxeMxHQTKMmloY1OdilTk5G6V6ULnJE4DPHfdzsp
k4JxERlcvGqUwFhUN21QqCN0robRSw1oHDvtq7waj/e9i4A1bapzLNwGp9Pcm9aD
+hhjo9NllK6TXYa5HQD6hj9DncXEpCXQ3aN7dz5eVQS82t+5L+0U1UwsmbLdfchw
hXm54oF5srduPsZ4Q0WDBJJCjc4pGdNwjTKdAGtbjh98pxuUC+27034hkzm0pYeN
KU2kX825UJB2c7F9KDylgzYdkgwAp+ah/lYxP/aiXOw+dHU1694A7zIbVboB4mrD
sLjCm1zmQbISnPQK+raUAUhgeLoOI2Kwna2Wtv7TwZUahJQptqNmAJlawKmYb5XZ
50xtcvGCg2eVACKmumCCQkaF9yo4bbFu1ag7dzjmyhNnVHPZEuMX47FqaZY/rDyZ
GOsBl7VaqXT0kGSdthgJ2KMm7V87PUNYsDjkBm16/MvUZL9xmdY5+5URlFopFndF
dVCz2ylo2WMJcPBUop760fqBw/0/YlbNLGiEKjQBlBS6Z66sy3dhq86KcThwElIH
7pPbULRx7T5ysYooNKMKj86s7MlKip0qL1POt9bowjQIRXCWUf8V0Ukv4ZszW++u
UcTqymm9gz5njXKiHC/4yxvTAcsxYV/GVb0wi2WPBG/U8lf/WEOn6NOvw72ZXIut
S3BigWBGVuvGPbhxEsyHvLRPHKIZB29f4Xi7rq10bOqtr0Ovxrhsa6TMCFgcWe72
Aj5oSk61LIYj9akxC635jYhDQmRC2E8J6PlahHUlWGJPBPqE38ftDvSb/KYNeP4j
FqkqtVRt45G6z6IqaXNLnXUW86yfzuDbsP9z4ZBl86nZL6VZQuZZfDhLK937zz1x
7dRoYv1wAn4g28BvUkJ+sO7M+rXy50GZ9yJLj7dx6bUrqkdp7u/8yAtiwENrt9wU
B7T3Am0/2/ky+v9RCjgm97yCrZTvD5H4YgUMdJjll+Tyiw+o+pBft4j6wzpKHWki
xJxOOBPLqpBtgW8dXvobhf9WecfH3wJ+88PHB/4+sFayGzgkS4Q+9pQTA5Vxain1
OsRA/e3MSFnKcma/oQ3TwIGYfXepaK4vA0dZc2+KorIQL/gj/j3H1laV8qynM4kD
gtoqfI1dNl5uqlrgkX0CAwEAAaOBxTCBwjAdBgNVHQ4EFgQUzHlYGacv2TDzMZTh
DvmR0myqSKYwgYUGA1UdIwR+MHyAFMx5WBmnL9kw8zGU4Q75kdJsqkimoWGkXzBd
MQ4wDAYDVQQDEwVsb3djYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkFaMREwDwYD
VQQHEwhHbGVuZGFsZTELMAkGA1UEChMCVk4xETAPBgNVBAsTCFNlY3VyaXR5ggEA
MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBDQUAA4IEAQBw
MYQJ10sEnOntPqvHTjTIdiFKT2yYwQPh7/ycEDOlhgvtR1x6qGuQhLBd7SRnDde0
/GjntPmnhWkaS5tB6b04MwssPJiZFoUNbYZ5UZ4FXYy6xOe9Kzhfa3B/nYQMLTtT
WFdgY9+PNU51eqnaxW+IH0NtwoYZ4guaL1gw/U7IF3rW+cw+9DCVPZgAicKeKM+W
NIgeGJ5snb6ak1vgivFBN3u1fcq7bcpa+JKwtecWGQw6PwPfNGdQ4GhBqVnaodCl
Od05D9cvhU55z359uiVLJqSRyhBZZr1JcL92TpFuyQSsDrCR5JDcrp2f8yfbrsT7
b0Cw9Ba6NRM+FYgdqRiGhhqgcUO69/G/1lp5hCLt7wmjckRfdZmYAH3U6uNEMF2R
uOLLlmwrSL/ToDKdtibZwrpTjBHEgSz5RgNkjkmVAFKRQ56+Jk8vt2AYK4qTsVfK
ITdQm0O9AowBDtPleK44OrABBDV7e+fF3e7g8R5OpdDcLcmUCrJTYLdK4bAay1FY
g4aT7mwH51ky9Y7CsMvWUrD9ymxayAlSp67vIsmLfjJKwZ0yOGOkdA9KnOUsoDeb
VW1DjPxSfxPLIDgc/t/6CWtT0tH87O6YbRIFgInUg3Dj6qlafnmwDq2q8Bikz+kG
c/wHwIvIFfzdTjHd5zBi0xKYknrknF79odLH1Ftivtp4BjPss1I4RHcAlGerHww7
iF1McRk74GDw0jA/hud2z+mWS+0BtVUnriIOQ+lVNThu+gfW7w5WMRwDjSTT3ShZ
JfKRxXm6bYZG6rnGHLZIZgkvLr/YagBbVeQ2hmuPeH7ROOXYugd+VeSY2zmr5frE
MmcAvYXCevf+sLOioLLTMiDZf0NY03ZKFsnApILuKT7dxLd/RzVOycwuTDEGMdYm
o0YF0USvLRy3Q/raN4C+yCp3fCTzaIA5wBYN/lboPcqQbM2VeHN0TtKnzIF9GxVJ
FFUaWo6zQgWI0+RYb9hwq64TiTuD3au08PIQPreMcJLgwYKxrG0nTbqIxa8oCJ9j
Jxb4CeVLkc03OnBDKYYQZyqYkx2GlxBF1pO2RS/q3iw7ENwL5Y6fwwHYOtAB/qc0
lMczOV1KiWca5ZVAQRpXR2364eUf0XiBfZO43eIwz0QK6IhahQQ7BxO6JI7qAbN/
ElADivNSl0eXLSrRTeXmG/YdNoUPfGJUeRBlO9Lv8EAL2oRB3DSItjg+ZHykL5O/
ltuVxFaMLnjP3g/5Y9NGLM7EegdGHPdPMPuQunwdpsTqoWHrD994uF8lCujDyO5N
4VdXj4Ymbcm/d1MLgCPFjyv2wukfZw1r5XDIqSQe59+Oz9E1ZlPlQJEI02LzdvCQ
UA+0GKdTCJSFp0i9y0xn
-----END CERTIFICATE-----
manage_resolv_conf: true
resolv_conf:
nameservers: ['8.8.4.4', '8.8.8.8']
searchdomains:
- kf7i.net
- kf7izt.net
domain: kf7i.net
options:
rotate: true
timeout: 1
power_state:
mode: reboot
message: Restarting after installing docker & docker-compose