概述
分享平时创建虚拟机时使用到的 cloud init。
Harvester 是一款基于 Kubernetes 构建的现代、开放、可互操作的超融合基础设施 (HCI)解决方案。底层使用 KubeVirt 进行虚拟化管理,存储使用 Longhorn 进行分布式块存储管理,并基于 Prometheus + Grafana 提供监控能力。
Harvester 提供了快速编辑 cloud init 的能力,我们可以基于 cloud init 配置我们的虚拟机。
ubuntu 22.04 初始化网络
sl-micro.x86_64-6.1测试可用
1
2
3
4
5
6
7
8
9
10
11
| network:
version: 1
config:
- type: physical
name: enp1s0
subnets:
- type: static
address: 192.168.2.61/24
gateway: 192.168.2.11
- type: nameserver
address: 114.114.114.114
|
或者
1
2
3
4
5
6
7
8
9
10
11
| network:
version: 1
config:
- type: physical
name: enp1s0
subnets:
- type: static
address: 192.168.2.61/24
gateway: 192.168.2.11
dns_nameservers:
- 114.114.114.114
|
或者
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| network:
version: 2
ethernets:
enp1s0:
dhcp4: no
addresses:
- 192.168.2.61/24
gateway4: 192.168.2.11
nameservers:
addresses:
- 114.114.114.114
routes:
- to: 172.16.11.0/24
via: 192.168.2.65
|
设置用户
普通用户
1
2
3
4
5
6
7
8
9
| users:
- name: ubuntu
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA7wXSA4kqQ9wCj6Imsr7hgw/N9bhHWmy3H1nV55YAH+GsRq+uyy2mxxWUeshsVfGXe+1lW7bDECusyt8YBy/AuuyP8wPTWgWT6Sgm9yk40sAd3t9xHamTkWo/XIL9SDY3gX/H7b1AFDXaPX9zN+DH+3CLqGUJTbYPjCe/hPYhy/cciJxK9G1JNjkmXX9PHSCpMOhb85dyZWKKXVtvmO26KAZRSZJ5NI5wsDj9Cq7A9Yv1PFN0cqpYwQk7Ig9KKjb62ZkGt99902+l33t77oqGmNHlOJlGZ+zNBC27jcpdbMmIIC6V7gejf8+pN7lcxvnMj5I6O5pPRRHKo8rMppmniw== user@host
sudo: [ 'ALL=(ALL) NOPASSWD:ALL' ]
shell: /bin/bash
passwd: $6$3d1feAL5sj./DceN$V687qgzPvWJDKECKhV0DrfCV8Rkt2.4mBmyORyXjNBlEHXdyLbRH9Oh0DPtbwdUphX6ZLVKmJ9fO6eMw0Elf40
lock_passwd: false
ssh_pwauth: True
|
密码生成命令如下:(每次生成都不一样)
root 用户无法用上面这种方法设置,需要通过这种方法设置密码:
1
2
3
4
5
6
| chpasswd:
list: |
root:123456
expire: False
ssh_pwauth: True
disable_root: False
|
但是这种方式会导致 root 用户密码被明文显示,还是建议设置一个 Ubuntu 用户然后通过sudo -i进入到 root 用户。
自定义 ssh 配置文件
1
2
3
4
5
6
7
8
9
| write_files:
- path: /etc/ssh/sshd_config.d/99-cloud-init-ssh.conf
content: |
PubkeyAcceptedAlgorithms +ssh-rsa
PasswordAuthentication yes
PermitRootLogin yes
UseDNS no
GSSAPIAuthentication no
|
踩坑:
设置了 ssh-authorized-keys ,但是无法通过 RSA 密钥连接到Ubuntu22.04 ,原因是在SSH协议中,ssh-rsa签名算法是SHA-1的哈希算法和RSA公钥算法的结合使用。由于目前SHA-1的哈希算法容易受到攻击,OpenSSH从8.7以后版本开始默认不支持ssh-rsa签名方案。
解决方法:
Ubuntu 22.04 操作系统:
1
| echo 'PubkeyAcceptedAlgorithms=+ssh-rsa' >> /etc/ssh/sshd_config
|
CentOS Stream 9 系列的操作系统:(未验证,请参考此文档)
1
2
| update-crypto-policies --set LEGACY
update-crypto-policies --show
|
设置 rke2 命令
1
2
3
4
5
6
7
8
| - path: /etc/profile
content: |
export PATH=$PATH:/var/lib/rancher/rke2/bin
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
export CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock
source <(kubectl completion bash)
source <(helm completion bash)
append: true
|
设置时区
安装软件包
1
2
| packages:
- qemu-guest-agent
|
初始化命令
1
2
3
4
5
6
7
| runcmd:
- systemctl enable --now qemu-guest-agent.service
- systemctl restart sshd
- systemctl disable systemd-resolved.service
- systemctl stop systemd-resolved.service
- rm -f /etc/resolv.conf
- echo nameserver 114.114.114.114 > /etc/resolv.conf
|
还有一个叫做 bootcmd,这个是在初始化过程早期执行,并且在每次引导时默认运行。
而 runcmd 则进程末尾附近执行,且仅在第一次引导和初始化时执行。
安装 Docker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| apt:
sources:
source1:
keyid: "9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88"
keyserver: https://download.docker.com/linux/ubuntu/gpg
source: deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable
package_update: true
packages:
- qemu-guest-agent
- docker-ce=5:20.10.24~3-0~ubuntu-jammy
- docker-ce-cli=5:20.10.24~3-0~ubuntu-jammy
- containerd.io
- docker-compose
- docker-buildx-plugin
|
注意这里需要有 keyid,keyid 可以在已经安装了 docker 的主机上通过 apt-key list 命令查询。
这里指定了 Docker 版本,可以通过apt-cache madison docker-ce 命令查询。
如果查询不到 keyid,可以将 keyserver 的值查询出来,然后写作下面这种形式:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
| apt:
sources:
source1:
source: deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable
key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
=0YYh
-----END PGP PUBLIC KEY BLOCK-----
package_update: true
packages:
- qemu-guest-agent
- docker-ce=5:20.10.24~3-0~ubuntu-jammy
|
user-data 可食用例子
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
users:
- name: ubuntu
ssh-authorized-keys:
- ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEA7wXSA4kqQ9wCj6Imsr7hgw/N9bhHWmy3H1nV55YAH+GsRq+uyy2mxxWUeshsVfGXe+1lW7bDECusyt8YBy/AuuyP8wPTWgWT6Sgm9yk40sAd3t9xHamTkWo/XIL9SDY3gX/H7b1AFDXaPX9zN+DH+3CLqGUJTbYPjCe/hPYhy/cciJxK9G1JNjkmXX9PHSCpMOhb85dyZWKKXVtvmO26KAZRSZJ5NI5wsDj9Cq7A9Yv1PFN0cqpYwQk7Ig9KKjb62ZkGt99902+l33t77oqGmNHlOJlGZ+zNBC27jcpdbMmIIC6V7gejf8+pN7lcxvnMj5I6O5pPRRHKo8rMppmniw==
user@host
sudo: [ 'ALL=(ALL) NOPASSWD:ALL' ]
shell: /bin/bash
passwd: $6$3d1feAL5sj./DceN$V687qgzPvWJDKECKhV0DrfCV8Rkt2.4mBmyORyXjNBlEHXdyLbRH9Oh0DPtbwdUphX6ZLVKmJ9fO6eMw0Elf40
lock_passwd: false
ssh_pwauth: True
write_files:
- path: /etc/ssh/sshd_config.d/99-cloud-init-ssh.conf
content: |
PubkeyAcceptedAlgorithms +ssh-rsa
PasswordAuthentication yes
PermitRootLogin yes
UseDNS no
GSSAPIAuthentication no
- path: /etc/profile
content: |
export PATH=$PATH:/var/lib/rancher/rke2/bin
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
export CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock
source <(kubectl completion bash)
source <(helm completion bash)
append: true
timezone: Asia/Shanghai
package_update: true
packages:
- qemu-guest-agent
runcmd:
- systemctl disable systemd-resolved.service
- systemctl stop systemd-resolved.service
- rm -f /etc/resolv.conf
- echo nameserver 114.114.114.114 > /etc/resolv.conf
- systemctl enable --now qemu-guest-agent.service
- systemctl restart sshd
|
参考连接:
https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ssh
https://docs.redhat.com/zh_hans/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_cloud-init_for_rhel_8/setting-up-a-static-networking-configuration-with-cloud-init_configuring-cloud-init
https://cloudinit.readthedocs.io/en/latest/reference/yaml_examples/apt.html