Difference between revisions of "Contextualization of Linux VMs"
(24 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
[[Category:OpenNebula]] | [[Category:OpenNebula]] | ||
[[Category:How To]] | [[Category:How To]] | ||
[[Category:CloudInfrastructure]] | |||
OpenNebula uses a method called contextualization to send information to the VM at boot time. Information is collected in the Template and is essential to configure the VM. | OpenNebula uses a method called contextualization to send information to the VM at boot time. Information is collected in the Template and is essential to configure the VM. | ||
The VM template has a section called | The VM template has a section called "'''Context'''" where you can automate different configuration aspects. | ||
Context section has 3 parts: | The Context section has 3 parts: | ||
==='''''Configuration'''''=== | ==='''''Configuration'''''=== | ||
[[File:Template-Configuration.png]] | [[File:Template-Configuration.png|768px]] | ||
This is the most basic context configuration where you can: | This is the most basic context configuration provided by OpenNebula, where you can: | ||
* Enable ''' | * Enable '''Network''' contextualization. The VM will be configured with the information added in the network section or in [[#Custom Vars|Custom Var]] section of the template. | ||
* Add '''SSH public keys''' to USERNAME authorized_keys file | * Enable '''SSH''' contextualization. Ssh service will be enabled. | ||
* '''START_SCRIPT''' - | * Add '''SSH public keys'''. Keys will be added to USERNAME authorized_keys file ([[#Custom Vars|See custom section]]) or to root in case USERNAME is not set. | ||
* '''START_SCRIPT''' - Script which is executed when the machine starts up. It can contain either shell script or Shebang. For example START_SCRIPT="yum upgrade". | |||
==='''''Files'''''=== | ==='''''Files'''''=== | ||
[[File:Template-Files.png]] | [[File:Template-Files.png|768px]] | ||
You can select files | In this section you can include files in your vm. Files can be added in OpenNebula in "Files" section in the left menu under "Images". | ||
You can select files from the list and they will be automatically added in FILES_DS attribute. | |||
If the file is a script you want to run at boot you can add it INIT_SCRIPTS attribute. | |||
==='''''Custom Vars'''''=== | ==='''''Custom Vars'''''=== | ||
[[File:Template-CustomVars.png]] | [[File:Template-CustomVars.png|768px]] | ||
In this section you can setup a more advanced contextualization, the attributes available are: | In this section you can setup a more advanced contextualization, the attributes available are: | ||
Line 41: | Line 46: | ||
* '''DNS''' - Specific DNS server for the Virtual Machine | * '''DNS''' - Specific DNS server for the Virtual Machine | ||
* '''USERNAME''' - User to be created in the guest OS. If any password attribute is defined (see below) it will change this user (defaults to root). '''Please note:''' SSH daemon on the host is configured to deny access to user '''root''' and it does not support password authentication. If you specify '''USERNAME''' such account will be created and any SSH keys you may have configured will be allowed to login as that user. If you use any of the context variables below then password will be set for the user too. If username is not root you will be able to SSH in using SSH key and you will be able to login on the VNC console but you will '''not be able escalate your privileges''' to root. If username is '''root''' or you do not use '''USERNAME''' then you will be able to login on the VNC console but you will not be able to SSH in. '''Contextualization script always creates an user ''cloudUser'' which is allowed to login SSH using the keys you have configured in the template. Also cloudUser is allowed to elevate its privileges via sudo without password. the following command will make you root without password:''' | |||
*: sudo -s | |||
* '''CRYPTED_PASSWORD_BASE64''' - Crypted password encoded in base64. You can use the following command: | |||
*: openssl passwd -1 | base64 | |||
* '''CRYPTED_PASSWORD''' - Crypted password. This parameter is not recommended, use CRYPTED_PASSWORD_BASE64 instead. You can use the following command: | |||
*: openssl passwd -1 | |||
* '''PASSWORD_BASE64''' - Clear text password encoded in base64. This parameter is not recommended, use CRYPTED_PASSWORD_BASE64 instead. Example command: | |||
*: echo "Password" | base64 | |||
* '''PASSWORD''' - Clear text password to be set for the user USERNAME. This parameter is not recommended, use CRYPTED_PASSWORD_BASE64 instead. | |||
The following attributes are automatically filled up configuring the Network section of the template: | |||
* '''ETHx_MAC''' - Used to find the correct interface | * '''ETHx_MAC''' - Used to find the correct interface | ||
Line 59: | Line 79: | ||
* '''ETHx_DNS''' - DNS for the network | * '''ETHx_DNS''' - DNS for the network | ||
These last attributes are also automatically filled up adding SSH public keys in the [[Contextualization_of_Linux_VMs#Configuration | Context Configuration Section]] of the template: | |||
* '''SSH_PUBLIC_KEY''' - Key to be added to USERNAME authorized_keys file or root in case USERNAME is not set. | * '''SSH_PUBLIC_KEY''' - Key to be added to USERNAME authorized_keys file or root in case USERNAME is not set. | ||
* '''EC2_PUBLIC_KEY''' - Same as SSH_PUBLIC_KEY | * '''EC2_PUBLIC_KEY''' - Same as SSH_PUBLIC_KEY |
Latest revision as of 13:26, 24 April 2017
OpenNebula uses a method called contextualization to send information to the VM at boot time. Information is collected in the Template and is essential to configure the VM.
The VM template has a section called "Context" where you can automate different configuration aspects.
The Context section has 3 parts:
Configuration
This is the most basic context configuration provided by OpenNebula, where you can:
- Enable Network contextualization. The VM will be configured with the information added in the network section or in Custom Var section of the template.
- Enable SSH contextualization. Ssh service will be enabled.
- Add SSH public keys. Keys will be added to USERNAME authorized_keys file (See custom section) or to root in case USERNAME is not set.
- START_SCRIPT - Script which is executed when the machine starts up. It can contain either shell script or Shebang. For example START_SCRIPT="yum upgrade".
Files
In this section you can include files in your vm. Files can be added in OpenNebula in "Files" section in the left menu under "Images".
You can select files from the list and they will be automatically added in FILES_DS attribute.
If the file is a script you want to run at boot you can add it INIT_SCRIPTS attribute.
Custom Vars
In this section you can setup a more advanced contextualization, the attributes available are:
- VARIABLE - Variables that store values related to this virtual machine or others . The name of the variable is arbitrary (in the example, we use hostname).
- SET_HOSTNAME - This parameter value will be the hostname of the VM.
- DNS_HOSTNAME - YES to set the VM hostname to the reverse dns name (from the first IP)
- GATEWAY_IFACE - This variable can be set to the interface number you want to configure the gateway. It is useful when several networks have GATEWAY parameter and you want yo choose the one that configures it. For example to set the first interface to configure the gateway you use GATEWAY_IFACE=0
- DNS - Specific DNS server for the Virtual Machine
- USERNAME - User to be created in the guest OS. If any password attribute is defined (see below) it will change this user (defaults to root). Please note: SSH daemon on the host is configured to deny access to user root and it does not support password authentication. If you specify USERNAME such account will be created and any SSH keys you may have configured will be allowed to login as that user. If you use any of the context variables below then password will be set for the user too. If username is not root you will be able to SSH in using SSH key and you will be able to login on the VNC console but you will not be able escalate your privileges to root. If username is root or you do not use USERNAME then you will be able to login on the VNC console but you will not be able to SSH in. Contextualization script always creates an user cloudUser which is allowed to login SSH using the keys you have configured in the template. Also cloudUser is allowed to elevate its privileges via sudo without password. the following command will make you root without password:
- sudo -s
- CRYPTED_PASSWORD_BASE64 - Crypted password encoded in base64. You can use the following command:
- openssl passwd -1 | base64
- CRYPTED_PASSWORD - Crypted password. This parameter is not recommended, use CRYPTED_PASSWORD_BASE64 instead. You can use the following command:
- openssl passwd -1
- PASSWORD_BASE64 - Clear text password encoded in base64. This parameter is not recommended, use CRYPTED_PASSWORD_BASE64 instead. Example command:
- echo "Password" | base64
- PASSWORD - Clear text password to be set for the user USERNAME. This parameter is not recommended, use CRYPTED_PASSWORD_BASE64 instead.
The following attributes are automatically filled up configuring the Network section of the template:
- ETHx_MAC - Used to find the correct interface
- ETHx_IP - IPv4 address for the interface
- ETHx_IPV6 - IPv6 address for the interface
- ETHx_NETWORK - Network address of the interface
- ETHx_MASK - Network mask
- ETHx_GATEWAY - Default IPv4 gateway for the interface
- ETHx_GATEWAY6 - Default IPv6 gateway for the interface
- ETHx_MTU - MTU value for the interface
- ETHx_DNS - DNS for the network
These last attributes are also automatically filled up adding SSH public keys in the Context Configuration Section of the template:
- SSH_PUBLIC_KEY - Key to be added to USERNAME authorized_keys file or root in case USERNAME is not set.
- EC2_PUBLIC_KEY - Same as SSH_PUBLIC_KEY