Updated clear value for guestinfo keys

This patch updates the behavior of clearing a key from the guestinfo
key-space. For example, if the "userdata" key is cleared then
"guestinfo.userdata" is set to "---" and "guestinfo.userdata.encoding"
is set to an empty string.
2 files changed
tree: 34240d11badd1271b2636ab2ce693cfc87b0466e
  1. .gitignore
  2. .pylintrc
  3. 99-DataSourceVMwareGuestInfo.cfg
  4. DataSourceVMwareGuestInfo.py
  5. Dockerfile.rpmbuild
  6. dscheck_VMwareGuestInfo.sh
  7. install.sh
  8. LICENSE
  9. Makefile
  10. README.md
  11. requirements.txt
  12. rpm.el7.spec
  13. rpmmacros
README.md

Cloud-Init Datasource for VMware GuestInfo

This project provides a cloud-init datasource for pulling meta, user, and vendor data from VMware vSphere's GuestInfo interface.

Installation

There are multiple methods of installing the data source.

Installing on RHEL/CentOS 7

There is an RPM available for installing on RedHat/CentOS:

yum install https://github.com/vmware/cloud-init-vmware-guestinfo/releases/download/v1.1.0/cloud-init-vmware-guestinfo-1.1.0-1.el7.noarch.rpm

Installing on other Linux distributions

The VMware GuestInfo datasource can be installed on any Linux distribution where cloud-init is already present. To do so, simply execute the following:

curl -sSL https://raw.githubusercontent.com/vmware/cloud-init-vmware-guestinfo/master/install.sh | sh -

Configuration

The data source is configured by setting guestinfo properties on a VM's extraconfig data or a customizable vApp's properties data.

PropertyDescription
guestinfo.metadataA JSON string containing the cloud-init metadata.
guestinfo.metadata.encodingThe encoding type for guestinfo.metadata.
guestinfo.userdataA YAML document containing the cloud-init user data.
guestinfo.userdata.encodingThe encoding type for guestinfo.userdata.
guestinfo.vendordataA YAML document containing the cloud-init vendor data.
guestinfo.vendordata.encodingThe encoding type for guestinfo.vendordata.

All guestinfo.*.encoding property values may be set to base64 or gzip+base64.

Walkthrough

The following series of steps is a demonstration on how to configure a VM with cloud-init and the VMX GuestInfo datasource.

Create a metadata file

First, create the metadata file for the VM. Save the following YAML to a file named metadata.yaml:

instance-id: cloud-vm
local-hostname: cloud-vm
network:
  version: 2
  ethernets:
    nics:
      match:
        name: ens*
      dhcp4: yes

Create a userdata file

Finally, create the userdata file userdata.yaml:

#cloud-config

users:
  - default
  - name: akutz
    primary_group: akutz
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: sudo, wheel
    ssh_import_id: None
    lock_passwd: true
    ssh_authorized_keys:
    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDE0c5FczvcGSh/tG4iw+Fhfi/O5/EvUM/96js65tly4++YTXK1d9jcznPS5ruDlbIZ30oveCBd3kT8LLVFwzh6hepYTf0YmCTpF4eDunyqmpCXDvVscQYRXyasEm5olGmVe05RrCJSeSShAeptv4ueIn40kZKOghinGWLDSZG4+FFfgrmcMCpx5YSCtX2gvnEYZJr0czt4rxOZuuP7PkJKgC/mt2PcPjooeX00vAj81jjU2f3XKrjjz2u2+KIt9eba+vOQ6HiC8c2IzRkUAJ5i1atLy8RIbejo23+0P4N2jjk17QySFOVHwPBDTYb0/0M/4ideeU74EN/CgVsvO6JrLsPBR4dojkV5qNbMNxIVv5cUwIy2ThlLgqpNCeFIDLCWNZEFKlEuNeSQ2mPtIO7ETxEL2Cz5y/7AIuildzYMc6wi2bofRC8HmQ7rMXRWdwLKWsR0L7SKjHblIwarxOGqLnUI+k2E71YoP7SZSlxaKi17pqkr0OMCF+kKqvcvHAQuwGqyumTEWOlH6TCx1dSPrW+pVCZSHSJtSTfDW2uzL6y8k10MT06+pVunSrWo5LHAXcS91htHV1M1UrH/tZKSpjYtjMb5+RonfhaFRNzvj7cCE1f3Kp8UVqAdcGBTtReoE8eRUT63qIxjw03a7VwAyB2w+9cu1R9/vAo8SBeRqw== sakutz@gmail.com

Assigning the userdate data to the VM's GuestInfo

Please note that this step requires that the VM be powered off. All of the commands below use the VMware CLI tool, govc.

Go ahead and assign the path to the VM to the environment variable VM:

export VM="/inventory/path/to/the/vm"

Next, power off the VM:

govc vm.power -off "${VM}"

Export the environment variables that contain the cloud-init metadata and userdata:

export METADATA=$(gzip -c9 <metadata.yaml | { base64 -w0 2>/dev/null || base64; }) \
       USERDATA=$(gzip -c9 <userdata.yaml | { base64 -w0 2>/dev/null || base64; })

Assign the metadata and userdate to the VM's extra configuration dictionary, guestinfo:

govc vm.change -vm "${VM}" \
  -e guestinfo.metadata="${METADATA}" \
  -e guestinfo.metadata.encoding="gzip+base64" \
  -e guestinfo.userdata="${USERDATA}" \
  -e guestinfo.userdata.encoding="gzip+base64"

Please note the above commands include specifying the encoding for the properties. This is important as it informs the datasource how to decode the data for cloud-init. Valid values for metadata.encoding and userdata.encoding include:

  • base64
  • gzip+base64

Using the cloud-init VMX GuestInfo datasource

Power the VM back on.

govc vm.power -vm "${VM}" -on

If all went according to plan, the CentOS box is:

  • Locked down, allowing SSH access only for the user in the userdata
  • Configured for a dynamic IP address via DHCP
  • Has a hostname of cloud-vm

Examples

This section reviews common configurations:

Setting the hostname

The hostname is set by way of the metadata key local-hostname.

Setting the instance ID

The instance ID may be set by way of the metadata key instance-id. However, if this value is absent then then the instance ID is read from the file /sys/class/dmi/id/product_uuid.

Providing public SSH keys

The public SSH keys may be set by way of the metadata key public-keys-data. Each newline-terminated string will be interpreted as a separate SSH public key, which will be placed in distro's default user's ~/.ssh/authorized_keys. If the value is empty or absent, then nothing will be written to ~/.ssh/authorized_keys.

Configuring the network

The network is configured by setting the metadata key network with a value consistent with Network Config Versions 1 or 2, depending on the Linux distro's version of cloud-init.

The metadata key network.encoding may be used to indicate the format of the metadata key "network". Valid encodings are base64 and gzip+base64.

Cleaning up the guestinfo keys

Sometimes the cloud-init userdata might contain sensitive information, and it may be desirable to have the guestinfo.userdata key (or other guestinfo keys) cleared as soon as its data is read by the datasource. This is possible by adding the following to the metadata:

cleanup-guestinfo:
- userdata
- vendordata

When the above snippet is added to the metadata, the datasource will iterate over the elements in the cleanup-guestinfo array and clear each of the keys. For example, the above snippet will cause the following commands to be executed:

vmware-rpctool "info-set guestinfo.userdata ---"
vmware-rpctool "info-set guestinfo.userdata.encoding  "
vmware-rpctool "info-set guestinfo.vendordata ---"
vmware-rpctool "info-set guestinfo.vendordata.encoding  "

Please note that keys are set to the valid YAML string --- as it is not possible remove an existing key from the guestinfo key-space. A key's analogous encoding property will be set to a single white-space character, causing the datasource to treat the actual key value as plain-text, thereby loading it as an empty YAML doc (hence the aforementioned ---).

Building the RPM

Building the RPM locally is handled via Docker. Simple execute the following command:

make rpm

The resulting RPMs are located in rpmbuild/$OS/RPMS/noarch/. The list of supported $OS platforms are:

  • el7 (RHEL/CentOS 7)

Conclusion

To learn more about how to use cloud-init with CentOS, please see the cloud-init documentation for more examples and reference information for the cloud-config files.