Thanks @ijohnson, this issue came from the other question here, Build image with OS/snapd/kernel snaps from stable channel. Bringing the same question from there, is it possible to build image with kernel snaps from stable channel but gadget from edge channel if using uc18? Thanks.
For UC18, I am not sure, but that’s precisely why we allowed it for UC20
Quick questions, I guess I can use --extra-snaps
to use snap files to work around the issue for uc18? Can I use --cloud-init
parameter for core20 with ubuntu-image command? The error is:
ubuntu-image: error: base: core20 model assertion detected, the following features are unsupported: --cloud-init
Thanks!
nope … you can not … i know the cloud.cfg file needs to be somewhere inside your gadget snap now but i do not know the details where exactly it has to be or if there is a specific name required … ian might know though …
For cloud-init with UC20, you have the following options:
- Put it in the root of your gadget snap as cloud.conf
- Put it in the ubuntu-seed partition at
<ubuntu-seed>/data/etc/cloud/cloud.cfg.d/
with filenames ending with.cfg
- Provide through external filesystems that cloud-init will by default searches, for example the NoCloud datasource will search for drives labeled CIDATA with files in the root labeled
meta-data
anduser-data
- Put it in ubuntu-seed, and let snapd filter out unsafe configuration from the config so only certain keys are allowed
Option 1 is always allowed with UC20, regardless of model assertion grade. Option 2 is only allowed with model assertion grade dangerous Option 3 is allowed only with model assertion grade dangerous and signed (so this does not work for secured). Option 4 is currently being worked on and will be allowed for model assertions grade signed and dangerous.
Here’s a table of allowed cloud-init methods vs the model assertion grade
Method | Dangerous | Signed | Secured |
---|---|---|---|
Ubuntu-seed | |||
NoCloud CIDATA | |||
Gadget cloud.conf | |||
Ubuntu-seed filtered |
I had a go at trying to implement the “cloud.conf in gadget snap” option, and am not having much luck. My model is set to grade: dangerous
.
I can see that the cloud.conf
from my gadget snap has been copied to /etc/cloud/cloud.cfg.d/80_device_gadget.cfg
, but it isn’t obvious that any of the directives have been run (I tried using runcmd
and write_files
).
On the first boot (after the initial unpack/setup boot), the only reference to “cloud” I see in the journal is:
Mar 29 02:33:04 ubuntu snapd[1880]: devicemgr.go:891: System initialized, cloud-init reported to be in disabled state, disabled permanently
i cant find a referenc for this anymore (probably someone told it to me on IRC) but i happen to remember that the filename needs to be cloud.cfg
in the gadget case and that you need a “nocloud” section in it (i could mis-remember or it might be outdated info tough) …
I’d originally tried with cloud.cfg
, which doesn’t work. When I switched to cloud.conf
(as documented in @ijohnson’s post), I could see that the config file was being copied out of my gadget snap. And the snapd code is definitely looking for that file name:
I’ll have to look more into the nocloud thing. From a brief read of the docs, that seemed to be about feeding cloud-init data into the system from some external source. Here, the config has already been copied to /etc/cloud
by snapd.
Can you share the cloud.conf you tried using? I think it’s a formatting issue in that it only works if you format the cloud.conf a certain way
This is the cloud.conf file I was using:
The write_files
stanza is to a location that is made writable in the boot file system. The runcmd
command references a script shipped inside one of the snaps required by the model definition.
The cloud-init config that we have confirmed to work is formatted like this:
#cloud-config
datasource_list: [NoCloud]
users:
- name: ubuntu
sudo: "ALL=(ALL) NOPASSWD:ALL"
lock_passwd: false
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+5T1gxW1X4bzQs5a858MMMyOb8ZHKlA9EOoCJ1X0B9TdY+Dz37wiGIKQ0pSUJ39wq9gFsF5e/aG0FNcZxkzBwNwWKpZ9efeNHca/8ffKZH97l9MbQL0d+g0p+KVpP9waS3cbcyEmcTXkZZssyWAx7j8DtNI+qVp6ZZ4uPS4uRKRxhI/XwUvQYvtjHCqvZ31+cV1b0cWoRIEVjAyrlGYhAIoADs8lFEDmH1DXwgPtifj1ooPdiwcgYtZcnRuxSSNQFKXY79MhRRfcJCebCRewOPd6xjQGH8z7dbhx+kvJTO0qw7xMh6HOj20xezlEhTCTg3ykk2whodUb+sUjXkdLUULCJgma8v8r2cUKC5ec3iOfLx8esAQOxTgq/PvrUcnzPLSPrvupJV6JhXNoIa2+5XELmTV9CdFHjPiO4YHOQHxi0XayKGOODcT72zI1oc5rMOkU+7B1Lopozd9IrwmswPcZP4oSy4qm5ckHErE2IlL179fRChVEfCK9FBxNluNUZTZ0Nq4s3NDoc+JTotod8JHRTfbLnQBxzccSuJhM1oez6aYQySSpgQhcyItA0OlPdXIR9UhHDq1GFua5vu44OQX8ml4SOyCQlrXUowecptg+Qm12l1a8NspityR9uGgwdWHEkB0P2vvuJuV8ugwY2saqrZu/3eYICLuFsqMJm0w== ian.johnson@canonical.com"
Perhaps you need to include datasource_list: [NoCloud]
in your config? I don’t know how cloud-init internally decides if it’s used or not, but all snapd does to decide if cloud-init should be disabled or not is by querying if there is a datasource being used or not.
It works for me. A new user got created by my cloud.conf file.
Yep. Adding datasource_list
to my cloud.conf file seems to fix things. Both the write_files
and runcmd
directives seem to have been processed.
Great thanks for confirming, I’ll make a note of this in my upcoming UC20 and cloud-init doc page
@ijohnson in the new version of UC, is there a plan to use the old way in uc18 to include the cloud.conf file when ubuntu-image
command runs? Thanks.
There is not currently a plan for that, no.
Thanks @ijohnson for the confirmation. When ubuntu-image
runs, can we copy the file to ubuntu-seed
directory, <ubuntu-seed>/data/etc/cloud/cloud.cfg.d/
with filenames ending with .cfg as you mentioned here, Ubuntu-image command crashed?
Cheers,
Hi @ijohnson
I’m building an UC20 image at the moment and try to use a cloud-init config-file for some basic setup on a fresh install (adding some users, creating some files, etc.) as I did previously with a UC18 image.
For testing I basically went along this tutorial: https://ubuntu.com/core/docs/custom-images
Since I don’t want to create my own gadget.snap at the moment, I’m trying out your option 2, but it doesn’t seem to work for me. I build the UC20 image using ubuntu-image
, then mount the ubuntu-seed
partition of the finished image, create a directory <seed>/data/etc/cloud/cloud.cfg.d/
and copy a simple cloud.cfg
(I tried cloud.conf
as well) in there:
#cloud-config
datasource_list: [ NoCloud, None ]
users:
- name: ubuntu
homedir: /home/ubuntu
sudo: ALL=(ALL) NOPASSWD:ALL
groups: users, admin
shell: /bin/bash
chpasswd:
list: |
ubuntu:ubuntu
expire: False
My problem is, that this file doesn’t seem to be used when I later boot up the image (no user is created) and I’m not sure where to look for log-files in UC20.
Also the table you wrote into post Ubuntu-image command crashed confused me a bit. Is it possible the “Methodes” in this table are in the wrong order?