This section describes how to use the cloud-init package to handle the early initialization of instances.
About cloud-init
Cloud-init is a Linux package responsible for handling the early initialization of instances. If available in the distributions, it allows for configuration of many common parameters of the instance directly after installation. This creates a fully functional instance that is configured based on a series of inputs.
Cloud-init's behavior can be configured via user-data. User-data can be given by the user at instance launch time. This is typically done by attaching a secondary disk in ISO format that cloud-init will look for at first boot time. This disk contains all early configuration data that will be applied at that time.
The SASE Orchestrator supports cloud-init and all essential configurations can be packaged in an ISO image.
Create the cloud-init meta-data File
The final installation configuration options are set with a pair of cloud-init configuration files. The first installation configuration file contains the metadata. Create this file with a text editor and label it meta-data. This file provides information that identifies the instance of SASE Orchestrator being installed. The instance-id
can be any identifying name, and the local-hostname
should be a host name that follows your site standards, for example:
instance-id: vco01 local-hostname: vco-01
Additionally, you can specify network interface information (if the network is not configured via DHCP, for example):
instance-id: vco01 local-hostname: vco-01 network-interfaces: | auto eth0 iface eth0 inet static address 10.0.1.2 network 10.0.1.0 netmask 255.255.255.0 broadcast 10.0.1.255 gateway 10.0.1.1
Create the cloud-init user-data File
The second installation configuration option file is the user data file. This file provides information about users on the system. Create it with a text editor and call it user-data. This file will be used to enable access to the installation of SASE Orchestrator. The following is an example of what the user-data file will look like:
#cloud-config password: Velocloud123 chpasswd: {expire: False} ssh_pwauth: True ssh_authorized_keys: - ssh-rsa AAA...SDvz [email protected] - ssh-rsa AAB...QTuo [email protected] vco: super_users: list: | [email protected]:password1 remove_default_users: True system_properties: list: | mail.smtp.port:34 mail.smtp.host:smtp.yourdomain.com service.maxmind.enable:True service.maxmind.license:todo_license service.maxmind.userid:todo_user service.twilio.phoneNumber:222123123 network.public.address:222123123 write_files: - path: /etc/nginx/velocloud/ssl/server.crt permissions: '0644' content: "-----BEGIN CERTIFICATE-----\nMI….ow==\n-----END CERTIFICATE-----\n" - path: /etc/nginx/velocloud/ssl/server.key permissions: '0600' content: "-----BEGIN RSA PRIVATE KEY-----\nMII...D/JQ==\n-----END RSA PRIVATE KEY-----\n" - path: /etc/nginx/velocloud/ssl/velocloudCA.crt
password
and
chpasswd
lines.
- The
password
contains the plain-text password for the vcadmin user. - The
chpasswd
line turns off password expiration to prevent the first login from immediately prompting for a change of password. This is optional.
The ssh_pwauth
line enables SSH login. The ssh_authorized_keys
line begins a block of one or more authorized keys. Each public SSH key listed on the ssh-rsa
lines will be added to the vcadmin ~/.ssh/authorized_keys file.
In this example, two keys are listed. For this example, the key has been truncated. In a real file, the entire public key must be listed. Note that the ssh-rsa
lines must be preceded by two spaces, followed by a hyphen, followed by another space.
The vco
section specifies configured SASE Orchestrator services.
super_users
contains list of VMware Super Operator accounts and corresponding passwords.
The system_properties
section allows to customize Orchestrator System Properties. See System Properties for details regarding system properties configuration.
write_files
section allows to replace files on the system. By default,
SASE Orchestrator web services are configured with self-signed SSL certificate. If you would like to provide different SSL certificate, the above example replaces the
server.crt and
server.key files in the
/etc/nginx/velocloud/ssl/ folder with user-supplied files.
Create an ISO file
Once you have completed your files, they need to be packaged into an ISO image. This ISO image is used as a virtual configuration CD with the virtual machine. This ISO image, called vco01-cidata.iso, is created with the following command on a Linux system:
genisoimage -output vco01-cidata.iso -volid cidata -joliet -rock user-data meta-data
Transfer the newly created ISO image to the datastore on the host running VMware.