-
-
Save sebsto/6441df09e97c4cbbd22b8ba313b8d642 to your computer and use it in GitHub Desktop.
| # Download the VDI from https://cdn.amazonlinux.com/os-images/latest/ | |
| # Doc is at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/amazon-linux-2-virtual-machine.html | |
| # Be sure you have config/meta-data and config/user-data ready as per the below | |
| # change ec2-user's password to your password | |
| $ cat config/meta-data | |
| local-hostname: amazonlinux.onprem | |
| # eth0 is the default network interface enabled in the image. You can configure | |
| # static network settings with an entry like below. | |
| #network-interfaces: | | |
| # iface eth0 inet static | |
| # address 192.168.1.10 | |
| # network 192.168.1.0 | |
| # netmask 255.255.255.0 | |
| # broadcast 192.168.1.255 | |
| # gateway 192.168.1.254 | |
| $ cat config/user-data | |
| #cloud-config | |
| # vim:syntax=yaml | |
| users: | |
| # A user by the name ec2-user is created in the image by default. | |
| - default | |
| # Following entry create user1 and assigns password specified in plain text. | |
| # Please not use of plain text password is not recommended from security best | |
| # practises standpoint | |
| # - name: user1 | |
| # groups: sudo | |
| # sudo: ['ALL=(ALL) NOPASSWD:ALL'] | |
| # plain_text_passwd: < plain text password here > | |
| # lock_passwd: false | |
| # Following entry creates user2 and attaches a hashed passwd to the user. Hashed | |
| # passwords can be generated with: | |
| # python -c 'import crypt,getpass; print crypt.crypt(getpass.getpass())' | |
| # - name: user2 | |
| # passwd: < hashed password here > | |
| # lock_passwd: false | |
| # Following entry creates user3, disables password based login and enables an SSH public key | |
| # - name: user3 | |
| # ssh-authorized-keys: | |
| # - < ssh public key here > | |
| # lock_passwd: true | |
| chpasswd: | |
| list: | | |
| ec2-user:password | |
| # On Mac OS, you can use hdiutil instead of genisoimage | |
| hdiutil makehybrid -o init.iso -hfs -joliet -iso -default-volume-name cidata config | |
| ## Then attach the init.iso file to the virtual machine before to boot the VDI. | |
| ## Cloud-init configuration happens ar first boot only, you do not need the ISO file for subsequent boots | |
| ## If you need to retry, re-try from the originally downloaded VDI | |
| ## Keep a copy of the downloaded VDI if you need to make changes to your root disk image. |
Yeah, I couldn't get it to work either same setup as dwhite-beehawk.
I can login locally (on the terminal) but not via ssh because of 2 things:
as described the eth0 does not go up, there is no ONBOOT=yes in eth0 config.
and sshd is denying any by password login.
So after manually fixing these issues up Ive being able to login.
As configured eth0 will be directly in your network, bridged, not on the NAT’ed VMware Fusion network.
So if someone has some more information on how we can get ONBOOT=yes for eth0 on meta-data, that password thing can be avoided configuring a key for the user.
i also have the same issue where it said "login incorrect". Could you elaborate on what you did to be able to log in @sdbruder?
I had this issue too, the solution (for me) was to validate the files used to create the seed.iso file, this worked for me:- http://www.yamllint.com/ and found an error.
#cloud-config
# vim:syntax=yaml
users:
# A user by the name ec2-user is created in the image by default.
- default
In the last line, the default statement needed two spaces in front of it, then it validated ok, the rebuild seed.iso then seemed to do the trick and I could log in as ec2-user with my password.
Remember to use a fresh .vdi file as the seed.iso is only valid on first boot and booting touches the vdi image so it cannot be used again. You may be able to do a snapshot before the initial boot too to preserver the initial state. But I have not tried this.
I noticed during boot on mine it thought the seed is not valid
I built it on osx
hdiutil makehybrid -o seed.iso -hfs -joliet -iso -default-volume-name cidata seedconfig/
I did validate my yaml
Reading through here:
https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html
I think its something to do with my seed.iso, it is mounted in VirtualBox
Thanks for the suggestions!
In my case, it turned out that my "incrorrect login" errors were fixed by removing a COMMENT line that i had added above the first line of the user-data file. So my file started with:
# my comment here ( a URL to the docs), then...
#cloud-config
#vim:syntax=yaml
Although it was still syntactically correct yaml, it didn't actually work until i removed that top/first comment that i'd added...
So there is, apparently, an undocumented requirement that the file MUST BEGIN WITH with the #cloud-config comment...
#cloud-config
#vim:syntax=yaml
Still not sure if the vim:syntax comment is required too but I'm leaving it, cuz I've lost enough time to this nonsense already :-)
Thanks again for your suggestions, which led me to to my discovery and the fix for my situation!
Hope this helps someone googling this issue like i did!
-dave
It's documented by AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/amazon-linux-2-virtual-machine.html
I doubt anyone is as lame as I am, but I created the text files using NOTEPAD under Windows Cygwin, and I am pretty sure the non-standard line terminators did bad things.
I deleted the NOTEPAD files and recreated using vi and everything worked as expected.
Got an error running the hdiutil command "-bash: $: command not found". However hdiutil makehybrid -help works fine. Any suggestions
What is the syntax to set SSH keys for the default user, i.e. ec2-user? I tried the following, but it doesn't work:
users:
- default:
ssh-authorized-keys:
- <ssh key>
I've also tried:
users:
- default:
- name: ec2-user
ssh-authorized-keys:
- <ssh key>
I just end up with an empty authorized_keys file. It works for any other user, though. I've looked but can't find an example of how to do this.
@swampf0etus check the sample config here https://cdn.amazonlinux.com/os-images/2.0.20190612/README.cloud-init
@sebsto Thanks, but I can see where in that example that it applies an ssh key to the ec2-user, I only see one for user3
According to the example I shared, it Looks like you have the indentation incorrect in your second example.
- name line must be indented one level below - default
Using OS X Catalina and the latest VirtualBox (6.1.6) here. I followed the AWS instructions line by line. I changed the VM network adapter from NAT to Bridged and updated the /etc/ssh/sshd_config to allow password login so I can connect from terminal.
Uncomment line 63: PasswordAuthentication yes
Then restart ssh daemon: sudo service ssd restart
In my case, I did not notice that I had created the metadata files with a .TXT extension!!!
@swampf0etus I managed to set the ec2-user ssh key like this
#cloud-config
# vim:syntax=yaml
users:
- default
- name: ec2-user
ssh-authorized-keys:
- ssh-rsa <key>
chpasswd:
list: |
ec2-user:amazon
ssh-authorized-keys:
How did you create/get the public key onto your host?
@icasnerd
In my case I've already had generated key pair in my ~/.ssh host folder (it was convenient to me to reuse the existing key). I just pasted my public key instead of the <key> in the provided YAML sample.
But you can generate new key pair on the host with OpenSSH or PuTTY on windows or ssh-keygen on Linux/MacOS.
For those who want to have a static IP, the network adapter on the VM needs to be bridged and the network interfaces section needs an additional line to specify the DNS name servers:
network-interfaces: |
iface eth0 inet static
address 192.168.1.10
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.254
dnsnameservers 192.168.1.254 8.8.8.8.8.4.4
Took me a long while to figure out, so sharing it here.
Could you expand on this gist a little? I've been following the docs and such examples - but cannot log into the VM. I get a "Login incorrect" for all users.
The .vdi I've set as the SATA drive in Vbox and I've mounted the init.iso as the IDE.