Configure a custom Ubuntu 14.04 Athena virtual machine with cloud-init

cloud-init-ubuntu-trusty.md

How to configure a custom Ubuntu 14.04 Athena dialup with cloud-init

Preparations

Install dependencies

apt-get install libvirt-bin virtinst cloud-img-utils

Download and prepare Ubuntu cloud images

Download the Ubuntu cloud image from Ubuntu's official site: https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img

Create a new QEMU disk image named athena-test.img in the qcow2 format using the cloud image as a backing file.

qemu-img create -f qcow2 -b trusty-server-cloudimg-amd64-disk1.img athena-test.img

The default image is almost 2 GB, so you can enlarge the disk image. Thanks to thin provisioning, it will not actually cause the size of the disk image to increase until more files have been written to it. Let's give it 8 more gigabytes:

qemu-img resize athena-test.img +8G

Create the cloud seed image

A cloud "seed" image can used by cloud-init to configure the machine. It requires a meta-data file and a user-data file. Examples of each have been provided in this gist. If you're using the default settings, simply run

cloud-localds athena-test-seed.iso user-data.yaml meta-data.yaml

Creating the virtual machine

First, copy the cloud images to their final destination. Assuming /var/lib/libvirt/images is where the default pool is

sudo cp athena-test.img athena-test-seed.iso /var/lib/libvirt/images

Then, you're ready to create the virtual machine!

virt-install -n athena-test \
    --memory 1024 --vcpus 2 \
    --cpu host-model-only \
    --clock offset=utc \
    --import \
    --os-variant ubuntu14.04 \
    --disk vol=default/athena-test.img \
    --disk vol=default/athena-test-seed.iso,device=cdrom \
    --network default \
    --graphics none

You should see the machine being created, with its serial console presented to you. In the messages that flash by, you should see lines like

Set the following 'random' passwords

ubuntu:rAnDomPass

When the login screen is finally presented to you, login as user ubuntu with the indicated random password. Then, immediately use passwd to change it to something more secure.

On your host machine, run virsh net-dhcp-leases default to find out the locally assigned IP address of your machine Then, try running ssh ubuntu@[the ip address] to log in as the user ubuntu. If you're able to log in, then congratulations! You have completed the install, and cloud-init did its job correctly.

Configuring the virtual machine

Kerberos log in

https://sipb.mit.edu/doc/kerberized-server/

Recommended

• fail2ban or sshguard

Further reading

• https://zetta.io/en/help/articles-tutorials/cloud-init-reference/
• http://cloudinit.readthedocs.io/en/latest/topics/examples.html
• https://www.digitalocean.com/community/tutorials/how-to-use-cloud-config-for-your-initial-server-setup
• http://virt-tools.org/learning/install-with-command-line/

meta-data.yaml

instance-id: iid-athenatest
network-interfaces: |
  auto eth0
  iface eth0 inet dhcp
hostname: athena-test
local-hostname: athena-test

user-data.yaml

#cloud-config

# Set a random password for the default user `ubuntu`.
# REMBMER TO CHANGE IT ON FIRST LOG IN!
password: RANDOM
chpasswd: { expire: False }

# Import the given Launchpad user's SSH public keys to the default user's
# ~/.ssh/authorized_keys
ssh_import_id: [username]
# Alternatively, manually include the public keys below:
#ssh_authorized_keys:
#  - [insert key here]

# Also keep a record of cloud-init log on disk. Note that this log includes the
# randomly generated password of the default user!
output : { all : '| tee -a /var/log/cloud-init-output.log' }

# Force package upgrades and use the mirrors.mit.edu mirror
package_update: true
package_upgrade: true
apt_mirror: http://mirrors.mit.edu/ubuntu/

# Add sources for the Debathena repos and the OpenAFS PPA
apt_sources:
  - source: "ppa:openafs/stable"
  - filename: debathena.list
    source: "deb https://debathena.mit.edu/apt trusty debathena debathena-config debathena-system"
# WARNING: THIS DEBATHENA ARCHIVE SIGNING KEY HAS BEEN INCLUDED HERE FOR YOUR CONVENIENCE ONLY
# PLEASE VERIFY IT WITH THE OFFICIAL KEY AT https://debathena.mit.edu/apt/debathena-archive.asc
    key: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      Version: GnuPG v1.4.10 (GNU/Linux)

      mQINBEoRh7YBEAC7s6oh9+2UZ6LGMRdwvSZdGsX1iHKvY23yq9swagL0LF1z5AVE
      mlaRtdi3VhJr1zRBARvJqvu2GyAFIxgihyA0Mhcwp5XDZflwZoLYYrBKoxEeq0pI
      oxBPQCoOdJRpRY6IPGKZuEW3oDn248/E7+ezKJhLHU6eGftTQ0wBEJ956IWWaW3E
      nuRC5U2USd9jCKvzb3kDcfhryzgtpAxk75MODwAttUYxYTjJ1NoKwh3QeDTsByzu
      MU8hvgaEyl+Ot1+7tjB/XVlvFCfkYphayVUIXivv7juB+KFjt+RU+V2YALRj6hPV
      Go3MGFkob2dP5UJWAyukumEBhu7ptRpfsWKihpU7FRR8khYYkWe5C1Ch8jEtLyCF
      1Jp6nEB0upO8vDeE+RsTXJKA4S9p1FnTmFVl0XjCK5VYV5R1PKiesk0EiityNeYl
      WwKFiN/AGBjbhee1hm/NH603bcIb3K/5zwugb4JutbdW4DZrB34MMV5/CM1RQM5K
      s63hOp8YEnLiTCI6aMfwN6AvlCYYOeUOoGpzbjJkXo3s8uydUpaZRZyPLWJJ/Zhv
      dEmCMIbRS6SrqVoFTuxNQLh3CeO05ofAtErmbwCIhGftwlQlFMZ+/dCxjbECOjv0
      zTdgeWyB+8PkqWgkechowrRzMCXTpHPGpoyniBSc6HW7Pnsi8e2R1eaKzwARAQAB
      tDtEZWJhdGhlbmEgUHJvamVjdCAoQXJjaGl2ZSBTaWduaW5nIEtleSkgPGRlYmF0
      aGVuYUBtaXQuZWR1PokCNwQTAQgAIQUCShGHtgIbAwULCQgHAwUVCgkICwUWAgMB
      AAIeAQIXgAAKCRDk7mJwDYqej44nD/kB6O4F06aVoIzcJCmnrm1c0GIfX8QsKdJ8
      C4yKfYp+l/eq23GfrdK9j83N8EMlbgYTYPHqthcFi9XVIspAzxHZkitrB7fRVbba
      ZWy27MqmXXAmKEZTGrGALmw+W/MUUC6S6il2n8Yupw/df+7maBM3Q3bovofnCDLX
      KvosirBWddVepjXiH6KgM/Tm06nuqFuyk/o8CpEqRCtw5GZWEclA9WNWX2nPV+3n
      X0Z7ft1l+1PzCAN4m5WsGBQCanQ9kfYhi0Lb2B36NM8R7koJHAciK/+mkAegXXhT
      OYSd4MWuuh2e6Fs/AEK+wt2YyU/D1OFKPCUXDwGcEFRNh83LU/1GpEEFM35plyQr
      v84gWXRU6BwiI7qHiypkrHxlIfgdbG5AzeXCm7xgM92heeTwmijQmI5VOl2OogC/
      Oiv/2xaQXJUng/DemgOHldoTDZq5e64AI6JG7EsQltbNyhybJe801AHZc/FwhawL
      +IfE91CpUDkwhCVpu8kEOXDI54CCkl7/4rYVHbgLKES2hX7qWL9Eie+In6g0dSLx
      XNa5+CTt7PMT226ot+uI6EKjLroShpcMkDty5DCzKcI3qVkG7+Zmtd0AWOBjILsl
      wND5fw5QobJxu54sbRazxLMM8mN1ju339a7XA+rayCOLLMjabht6bUlyRmGWBB/p
      SYgvE5ESmw== =AvCF
      -----END PGP PUBLIC KEY BLOCK-----
  - filename: debathena.list
    source: "deb-src https://debathena.mit.edu/apt trusty debathena debathena-config debathena-system"

packages:
  - mosh
  - linux-generic
  - dkms

# Forcing noninteractive install that answers "yes" to all install prompts
runcmd:
  - "DEBIAN_FRONTEND=noninteractive apt-get -y install openafs-modules-dkms"
  - "DEBIAN_FRONTEND=noninteractive apt-get -y install debathena-login"
# Optional; you might want to configure your own MTA instead of using MIT's mail servers.
#  - "DEBIAN_FRONTEND=noninteractive apt-get -y install debathena-msmtp-mta"