VMware Cloud Community
Thelemanu
Enthusiast
Enthusiast

Cloudbase-init works in blueprint, but fails when in image mapping

Hello, we have a w2K19 blueprint, with a cloudconfig section working just fine. Cloudbase-init is installed and configured in a template. We want to move the cloudconfig section, off the blueprint, into the image mapping. When we do that the cloudbase-init customization do not work anymore. What are we possibly doing wrong ? Any reference on doing this simple step ?

Tks for your support

Tags (2)
Reply
0 Kudos
10 Replies
jimmyvandermast
Hot Shot
Hot Shot

According to the documentation, this should work.

https://docs.vmware.com/en/VMware-Cloud-Assembly/services/Using-and-Managing/GUID-9CBAA91A-FAAD-4409...

Are there perhaps variables/inputs or other references, or perhaps issues caused by the order in which both parts are processed?

Reply
0 Kudos
Thelemanu
Enthusiast
Enthusiast

Hi, after more tests I see it actually works. What is not working, as you suggested, is the use of a variable coming from the inputs fields. I have to reset the admin password with a password specified in the inputs of the blueprint. What is the correct syntax to call back an input inside cloudinit/cloudbaseinit when specified through "image mapping" ?

Tks for your support

Reply
0 Kudos
ronaldod
Enthusiast
Enthusiast

What do you see in the logfiles of cloudbase-init.

Reply
0 Kudos
Thelemanu
Enthusiast
Enthusiast

I believe my problem is that the variable containing the password is not initialized. How do I call the input variable "vm_password" in the cloudinit configuration script, when called from "image mapping" ?

my cloudinit:

ssh_pwauth: yes
chpasswd:
expire: false # set to true to be asked for new pwd at first login
list: |
root:${_resource~__~vm_password}

Cloudinit.log

.....

021-07-13 16:33:22,836 - stages.py[DEBUG]: Running module set-passwords (<module 'cloudinit.config.cc_set_passwords' from '/usr/lib/python3.6/site-packages/cloudinit/config/cc_set_passwords.py'>) with frequency once-per-instance
2021-07-13 16:33:22,836 - handlers.py[DEBUG]: start: modules-config/config-set-passwords: running config-set-passwords with frequency once-per-instance
2021-07-13 16:33:22,836 - util.py[DEBUG]: Writing to /var/lib/cloud/instances/iid-dsovf/sem/config_set_passwords - wb: [644] 24 bytes
2021-07-13 16:33:22,837 - helpers.py[DEBUG]: Running config-set-passwords using lock (<FileLock using file '/var/lib/cloud/instances/iid-dsovf/sem/config_set_passwords'>)
2021-07-13 16:33:22,837 - cc_set_passwords.py[DEBUG]: Handling input for chpasswd as multiline string.
2021-07-13 16:33:22,837 - cc_set_passwords.py[DEBUG]: Changing password for ['root']:
2021-07-13 16:33:22,837 - util.py[DEBUG]: Running command ['chpasswd'] with allowed return codes [0] (shell=False, capture=True)
2021-07-13 16:33:22,864 - util.py[WARNING]: Failed to set passwords with chpasswd for ['root']
2021-07-13 16:33:22,864 - util.py[DEBUG]: Failed to set passwords with chpasswd for ['root']
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/cloudinit/config/cc_set_passwords.py", line 196, in handle
chpasswd(cloud.distro, ch_in)
File "/usr/lib/python3.6/site-packages/cloudinit/config/cc_set_passwords.py", line 250, in chpasswd
util.subp(cmd, plist_in)
File "/usr/lib/python3.6/site-packages/cloudinit/util.py", line 2164, in subp
cmd=args)
cloudinit.util.ProcessExecutionError: Unexpected error while running command.
Command: ['chpasswd']
Exit code: 1
Reason: -
Stdout:
Stderr: BAD PASSWORD: it is WAY too short
BAD PASSWORD: is a palindrome
No password supplied
chpasswd: (user root) pam_chauthtok() failed, error:
Authentication token manipulation error
chpasswd: (line 1, user root) password not changed

....

Reply
0 Kudos
ronaldod
Enthusiast
Enthusiast

Look at the first post. The poster refers to an example that uses inputs from a form input.

Reply
0 Kudos
Thelemanu
Enthusiast
Enthusiast

yes we tried that ${input.vm_password}

But nothing get passed through yet

Reply
0 Kudos
Thelemanu
Enthusiast
Enthusiast

we want the password to be entered at the time the deployment is requested. So it has to come as a blueprint input, no ? I don't think we can use secrets in this use case, correct ?

Reply
0 Kudos
jimmyvandermast
Hot Shot
Hot Shot

Correct, you can only use the secret and not 'set' it from the blueprint (inputs).

However, perhaps you can make use of the merge process of the cloudbase-init parts, where you only have a small piece for the password in your blueprint and leave the rest in the image mapping?

"When a cloud template that contains a cloud configuration script uses an image mapping that contains a cloud configuration script, both scripts are combined. The merge action processes the contents of the image mapping script first and the contents of the cloud template script second, with consideration being given to whether the scripts are in #cloud-config format or not."

Perhaps not ideal since I understand you want the entire cloudbase-init in the image mapping, but by making use of that merge, you only need a small password-related piece in the blueprint(s) and keep all other in the image mapping.

Reply
0 Kudos
Thelemanu
Enthusiast
Enthusiast

In the end, we took out, the reset password function, from the cloud-init section.

Reply
0 Kudos