Hello, we have a w2K19 blueprint, with a cloudconfig section working just fine. Cloudbase-init is installed and configured in a template. We want to move the cloudconfig section, off the blueprint, into the image mapping. When we do that the cloudbase-init customization do not work anymore. What are we possibly doing wrong ? Any reference on doing this simple step ?
Tks for your support
According to the documentation, this should work.
Are there perhaps variables/inputs or other references, or perhaps issues caused by the order in which both parts are processed?
Hi, after more tests I see it actually works. What is not working, as you suggested, is the use of a variable coming from the inputs fields. I have to reset the admin password with a password specified in the inputs of the blueprint. What is the correct syntax to call back an input inside cloudinit/cloudbaseinit when specified through "image mapping" ?
Tks for your support
What do you see in the logfiles of cloudbase-init.
I believe my problem is that the variable containing the password is not initialized. How do I call the input variable "vm_password" in the cloudinit configuration script, when called from "image mapping" ?
my cloudinit:
ssh_pwauth: yes
chpasswd:
expire: false # set to true to be asked for new pwd at first login
list: |
root:${_resource~__~vm_password}
Cloudinit.log
.....
021-07-13 16:33:22,836 - stages.py[DEBUG]: Running module set-passwords (<module 'cloudinit.config.cc_set_passwords' from '/usr/lib/python3.6/site-packages/cloudinit/config/cc_set_passwords.py'>) with frequency once-per-instance
2021-07-13 16:33:22,836 - handlers.py[DEBUG]: start: modules-config/config-set-passwords: running config-set-passwords with frequency once-per-instance
2021-07-13 16:33:22,836 - util.py[DEBUG]: Writing to /var/lib/cloud/instances/iid-dsovf/sem/config_set_passwords - wb: [644] 24 bytes
2021-07-13 16:33:22,837 - helpers.py[DEBUG]: Running config-set-passwords using lock (<FileLock using file '/var/lib/cloud/instances/iid-dsovf/sem/config_set_passwords'>)
2021-07-13 16:33:22,837 - cc_set_passwords.py[DEBUG]: Handling input for chpasswd as multiline string.
2021-07-13 16:33:22,837 - cc_set_passwords.py[DEBUG]: Changing password for ['root']:
2021-07-13 16:33:22,837 - util.py[DEBUG]: Running command ['chpasswd'] with allowed return codes [0] (shell=False, capture=True)
2021-07-13 16:33:22,864 - util.py[WARNING]: Failed to set passwords with chpasswd for ['root']
2021-07-13 16:33:22,864 - util.py[DEBUG]: Failed to set passwords with chpasswd for ['root']
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/cloudinit/config/cc_set_passwords.py", line 196, in handle
chpasswd(cloud.distro, ch_in)
File "/usr/lib/python3.6/site-packages/cloudinit/config/cc_set_passwords.py", line 250, in chpasswd
util.subp(cmd, plist_in)
File "/usr/lib/python3.6/site-packages/cloudinit/util.py", line 2164, in subp
cmd=args)
cloudinit.util.ProcessExecutionError: Unexpected error while running command.
Command: ['chpasswd']
Exit code: 1
Reason: -
Stdout:
Stderr: BAD PASSWORD: it is WAY too short
BAD PASSWORD: is a palindrome
No password supplied
chpasswd: (user root) pam_chauthtok() failed, error:
Authentication token manipulation error
chpasswd: (line 1, user root) password not changed
....
Look at the first post. The poster refers to an example that uses inputs from a form input.
Can you use vRA 8 Secrets?
yes we tried that ${input.vm_password}
But nothing get passed through yet
we want the password to be entered at the time the deployment is requested. So it has to come as a blueprint input, no ? I don't think we can use secrets in this use case, correct ?
Correct, you can only use the secret and not 'set' it from the blueprint (inputs).
However, perhaps you can make use of the merge process of the cloudbase-init parts, where you only have a small piece for the password in your blueprint and leave the rest in the image mapping?
"When a cloud template that contains a cloud configuration script uses an image mapping that contains a cloud configuration script, both scripts are combined. The merge action processes the contents of the image mapping script first and the contents of the cloud template script second, with consideration being given to whether the scripts are in #cloud-config format or not."
Perhaps not ideal since I understand you want the entire cloudbase-init in the image mapping, but by making use of that merge, you only need a small password-related piece in the blueprint(s) and keep all other in the image mapping.
In the end, we took out, the reset password function, from the cloud-init section.