THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Page History
...
This work is loosely based on previous work on config drive for Cloudstack as described in “DHCP/DNS offload and Config drive support for adv shared network“. And extended from shared networks to all networks.
ConfigDrive content
Extra data is added to the VM profile to enable the creation of the config drive:
VMdata - a list of String arrays representing [“directory”, “filename”, “content”] on the ConfigDrive device.
<mountdir>/cloudstack
/metadata:
availability-zone.txt
instance-id.txt
service-offering.txt
cloud-identifier.txt
local-hostname.txt
vm-id.txt
public-keys.txt
/password
vm_password.txt
vm_password_md5checksum (for windows VM’s)
<mountdir>/openstack/version/: (added later on based on Miami conference feedback)
user_data (=hardlink to <mountdir>/cloudstack/user_data/user_data.txt)
vendor_data.json
meta_data.json
Network_data.json
label, which is configurable in global settings:
name : vm.configdrive.label
default: config-2 (same as in OpenStack)
ConfigDrive network element
A new provider “ConfigDrive, implementing the userdata service, will be made available to create, update and delete the ConfigDrive ISO on the secondary store.
When triggered to create userdata
the vmdata is created and added to the virtual machine profile. As is the ConfigDrive label fetched from the global settings.
The secondary store agent is triggered to create the ISO file.
At successful creation the ISO file is added as a new disk to the virtual machine profile
An update of userdata/password/ssh-keys has a few extra steps as some hypervisors don’t handle the update of the ISO file, while attached to the virtual machine, very well.
Detach ISO
Update
Re-attach
For update of userdata it is important the user VM does not keep the ConfigDrive cdrom mounted all the time as update will fail if the ConfigDrive cdrom is in use by the user VM.
The ConfigDrive ISO file is removed from the secondary store up on release of the default nic and, if still necessary, at VM expunge time.
ISO creation
The ConfigDrive network element in the management server triggers the Secondary Storage VM to build the ISO.
...
Creating the ISO file implies that the SystemVM needs the genisoimage package installed and the cloudstack software updated.
ConfigDrive availability
At VM start the config drive iso is attached on 2nd cd/dvd drive of the user instance, such that any other iso image (e.g. boot image or vmware tools) get mounted on 1st cd/dvd drive. This means existing functionality of supporting 1 cd/dvd drive is still available.
At Password reset or update userdata, Secondary Storage VM will rebuild the ConfigDrive iso. That is the existing ISO is mounted on a temporary directory, password, userdata or ssh-keys are updated and a new ISO is build from the updated directory structure.
In case of password reset the new password will be picked-up at VM start
To access updated userdata the user needs to remount the config drive cdrom
As a VM is stopped the ConfigDrive network element will trigger the Secondary Storage VM to remove the ISO from the secondary storage
Since the ISO is available on the second storage there is no need for an extra implementation in case of migration
Enable config drive
To use the config drive the network offering must have the “ConfigDrive” provider selected for userdata service.
...
To enable the ConfigDrive functionality on VPC tiers a few extra changes are required:
Update the UI to allow the selection of the ConfigDrive provider when creating a VPC network offering for Vpc tiers.
Add ConfigDrive as a supported provider for VPC.
Accessing data in the ConfigDrive
Accessing ConfigDrive depends on the guest VM OS. The guest VM template needs to be adapted to retrieve the password from the config drive i.s.o. the Virtual router. It is also possible to enable both options.
Windows VM
For windows VM the ISO is mounted automatically. So user can browse through the files in the ConfigDrive cd.
Linux VM
Config drive iso is created by-label under /dev/disk/by-label/config.
It can be found using
blkid -t LABEL='config‘ /dev/xvdb: LABEL="config" TYPE="iso9660"
or
blkid -t LABEL=”config” /dev/disk/by-id/*
Hypervisor support
This feature will be implemented and tested for KVM and ESXI.
...
Based on the feedback that was received from the community at the CloudStack conference in Miami the config-drive implementation was extended to support the OpenStack config-drive implementation. This allows for easy integration with cloud-init and similar systems.
OpenStack (cloud-init) compatibility (version 2)
The following criteria are required for config drive in OpenStack:
Must be formatted with vfat (deprecated) or iso9660 filesystem
have a filesystem label of config-2
The files that will typically be present in the config drive are:
...
<mountdir>
/cloudstack
/metadata:
availability-zone.txt
instance-id.txt
service-offering.txt
cloud-identifier.txt
local-hostname.txt
vm-id.txt
public-keys
/password
vm_password.txt
vm_password_md5checksum (for windows VM’s)
/user_data
user_data.txt (note about _ characters below in text)
/openstack
/version
User_data ==hardlink to <mountdir>/cloudstack/user_data/user_data.txt
vendor_data.json
meta_data.json
network_data.json
...
availability-zone
hostname
name
uuid
keys
public-keys
I.e. we leave out the content we don’t support (list based on: https://github.com/openstack/nova/blob/39c6e442c628a881b4fce4d8b74e6b7d174f72f2/nova/api/metadata/base.py )
Content of vendor_data.json (json encoded):
Vendor-Data is a way for a vendor to provide site specific information. This can be information on local mirrors, a local proxy, or a one-time registration code. It is found in the vendor_data.json file residing on ConfigDrive or the Neutron Metadata Service via 169.254.169.254/openstack/latest/vendor_data.json. By default, Cloud-Init executes the Vendor-Data on every boot. Currently, we don’t plan to support this.
Is allowed to be empty {}
Content of network_data.json (json encoded):
Network-Data is network information found on ConfigDrive. It resides in the network_data.json file. Nova retrieves this info from Neutron. It includes fixed ip addresses, MAC addresses, port-id's, network-id's, subnet-id's, DNS name-servers, etc. Currently, we don’t plan to support this.
Is allowed to be empty {}
Changes needed to CloudStack
The current config-drive PR needs to be changed. We plan to create an extra OpenStack directory beside the original proposed CloudStack directory. We also need to change the label of the disk from config to config-2. The way the iso image is created needs to be adapted to make it align with the way OpenStack creates the iso img (provide extra params https://github.com/openstack/nova/blob/master/nova/virt/configdrive.py). A side effect is that underscores will be written to the iso image as underscores and not replaced with dashes (current behaviour). Because of this, we have to update the coreOS PR and the CloudStack documentation.
The OpenStack file structure contains a version folder. This version is equal to the release date of a specific OpenStack version
...
/openstack
/2012-08-10
...
/2013-04-04
...
/2013-10-07
...
/2015-10-15
...
/2016-06-30
...
/2016-10-06
...
/2017-02-22
…
/latest (which is equal to 2017-02-22)
…
Our proposal is to only create the latest folder on the CloudStack config-drive. The reason behind this is that the software only reads the latest folder from the OpenStack config-drive. The drawback is that when OpenStack config drive breaks backward compatibility we will have to update our CloudStack implementation.
...
Overview
Content Tools
Apps