Last active
October 14, 2022 17:44
-
-
Save chenweienn/6b3b4bb207bdbd2c25c13f04b2d4ea99 to your computer and use it in GitHub Desktop.
Setting up SSH user for TKG ova image
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This procedure is based on | |
| - slack discussion: https://vmware.slack.com/archives/CSZCCLW0P/p1642695822214400?thread_ts=1642667864.186000&cid=CSZCCLW0P | |
| - https://github.com/kubernetes-sigs/image-builder/blob/master/images/capi/hack/image-govc-cloudinit.sh | |
| - https://cloudinit.readthedocs.io/en/latest/topics/datasources/vmware.html | |
| (1) Authenticate govc CLI. | |
| (2) In vCenter UI, use TKG OVA template to create a VM. | |
| For example, I created test-vm from ova ubuntu-2004-kube-v1.22.9+vmware.1-tkg.1 | |
| $ govc find / -type m -name test-vm | |
| /dc0/vm/folder0/test-vm | |
| (3) Create snapshot of test-vm so that we can easily roll back any changes. | |
| $ govc snapshot.create -vm test-vm test-vm-new | |
| (4) Create cloud-init userdata with a custom user and SSH public key (please replace with your own key in the following example). | |
| Ref: https://cloudinit.readthedocs.io/en/latest/topics/modules.html#users-and-groups | |
| $ cat > cloud-init-userdata << EOF | |
| #cloud-config | |
| users: | |
| - name: capv | |
| sudo: ALL=(ALL) NOPASSWD:ALL | |
| ssh_authorized_keys: | |
| - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCZ6M2makyArGMd8lRoodwlAx5tpIaEBaj6l3b/St73WMlJYeDemuWfwPKiOFNQi0LGu751GDPHYRMN+flX8z6mioa9Apuir9f+1f7E9OOcG9R3XAZ5O4rOFbK8CQQDz0snppGUC7cRx7l7/Kr9sepELLj/Vwhb3/g/POl6cyWOmQ== | |
| EOF | |
| (5) Update the cloud-init userdata into test-vm | |
| $ govc vm.change -vm test-vm -e "guestinfo.userdata.encoding=base64" -e "guestinfo.userdata=$(base64 -w0 <cloud-init-userdata)" | |
| (6) Restart Guest OS of test-vm so that the cloud-init service can pick up the new user and SSH key for configuring the VM. | |
| Now you can SSH to test-vm using the private key and the custom user (capv in my example). | |
| (7) Revert test-vm to remove the custom user | |
| $ govc snapshot.revert -vm test-vm test-vm-new | |
| (8) Appendix: | |
| (a) The userdata is persisted at /var/lib/cloud/instance/user-data.txt in VM | |
| (b) To check the guestinfo.metadata and guestinfo.userdata of a TKG node created as part of TKG cluster, run commands: | |
| $ VM=tkg-services-control-plane-99vfs | |
| $ govc vm.info -json $VM | jq -r 'recurse | .ExtraConfig? // empty | .[] | select(.Key=="guestinfo.metadata") | .Value' | base64 -d | less | |
| $ govc vm.info -json $VM | jq -r 'recurse | .ExtraConfig? // empty | .[] | select(.Key=="guestinfo.userdata") | .Value' | base64 -d | less |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment