Red Hat Summit11.7. Using the VMware vSphere Cloud-init and Userdata Templates for Provisioning
You can use VMware with the Cloud-init and Userdata templates to insert user data into the new virtual machine, to make further VMware customization, and to enable the VMware-hosted virtual machine to call back to Satellite.
You can use the same procedures to set up a VMware compute resource within Satellite, with a few modifications to the work flow.
VMware cloud-init Provisioning Overview
When you set up the compute resource and images for VMware provisioning in Satellite, the following sequence of provisioning events occur:
- The user provisions one or more virtual machines using the Satellite web UI, API, or hammer
- Satellite calls the VMware vCenter to clone the virtual machine template
-
Satellite
userdataprovisioning template adds customized identity information -
When provisioning completes, the
Cloud-initprovisioning template instructs the virtual machine to call back to Capsule whencloud-initruns - VMware vCenter clones the template to the virtual machine
- VMware vCenter applies customization for the virtual machine’s identity, including the host name, IP, and DNS
-
The virtual machine builds,
cloud-initis invoked and calls back Satellite on port80, which then redirects to443
Port and Firewall Requirements
Because of the cloud-init service, the virtual machine always calls back to Satellite even if you register the virtual machine to Capsule. Ensure that you configure port and firewall settings to open any necessary connections.
For more information about port and firewall requirements, see Port and Firewall Requirements in the Installing Satellite and Ports and Firewalls Requirements in Installing Capsule Server.
Associating the userdata and Cloud-init Templates with the Operating System
- In the Satellite web UI, navigate to Hosts > Operating Systems, and select the operating system that you want to use for provisioning.
- Click the Template tab.
- From the Cloud-init template list, select Cloudinit default.
- From the User data template list, select UserData open-vm-tools.
- Click Submit to save the changes.
Preparing an Image to use the cloud-init Template
To prepare an image, you must first configure the settings that you require on a virtual machine that you can then save as an image to use in Satellite.
To use the cloud-init template for provisioning, you must configure a virtual machine so that cloud-init is installed, enabled, and configured to call back to Satellite Server.
For security purposes, you must install a CA certificate to use HTTPs for all communication. This procedure includes steps to clean the virtual machine so that no unwanted information transfers to the image you use for provisioning.
If you have an image with cloud-init, you must still follow this procedure to enable cloud-init to communicate with Satellite because cloud-init is disabled by default.
On the virtual machine that you use to create the image, install
cloud-init,open-vm-tools, andperl:# yum -y install cloud-init open-vm-tools perlCreate a configuration file for
cloud-init:# vi /etc/cloud/cloud.cfg.d/example_cloud-init_config.cfgAdd the following information to the
example_cloud_init_config.cfgfile:datasource_list: [NoCloud] datasource: NoCloud: seedfrom: https://satellite.example.com/userdata/ EOFEnable the CA certificates for the image:
# update-ca-trust enableDownload the
katello-server-ca.crtfile from Satellite Server:# wget -O /etc/pki/ca-trust/source/anchors/cloud-init-ca.crt http://satellite.example.com/pub/katello-server-ca.crtTo update the record of certificates, enter the following command:
# update-ca-trust extractUse the following commands to clean the image:
# systemctl stop rsyslog # systemctl stop auditd # package-cleanup --oldkernels --count=1 # yum clean allUse the following commands to reduce logspace, remove old logs, and truncate logs:
# logrotate -f /etc/logrotate.conf # rm -f /var/log/*-???????? /var/log/*.gz # rm -f /var/log/dmesg.old # rm -rf /var/log/anaconda # cat /dev/null > /var/log/audit/audit.log # cat /dev/null > /var/log/wtmp # cat /dev/null > /var/log/lastlog # cat /dev/null > /var/log/grubbyRemove
udevhardware rules:# rm -f /etc/udev/rules.d/70*Remove the
uuidfromifcfgscripts:# cat > /etc/sysconfig/network-scripts/ifcfg-ens192 <<EOM DEVICE=ens192 ONBOOT=yes EOMRemove the SSH host keys:
# rm -f /etc/ssh/SSH_keysRemove root user’s shell history:
# rm -f ~root/.bash_history # unset HISTFILERemove root user’s SSH history:
# rm -rf ~root/.ssh/known_hosts
You can now create an image from this virtual machine.
You can use the 「Adding VMware vSphere Images to Satellite Server」 section to add the image to Satellite.
Configuring Capsule to Forward the user data Template
If you deploy Satellite with the Capsule templates feature, you must configure Satellite to recognize hosts' IP addresses forwarded over the X-Forwarded-For HTTP header to serve correct template payload.
For security reasons, Satellite recognizes this HTTP header only from localhost. For each individual Capsule, you must configure a regular expression to recognize hosts' IP addresses. From the web UI, you can do this by navigating to Administer > Settings > Provisioning, and changing the Remote address setting. From the CLI, you can do this by entering the following command:
# hammer settings set --name remote_addr --value '(localhost(4|6|4to6)?|192.168.122.(1|2|3))'
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}