cloud-init provides a framework for early Ubuntu/Debian guest initialization similar to CloudInit. In VMware and Hyper-V environments it replaces guest customization with more flexible and extensible mechanism. Compared to original cloud-init project it's more lightweight, but with a limited set of features, though extensible through plugins. Python >=3.4 is required.
List of bundled plugins:
Currently the only supported config source is cloud-config.json file stored on cdrom or locally in /var/lib/cloud-init/ directory:
"HostName": "cloud-init",
"HDD": [
"Capacity": 40,
"DeviceNode": "scsi0:0"
"Capacity": 10,
"DeviceNode": "scsi1:0",
"Label": "data",
"FileSystem": "ext4",
"MountPoint": "/home"
"NIC": [
"Ip": [
"Mac": "00:15:5d:2e:21:16",
"Gw": ""
"Ip": [
"Mac": "00:50:56:97:1d:28"
"DNS": {
"DomainSearch": [
"Servers": [
"Domain": {
"Name": ""
"Users": [
"Name": "localadmin",
"Groups": [ "admin" ],
"System": false,
"Password": [
"SshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOW9lsiHoqOH9+rO9RAg0JR2R9eYxCcJAfk67PJS1TGM"
How to install and enable to run on startup:
sudo -H pip3 install git+
cd /etc/systemd/system/
systemctl daemon-reload
systemctl enable cloud-init
Put unencrypted private RSA key (private.pem) to /usr/lib/cloud-init
, so that cloud-init
can decrypt user passwords supplied via cloud-config.json
To see logs run journalctl -u cloud-init.service
Few things to know:
- after successful run module disables itself
- already partitioned disks are not touched
- disk plugin supports only ext4 filesystem at the moment
- json used for configuration is saved locally and can be checked at
(passwords are cleared)
The module targets Debian-based installations and has been tested on:
- Debian 8 Jessie / 9 Stretch
- Ubuntu 16.04 LTS Xenial / 18.04 LTS Bionic
To develop a new plugin create Python 3 scripts, prepend the name with double-digit number according
to the order when the plugin is intended to be run and put it into the plugins folder.
dict variable is exposed to your script with parsed content of cloud-config.json.
Also you can use bundled from tools import run
function to execute arbitrary bash commands.
If you need to restart system after plugin execution, set reboot = True
before exiting the script,
so the module can suspend execution of the next plugin
and resume after the system has been restarted. To handle reboots the module keeps
a state file in /usr/lib/cloud-init/
directory where it stores the current execution step.
To reset the state run cloud-init --set-state 0
openssl genrsa -out keypair.pem -aes128 4096
openssl rsa -in keypair.pem -outform PEM -pubout -out public.pem
openssl rsa -in keypair.pem -out private.pem -outform PEM
New-Password | cmd '/c openssl rsautl -inkey public.pem -pubin -encrypt | openssl enc -base64'
echo 'password' | openssl rsautl -inkey public.pem -pubin -encrypt | openssl enc -base64 > encrypted
cat encrypted | cmd '/c openssl enc -d -base64 | openssl rsautl -inkey private.pem -decrypt'
cat encrypted | openssl enc -d -base64 | openssl rsautl -inkey private.pem -decrypt