0

I wanted to try CoreOS for a new vServer. So far I like it but made i fatal mistake: I created it by a cloudinit file instead of the newer ignition method and now on every update reboot it resets my password and ssh settings...

I was to lazy to create a "perfect" cloudinit file, so i assumed I can change all the settings afterwards as everytime I installed an OS before...

So after every update time window I have to change my password again and I need to restart the sshd service because the port is set to 22 again, even if the config still defines my changed port number.

I couldn't find any advice to change the cloudinit file afterwards or even to disable the resets on reboots. I see the advantage of the ignition files that are only executed once, but I would like to avoid reinstalling my entire vServer only to reinstall CoreOS by an ignition file.

Any ideas or hints? :)

Thanks in advance

Florian Brinker
  • 173
  • 1
  • 3
  • 10
  • 1
    You can change the cloud-init configuration whenever you want. But how are you feeding it to CoreOS? – Michael Hampton Feb 16 '19 at 17:29
  • @MichaelHampton I had to install it via ISO, so i booted from the cd-image and started the installation with `sudo coreos-install -d /dev/sda -C stable -c ~/cloud-config.yaml`, while the yaml-file was created manually in the live cd environment. I have no idea where I can find it now in the installed system. :/ Found some information about /var/lib/cloud before, but that deoesn't exist in my coreos installation – Florian Brinker Feb 16 '19 at 18:39
  • Should I call `sudo coreos-cloudinit --from-file=/home/core/cloud-config.yaml` with a configured cloud-init file again? So it will use the updated version in the future? – Florian Brinker Feb 16 '19 at 18:47
  • 1
    That seems like it should work, but I don't have a test CoreOS installation handy right now. I'll have to get back to you. – Michael Hampton Feb 16 '19 at 18:48
  • @MichaelHampton thank you, just gave it a try. Was a bumby road - see my solution below. Thank you for pointing me into the right direction! – Florian Brinker Feb 16 '19 at 20:48

1 Answers1

1

Michael pointed me into the right direction - thank you! Wasn't aware of the possibility to feed the system with a new cloud config and thought I had to change some configs on different places anywhere in the system...

Another problem seemed to be that CoreOS uses cloud-init a little bit different then shown in the cloud-init documentation and so you can find some different solutions that wont work for CoreOS.

Problem 1: A reboot resets the ssh port to 22

I've found this page in the documentation and I found out that I edited the sshd_config correctly, but the system used the sshd.socket after the reboot, so I had to (re)start sshd all the time...

Solution: Disabling the sshd.socket activation

sudo systemctl mask --now sshd.socket
sudo systemctl enable sshd.service      # VERY IMPORTANT!
sudo systemctl restart sshd.service

Very important: You can lock yourself out of the system! You may want to check if you have access to the login shell via your providers control panel (rescued me). The documentation says you have to execute command 1 and 3 above, but the sshd service is disabled after a reboot, so you have to enable it before the reboot!

As an alternative you may want to stick with the sshd.socket and change the port there. It is also documented in the link above.

Problem 2: The reset of my password after each reboot

Solution: Create a new cloud-init.yaml

I could create a better cloud-init.yaml and reapply it. Just changed the password and added my ssh-keys for the existing user and called

sudo coreos-cloudinit --validate --from-file=/path/to/cloud-init.yaml

to check the file. Removing the --validate flag will apply the cloud-init.yaml and change the password (good to test it), but a reboot will still reset it! As I found out, the coreos-cloudinit command is not meant to be run by any users manually. To update the configuration for the reprovisioning at the reboot, we have to overwrite another file:

sudo cp /path/to/cloud-init.yaml /var/lib/coreos-install/user_data

Afterwards my password was the correct one after a reboot.

Florian Brinker
  • 173
  • 1
  • 3
  • 10
  • Btw: You may also want to enable the docker service if you wrote a simple cloud-config.yaml like me at the beginning... It is, like sshd, also disabled by default and the containers wont start after a reboot: `sudo systemctl enable docker` – Florian Brinker Feb 16 '19 at 20:57