Services

A metadata service has the role of pulling the guest provided data (configuration information) and exposing it to the Plugins for a general and basic initialization of the instance. These sub-services can change their behavior according to custom configuration options, if they are specified, which are documented below.

Supported metadata services (cloud specific):

OpenStack (web API)

class cloudbaseinit.metadata.services.httpservice.HttpService

A complete service which also supports password related capabilities and can be usually accessed with http://169.254.169.254/ magic address, which can also be changed using metadata_base_url option under the config file. A default value of True for add_metadata_private_ip_route option is used to add a route for the IP address to the gateway. This is needed for supplying a bridge between different VLANs in order to get access to the web server.

Capabilities:

  • instance ID
  • host name
  • public keys
  • authentication certificates (metadata + user data)
  • static network configuration addresses
  • admin password
  • user data
  • user content (additional files)
  • ability to post passwords

Config options:

OpenStack (configuration drive)

class cloudbaseinit.metadata.services.configdrive.ConfigDriveService

This is similar to the web API, but it “serves” its files locally without requiring network access. The data is generally retrieved from a cdrom, vfat or raw disks/partitions by enabling selective lookup across different devices. Use the config_drive_types option to specify which types of config drive content the service will search for and also on which devices using the config_drive_locations option.

Warning

deprecated options

Using the option:

  1. config_drive_cdrom
  2. config_drive_raw_hhd
  3. config_drive_vfat

It will search for metadata:

  1. in mounted optical units
  2. directly in the physical disk bytes
  3. by exploring the physical disk as a vfat drive; which requires mtools (specified by the mtools_path option)

The interesting part with this service is the fact that is quite fast in comparison with the HTTP twin.

Capabilities:

  • instance ID
  • host name
  • public keys (search in the entire metadata)
  • authentication certificates (metadata + user data)
  • static network configuration addresses
  • admin password
  • user data
  • user content (additional files)

Config options:

  • config_drive_types (list: [“vfat”, “iso”])
  • config_drive_locations (list: [“cdrom”, “hdd”, “partition”])
  • mtools_path (string: None)

Amazon EC2

class cloudbaseinit.metadata.services.ec2service.EC2Service

This is similar to the OpenStack HTTP service but is using a different format for URLs and is having general capabilities.

Capabilities:

  • instance ID
  • host name
  • public keys

Config options:

CloudStack

class cloudbaseinit.metadata.services.cloudstack.CloudStack

Another web-based service which usually uses “10.1.1.1” or DHCP addresses for retrieving content.

Capabilities:

  • instance ID
  • host name
  • public keys
  • admin password (retrieval/deletion/polling)
  • user data

Config options:

  • cloudstack_metadata_ip (string: “10.1.1.1”)

Note

By design, this service can update the password anytime, so it will cause the setuserpassword plugin to run at every boot and by security concerns, the password is deleted right after retrieval and no updating will occur until a new password is available on the server.

OpenNebula

class cloudbaseinit.metadata.services.opennebulaservice.OpenNebulaService

The OpenNebula provider is related to configuration drive and searches for a specific context file which holds all the available info. The provided details are exposed as bash variables gathered in a shell script.

Capabilities:

  • instance ID (not present; usually a constant is returned)
  • host name
  • public keys
  • static network configuration addresses
  • user data

Ubuntu MaaS

class cloudbaseinit.metadata.services.maasservice.MaaSHttpService

This one works with instances on bare metal and uses web requests for retrieving the available exposed metadata. It uses OAuth to secure the requests.

Capabilities:

  • instance ID
  • host name
  • public keys
  • authentication certificates (x509)
  • user data

Configuring available services

Some of these classes can be specified manually in the configuration file under metadata_services option. Based on this option, the service loader will search across these providers and try to load the most suitable one.

For more details on doing this, see configuration file in Tutorial.