Create a Linode account to try this guide with a $ credit.
This credit will be applied to any valid services used during your first  days.
Metadata Availability
Akamai’s Metadata service is now available in select data centers. Use Metadata to automate system configuration by adding directives or scripts when deploying Compute Instances. This user data can then be consumed by cloud-init, an industry standard system initialization tool, or accessed directly using the Metadata API. For instructions on using the Metadata service and for a list of supported regions and distributions, reference our documentation.

Cloud-config files are supported by our Metadata service and are used by cloud-init to automate server configuration. This guide covers creating cloud-config files, common modules, and examples to help get you started.

Syntax

Cloud-config data is written using the YAML syntax, a commonly used data serialization format that’s more user-friendly and human-readable than alternatives (like JSON). YAML consists of key-value pairs. Each key is entered on its own line and a colon (:) is used to separate the key from its value. The scope of the key is defined by its indentation. To learn more about YAML, review the latest YAML specification.

Cloud-Config Modules

A cloud-config file must contain #cloud-config as the first line. Following that, you can utilize the keys provided by any of the cloud-init modules. Review the remaining sections of this guide for a list of common modules and how to configure them. For a full list of modules/keys, review cloud-init Module Reference.

Create a New User and Restrict Root Access

One of the most common security tasks for every new system deployment is configuring user accounts. This includes creating a limited user account for the system administrator, adding them to the sudo group, and enabling the user to log in over SSH using a public key instead of a password.

  • users (list): Configure user accounts (Reference | Example)
    • name (string): The name of the user.
    • passwd (string): The hash of the password you want to configure for this user.
    • groups (string): The name of the group the user should belong to.
    • sudo: Define a sudo rule string or set to False to deny sudo usage.
    • lock_passwd (boolean): If true (the default setting), prevents logging in with a password for that user.
    • ssh_authorized_keys (list): A list containing the public keys that should be configured for this user.
1
2
3
4
5
6
7
8
#cloud-config
users:
- name: example-user
  groups: sudo
  sudo: ALL=(ALL) NOPASSWD:ALL
  shell: /bin/bash
  ssh_authorized_keys:
  - [insert-public-key]

Update System

Updating the system is another common task that’s performed after a system is deployed.

  • package_update (boolean): Updates the apt database (cloud-init Docs)
  • package_upgrade (boolean): Upgrades the software on your system (by running the yum or apt upgrade command) (cloud-init Docs)
1
2
3
#cloud-config
package_update: true
package_upgrade: true

Install a Software Package

Almost all workloads running on a Compute Instance require additional software to be installed. You can automatically install software packages by adding them to your cloud-config file.

1
2
3
4
5
#cloud-config
packages:
- nginx
- mysql-server
- php

Run a Command

  • runcmd (list): Runs the specified commands during the first boot (cloud-init Docs)
1
2
3
#cloud-config
runcmd:
- mkdir ~/new-folder/

Write to a File

  • write_files (list): (cloud-init Docs)
    • content: The entire content to include in the file.
    • path: The path for the file. If a file already exists at this location, it is overwritten.
    • permissions: Defines the file permissions in octal format (ex: 0644).
1
2
3
4
5
6
7
8
9
#cloud-config
write_files:
- content: |
    <html>
    <h1>Hello world!</h1>

    <p>This is the content of my web page.</p>
    </html>    
  path: /var/www/html/index.html

This page was originally published on


Your Feedback Is Important

Let us know if this guide was helpful to you.