Automate generic container initialization commands during launch

1

When I start a new Arch Linux container, I always do a couple of the same things no matter what:

  • Install sudo and create sudo group
  • Modify /etc/sudoers
  • Create a new user
  • Give the user a new password
  • etc.

Is there a way to automate this process via lxd? My first thought was to create a template image and use that, but the image would get stale pretty fast given Arch’s rolling releases. My other thought was to use file push to run a script in the new container, but that still requires at least some manual intervention (though admittedly not very much).

How is this normally handled?

2

You can use the images:archlinux/cloud image which supports cloud-init.
Cloud-init can be used to do this kind of stuff and you can set your cloud-init config through user.user-data or user.vendor-data in LXD.

3

Thank you, I will have to look into cloud init. Are there any guides (beyond the official documentation) that you would recommend?

4

@stgraber Do you know where I can find documentation on the user and vendor data from cloud-init? I found their examples , but they don’t really say what each field in the yaml file does.

EDIT: nvm, It’s in the comments in the examples. Sorry about that.

5

Here’s one I was working on for arch lxd containers

description: "For arch linux lxd containers"
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
config:
  user.user-data: |
    #cloud-config
    package_update: true
    packages:
      - jq
      - neovim
      - htop
      - tmux
      - wget
      - kitty-terminfo
    runcmd:
      - localectl set-keymap us
      - echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
      - locale-gen
      - localectl set-locale en_US.UTF-8
    users:
      - name: coleman
        groups: 
          - wheel 
        shell: /bin/bash
        sudo: ['ALL=(ALL) NOPASSWD:ALL']
        ssh-authorized-keys:
          - big-ssh-pub-key-string-here

full disclosure: i forget if this actually works as-is :sweat_smile: