Hi
I just figured out something:
If I have a profile named “my_cloud_profile” as
config:
cloud-init.user-data: |-
#cloud-config
users:
- default
- name: AJREPO
groups: ....
and apply it to a container as
incus launch images:debian/13/cloud my_container --profile my_cloud_profile
all is good.
HOWEVER, if I then add apply a custom yaml my_packages_profile.yaml which also has some cloud-config cloud-init.user-data from the command line as
incus launch images:debian/13/cloud my_container --profile my_cloud_profile < my_packages_profile.yaml
where my_packages_profile.yaml is like this
cloud-init.user-data: |
packages:
- whatever
The my_packages_profile.yaml completely blows away the --profile my_cloud_profile even though one is just users: and the other is just packages:
I ran with --debug and --verbose and there was no warning about it. I found no warning in incus logs or cloud-init logs.
Now that I figured this out I’m leaving this as a note for others, but this raises two questions
-
Should there be some warning if ’ < foobar.yaml’ is blowing away a cloud configuration profile applied?
-
If I’m trying to have generic containers with private customizations (e.g. specific users, specific keys, etc. that I don’t want to have in profiles or git … what’s the best practice here? Do I mandate all cloud profiles use
cloud-init.user-dataand the files with confidential information usecloud-init.vendor-data(this is what I’m doing now).
Or is this part better managed by something like chef/ansible/terraform?