Guides - Using Cloud-Config Files to Configure a Server
Linux virtual machines equipped with a tailored set of resources designed to run any cloud-based workload.
Cloud-config files are supported by our Metadata service and are used by cloud-init to automate server configuration. This guide covers creating cloud-config files, common modules, and examples to help get you started.
Cloud-config data is written using the YAML syntax, a commonly used data serialization format that’s more user-friendly and human-readable than alternatives (like JSON). YAML consists of key-value pairs. Each key is entered on its own line and a colon (
:) is used to separate the key from its value. The scope of the key is defined by its indentation. To learn more about YAML, review the latest YAML specification.
A cloud-config file must contain
#cloud-config as the first line. Following that, you can utilize the keys provided by any of the cloud-init modules. Review the remaining sections of this guide for a list of common modules and how to configure them. For a full list of modules/keys, review cloud-init Module Reference.
One of the most common security tasks for every new system deployment is configuring user accounts. This includes creating a limited user account for the system administrator, adding them to the sudo group, and enabling the user to log in over SSH using a public key instead of a password.
users(list): Configure user accounts (Reference | Example)
name(string): The name of the user.
passwd(string): The hash of the password you want to configure for this user.
groups(string): The name of the group the user should belong to.
sudo: Define a sudo rule string or set to
Falseto deny sudo usage.
lock_passwd(boolean): If true (the default setting), prevents logging in with a password for that user.
ssh_authorized_keys(list): A list containing the public keys that should be configured for this user.
1 2 3 4 5 6 7 8
#cloud-config users: - name: example-user groups: sudo sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash ssh_authorized_keys: - [insert-public-key]
Updating the system is another common task that’s performed after a system is deployed.
package_update(boolean): Updates the apt database (cloud-init Docs)
package_upgrade(boolean): Upgrades the software on your system (by running the yum or apt upgrade command) (cloud-init Docs)
1 2 3
#cloud-config package_update: true package_upgrade: true
Almost all workloads running on a Compute Instance require additional software to be installed. You can automatically install software packages by adding them to your cloud-config file.
packages(list): Installs the specified list of packages (cloud-init Docs)
1 2 3 4 5
#cloud-config packages: - nginx - mysql-server - php
runcmd(list): Runs the specified commands during the first boot (cloud-init Docs)
1 2 3
#cloud-config runcmd: - mkdir ~/new-folder/
write_files(list): (cloud-init Docs)
content: The entire content to include in the file.
path: The path for the file. If a file already exists at this location, it is overwritten.
permissions: Defines the file permissions in octal format (ex:
1 2 3 4 5 6 7 8 9
#cloud-config write_files: - content: | <html> <h1>Hello world!</h1> <p>This is the content of my web page.</p> </html> path: /var/www/html/index.html
This page was originally published on