3

I am making a new AMI in EC2 and want to disable it running anything that could be put in user-data when launching (or rebooting) from this AMI. I looked at the existing /etc/cloud/cloud.cfg and /etc/cloud/cloud.cfg.d/* but do not see where this is enabled (so maybe it is on by default). How can I reconfigure cloud-init to not allow this or even allow this to be re-enbled? I suspect I also need to disable #cloud-config. Do I need to disable the whole cloud-init package to achieve this?

edit:

I will be using Amazon Linux and Ubuntu in various AMIs.

edit2:

It looks like I need to disable all of user-data. Maybe that will be easier.

edit3:

I do want to be able to access the user-data in my scripts.

Skaperen
  • 1,094
  • 2
  • 11
  • 23
  • It depends highly on your usage of cloud-init functionality, but the quickest answer to your question would be no to use the cloud-init package on your AMIs - it's a big framework and insecure. You can extract the user-data from the metadata endpoint using curl if you need that data. – galaxy Sep 01 '15 at 04:26

2 Answers2

1

This is my current hack — not too elegant, but it works:

patch /usr/lib/python2.7/dist-packages/cloudinit/stages.py <<EOF
@@ -469,7 +469,6 @@
     def consume_data(self, frequency=PER_INSTANCE):
         # Consume the userdata first, because we need want to let the part
         # handlers run first (for merging stuff)
-        self._consume_userdata(frequency)
         self._consume_vendordata(frequency)

         # Perform post-consumption adjustments so that
EOF
edef
  • 276
  • 1
  • 4
  • looks good. i added a call to `sed -i` in my build script to comment out that line. running tests now. – Skaperen Sep 01 '15 at 10:28
  • testing the test AMI now. ran an Amazon Linux instance in parallel, both with `halt -fp` in a script in user-data. the Amazon Linux one has self terminated already ... looking good so far. – Skaperen Sep 01 '15 at 10:53
  • yay! works in 4 regions. – Skaperen Sep 01 '15 at 10:55
0

A more elegant way to do this is create a file named cloud-config.txt in /var/lib/cloud/instances/{your-instance-id} , with the following content:

#cloud-config   
# from 1 files
# cloud-config.txt

--- cloud_final_modules:
-   - scripts-user
    - never 
...
Simona Miroiu
  • 1
  • 1