Add support for providing userdata to system VMs

Author: vishesh92

engine/api/src/main/java/com/cloud/vm/VirtualMachineManager.java

@@ -106,6 +106,9 @@ public interface VirtualMachineManager extends Manager {
     ConfigKey<Boolean> VmSyncPowerStateTransitioning = new ConfigKey<>("Advanced", Boolean.class, "vm.sync.power.state.transitioning", "true",
             "Whether to sync power states of the transitioning and stalled VMs while processing VM power reports.", false);
 
+    ConfigKey<Boolean> SystemVmEnableUserData = new ConfigKey<>(Boolean.class, "systemvm.userdata.enabled", "Advanced", "false",
+            "Enable user data for system VMs. When enabled, the CPVM, SSVM, and Router system VMs will use the values from the global settings consoleproxy.userdata, secstorage.userdata, and router.userdata, respectively, to provide cloud-init user data to the VM.",
+            true, ConfigKey.Scope.Zone, null);
 
     interface Topics {
         String VM_POWER_STATE = "vm.powerstate";

engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java

@@ -5121,7 +5121,7 @@ public ConfigKey<?>[] getConfigKeys() {
                 VmConfigDriveLabel, VmConfigDriveOnPrimaryPool, VmConfigDriveForceHostCacheUse, VmConfigDriveUseHostCacheOnUnsupportedPool,
                 HaVmRestartHostUp, ResourceCountRunningVMsonly, AllowExposeHypervisorHostname, AllowExposeHypervisorHostnameAccountLevel, SystemVmRootDiskSize,
                 AllowExposeDomainInMetadata, MetadataCustomCloudName, VmMetadataManufacturer, VmMetadataProductName,
-                VmSyncPowerStateTransitioning
+                VmSyncPowerStateTransitioning, SystemVmEnableUserData
         };
     }
 

server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManager.java

@@ -93,6 +93,10 @@ public interface ConsoleProxyManager extends Manager, ConsoleProxyService {
     ConfigKey<String> ConsoleProxyManagementLastState = new ConfigKey<String>(ConfigKey.CATEGORY_ADVANCED, String.class, "consoleproxy.management.state.last", com.cloud.consoleproxy.ConsoleProxyManagementState.Auto.toString(),
             "last console proxy service management state", false, ConfigKey.Kind.Select, consoleProxyManagementStates);
 
+    ConfigKey<String> ConsoleProxyUserData = new ConfigKey<>(String.class, "consoleproxy.userdata", "Advanced", "",
+            "Default user data for console proxy VMs. This works only when systemvm.userdata.enabled is set to true.",
+            true, ConfigKey.Scope.Zone, null);
+
     void setManagementState(ConsoleProxyManagementState state);
 
     ConsoleProxyManagementState getManagementState();

server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java

@@ -19,6 +19,7 @@
 import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -152,6 +153,8 @@
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonParseException;
 
+import static com.cloud.vm.VirtualMachineManager.SystemVmEnableUserData;
+
 /**
  * Class to manage console proxys. <br><br>
  * Possible console proxy state transition cases:<br>
@@ -1265,6 +1268,15 @@ public boolean finalizeVirtualMachineProfile(VirtualMachineProfile profile, Depl
             buf.append(" vncport=").append(getVncPort(datacenterId));
         }
         buf.append(" keystore_password=").append(VirtualMachineGuru.getEncodedString(PasswordGenerator.generateRandomPassword(16)));
+
+        if (SystemVmEnableUserData.valueIn(dc.getId())) {
+            String userData = ConsoleProxyUserData.valueIn(dc.getId());
+            if (userData != null && !userData.trim().isEmpty()) {
+                String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
+                buf.append(" userdata=").append(encodedUserData);
+            }
+        }
+
         String bootArgs = buf.toString();
         if (logger.isDebugEnabled()) {
             logger.debug("Boot Args for " + profile + ": " + bootArgs);
@@ -1572,7 +1584,7 @@ public String getConfigComponentName() {
     public ConfigKey<?>[] getConfigKeys() {
         return new ConfigKey<?>[] { ConsoleProxySslEnabled, NoVncConsoleDefault, NoVncConsoleSourceIpCheckEnabled, ConsoleProxyServiceOffering,
                 ConsoleProxyCapacityStandby, ConsoleProxyCapacityScanInterval, ConsoleProxyCmdPort, ConsoleProxyRestart, ConsoleProxyUrlDomain, ConsoleProxySessionMax, ConsoleProxySessionTimeout, ConsoleProxyDisableRpFilter, ConsoleProxyLaunchMax,
-                ConsoleProxyManagementLastState, ConsoleProxyServiceManagementState };
+                ConsoleProxyManagementLastState, ConsoleProxyServiceManagementState, ConsoleProxyUserData };
     }
 
     protected ConsoleProxyStatus parseJsonToConsoleProxyStatus(String json) throws JsonParseException {

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManager.java

@@ -64,6 +64,10 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
     ConfigKey<String> RouterTemplateOvm3 = new ConfigKey<>(String.class, RouterTemplateOvm3CK, "Advanced", "SystemVM Template (Ovm3)",
             "Name of the default router template on Ovm3.", true, ConfigKey.Scope.Zone, null);
 
+    ConfigKey<String> RouterUserData = new ConfigKey<>(String.class, "router.userdata", "Advanced", "",
+            "Default user data for virtual router. This works only when systemvm.userdata.enabled is set to true.",
+            true, ConfigKey.Scope.Zone, null);
+
     ConfigKey<Boolean> SetServiceMonitor = new ConfigKey<>(Boolean.class, SetServiceMonitorCK, "Advanced", "true",
             "service monitoring in router enable/disable option, default true", true, ConfigKey.Scope.Zone, null);
 

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java

@@ -18,6 +18,7 @@
 package com.cloud.network.router;
 
 import static com.cloud.utils.NumbersUtil.toHumanReadableSize;
+import static com.cloud.vm.VirtualMachineManager.SystemVmEnableUserData;
 
 import java.lang.reflect.Type;
 import java.math.BigInteger;
@@ -28,6 +29,7 @@
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Calendar;
 import java.util.Collections;
 import java.util.Date;
@@ -2149,6 +2151,14 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
                 " on the virtual router.", RouterLogrotateFrequency.key(), routerLogrotateFrequency, dc.getUuid()));
         buf.append(String.format(" logrotatefrequency=%s", routerLogrotateFrequency));
 
+        if (SystemVmEnableUserData.valueIn(router.getDataCenterId())) {
+            String userData = RouterUserData.valueIn(router.getDataCenterId());
+            if (userData != null && !userData.trim().isEmpty()) {
+                String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
+                buf.append(" userdata=").append(encodedUserData);
+            }
+        }
+
         if (logger.isDebugEnabled()) {
             logger.debug("Boot Args for " + profile + ": " + buf.toString());
         }
@@ -3429,7 +3439,8 @@ public ConfigKey<?>[] getConfigKeys() {
                 RouterHealthChecksMaxMemoryUsageThreshold,
                 ExposeDnsAndBootpServer,
                 RouterLogrotateFrequency,
-                RemoveControlIpOnStop
+                RemoveControlIpOnStop,
+                RouterUserData
         };
     }
 

server/src/main/java/com/cloud/storage/secondary/SecondaryStorageVmManager.java

@@ -44,6 +44,10 @@ public interface SecondaryStorageVmManager extends Manager {
             "The time interval(in millisecond) to scan whether or not system needs more SSVM to ensure minimal standby capacity",
             false);
 
+    ConfigKey<String> SecondaryStorageUserData = new ConfigKey<>(String.class, "secstorage.userdata", "Advanced", "",
+            "Default user data for secondary storage VMs. This works only when systemvm.userdata.enabled is set to true.", true, ConfigKey.Scope.Zone, null);
+
+
     public static final int DEFAULT_SS_VM_RAMSIZE = 512;            // 512M
     public static final int DEFAULT_SS_VM_CPUMHZ = 500;             // 500 MHz
     public static final int DEFAULT_SS_VM_MTUSIZE = 1500;

services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java

@@ -17,11 +17,13 @@
 package org.apache.cloudstack.secondarystorage;
 
 import static com.cloud.configuration.Config.SecStorageAllowedInternalDownloadSites;
+import static com.cloud.vm.VirtualMachineManager.SystemVmEnableUserData;
 
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
@@ -1227,6 +1229,15 @@ public boolean finalizeVirtualMachineProfile(VirtualMachineProfile profile, Depl
         String nfsVersion = imageStoreDetailsUtil != null ? imageStoreDetailsUtil.getNfsVersion(secStores.get(0).getId()) : null;
         buf.append(" nfsVersion=").append(nfsVersion);
         buf.append(" keystore_password=").append(VirtualMachineGuru.getEncodedString(PasswordGenerator.generateRandomPassword(16)));
+
+        if (SystemVmEnableUserData.valueIn(dc.getId())) {
+            String userData = SecondaryStorageUserData.valueIn(dc.getId());
+            if (userData != null && !userData.trim().isEmpty()) {
+                String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
+                buf.append(" userdata=").append(encodedUserData);
+            }
+        }
+
         String bootArgs = buf.toString();
         if (logger.isDebugEnabled()) {
             logger.debug(String.format("Boot args for machine profile [%s]: [%s].", profile.toString(), bootArgs));
@@ -1529,7 +1540,7 @@ public String getConfigComponentName() {
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {NTPServerConfig, MaxNumberOfSsvmsForMigration, SecondaryStorageCapacityScanInterval};
+        return new ConfigKey<?>[] {NTPServerConfig, MaxNumberOfSsvmsForMigration, SecondaryStorageCapacityScanInterval, SecondaryStorageUserData};
     }
 
 }

systemvm/debian/opt/cloud/bin/setup/postinit.sh

@@ -47,6 +47,66 @@ fi
 
 CMDLINE=/var/cache/cloud/cmdline
 TYPE=$(grep -Po 'type=\K[a-zA-Z]*' $CMDLINE)
+
+# Execute cloud-init manually if user data is present
+run_cloud_init() {
+  if [ ! -f "$CMDLINE" ]; then
+    log_it "No cmdline file found, skipping cloud-init execution"
+    return 0
+  fi
+
+  local encoded_userdata=$(grep -Po 'userdata=\K[^[:space:]]*' "$CMDLINE" || true)
+  if [ -z "$encoded_userdata" ]; then
+    log_it "No user data found in cmdline, skipping cloud-init execution"
+    return 0
+  fi
+
+  log_it "User data detected, setting up and running cloud-init manually"
+
+  # Set up user data files (reuse the function from init.sh)
+  mkdir -p /var/lib/cloud/seed/nocloud
+
+  # Decode and potentially decompress user data
+  local decoded_userdata
+  decoded_userdata=$(echo "$encoded_userdata" | base64 -d 2>/dev/null)
+  if [ $? -ne 0 ] || [ -z "$decoded_userdata" ]; then
+    log_it "ERROR: Failed to decode base64 user data"
+    return 1
+  fi
+
+  # Write user data
+  echo "$decoded_userdata" > /var/lib/cloud/seed/nocloud/user-data
+  chmod 600 /var/lib/cloud/seed/nocloud/user-data
+
+  # Create meta-data
+  local instance_name=$(grep -Po 'name=\K[^[:space:]]*' "$CMDLINE" || hostname)
+  cat > /var/lib/cloud/seed/nocloud/meta-data << EOF
+instance-id: $instance_name
+local-hostname: $instance_name
+EOF
+  chmod 644 /var/lib/cloud/seed/nocloud/meta-data
+
+  log_it "User data files created, executing cloud-init..."
+
+  # Clean any previous cloud-init state
+  cloud-init clean --logs
+
+  # Run cloud-init stages manually
+  cloud-init init --local && \
+  cloud-init init && \
+  cloud-init modules --mode=config && \
+  cloud-init modules --mode=final
+
+  local cloud_init_result=$?
+  if [ $cloud_init_result -eq 0 ]; then
+    log_it "Cloud-init executed successfully"
+  else
+    log_it "ERROR: Cloud-init execution failed with exit code: $cloud_init_result"
+  fi
+
+  return $cloud_init_result
+}
+
 if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ]
 then
   if [ -x /opt/cloud/bin/update_config.py ]
@@ -71,4 +131,6 @@ do
   systemctl disable --now --no-block $svc
 done
 
+run_cloud_init
+
 date > /var/cache/cloud/boot_up_done

tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh

@@ -132,15 +132,41 @@ function configure_services() {
   # Disable container services
   systemctl disable containerd
 
-  # Disable cloud init by default
-cat <<EOF > /etc/cloud/cloud.cfg.d/cloudstack.cfg
-datasource_list: ['CloudStack']
-datasource:
-  CloudStack:
-    max_wait: 120
-    timeout: 50
+
+  cat <<EOF > /etc/cloud/cloud.cfg.d/cloudstack.cfg
+#cloud-config
+datasource_list: ['NoCloud']
+network:
+  config: disabled
+manage_etc_hosts: false
+manage_resolv_conf: false
+users: []
+disable_root: false
+ssh_pwauth: false
+cloud_init_modules:
+  - migrator
+  - seed_random
+  - bootcmd
+  - write-files
+  - growpart
+  - resizefs
+  - disk_setup
+  - mounts
+  - rsyslog
+cloud_config_modules:
+  - locale
+  - timezone
+  - runcmd
+cloud_final_modules:
+  - scripts-per-once
+  - scripts-per-boot
+  - scripts-per-instance
+  - scripts-user
+  - final-message
+  - power-state-change
 EOF
 
+  # Disable cloud-init services since we run it manually in postinit.sh if user data is available
   touch /etc/cloud/cloud-init.disabled
   systemctl stop cloud-init
   systemctl disable cloud-init