cloud init / cloud config to install Docker on Ubuntu

cloud-init.yaml

#cloud-config

# Option 1 - Full installation using cURL
package_update: true
package_upgrade: true

groups:
  - docker

system_info:
  default_user:
    groups: [ docker ]

packages:
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg
  - lsb-release
  - unattended-upgrades

runcmd:
  - mkdir -p /etc/apt/keyrings
  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
  - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
  - apt-get update
  - apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
  - systemctl enable docker
  - systemctl start docker

final_message: "The system is finally up, after $UPTIME seconds"

simple-cloud-init.yaml

#cloud-config

# Option 2: Simplified, using the default package
package_update: true
package_upgrade: true

groups:
  - docker

system_info:
  default_user:
    groups: [docker]

packages:
  - docker.io
  - unattended-upgrades

final_message: "The system is finally up, after $UPTIME seconds"

Why create a user named 'ubuntu'? it should already exist in the system. doing so might mess with the existing user (disabling login in example)

Did you run into any issues with this? This ended up being necessary for the use case when I originally created this, but might no longer be.

Yeah...basically killed my EC2 env.
I think because of this: lock_passwd: true
Basically the AMI of Ubuntu comes with the user 'ubuntu'

Running this cloud-init locked this user for login, so I was left with an EC2 machine that I can't SSH into

I ended up simplifying this part to:

groups:
  - docker

users:
 - name: ubuntu
 - groups: docker

It just created a docker group and adds 'ubuntu' to it

Yeah...basically killed my EC2 env. I think because of this: lock_passwd: true Basically the AMI of Ubuntu comes with the user 'ubuntu'

Running this cloud-init locked this user for login, so I was left with an EC2 machine that I can't SSH into

I ended up simplifying this part to:

groups:
  - docker

users:
 - name: ubuntu
 - groups: docker

It just created a docker group and adds 'ubuntu' to it

You should've still been able to ssh into the user with keys, just not with passwords, but not all usecases match everyone's goals. I'm glad you were able to get it working for your usecase though!

I wasn't able to, I used a key..

You can instruct cloud-init to preserve the default user:

users:
  - default
  - second_user

Read more in the cloud-init documentation.

# Default user creation:
#
# Unless you define users, you will get a 'ubuntu' user on Ubuntu systems with the
# legacy permission (no password sudo, locked user, etc). If however, you want
# to have the 'ubuntu' user in addition to other users, you need to instruct
# cloud-init that you also want the default user. To do this use the following
# syntax:
#   users:
#     - default

Appreciate the comment! This is a pretty old cloud-init file, so the one I use these days has changed quite a bit, but the reason the user was explicit was to ensure that the user was added to the right group, which I believe the default user did not have.

Thanks for all the feedback over time, I've updated the script with some latest goodies, and hope that the latest form maps more closely with some of the information regarding the default_user as well as the latest recommended docker installation commands and packages (and removed the resolv_conf usage as this is probably not the best place for it right now)

Thanks for updating it over time 👍

Changing line 25 from

https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

to

https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"

allows you to use this cloud-init on debian aswell.