Set up ZeroTier using
cloud-init is a convenient and cross-platform way to initialize cloud instances. It is supported by all major cloud providers. You can use it to configure OS settings, install packages, or even start up specific instances of ZeroTier.
How do you use it?
Typically a cloud-init file can be uploaded to a cloud provider or added as an additional payload via an API.
- name: wrankles
- apt-get update
#- mkdir -p /var/lib/zerotier-one
#- echo "1234567890:0:..." > /var/lib/zerotier-one/identity.secret
#- echo "1234567890:0:..." > /var/lib/zerotier-one/identity.public
- curl -s https://install.zerotier.com | bash
- zerotier-cli join cfb8bf9836c2fc3a
- systemctl restart ssh
Pre-populate ZeroTier identities (optional)
runcmd lines starting with
echo if you want to write known ZeroTier identities to disk before startup. This is useful if you've already authorized or scripted around a specific node ID and want it to start up the same each time.
If you place your ZeroTier node's secret key in your cloud init file it is possible for someone to impersonate your node if they get ahold of this cloud-init file.
Password-less SSH (optional)
It's usually recommended that you disable the
root account and disable password-based ssh authentication and rely solely on key-based authentication. Digital Ocean has some really great documentation on the subject.
To make getting into your cloud instance as easy as possible you can add entries to
- ssh-rsa AAAAB38fwi3756q238if75dh6awd476r3bg78f56ghfaa7fdh63qf5dq378f5632gha3875j3f498da7hfhjkfawejtfsktfr89ew4jftsjrf8t9rhg7tjser8tsre7yjgvased89rfdcsh67rewhg8tq7tsge546w4
To make getting into other instances from this instance easier, you can add a pre-generated private key to
-----BEGIN OPENSSH PRIVATE KEY-----
-----END OPENSSH PRIVATE KEY-----
ed25519_public: ssh-ed25519 AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpqxiX1nKhXpHAZsMciLq8V6RjsHDTYW7hdI4 devbox