cloud-init-crafter
Cloud-init Crafter
This skill provides a structured framework for generating and maintaining cloud-init configurations. It utilizes a library of baseline templates, localized reference guides, and automated validation scripts to ensure production-ready deployments.
Core Principles
- Plan Before Execution: Always define a concise implementation plan (listing target modules, target format, baseline templates, and validation logic) before generating code.
- Format Awareness: Recognize that
cloud-initaccepts multiple formats. Default to#cloud-config(YAML 1.1) but proactively suggest shell scripts, boothooks, or MIME archives when the user's operational timing requires it. - Security by Default: Prohibit plaintext passwords. Use
ssh_authorized_keysorhashed_passwdexclusively. Ensure sensitiveinstance-datais accessed securely. - Idempotency: Ensure all
runcmd,bootcmd, and custom scripts are idempotent to allow safe re-execution.
Local References (Load On-Demand)
Load these reference documents on-demand when specific technical details, formats, or troubleshooting steps are required to save token context.
Format Guides
Load these when defining the structure of the user-data payload or combining multiple execution types:
- Cloud Config Format - Standard YAML configurations.
- Cloud Boothook Format - Early-boot shell scripts (Network stage).
- User-data Script Format - Late-boot standard shell scripts.
- Include File Format - Referencing external URLs.
- Jinja Template Format - Header requirements for Jinja rendering.
- Gzip Compressed Content - Handling binary compressed payloads.
- Cloud Config Archive - YAML-based multi-part alternatives.
- MIME Multi-part Archive - Combining multiple formats into a single payload.
Data & Templating
- Instance Data - Standardized
v1keys, JSON structure, and Jinja templating usage for dynamic, environment-aware configurations.
Core Concepts & Guidelines
- Concepts and Boot Stages - Overview of cloud-init principles and the five boot stages (Detect, Local, Network, Config, Final).
- Cloud-config API - Detailed syntax, configuration schema, and examples for common configuration modules.
- Best Practices - Strategic guidelines for writing robust, idempotent, and maintainable cloud-init scripts.
- Security Guidelines - Critical security hardening, credential management, and SSH host key verification.
- CLI Reference - Comprehensive command-line interface guide for
cloud-initandcloud-init-per. - Error Cheatsheet - Troubleshooting workflows, log paths, status codes, and common failure modes.
Platform Launching Guides
- QEMU Launching - Guide for local instance testing using QEMU and the NoCloud datasource.
- LXD Launching - Guide for testing with LXD containers.
- Multipass Launching - Guide for launching VMs on Linux, Windows, or macOS.
- Libvirt Launching - Automating seed image creation and deployment.
- WSL Launching - Requirements for Ubuntu 24.04+ on Windows Subsystem for Linux.
Assets (Baseline Templates)
Use these templates as a starting point for new configurations:
- Minimal Template - Essential SSH-only access with password authentication disabled.
- Default Template - Standard baseline for production including users, SSH keys, and package updates.
- Complete Template - Comprehensive setup including disk partitioning, file writing, and complex orchestration.
Validation Tools
- Config Validator - A Python script (PEP 723) to offline validate YAML syntax and mandatory headers.
Official Documentation
Refer to these external resources for the most granular specifications:
Standard Operating Procedure (SOP)
- Discovery & Planning: Analyze the user's requirements. Determine the correct Boot Stage needed (early network vs. final execution) and select the appropriate format (e.g.,
#cloud-config,#cloud-boothook, or MIME). Decide if dynamicinstance-datavia Jinja is required. Output a concise plan. - Context Loading: Silently load the relevant format guide from
references/formats/andreferences/instance-data.mdif templating is needed. - Execution: Generate or modify the configuration block. Ensure strict adherence to the loaded format's specific headers, syntax, and security constraints.
- Validation: Recommend validation via
cloud-init schema -c <file> --annotateor the providedscripts/validate_config.pytool.
More from zenless-lab/skills
python-docstring-expert
Expert methodology for evaluating, formatting, and generating Python docstrings. Use when creating or updating documentation for Python code, determining if a docstring is necessary based on API exposure, or formatting docstrings for modules, classes, and functions. Load this skill when code changes affect existing docstrings to keep them synchronized.
16readme-crafter
Use this skill when you need to write, refactor, or improve a project's README.md file. Trigger this anytime the user wants to create documentation, project overviews, or profile pages following best practices and modern aesthetics.
8skill-expert
Comprehensive master guide for designing, creating, editing, updating, and refactoring Agent Skills according to the official agentskills.io specification. Use this when you need to build or modify capabilities for an AI agent.
8agents-md-crafter
Use this skill when you need to create, update, or improve AI agent instruction files like AGENTS.md, GEMINI.md, or copilot-instructions.md. Trigger this anytime the user wants to set up standard AI rules, document project context for LLMs, or add repository-wide guidelines for AI agents.
8skill-crafter
Use this skill when creating a new skill or when modifying, updating, refactoring, restructuring, or reviewing an existing skill. Trigger it for framework-specific and framework-agnostic skill work, including SKILL.md design, folder layout, scripts, references, assets, metadata, and description optimization, even if the user only says "make a skill", "improve this skill", or "refactor the skill".
7secret-scanner
Use this skill when instructed to perform a security scan, find leaked secrets, or check for PII in the codebase or git diffs. Trigger this even if the user broadly asks to check for security issues, leaked credentials, passwords, API tokens, emails, or sensitive data before committing.
7