From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 805C91FF173 for ; Mon, 10 Feb 2025 13:07:38 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 17E0DA515; Mon, 10 Feb 2025 13:07:28 +0100 (CET) From: Daniel Herzig To: pve-devel@lists.proxmox.com Date: Mon, 10 Feb 2025 13:07:16 +0100 Message-Id: <20250210120722.163622-3-d.herzig@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250210120722.163622-1-d.herzig@proxmox.com> References: <20250210120722.163622-1-d.herzig@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.549 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH 2/8 container] cloudinit: basic implementation X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Cc: Leo Nunner Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" From: Leo Nunner The code to generate the actual configuration works pretty much the same as with the VM system. We generate an instance ID by hashing the user configuration, causing cloud-init to run every time said configuration changes. Instead of creating a config drive, we write files directly into the volume of the container. We create a folder at '/var/lib/cloud/seed/nocloud-net' and write the files 'user-data', 'vendor-data' and 'meta-data'. Cloud-init looks at the instance ID inside 'meta-data' to decide whether it should run (again) or not. Custom scripts need to be located inside the snippets directory, and overwrite the default generated configuration file. Signed-off-by: Leo Nunner --- src/PVE/LXC.pm | 1 + src/PVE/LXC/Cloudinit.pm | 114 ++++++++++++++++++++++++++++++++++++++ src/PVE/LXC/Makefile | 1 + src/lxc-pve-prestart-hook | 5 ++ 4 files changed, 121 insertions(+) create mode 100644 src/PVE/LXC/Cloudinit.pm diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm index 4d20645..35bb6b5 100644 --- a/src/PVE/LXC.pm +++ b/src/PVE/LXC.pm @@ -40,6 +40,7 @@ use PVE::Tools qw( use PVE::Syscall qw(:fsmount); use PVE::LXC::CGroup; +use PVE::LXC::Cloudinit; use PVE::LXC::Config; use PVE::LXC::Monitor; use PVE::LXC::Tools; diff --git a/src/PVE/LXC/Cloudinit.pm b/src/PVE/LXC/Cloudinit.pm new file mode 100644 index 0000000..3e8617b --- /dev/null +++ b/src/PVE/LXC/Cloudinit.pm @@ -0,0 +1,114 @@ +package PVE::LXC::Cloudinit; + +use strict; +use warnings; + +use Digest::SHA; +use File::Path; + +use PVE::LXC; + +sub gen_cloudinit_metadata { + my ($user) = @_; + + my $uuid_str = Digest::SHA::sha1_hex($user); + return cloudinit_metadata($uuid_str); +} + +sub cloudinit_metadata { + my ($uuid) = @_; + my $raw = ""; + + $raw .= "instance-id: $uuid\n"; + + return $raw; +} + +sub cloudinit_userdata { + my ($conf) = @_; + + my $content = "#cloud-config\n"; + + my $username = $conf->{ciuser}; + my $password = $conf->{cipassword}; + + $content .= "user: $username\n" if defined($username); + $content .= "password: $password\n" if defined($password); + + if (defined(my $keys = $conf->{sshkeys})) { + $keys = URI::Escape::uri_unescape($keys); + $keys = [map { my $key = $_; chomp $key; $key } split(/\n/, $keys)]; + $keys = [grep { /\S/ } @$keys]; + $content .= "ssh_authorized_keys:\n"; + foreach my $k (@$keys) { + $content .= " - $k\n"; + } + } + $content .= "chpasswd:\n"; + $content .= " expire: False\n"; + + if (!defined($username) || $username ne 'root') { + $content .= "users:\n"; + $content .= " - default\n"; + } + + $content .= "package_upgrade: true\n" if $conf->{ciupgrade}; + + return $content; +} + +sub read_cloudinit_snippets_file { + my ($storage_conf, $volid) = @_; + + my ($full_path, undef, $type) = PVE::Storage::path($storage_conf, $volid); + die "$volid is not in the snippets directory\n" if $type ne 'snippets'; + return PVE::Tools::file_get_contents($full_path, 1 * 1024 * 1024); +} + +sub read_custom_cloudinit_files { + my ($conf) = @_; + + my $cloudinit_conf = $conf->{cicustom}; + my $files = $cloudinit_conf ? PVE::JSONSchema::parse_property_string('pve-pct-cicustom', $cloudinit_conf) : {}; + + my $user_volid = $files->{user}; + my $vendor_volid = $files->{vendor}; + + my $storage_conf = PVE::Storage::config(); + + my $user_data; + if ($user_volid) { + $user_data = read_cloudinit_snippets_file($storage_conf, $user_volid); + } + + my $vendor_data; + if ($vendor_volid) { + $user_data = read_cloudinit_snippets_file($storage_conf, $vendor_volid); + } + + return ($user_data, $vendor_data); +} + +sub create_cloudinit_files { + my ($conf, $setup) = @_; + + my $cloudinit_dir = "/var/lib/cloud/seed/nocloud-net"; + + my ($user_data, $vendor_data) = read_custom_cloudinit_files($conf); + $user_data = cloudinit_userdata($conf) if !defined($user_data); + $vendor_data = '' if !defined($vendor_data); + + my $meta_data = gen_cloudinit_metadata($user_data); + + $setup->protected_call(sub { + my $plugin = $setup->{plugin}; + + $plugin->ct_make_path($cloudinit_dir); + + $plugin->ct_file_set_contents("$cloudinit_dir/user-data", $user_data); + $plugin->ct_file_set_contents("$cloudinit_dir/vendor-data", $vendor_data); + $plugin->ct_file_set_contents("$cloudinit_dir/meta-data", $meta_data); + }); +} + +1; diff --git a/src/PVE/LXC/Makefile b/src/PVE/LXC/Makefile index a190260..5d595ba 100644 --- a/src/PVE/LXC/Makefile +++ b/src/PVE/LXC/Makefile @@ -1,5 +1,6 @@ SOURCES= \ CGroup.pm \ + Cloudinit.pm \ Command.pm \ Config.pm \ Create.pm \ diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook index fdaead2..c9f8ff0 100755 --- a/src/lxc-pve-prestart-hook +++ b/src/lxc-pve-prestart-hook @@ -13,6 +13,7 @@ use POSIX; use PVE::CGroup; use PVE::Cluster; use PVE::LXC::Config; +use PVE::LXC::Cloudinit; use PVE::LXC::Setup; use PVE::LXC::Tools; use PVE::LXC; @@ -173,6 +174,10 @@ PVE::LXC::Tools::lxc_hook('pre-start', 'lxc', sub { my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); $lxc_setup->pre_start_hook(); + if ($conf->{cienable}) { + PVE::LXC::Cloudinit::create_cloudinit_files($conf, $lxc_setup) + } + if (PVE::CGroup::cgroup_mode() == 2) { if (!$lxc_setup->unified_cgroupv2_support()) { log_warn($vmid, "old systemd (< v232) detected, container won't run in a pure cgroupv2" -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel