Re: [pve-devel] [PATCH v2 qemu-server] fix 4493: cloud-init: fix generated Windows config

From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
	Mira Limbeck <m.limbeck@proxmox.com>
Subject: Re: [pve-devel] [PATCH v2 qemu-server] fix 4493: cloud-init: fix generated Windows config
Date: Mon, 29 Jul 2024 19:22:50 +0200	[thread overview]
Message-ID: <8f73a3b4-2baf-40ac-8230-b804cb85a6d0@proxmox.com> (raw)
In-Reply-To: <20240729151931.363107-1-m.limbeck@proxmox.com>

Am 29/07/2024 um 17:19 schrieb Mira Limbeck:
> cloudbase-init, a cloud-init reimplementation for Windows, supports only
> a subset of the configuration options of cloud-init. Some features
> depend on support by the Metadata Service (ConfigDrive2 here) and have
> further limitations [0].
> 
> To support a basic setup the following changes were made:
>  - password is saved as plaintext for any Windows guests (ostype)
>  - DNS servers are added to each of the interfaces
>  - SSH public keys are passed via metadata
> 
> Network and metadata generation for cloudbase-init is separate from the
> default ConfigDrive2 one so as to not interfere with any other OSes that
> depend on the current ConfigDrive2 implementation.
> 
> [0] https://cloudbase-init.readthedocs.io/en/latest/index.html
> 
> Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
> ---
> v2:
>  - unchanged
> 
> v1:
> 
> DNS search domains are not handled at all by the cloudbase-init ENI
> parser.
> The password is used for the Admin user specified in the
> cloudbase-init.conf inside the guest. Specifying a different user does
> not work. This would require rewriting the userdata handling as
> described in #5384 [1] which is a breaking change. Userdata generation
> is currently shared between all implementations, but the new one could
> be made cloudbase-init only for now.
> 
> To know if the password needs to be unencrypted, we have to check the
> `ostype`. For this we need access to the config. That's why I moved the
> `cipassword` handling inside $updatefn.
> 
> When no `citype` is specified, it will default to `configdrive2` on
> Windows. The check requires `ostype` to be set correctly.
> Any other `citype`s may not work correctly if used for cloudbase-init.
> 
> The docs patch adds a section on how to configure a Windows guest for
> cloudbase-init.

certainly not a clear-cut, but IMO most above might be even fine for the
commit message as (advanced) background and hints for future dev/support
engineers debugging CI on windows.

> diff --git a/PVE/QemuServer/Cloudinit.pm b/PVE/QemuServer/Cloudinit.pm
> index abc6b14..d4ecfac 100644
> --- a/PVE/QemuServer/Cloudinit.pm
> +++ b/PVE/QemuServer/Cloudinit.pm
> @@ -8,6 +8,8 @@ use Digest::SHA;
>  use URI::Escape;
>  use MIME::Base64 qw(encode_base64);
>  use Storable qw(dclone);
> +use JSON;
> +use URI;

Using that module would need adding `liburi-perl` as dependency, and I did not check
closely but quite probably also as build-dependency.

I can fleece that in on applying though, but I'd like some T-b tag (and would naturally
appreciate any R-b one) before applying this one.

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel