From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id CCE111FF2AB
	for <inbox@lore.proxmox.com>; Tue, 16 Jul 2024 16:40:58 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id E9AF81DC12;
	Tue, 16 Jul 2024 16:41:25 +0200 (CEST)
Date: Tue, 16 Jul 2024 16:41:06 +0200
To: pve-devel@lists.proxmox.com
MIME-Version: 1.0
Message-ID: <mailman.497.1721140885.331.pve-devel@lists.proxmox.com>
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
From: MAbeeTT via pve-devel <pve-devel@lists.proxmox.com>
Precedence: list
Cc: MAbeeTT <mabeett@gmail.com>
X-Mailman-Version: 2.1.29
X-BeenThere: pve-devel@lists.proxmox.com
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
Reply-To: MAbeeTT@gmail.com,
 Proxmox VE development discussion <pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
Subject: [pve-devel] cloudinit: RFC proposal for unwanted and unexpected
 regeneration of instance-id
Content-Type: multipart/mixed; boundary="===============0131947352886529937=="
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

--===============0131947352886529937==
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <mabeett@gmail.com>
X-Original-To: pve-devel@lists.proxmox.com
Delivered-To: pve-devel@lists.proxmox.com
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by lists.proxmox.com (Postfix) with ESMTPS id E8B55C0D53
	for <pve-devel@lists.proxmox.com>; Tue, 16 Jul 2024 16:41:24 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id C5B861DAFF
	for <pve-devel@lists.proxmox.com>; Tue, 16 Jul 2024 16:41:24 +0200 (CEST)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by firstgate.proxmox.com (Proxmox) with ESMTPS
	for <pve-devel@lists.proxmox.com>; Tue, 16 Jul 2024 16:41:24 +0200 (CEST)
Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-58f9874aeb4so7144788a12.0
        for <pve-devel@lists.proxmox.com>; Tue, 16 Jul 2024 07:41:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1721140877; x=1721745677; darn=lists.proxmox.com;
        h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4BBAwho7/diCYVhrAPfZxUTrIy4HJDyWVVQTswVY3Pk=;
        b=PTm3LRAjOWw2bhSx7rVUZsjPtNQ5ytHFvCD0/Vh5TJVHLSbRZ61W3vc7+HZ+r2k2nI
         PENGxFmssCWxNkT1RE6mMMwCQq0gQhwF4HZ106m9Zz1txpGy/qZDU/cX1SAMye2mc6Cv
         Qg7DHd7qzuzlUuX/1LawONeLtO/uCHgDewbXVJM2CHDWlQ9Z7G5+MmsjQKBoQQgZ9pGm
         3mCGbmzjOPYE2kkDIVXgo6XiTgQVEPNxlYr5Bcu9hYud8OAe3f+Hn9rWJxS2MDF+qu4t
         WVf3fECwaZFFE902tvcC9LL/VoCa1+qWGzEZTcTyltUG63ZmtQNMhINw/6GOHqmQQQCx
         D5ZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1721140877; x=1721745677;
        h=to:subject:message-id:date:from:reply-to:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=4BBAwho7/diCYVhrAPfZxUTrIy4HJDyWVVQTswVY3Pk=;
        b=gud1hn3QK8l63kJdvKZHVfaGdI8irqTyzA7tRnJUnw+GGS7hUIvUTVi44byOslv6gK
         8S4/kk5PciOIcQNvDCkNnl1z2SBNQabjY1xaaHR+g6nGM+LelSTrdU+L2G3i2DrZbMEQ
         xT85MFQ/Qq+UityvuPYTFS6C8qMCiDbVfit5v/RdqWBXWRx/wW9lVgP6ZLa8dWkqtgOA
         0z60+m0xiNrip8T+ap4pQO4209KcKKBcECyWlRBOgJ0NXEWpeFIsVxcaJuBRat+GAQ0a
         +ujOypyJUrJN+ISyGCwWcr5T2Afa6a5T2eIRx9yBOl8t/hsWnAaFjdAC3MDcjE32aj+B
         vLmA==
X-Gm-Message-State: AOJu0YwoxOaLIktdhjDHy9zCOtvFEsNgNXOrA2863EesD7/zvz8Sk7O1
	wxP2DTVvPA3pfw9lum+pNn8HJz35v94MsiBLNJJ8Ep4FiHfgESElMuy4+gVQA2T3wmwofM1aZrn
	bYVz7kmHLTyekEm/nZXhiRkH/DhEgbbIdRi65Ag==
X-Google-Smtp-Source: AGHT+IH5j3q0eI6OJJFjSPxsEkMYl0V59gce4xy0C0qJip34lVHytuidSNOqIG1OJsV3YQM58zHMWVnGh4rwFwm25bw=
X-Received: by 2002:a17:906:a0cb:b0:a77:e141:a50d with SMTP id
 a640c23a62f3a-a79ea5d0946mr166685166b.31.1721140877147; Tue, 16 Jul 2024
 07:41:17 -0700 (PDT)
MIME-Version: 1.0
Reply-To: MAbeeTT@gmail.com
From: MAbeeTT <mabeett@gmail.com>
Date: Tue, 16 Jul 2024 16:41:06 +0200
Message-ID: <CAKmboBLuYmB8p+3RkjC9M-Y8iy5BTg_GfS4m69PmEqJ77D5rEw@mail.gmail.com>
Subject: cloudinit: RFC proposal for unwanted and unexpected regeneration of instance-id
To: pve-devel@lists.proxmox.com
Content-Type: text/plain; charset="UTF-8"
X-SPAM-LEVEL: Spam detection results:  0
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DKIM_SIGNED               0.1 Message has a DKIM or DK signature, not necessarily valid
	DKIM_VALID               -0.1 Message has at least one valid DKIM or DK signature
	DKIM_VALID_AU            -0.1 Message has a valid DKIM or DK signature from author's domain
	DKIM_VALID_EF            -0.1 Message has a valid DKIM or DK signature from envelope-from domain
	DMARC_PASS               -0.1 DMARC pass policy
	FREEMAIL_FROM           0.001 Sender email is commonly abused enduser mail provider
	KAM_LOTSOFHASH           0.25 Emails with lots of hash-like gibberish
	RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/, no trust
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
	URIBL_BLOCKED           0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked.  See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com,readthedocs.io]

Hello all,
I am Matias from Spain, raised in Argentina where I met PVE from
version 3 when trying to find an opensource KVM and container solution
for an internal lab.

After backup on proxmox PVE7 and restore in PVE8 [ 8.2.4 ] in my
personal lab I got new instance-id's hash for restored VMs.
Searching in the source code I see the root cause is the commit
cloudinit "pass through hostname via fqdn field" [0].

In certain conditions with the change in the commit without user
intervention in the VM a new key fqdn is created for the userdata, the
userdata info feeds the hash[1][2] which is in fact the value for the
key instance-id[3] of the meta-data file.

With a new instance-id the cloud-init agent in the VM takes the
"per-instance" configuration and actions, instead of the "per-boot"
configuration[4].
This is a problem not limited to new ssh keys, because users could
generate VM templates with specific actions to be triggered only with
a new VM/instance.

I propose you for future releases using only user explicit setup
options related with cloudinit setup (name, sshkeys, cipassword), I
mean explicit and ignore default values.
So in case of future changes as the referred commit there will not be
new instance-id as the user does not generate explicitly new cloudinit
source of info, then no new instance, no surprises for VM
administrator.

I am far away from being a Perl  developer, but I can put my best
effort during my spare time.
Anyway I would like to know what you think since what I am proposing
changes the current behaviour of PVE cloudinit, maybe these changes
could be part of PVE 9?

Thanks for your attention,

Regards,

Matias Pecchia

[0]: https://git.proxmox.com/?p=qemu-server.git;a=commitdiff;h=3e546c5ada47da8434bb58d27a3aa7d9823e7fa4
[1]: https://git.proxmox.com/?p=qemu-server.git;a=blob;f=PVE/QemuServer/Cloudinit.pm;h=abc6b1421b38c67f3de46ea075d5f8ac2fe599ef;hb=1c5001c2e7f8b73cdcf192d23714985eaddc17ed#l497
[2]: https://git.proxmox.com/?p=qemu-server.git;a=blob;f=PVE/QemuServer/Cloudinit.pm;h=abc6b1421b38c67f3de46ea075d5f8ac2fe599ef;hb=1c5001c2e7f8b73cdcf192d23714985eaddc17ed#l481
[3]: https://git.proxmox.com/?p=qemu-server.git;a=blob;f=PVE/QemuServer/Cloudinit.pm;h=abc6b1421b38c67f3de46ea075d5f8ac2fe599ef;hb=1c5001c2e7f8b73cdcf192d23714985eaddc17ed#l476
[4]: https://cloudinit.readthedocs.io/en/latest/explanation/boot.html#first-boot-determination


-- 
             .::MAbeeTT::.

 mabeett [at] gmail [ dot] com


--===============0131947352886529937==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

--===============0131947352886529937==--