From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
by lore.proxmox.com (Postfix) with ESMTPS id 512E01FF16F
for <inbox@lore.proxmox.com>; Thu, 13 Feb 2025 12:29:43 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 625231D09;
Thu, 13 Feb 2025 12:29:38 +0100 (CET)
Message-ID: <080f00b4-2530-4369-9e9a-3d7e44c1cbed@proxmox.com>
Date: Thu, 13 Feb 2025 12:29:33 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Fiona Ebner <f.ebner@proxmox.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Daniel Herzig <d.herzig@proxmox.com>
References: <20250210120722.163622-1-d.herzig@proxmox.com>
<20250210120722.163622-3-d.herzig@proxmox.com>
<1126663e-7d43-4c6e-82e1-1fc7918fc67a@proxmox.com>
Content-Language: en-US
From: Mira Limbeck <m.limbeck@proxmox.com>
In-Reply-To: <1126663e-7d43-4c6e-82e1-1fc7918fc67a@proxmox.com>
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.323 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH 2/8 container] cloudinit: basic
implementation
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
On 2/13/25 12:01, Fiona Ebner wrote:
> Am 10.02.25 um 13:07 schrieb Daniel Herzig:
>> From: Leo Nunner <l.nunner@proxmox.com>
>>
>> The code to generate the actual configuration works pretty much the same
>> as with the VM system. We generate an instance ID by hashing the user
>> configuration, causing cloud-init to run every time said configuration
>> changes.
>>
>> Instead of creating a config drive, we write files directly into the
>> volume of the container. We create a folder at
>> '/var/lib/cloud/seed/nocloud-net' and write the files 'user-data',
>> 'vendor-data' and 'meta-data'. Cloud-init looks at the instance ID
>> inside 'meta-data' to decide whether it should run (again) or not.
>>
>> Custom scripts need to be located inside the snippets directory, and
>> overwrite the default generated configuration file.
>>
>> Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
>> ---
>> src/PVE/LXC.pm | 1 +
>> src/PVE/LXC/Cloudinit.pm | 114 ++++++++++++++++++++++++++++++++++++++
>> src/PVE/LXC/Makefile | 1 +
>> src/lxc-pve-prestart-hook | 5 ++
>> 4 files changed, 121 insertions(+)
>> create mode 100644 src/PVE/LXC/Cloudinit.pm
>>
>> diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
>> index 4d20645..35bb6b5 100644
>> --- a/src/PVE/LXC.pm
>> +++ b/src/PVE/LXC.pm
>> @@ -40,6 +40,7 @@ use PVE::Tools qw(
>> use PVE::Syscall qw(:fsmount);
>>
>> use PVE::LXC::CGroup;
>> +use PVE::LXC::Cloudinit;
>> use PVE::LXC::Config;
>> use PVE::LXC::Monitor;
>> use PVE::LXC::Tools;
>
> Hmm, seems like this import is unused. Can you double check?
>
>> diff --git a/src/PVE/LXC/Cloudinit.pm b/src/PVE/LXC/Cloudinit.pm
>> new file mode 100644
>> index 0000000..3e8617b
>> --- /dev/null
>> +++ b/src/PVE/LXC/Cloudinit.pm
>> @@ -0,0 +1,114 @@
>> +package PVE::LXC::Cloudinit;
>> +
>> +use strict;
>> +use warnings;
>> +
>> +use Digest::SHA;
>> +use File::Path;
>
> Missing includes:
>
> use URI::Escape;
>
> And we also need a dependency on liburi-perl in debian/control ;)
>
> use PVE::JSONSchema;
>
>> +use PVE::LXC;
>
> use PVE::Storage;
> use PVE::Tools;
>
>> +
>> +sub gen_cloudinit_metadata {
>> + my ($user) = @_;
>> +
>> + my $uuid_str = Digest::SHA::sha1_hex($user);
>
> Hmm, shouldn't this also depend on the vendor data? Otherwise, if only
> the vendor data changes, then it will still have the same instance ID.
>
> Seems like for VMs, we only use user and network data here.
>
> @Mira do you know more by chance?
I don't think vendor-data should be part of the instance-id. It's used
to create a first configuration that a user can override via the user
config.
The vendor-data won't be used again once it's already configured.
I'm not a 100% sure, but changing the instance-id leads to rerunning
lots of modules (e.g. User, Network and others), but the vendor-data
parts do not.
Only a complete `cloud-init clean` should trigger the modules using
vendor-data to run again.
https://cloudinit.readthedocs.io/en/latest/explanation/vendordata.html#vendor-data
>> + return cloudinit_metadata($uuid_str);
>> +}
>> +
>> +sub cloudinit_metadata {
>> + my ($uuid) = @_;
>> + my $raw = "";
>> +
>> + $raw .= "instance-id: $uuid\n";
>> +
>> + return $raw;
>> +}
>> +
>> +sub cloudinit_userdata {
>> + my ($conf) = @_;
>> +
>> + my $content = "#cloud-config\n";
>> +
>> + my $username = $conf->{ciuser};
>> + my $password = $conf->{cipassword};
>> +
>> + $content .= "user: $username\n" if defined($username);
>> + $content .= "password: $password\n" if defined($password);
>> +
>> + if (defined(my $keys = $conf->{sshkeys})) {
>> + $keys = URI::Escape::uri_unescape($keys);
>> + $keys = [map { my $key = $_; chomp $key; $key } split(/\n/, $keys)];
>> + $keys = [grep { /\S/ } @$keys];
>> + $content .= "ssh_authorized_keys:\n";
>> + foreach my $k (@$keys) {
>> + $content .= " - $k\n";
>> + }
>> + }
>> + $content .= "chpasswd:\n";
>> + $content .= " expire: False\n";
>> +
>> + if (!defined($username) || $username ne 'root') {
>> + $content .= "users:\n";
>> + $content .= " - default\n";
>> + }
>> +
>> + $content .= "package_upgrade: true\n" if $conf->{ciupgrade};
>
> For VMs, we default to true here. I'd like to keep it consistent.
>
>> +
>> + return $content;
>> +}
>> +
>> +sub read_cloudinit_snippets_file {
>> + my ($storage_conf, $volid) = @_;
>> +
>> + my ($full_path, undef, $type) = PVE::Storage::path($storage_conf, $volid);
>
> The qemu-server implementation does things a bit differently here using
> parse_volname() and abs_filesystem_path(). The latter makes sure to
> activate the storage/volume, which is desirable. I'd either add a call
> to activate the volume here too, or align the helpers.
>
>> + die "$volid is not in the snippets directory\n" if $type ne 'snippets';
>> + return PVE::Tools::file_get_contents($full_path, 1 * 1024 * 1024);
>> +}
>> +
>
> ---snip 8<---
>
>> diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook
>> index fdaead2..c9f8ff0 100755
>> --- a/src/lxc-pve-prestart-hook
>> +++ b/src/lxc-pve-prestart-hook
>> @@ -13,6 +13,7 @@ use POSIX;
>> use PVE::CGroup;
>> use PVE::Cluster;
>> use PVE::LXC::Config;
>> +use PVE::LXC::Cloudinit;
>
> Nit: not ordered alphabetically
>
>> use PVE::LXC::Setup;
>> use PVE::LXC::Tools;
>> use PVE::LXC;
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel