From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 512E01FF16F for <inbox@lore.proxmox.com>; Thu, 13 Feb 2025 12:29:43 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 625231D09; Thu, 13 Feb 2025 12:29:38 +0100 (CET) Message-ID: <080f00b4-2530-4369-9e9a-3d7e44c1cbed@proxmox.com> Date: Thu, 13 Feb 2025 12:29:33 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Fiona Ebner <f.ebner@proxmox.com>, Proxmox VE development discussion <pve-devel@lists.proxmox.com>, Daniel Herzig <d.herzig@proxmox.com> References: <20250210120722.163622-1-d.herzig@proxmox.com> <20250210120722.163622-3-d.herzig@proxmox.com> <1126663e-7d43-4c6e-82e1-1fc7918fc67a@proxmox.com> Content-Language: en-US From: Mira Limbeck <m.limbeck@proxmox.com> In-Reply-To: <1126663e-7d43-4c6e-82e1-1fc7918fc67a@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.323 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH 2/8 container] cloudinit: basic implementation X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/> List-Post: <mailto:pve-devel@lists.proxmox.com> List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com> On 2/13/25 12:01, Fiona Ebner wrote: > Am 10.02.25 um 13:07 schrieb Daniel Herzig: >> From: Leo Nunner <l.nunner@proxmox.com> >> >> The code to generate the actual configuration works pretty much the same >> as with the VM system. We generate an instance ID by hashing the user >> configuration, causing cloud-init to run every time said configuration >> changes. >> >> Instead of creating a config drive, we write files directly into the >> volume of the container. We create a folder at >> '/var/lib/cloud/seed/nocloud-net' and write the files 'user-data', >> 'vendor-data' and 'meta-data'. Cloud-init looks at the instance ID >> inside 'meta-data' to decide whether it should run (again) or not. >> >> Custom scripts need to be located inside the snippets directory, and >> overwrite the default generated configuration file. >> >> Signed-off-by: Leo Nunner <l.nunner@proxmox.com> >> --- >> src/PVE/LXC.pm | 1 + >> src/PVE/LXC/Cloudinit.pm | 114 ++++++++++++++++++++++++++++++++++++++ >> src/PVE/LXC/Makefile | 1 + >> src/lxc-pve-prestart-hook | 5 ++ >> 4 files changed, 121 insertions(+) >> create mode 100644 src/PVE/LXC/Cloudinit.pm >> >> diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm >> index 4d20645..35bb6b5 100644 >> --- a/src/PVE/LXC.pm >> +++ b/src/PVE/LXC.pm >> @@ -40,6 +40,7 @@ use PVE::Tools qw( >> use PVE::Syscall qw(:fsmount); >> >> use PVE::LXC::CGroup; >> +use PVE::LXC::Cloudinit; >> use PVE::LXC::Config; >> use PVE::LXC::Monitor; >> use PVE::LXC::Tools; > > Hmm, seems like this import is unused. Can you double check? > >> diff --git a/src/PVE/LXC/Cloudinit.pm b/src/PVE/LXC/Cloudinit.pm >> new file mode 100644 >> index 0000000..3e8617b >> --- /dev/null >> +++ b/src/PVE/LXC/Cloudinit.pm >> @@ -0,0 +1,114 @@ >> +package PVE::LXC::Cloudinit; >> + >> +use strict; >> +use warnings; >> + >> +use Digest::SHA; >> +use File::Path; > > Missing includes: > > use URI::Escape; > > And we also need a dependency on liburi-perl in debian/control ;) > > use PVE::JSONSchema; > >> +use PVE::LXC; > > use PVE::Storage; > use PVE::Tools; > >> + >> +sub gen_cloudinit_metadata { >> + my ($user) = @_; >> + >> + my $uuid_str = Digest::SHA::sha1_hex($user); > > Hmm, shouldn't this also depend on the vendor data? Otherwise, if only > the vendor data changes, then it will still have the same instance ID. > > Seems like for VMs, we only use user and network data here. > > @Mira do you know more by chance? I don't think vendor-data should be part of the instance-id. It's used to create a first configuration that a user can override via the user config. The vendor-data won't be used again once it's already configured. I'm not a 100% sure, but changing the instance-id leads to rerunning lots of modules (e.g. User, Network and others), but the vendor-data parts do not. Only a complete `cloud-init clean` should trigger the modules using vendor-data to run again. https://cloudinit.readthedocs.io/en/latest/explanation/vendordata.html#vendor-data >> + return cloudinit_metadata($uuid_str); >> +} >> + >> +sub cloudinit_metadata { >> + my ($uuid) = @_; >> + my $raw = ""; >> + >> + $raw .= "instance-id: $uuid\n"; >> + >> + return $raw; >> +} >> + >> +sub cloudinit_userdata { >> + my ($conf) = @_; >> + >> + my $content = "#cloud-config\n"; >> + >> + my $username = $conf->{ciuser}; >> + my $password = $conf->{cipassword}; >> + >> + $content .= "user: $username\n" if defined($username); >> + $content .= "password: $password\n" if defined($password); >> + >> + if (defined(my $keys = $conf->{sshkeys})) { >> + $keys = URI::Escape::uri_unescape($keys); >> + $keys = [map { my $key = $_; chomp $key; $key } split(/\n/, $keys)]; >> + $keys = [grep { /\S/ } @$keys]; >> + $content .= "ssh_authorized_keys:\n"; >> + foreach my $k (@$keys) { >> + $content .= " - $k\n"; >> + } >> + } >> + $content .= "chpasswd:\n"; >> + $content .= " expire: False\n"; >> + >> + if (!defined($username) || $username ne 'root') { >> + $content .= "users:\n"; >> + $content .= " - default\n"; >> + } >> + >> + $content .= "package_upgrade: true\n" if $conf->{ciupgrade}; > > For VMs, we default to true here. I'd like to keep it consistent. > >> + >> + return $content; >> +} >> + >> +sub read_cloudinit_snippets_file { >> + my ($storage_conf, $volid) = @_; >> + >> + my ($full_path, undef, $type) = PVE::Storage::path($storage_conf, $volid); > > The qemu-server implementation does things a bit differently here using > parse_volname() and abs_filesystem_path(). The latter makes sure to > activate the storage/volume, which is desirable. I'd either add a call > to activate the volume here too, or align the helpers. > >> + die "$volid is not in the snippets directory\n" if $type ne 'snippets'; >> + return PVE::Tools::file_get_contents($full_path, 1 * 1024 * 1024); >> +} >> + > > ---snip 8<--- > >> diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook >> index fdaead2..c9f8ff0 100755 >> --- a/src/lxc-pve-prestart-hook >> +++ b/src/lxc-pve-prestart-hook >> @@ -13,6 +13,7 @@ use POSIX; >> use PVE::CGroup; >> use PVE::Cluster; >> use PVE::LXC::Config; >> +use PVE::LXC::Cloudinit; > > Nit: not ordered alphabetically > >> use PVE::LXC::Setup; >> use PVE::LXC::Tools; >> use PVE::LXC; _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel