From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id B497F1FF16F
	for <inbox@lore.proxmox.com>; Thu, 13 Feb 2025 12:02:20 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 0BA2ECC7;
	Thu, 13 Feb 2025 12:02:15 +0100 (CET)
Message-ID: <1126663e-7d43-4c6e-82e1-1fc7918fc67a@proxmox.com>
Date: Thu, 13 Feb 2025 12:01:41 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Daniel Herzig <d.herzig@proxmox.com>
References: <20250210120722.163622-1-d.herzig@proxmox.com>
 <20250210120722.163622-3-d.herzig@proxmox.com>
Content-Language: en-US
From: Fiona Ebner <f.ebner@proxmox.com>
In-Reply-To: <20250210120722.163622-3-d.herzig@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.047 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH 2/8 container] cloudinit: basic
 implementation
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Am 10.02.25 um 13:07 schrieb Daniel Herzig:
> From: Leo Nunner <l.nunner@proxmox.com>
> 
> The code to generate the actual configuration works pretty much the same
> as with the VM system. We generate an instance ID by hashing the user
> configuration, causing cloud-init to run every time said configuration
> changes.
> 
> Instead of creating a config drive, we write files directly into the
> volume of the container. We create a folder at
> '/var/lib/cloud/seed/nocloud-net' and write the files 'user-data',
> 'vendor-data' and 'meta-data'. Cloud-init looks at the instance ID
> inside 'meta-data' to decide whether it should run (again) or not.
> 
> Custom scripts need to be located inside the snippets directory, and
> overwrite the default generated configuration file.
> 
> Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
> ---
>  src/PVE/LXC.pm            |   1 +
>  src/PVE/LXC/Cloudinit.pm  | 114 ++++++++++++++++++++++++++++++++++++++
>  src/PVE/LXC/Makefile      |   1 +
>  src/lxc-pve-prestart-hook |   5 ++
>  4 files changed, 121 insertions(+)
>  create mode 100644 src/PVE/LXC/Cloudinit.pm
> 
> diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
> index 4d20645..35bb6b5 100644
> --- a/src/PVE/LXC.pm
> +++ b/src/PVE/LXC.pm
> @@ -40,6 +40,7 @@ use PVE::Tools qw(
>  use PVE::Syscall qw(:fsmount);
>  
>  use PVE::LXC::CGroup;
> +use PVE::LXC::Cloudinit;
>  use PVE::LXC::Config;
>  use PVE::LXC::Monitor;
>  use PVE::LXC::Tools;

Hmm, seems like this import is unused. Can you double check?

> diff --git a/src/PVE/LXC/Cloudinit.pm b/src/PVE/LXC/Cloudinit.pm
> new file mode 100644
> index 0000000..3e8617b
> --- /dev/null
> +++ b/src/PVE/LXC/Cloudinit.pm
> @@ -0,0 +1,114 @@
> +package PVE::LXC::Cloudinit;
> +
> +use strict;
> +use warnings;
> +
> +use Digest::SHA;
> +use File::Path;

Missing includes:

use URI::Escape;

And we also need a dependency on liburi-perl in debian/control ;)

use PVE::JSONSchema;

> +use PVE::LXC;

use PVE::Storage;
use PVE::Tools;

> +
> +sub gen_cloudinit_metadata {
> +    my ($user) = @_;
> +
> +    my $uuid_str = Digest::SHA::sha1_hex($user);

Hmm, shouldn't this also depend on the vendor data? Otherwise, if only
the vendor data changes, then it will still have the same instance ID.

Seems like for VMs, we only use user and network data here.

@Mira do you know more by chance?

> +    return cloudinit_metadata($uuid_str);
> +}
> +
> +sub cloudinit_metadata {
> +    my ($uuid) = @_;
> +    my $raw = "";
> +
> +    $raw .= "instance-id: $uuid\n";
> +
> +    return $raw;
> +}
> +
> +sub cloudinit_userdata {
> +    my ($conf) = @_;
> +
> +    my $content = "#cloud-config\n";
> +
> +    my $username = $conf->{ciuser};
> +    my $password = $conf->{cipassword};
> +
> +    $content .= "user: $username\n" if defined($username);
> +    $content .= "password: $password\n" if defined($password);
> +
> +    if (defined(my $keys = $conf->{sshkeys})) {
> +	$keys = URI::Escape::uri_unescape($keys);
> +	$keys = [map { my $key = $_; chomp $key; $key } split(/\n/, $keys)];
> +	$keys = [grep { /\S/ } @$keys];
> +	$content .= "ssh_authorized_keys:\n";
> +	foreach my $k (@$keys) {
> +	    $content .= "  - $k\n";
> +	}
> +    }
> +    $content .= "chpasswd:\n";
> +    $content .= "  expire: False\n";
> +
> +    if (!defined($username) || $username ne 'root') {
> +	$content .= "users:\n";
> +	$content .= "  - default\n";
> +    }
> +
> +    $content .= "package_upgrade: true\n" if $conf->{ciupgrade};

For VMs, we default to true here. I'd like to keep it consistent.

> +
> +    return $content;
> +}
> +
> +sub read_cloudinit_snippets_file {
> +    my ($storage_conf, $volid) = @_;
> +
> +    my ($full_path, undef, $type) = PVE::Storage::path($storage_conf, $volid);

The qemu-server implementation does things a bit differently here using
parse_volname() and abs_filesystem_path(). The latter makes sure to
activate the storage/volume, which is desirable. I'd either add a call
to activate the volume here too, or align the helpers.

> +    die "$volid is not in the snippets directory\n" if $type ne 'snippets';
> +    return PVE::Tools::file_get_contents($full_path, 1 * 1024 * 1024);
> +}
> +

---snip 8<---

> diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook
> index fdaead2..c9f8ff0 100755
> --- a/src/lxc-pve-prestart-hook
> +++ b/src/lxc-pve-prestart-hook
> @@ -13,6 +13,7 @@ use POSIX;
>  use PVE::CGroup;
>  use PVE::Cluster;
>  use PVE::LXC::Config;
> +use PVE::LXC::Cloudinit;

Nit: not ordered alphabetically

>  use PVE::LXC::Setup;
>  use PVE::LXC::Tools;
>  use PVE::LXC;


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel