From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id B497F1FF16F for <inbox@lore.proxmox.com>; Thu, 13 Feb 2025 12:02:20 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0BA2ECC7; Thu, 13 Feb 2025 12:02:15 +0100 (CET) Message-ID: <1126663e-7d43-4c6e-82e1-1fc7918fc67a@proxmox.com> Date: Thu, 13 Feb 2025 12:01:41 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>, Daniel Herzig <d.herzig@proxmox.com> References: <20250210120722.163622-1-d.herzig@proxmox.com> <20250210120722.163622-3-d.herzig@proxmox.com> Content-Language: en-US From: Fiona Ebner <f.ebner@proxmox.com> In-Reply-To: <20250210120722.163622-3-d.herzig@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.047 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH 2/8 container] cloudinit: basic implementation X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/> List-Post: <mailto:pve-devel@lists.proxmox.com> List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com> Am 10.02.25 um 13:07 schrieb Daniel Herzig: > From: Leo Nunner <l.nunner@proxmox.com> > > The code to generate the actual configuration works pretty much the same > as with the VM system. We generate an instance ID by hashing the user > configuration, causing cloud-init to run every time said configuration > changes. > > Instead of creating a config drive, we write files directly into the > volume of the container. We create a folder at > '/var/lib/cloud/seed/nocloud-net' and write the files 'user-data', > 'vendor-data' and 'meta-data'. Cloud-init looks at the instance ID > inside 'meta-data' to decide whether it should run (again) or not. > > Custom scripts need to be located inside the snippets directory, and > overwrite the default generated configuration file. > > Signed-off-by: Leo Nunner <l.nunner@proxmox.com> > --- > src/PVE/LXC.pm | 1 + > src/PVE/LXC/Cloudinit.pm | 114 ++++++++++++++++++++++++++++++++++++++ > src/PVE/LXC/Makefile | 1 + > src/lxc-pve-prestart-hook | 5 ++ > 4 files changed, 121 insertions(+) > create mode 100644 src/PVE/LXC/Cloudinit.pm > > diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm > index 4d20645..35bb6b5 100644 > --- a/src/PVE/LXC.pm > +++ b/src/PVE/LXC.pm > @@ -40,6 +40,7 @@ use PVE::Tools qw( > use PVE::Syscall qw(:fsmount); > > use PVE::LXC::CGroup; > +use PVE::LXC::Cloudinit; > use PVE::LXC::Config; > use PVE::LXC::Monitor; > use PVE::LXC::Tools; Hmm, seems like this import is unused. Can you double check? > diff --git a/src/PVE/LXC/Cloudinit.pm b/src/PVE/LXC/Cloudinit.pm > new file mode 100644 > index 0000000..3e8617b > --- /dev/null > +++ b/src/PVE/LXC/Cloudinit.pm > @@ -0,0 +1,114 @@ > +package PVE::LXC::Cloudinit; > + > +use strict; > +use warnings; > + > +use Digest::SHA; > +use File::Path; Missing includes: use URI::Escape; And we also need a dependency on liburi-perl in debian/control ;) use PVE::JSONSchema; > +use PVE::LXC; use PVE::Storage; use PVE::Tools; > + > +sub gen_cloudinit_metadata { > + my ($user) = @_; > + > + my $uuid_str = Digest::SHA::sha1_hex($user); Hmm, shouldn't this also depend on the vendor data? Otherwise, if only the vendor data changes, then it will still have the same instance ID. Seems like for VMs, we only use user and network data here. @Mira do you know more by chance? > + return cloudinit_metadata($uuid_str); > +} > + > +sub cloudinit_metadata { > + my ($uuid) = @_; > + my $raw = ""; > + > + $raw .= "instance-id: $uuid\n"; > + > + return $raw; > +} > + > +sub cloudinit_userdata { > + my ($conf) = @_; > + > + my $content = "#cloud-config\n"; > + > + my $username = $conf->{ciuser}; > + my $password = $conf->{cipassword}; > + > + $content .= "user: $username\n" if defined($username); > + $content .= "password: $password\n" if defined($password); > + > + if (defined(my $keys = $conf->{sshkeys})) { > + $keys = URI::Escape::uri_unescape($keys); > + $keys = [map { my $key = $_; chomp $key; $key } split(/\n/, $keys)]; > + $keys = [grep { /\S/ } @$keys]; > + $content .= "ssh_authorized_keys:\n"; > + foreach my $k (@$keys) { > + $content .= " - $k\n"; > + } > + } > + $content .= "chpasswd:\n"; > + $content .= " expire: False\n"; > + > + if (!defined($username) || $username ne 'root') { > + $content .= "users:\n"; > + $content .= " - default\n"; > + } > + > + $content .= "package_upgrade: true\n" if $conf->{ciupgrade}; For VMs, we default to true here. I'd like to keep it consistent. > + > + return $content; > +} > + > +sub read_cloudinit_snippets_file { > + my ($storage_conf, $volid) = @_; > + > + my ($full_path, undef, $type) = PVE::Storage::path($storage_conf, $volid); The qemu-server implementation does things a bit differently here using parse_volname() and abs_filesystem_path(). The latter makes sure to activate the storage/volume, which is desirable. I'd either add a call to activate the volume here too, or align the helpers. > + die "$volid is not in the snippets directory\n" if $type ne 'snippets'; > + return PVE::Tools::file_get_contents($full_path, 1 * 1024 * 1024); > +} > + ---snip 8<--- > diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook > index fdaead2..c9f8ff0 100755 > --- a/src/lxc-pve-prestart-hook > +++ b/src/lxc-pve-prestart-hook > @@ -13,6 +13,7 @@ use POSIX; > use PVE::CGroup; > use PVE::Cluster; > use PVE::LXC::Config; > +use PVE::LXC::Cloudinit; Nit: not ordered alphabetically > use PVE::LXC::Setup; > use PVE::LXC::Tools; > use PVE::LXC; _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel