From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id BB056986CA for ; Thu, 11 May 2023 13:13:45 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 91E2E20127 for ; Thu, 11 May 2023 13:13:15 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 11 May 2023 13:13:14 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 607BC4197B for ; Thu, 11 May 2023 13:13:14 +0200 (CEST) From: Leo Nunner To: pve-devel@lists.proxmox.com Date: Thu, 11 May 2023 13:12:45 +0200 Message-Id: <20230511111249.171748-2-l.nunner@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230511111249.171748-1-l.nunner@proxmox.com> References: <20230511111249.171748-1-l.nunner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.128 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH RFC container 1/3] cloudinit: introduce config parameters X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2023 11:13:45 -0000 Introduce configuration parameters for cloud-init. Like with VMs, it's possible to specify: - user - password - ssh keys - enable/disable updates on first boot It's also possible to pass through custom config files for the user and vendor settings. We don't allow configuring the network through cloud-init, since it will clash with whatever configuration we already did for the container. Signed-off-by: Leo Nunner --- src/PVE/API2/LXC.pm | 3 ++ src/PVE/API2/LXC/Config.pm | 7 ++++- src/PVE/LXC/Config.pm | 61 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 1 deletion(-) diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm index 50c9eaf..e585509 100644 --- a/src/PVE/API2/LXC.pm +++ b/src/PVE/API2/LXC.pm @@ -2492,6 +2492,9 @@ __PACKAGE__->register_method({ my $pending_delete_hash = PVE::LXC::Config->parse_pending_delete($conf->{pending}->{delete}); + $conf->{cipassword} = '**********' if defined($conf->{cipassword}); + $conf->{pending}->{cipassword} = '********** ' if defined($conf->{pending}->{cipassword}); + return PVE::GuestHelpers::config_with_pending_array($conf, $pending_delete_hash); }}); diff --git a/src/PVE/API2/LXC/Config.pm b/src/PVE/API2/LXC/Config.pm index e6c0980..0ff4115 100644 --- a/src/PVE/API2/LXC/Config.pm +++ b/src/PVE/API2/LXC/Config.pm @@ -79,7 +79,7 @@ __PACKAGE__->register_method({ } else { $conf = PVE::LXC::Config->load_current_config($param->{vmid}, $param->{current}); } - + $conf->{cipassword} = '**********' if $conf->{cipassword}; return $conf; }}); @@ -148,6 +148,11 @@ __PACKAGE__->register_method({ $param->{cpuunits} = PVE::CGroup::clamp_cpu_shares($param->{cpuunits}) if defined($param->{cpuunits}); # clamp value depending on cgroup version + if (defined(my $cipassword = $param->{cipassword})) { + $param->{cipassword} = PVE::Tools::encrypt_pw($cipassword) + if $cipassword !~ /^\$(?:[156]|2[ay])(\$.+){2}/; + } + my $code = sub { my $conf = PVE::LXC::Config->load_config($vmid); diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm index ac9db94..8aeb03b 100644 --- a/src/PVE/LXC/Config.pm +++ b/src/PVE/LXC/Config.pm @@ -442,6 +442,63 @@ my $features_desc = { }, }; +my $cicustom_fmt = { + user => { + type => 'string', + optional => 1, + description => 'To pass a custom file containing all user data to the container via cloud-init.', + format => 'pve-volume-id', + format_description => 'volume', + }, + vendor => { + type => 'string', + optional => 1, + description => 'To pass a custom file containing all vendor data to the container via cloud-init.', + format => 'pve-volume-id', + format_description => 'volume', + }, +}; +PVE::JSONSchema::register_format('pve-pct-cicustom', $cicustom_fmt); + +my $confdesc_cloudinit = { + cienable => { + optional => 1, + type => 'boolean', + description => "cloud-init: provide cloud-init configuration to container.", + }, + ciuser => { + optional => 1, + type => 'string', + description => "cloud-init: User name to change ssh keys and password for instead of the" + ." image's configured default user.", + }, + cipassword => { + optional => 1, + type => 'string', + description => 'cloud-init: Password to assign the user. Using this is generally not' + .' recommended. Use ssh keys instead. Also note that older cloud-init versions do not' + .' support hashed passwords.', + }, + ciupdate => { + optional => 1, + type => 'boolean', + description => 'cloud-init: do an automatic package update on boot.' + }, + cicustom => { + optional => 1, + type => 'string', + description => 'cloud-init: Specify custom files to replace the automatically generated' + .' ones at start.', + format => 'pve-pct-cicustom', + }, + sshkeys => { + optional => 1, + type => 'string', + format => 'urlencoded', + description => "cloud-init: Setup public SSH keys (one key per line, OpenSSH format).", + }, +}; + my $confdesc = { lock => { optional => 1, @@ -614,6 +671,10 @@ my $confdesc = { }, }; +foreach my $key (keys %$confdesc_cloudinit) { + $confdesc->{$key} = $confdesc_cloudinit->{$key}; +} + my $valid_lxc_conf_keys = { 'lxc.apparmor.profile' => 1, 'lxc.apparmor.allow_incomplete' => 1, -- 2.30.2