From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 35D221FF15F
	for <inbox@lore.proxmox.com>; Mon, 18 Nov 2024 13:40:07 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 5EB13FAFB;
	Mon, 18 Nov 2024 13:40:12 +0100 (CET)
From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Mon, 18 Nov 2024 13:38:36 +0100
Message-ID: <20241118123843.1090243-1-c.heiss@proxmox.com>
X-Mailer: git-send-email 2.47.0
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.028 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH installer v2 0/5] fix #5579: allow specifying
 optional first-boot script
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

This implements #5579 [0] as proposed by Thomas [1].

Adds a new (optional) section to the auto-installer answer file called
`first-boot`, which can be used to the configure a script/executable
file to run on the first boot after the installation.

To used the baked-in (via the `proxmox-auto-install-assistant prepare-iso
--on-first-boot`) file from the ISO:

  [first-boot]
  source = "from-iso"

Or fetching it from a URL:

  [first-boot]
  source = "from-url"
  url = "http://example.com/first-boot"
  cert_fingerprint = ".." # if needed

Optionally, a ordering can be specified, when to run the script:

  [first-boot]
  source = "from-url"
  ordering = "fully-up" # default value
  # one of "before-network", "network-online" or "fully-up"

The structure the section is mostly taken from the `network` section to
provide consistency.

[0] https://bugzilla.proxmox.com/show_bug.cgi?id=5579
[1] https://bugzilla.proxmox.com/show_bug.cgi?id=5579#c5

Inner workings
==============

This creates a new package `proxmox-first-boot`, which only has a
systemd .service file. The service is conditioned to start based on the 
existence of a flag file in /var/lib/proxmox-first-boot, which will
be created by the installer if such a script is supplied by the user.

The script will also be passed the ordering of the service as the first
argument, as set in the answer file.

The above package will only be installed to the target system when a
first-boot script is set, to unnecessarily polluting the system.

Testing
=======

Tested this with the latest (8.2-2) PVE ISO, both baking it into the ISO
and fetching it from an URL. Did not test with PBS explicitly (yet), but
I see no reason why it shouldn't work, as it is completely
product-agnostic.

History
=======

v1: https://lore.proxmox.com/pve-devel/20241113135908.1622968-1-c.heiss@proxmox.com/

Changes v1 -> v2:
  * package is only installed when enabled
  * dropped already applied patches
  * added option to configure ordering

Diffstat
========

Christoph Heiss (5):
  fix #5579: first-boot: add initial service packaging
  fix #5579: setup: introduce 'first_boot' low-level installer options
  fix #5579: auto-install-assistant: enable baking in first-boot script
  fix #5579: auto-installer: add optional first-boot hook script
  fix #5579: install: setup proxmox-first-boot service if enabled

 Makefile                                      | 13 +++-
 Proxmox/Install.pm                            | 55 ++++++++++++++++-
 Proxmox/Install/Config.pm                     | 20 +++++++
 debian/control                                |  7 +++
 debian/proxmox-first-boot.install             |  3 +
 debian/rules                                  |  5 ++
 proxmox-auto-install-assistant/Cargo.toml     |  1 +
 proxmox-auto-install-assistant/src/main.rs    | 30 +++++++++-
 proxmox-auto-installer/Cargo.toml             |  2 +-
 proxmox-auto-installer/src/answer.rs          | 59 +++++++++++++++++++
 .../src/bin/proxmox-auto-installer.rs         | 49 +++++++++++++--
 proxmox-auto-installer/src/utils.rs           | 28 ++++++++-
 .../tests/resources/parse_answer/btrfs.json   |  3 +-
 .../resources/parse_answer/disk_match.json    |  3 +-
 .../parse_answer/disk_match_all.json          |  3 +-
 .../parse_answer/disk_match_any.json          |  3 +-
 .../resources/parse_answer/first-boot.json    | 19 ++++++
 .../resources/parse_answer/first-boot.toml    | 18 ++++++
 .../parse_answer/hashed_root_password.json    |  3 +-
 .../tests/resources/parse_answer/minimal.json |  3 +-
 .../resources/parse_answer/nic_matching.json  |  3 +-
 .../resources/parse_answer/specific_nic.json  |  3 +-
 .../tests/resources/parse_answer/zfs.json     |  3 +-
 proxmox-first-boot/Makefile                   | 10 ++++
 .../etc/proxmox-first-boot-multi-user.service | 15 +++++
 .../proxmox-first-boot-network-online.service | 17 ++++++
 .../proxmox-first-boot-network-pre.service    | 17 ++++++
 proxmox-installer-common/src/lib.rs           |  6 ++
 proxmox-installer-common/src/setup.rs         | 17 ++++++
 proxmox-tui-installer/src/setup.rs            |  4 +-
 30 files changed, 399 insertions(+), 23 deletions(-)
 create mode 100644 debian/proxmox-first-boot.install
 create mode 100644 proxmox-auto-installer/tests/resources/parse_answer/first-boot.json
 create mode 100644 proxmox-auto-installer/tests/resources/parse_answer/first-boot.toml
 create mode 100644 proxmox-first-boot/Makefile
 create mode 100644 proxmox-first-boot/etc/proxmox-first-boot-multi-user.service
 create mode 100644 proxmox-first-boot/etc/proxmox-first-boot-network-online.service
 create mode 100644 proxmox-first-boot/etc/proxmox-first-boot-network-pre.service

-- 
2.47.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel