[pve-devel] cloudinit: RFC proposal for unwanted and unexpected regeneration of instance-id

[pve-devel] cloudinit: RFC proposal for unwanted and unexpected regeneration of instance-id

[MAbeeTT via pve-devel]

[-- Attachment #1: Type: message/rfc822, Size: 7097 bytes --]

From: MAbeeTT <mabeett@gmail.com>
To: pve-devel@lists.proxmox.com
Subject: cloudinit: RFC proposal for unwanted and unexpected regeneration of instance-id
Date: Tue, 16 Jul 2024 16:41:06 +0200
Message-ID: <CAKmboBLuYmB8p+3RkjC9M-Y8iy5BTg_GfS4m69PmEqJ77D5rEw@mail.gmail.com>

Hello all,
I am Matias from Spain, raised in Argentina where I met PVE from
version 3 when trying to find an opensource KVM and container solution
for an internal lab.

After backup on proxmox PVE7 and restore in PVE8 [ 8.2.4 ] in my
personal lab I got new instance-id's hash for restored VMs.
Searching in the source code I see the root cause is the commit
cloudinit "pass through hostname via fqdn field" [0].

In certain conditions with the change in the commit without user
intervention in the VM a new key fqdn is created for the userdata, the
userdata info feeds the hash[1][2] which is in fact the value for the
key instance-id[3] of the meta-data file.

With a new instance-id the cloud-init agent in the VM takes the
"per-instance" configuration and actions, instead of the "per-boot"
configuration[4].
This is a problem not limited to new ssh keys, because users could
generate VM templates with specific actions to be triggered only with
a new VM/instance.

I propose you for future releases using only user explicit setup
options related with cloudinit setup (name, sshkeys, cipassword), I
mean explicit and ignore default values.
So in case of future changes as the referred commit there will not be
new instance-id as the user does not generate explicitly new cloudinit
source of info, then no new instance, no surprises for VM
administrator.

I am far away from being a Perl  developer, but I can put my best
effort during my spare time.
Anyway I would like to know what you think since what I am proposing
changes the current behaviour of PVE cloudinit, maybe these changes
could be part of PVE 9?

Thanks for your attention,

Regards,

Matias Pecchia

[0]: https://git.proxmox.com/?p=qemu-server.git;a=commitdiff;h=3e546c5ada47da8434bb58d27a3aa7d9823e7fa4
[1]: https://git.proxmox.com/?p=qemu-server.git;a=blob;f=PVE/QemuServer/Cloudinit.pm;h=abc6b1421b38c67f3de46ea075d5f8ac2fe599ef;hb=1c5001c2e7f8b73cdcf192d23714985eaddc17ed#l497
[2]: https://git.proxmox.com/?p=qemu-server.git;a=blob;f=PVE/QemuServer/Cloudinit.pm;h=abc6b1421b38c67f3de46ea075d5f8ac2fe599ef;hb=1c5001c2e7f8b73cdcf192d23714985eaddc17ed#l481
[3]: https://git.proxmox.com/?p=qemu-server.git;a=blob;f=PVE/QemuServer/Cloudinit.pm;h=abc6b1421b38c67f3de46ea075d5f8ac2fe599ef;hb=1c5001c2e7f8b73cdcf192d23714985eaddc17ed#l476
[4]: https://cloudinit.readthedocs.io/en/latest/explanation/boot.html#first-boot-determination


-- 
             .::MAbeeTT::.

 mabeett [at] gmail [ dot] com


[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] cloudinit: RFC proposal for unwanted and unexpected regeneration of instance-id

[Mira Limbeck]

Hi Matias,

Thank you for providing this detailed description of the issue!

We have an open issue in our bug tracker [0]. If it's alright with you
I'd add your text as-is to the bug tracker as a comment for additional
information/reasoning on why that change would be needed.

Feel free to add yourself to the CC list if you want to be notified on
updates.

> I am far away from being a Perl  developer, but I can put my best
> effort during my spare time.
> Anyway I would like to know what you think since what I am proposing
> changes the current behaviour of PVE cloudinit, maybe these changes
> could be part of PVE 9?

I already started working on an implementation for a fixed instance-id.
I can't give an ETA when the first draft will be sent to the pve-devel
list though.



[0] https://bugzilla.proxmox.com/show_bug.cgi?id=1739


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] cloudinit: RFC proposal for unwanted and unexpected regeneration of instance-id

[MAbeeTT via pve-devel]

[-- Attachment #1: Type: message/rfc822, Size: 7194 bytes --]

From: MAbeeTT <mabeett@gmail.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] cloudinit: RFC proposal for unwanted and unexpected regeneration of instance-id
Date: Tue, 16 Jul 2024 17:19:35 +0200
Message-ID: <CAKmboB+5hNmqbECax5cAeFcoKJqoBPJ6HATXL0OB1EowZ6H2sA@mail.gmail.com>

On Tue, Jul 16, 2024 at 4:49 PM Mira Limbeck <m.limbeck@proxmox.com> wrote:
>
> Hi Matias,
>
> Thank you for providing this detailed description of the issue!

Hello Mira
thanks for your quick response!
From my side I offer all my available energy in order to help.


> We have an open issue in our bug tracker [0]. If it's alright with you
> I'd add your text as-is to the bug tracker as a comment for additional
> information/reasoning on why that change would be needed.

Sure, feel free to edit in order to clarify.
Just one clarification:
Current cloud-init documentation from my first message determines[0] clearly

> >  Alternatively, the filesystem has been attached to a new instance, and this is the instance’s first boot.
> > The most obvious case where this happens is when an instance is launched from an image captured from a launched instance.
> > By default, cloud-init attempts to determine which case it is running in by checking the instance ID in the cache against the instance ID it determines at runtime.
> > If they do not match, then this is an instance’s first boot;

So It is not a matter of a particular Distro/OS version/release. It is
a «a feature» from upstream cloud-init implementation.

My corner case is just a bit different, let say "Do not update
instance-id without user new VM config [subset cinit-related]"
Anyway your work could be an answer for my scenario.

Let me know if this is clear enough.

>
> Feel free to add yourself to the CC list if you want to be notified on
> updates.

Done, thanks

>
> > I am far away from being a Perl  developer, but I can put my best
> > effort during my spare time.
> > Anyway I would like to know what you think since what I am proposing
> > changes the current behaviour of PVE cloudinit, maybe these changes
> > could be part of PVE 9?
>
> I already started working on an implementation for a fixed instance-id.
> I can't give an ETA when the first draft will be sent to the pve-devel
> list though.

Great, ping me if you need feedback.

kind regards,
mts


[0] https://cloudinit.readthedocs.io/en/latest/explanation/boot.html#first-boot-determination
--
             .::MAbeeTT::.

 mabeett [at] gmail [ dot] com


[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel