Re: [pve-devel] Feature idea: import cloud images as disks, or at VM creation

[Wolf Noble <wolf@wolfspyre.com>]

I would think (always dangerous) that the ability to create new VMs from seed images of differing levels of administratively-blessed sources would warrant a few privilege classes to be able to 
(off the top of my head)
- add new image collections
- bless new images
- flag images as ‘preferred’ ‘testing’ ‘sunsetting’ ‘deprecated’ ‘undeployable’
- create new flag-flavors
- add/alter privilege bundles in relationship to flags
- share image collections with another (cluster/customer)
- check for updates to/fetch new existing blessed images
- create new singleton vms from these blessed images
- create an arbitrary set of images to be usable as a privilege construct (( ie users with privilege X may create N vms from group Y ))
- CRUD storage locations for caching of blessed images)

for example:
1) download $cloud-image from $vmfactory
2) add local environment secret sauce
3) spin up a vm from new image and run some scripted automation tasks validating (some stuff still works with new image) security requirements are implemented 
4) flag image as blessed if sniff test doesn’t cause problems
5) remove/reclassify superseded images 


this proto workflow could be automated via CI for acceptance…  and run on a schedule permitting cluster users to be able to receive regular updated vm seeds while maintaining compliance requirements … with minimal administrative overhead 

granted; this is a long way down a theoretical journey … 

i’m just trying to think through what constructs would make sense to ensure they could be implemented tomorrow should it be deemed a good idea…


[= The contents of this message have been written, read, processed, erased, sorted, sniffed, compressed, rewritten, misspelled, overcompensated, lost, found, and most importantly delivered entirely with recycled electrons =]

> On Apr 24, 2023, at 04:01, Fabian Grünbichler <f.gruenbichler@proxmox.com> wrote:
> 
> On April 24, 2023 10:01 am, DERUMIER, Alexandre wrote:
>> I think it could be done with some kind of new naming for this kind of
>> disk,
>> 
>> like "template-....."  in the storage
>> 
>> to match current lxc behaviour.
>> 
>> 
>> I don't think we need to vm template itself inside this, only the disk.
>> 
>> then use could create a vm like
>> 
>> qm create <vmid> --iscsi0:template-.....
> 
> we basically already have this, it's just not yet on the GUI ;)
> 
> $ qm create/set 123 --scsi0 TARGET_STORAGE:0,import-from=SOURCE_STORAGE:VOLUME,other_option=value
> 
> will import an existing volume (or, if highly privileged, arbitrary
> image/block device) to a newly allocated volume on TARGET_STORAGE.
> 
> also mentioned in the docs for cloud-init:
> 
> https://pve.proxmox.com/pve-docs/chapter-qm.html#_preparing_cloud_init_templates
> 
> we haven't fully hashed out yet how to integrate it into the GUI, but
> it's already available on the API and CLI. 
> 
> one part that might still be worth of discussion is whether to add a new
> dir or naming scheme on storages for VM template files like downloaded
> cloud(-init) images, and then on the GUI only offer up those and volumes
> of VM templates as sources (at least by default), instead of *all*
> images accessible to the user.
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>