From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id C38E51FF165 for <inbox@lore.proxmox.com>; Wed, 12 Feb 2025 16:47:09 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5BC661A218; Wed, 12 Feb 2025 16:47:04 +0100 (CET) Message-ID: <b136bccf-2f37-43a5-b1cd-417ae48dd8f1@proxmox.com> Date: Wed, 12 Feb 2025 16:46:29 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>, Daniel Herzig <d.herzig@proxmox.com> References: <20250210120722.163622-1-d.herzig@proxmox.com> <20250210120722.163622-9-d.herzig@proxmox.com> Content-Language: en-US From: Fiona Ebner <f.ebner@proxmox.com> In-Reply-To: <20250210120722.163622-9-d.herzig@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.448 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_ASCII_DIVIDERS 0.8 Email that uses ascii formatting dividers and possible spam tricks KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [gen-pct-cloud-init-opts.pl, gen-pct-network-opts.pl, guest-example-hookscript.pl, 5-opts.pl, gen-qm-cloud-init-opts.pl, gen-pct-mountpoint-opts.pl] Subject: Re: [pve-devel] [PATCH 8/8 docs] pct: document cloudinit for LXC X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/> List-Post: <mailto:pve-devel@lists.proxmox.com> List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com> Planning to look at the code patches tomorrow, for now I started here :) Am 10.02.25 um 13:07 schrieb Daniel Herzig: > From: Leo Nunner <l.nunner@proxmox.com> > > adds documentation for Cloud-Init for containers. Most of it has been > taken from the VM documentation, since the configuration mostly works > the same. Added a script to extract the cloudinit parameters the same > way it's already done for VMs. > > Signed-off-by: Leo Nunner <l.nunner@proxmox.com> > --- > Makefile | 1 + > pct-cloud-init.adoc | 114 ++++++++++++++++++++++++++++++++++++++++++++ > pct.adoc | 4 ++ > 3 files changed, 119 insertions(+) > create mode 100644 pct-cloud-init.adoc > > diff --git a/Makefile b/Makefile > index f30d77a..24836b8 100644 > --- a/Makefile > +++ b/Makefile > @@ -53,6 +53,7 @@ GEN_SCRIPTS= \ > gen-pct.conf.5-opts.pl \ > gen-pct-network-opts.pl \ > gen-pct-mountpoint-opts.pl \ > + gen-pct-cloud-init-opts.pl \ > gen-qm.conf.5-opts.pl \ > gen-cpu-models.conf.5-opts.pl \ > gen-qm-cloud-init-opts.pl \ > diff --git a/pct-cloud-init.adoc b/pct-cloud-init.adoc > new file mode 100644 > index 0000000..1398e7b > --- /dev/null > +++ b/pct-cloud-init.adoc > @@ -0,0 +1,114 @@ > +[[pct_cloud_init]] > +Cloud-Init Support > +------------------ > +ifdef::wiki[] > +:pve-toplevel: > +endif::wiki[] > + > +{pve} supports the Cloud-init 'nocloud' format for LXC. s/Cloud-init/Cloud-Init/ Although the official name seems to be "cloud-init", the documentation for VMs uses "Cloud-Init" as the capitalization, so I think we should stick to it (or change it to "cloud-init" consistently everywhere). > + > +{pve} writes the Cloud-init configuration directly into the container. s/Cloud-init/Cloud-Init/ > +When the 'cienable' option is set to true, the configuration is updated > +directly before before every boot. Each configuration is identified by > +an 'instance id', which Cloud-Init uses to decide whether it should run > +again or not. Maybe add a quick sentence what happens if "cienable" is not set, just for clarity? Hmm, seems strange actually: * previously added SSH keys will stay added * previously added users will stay added * package upgrades seems to revert to default 'No' If this really is intentional, this should be documented of course. Seems like it behaves the same for VMs, should be documented there too. > + > +Preparing Cloud-Init Templates > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + > +The first step is to prepare your container. Any template will suffice. > +Simply install the Cloud-Init packages inside the CT that you want to s/CT/countainer/ > +prepare. On Debian/Ubuntu based systems this is as simple as: > + > +---- > +apt install cloud-init > +---- > + > +WARNING: This command is *not* intended to be executed on the {pve} host, but > +only inside the container. > + > +A simple preparation for a cloud-init capable container could look like this: s/cloud-init/Cloud-Init/ > + > +---- > +# download an image > +pveam download local ubuntu-22.10-standard_22.10-1_amd64.tar.zst This one doesn't exists (on PVE 8.3), would be nice to have a working example. > + > +# create a new container > +pct create 9000 local:vztmpl/ubuntu-22.10-standard_22.10-1_amd64.tar.zst \ > + --storage local-lvm --memory 512 \ Maybe specify an explicit rootfs with size rather than the '--storage' option. The automatic default of 4 GiB is a bit magic-y and like this, users won't see how to adapt the size for their use case straight away. I'd also add --unprivileged 1 --features nesting=1 since that is usually desired and are the UI defaults too. As well as setting the 'cores'. > + --net0 name=eth0,bridge=vmbr0,ip=dhcp,type=veth > +---- > + > +Now, the package can be installed inside the container: > + > +---- > +# install the needed packages > +pct start 9000 NOTE: you will need to wait until the network is ready ;) > +pct exec 9000 apt update > +pct exec 9000 apt install cloud-init > +pct stop 9000 > +---- > + > +Finally, it can be helpful to turn the container into a template, to be able > +to quickly create clones whenever needed. > + > +---- > +pct template 9000 > +---- > + I think there should be a section about describing how to actually configure the settings (also referring to the UI). Currently, there only is the description with the custom configuration, but the basic configuration is not mentioned at all. > +Deploying Cloud-Init Templates > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + > +A template can easily be deployed by cloning: > + > +---- > +pct clone 9000 3000 --hostname ubuntu > +---- > + > +Cloud-Init can now be enabled, and will run automatically on the next boot. > + > +---- > +pct set 3000 --cienable=1 > +---- > + > +Custom Cloud-Init Configuration > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + > +The Cloud-Init integration also allows custom config files to be used instead > +of the automatically generated configs. This is done via the `cicustom` > +option on the command line: > + > +---- > +pct set 9000 --cicustom "user=<volume>,meta=<volume>" > +---- > + > +The custom config files have to be on a storage that supports snippets and have > +to be available on all nodes the container is going to be migrated to. Otherwise the > +container won't be able to start. > +For example: > + > +---- > +qm set 9000 --cicustom "user=local:snippets/userconfig.yaml" Uses qm instead of pct > +---- > + > +In contrast to the options for VMs, containers only support custom 'user' > +and 'vendor' scripts, but not 'network'. Network configuration is done through > +the already existing facilities integrated into {pve}. They can all be specified > +together or mixed and matched however needed. > +The automatically generated config will be used for any section that doesn't have a > +custom config file specified. > + > +The generated config can be dumped to serve as a base for custom configs: > + > +---- > +pct cloudinit dump 9000 user > +---- > + > +The same command exists for `meta`. > + > + > +Cloud-Init specific Options > +~~~~~~~~~~~~~~~~~~~~~~~~~~~ Doesn't use title case > + > +include::pct-cloud-init-opts.adoc[] > + > diff --git a/pct.adoc b/pct.adoc > index 529b72f..de80347 100644 > --- a/pct.adoc > +++ b/pct.adoc > @@ -622,6 +622,10 @@ It will be called during various phases of the guests lifetime. For an example > and documentation see the example script under > `/usr/share/pve-docs/examples/guest-example-hookscript.pl`. > > +ifndef::wiki[] > +include::pct-cloud-init.adoc[] > +endif::wiki[] > + > Security Considerations > ----------------------- > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel