From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 25E756CE5A for ; Wed, 3 Feb 2021 09:28:37 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1356617B82 for ; Wed, 3 Feb 2021 09:28:37 +0100 (CET) Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 0D94417B79 for ; Wed, 3 Feb 2021 09:28:36 +0100 (CET) Received: by mail-wr1-x430.google.com with SMTP id l12so23153332wry.2 for ; Wed, 03 Feb 2021 00:28:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=odiso-com.20150623.gappssmtp.com; s=20150623; h=message-id:subject:from:to:date:in-reply-to:references:user-agent :mime-version:content-transfer-encoding; bh=c8CkHgLJTTh8y5IuY1EoHp9EM6qgRB9nquMWz/AIID0=; b=rC34gZowoAIQo2EsSoqN8fFLF5qgG+S7/kFyqdPixpqcofsM6Nyc/OdXCEDsqzNKJN E9Xtbss6EopoI+b59HP/BSF+GYSfB9uDtvsEmRp4PQKpz/HihZDgESICKBhbB8Vmz2Mg F+PB3Vpb77A2ijFvmAL2sOo0vIO5n6IHpS0D2gj7YLh770pCJJY1+p94v9czvOFg0Dw2 hwcRm5EtSOIbrufmwqNItQtnC/9Zt0PFlwJU5HwqyPKKMjz3Xpf1RIPfEtBhFzYhEmBo TqVrcYgj+WZerXkzH793NP0O7Aekxj7dpdfQPuZmNm2LW0iTWLIJ/VCjrlG1dPoC1MZ/ 8FDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=c8CkHgLJTTh8y5IuY1EoHp9EM6qgRB9nquMWz/AIID0=; b=X4yhp4q7axJpafRG884dZ0hYNdWQ9Spgko5zp6O8mtX2v1vmQXs5KvzJhzoiLKpJzG UBRxQaplaF3NPowRZ6xJkBNvjidJZ1O4QGSkZP3+5Ku8uV+/jXbNBB9TiyoSMRxxix3b YwhBef0WEYUf+c8v6ZtTUXNFDlj6Zbr+a/fxKbvhcjhuF3Puy+0hzprrC9afZbocEki5 rD+pXIybE1EqrPsa5v4XQ2ywMvC78b3LX0yRFEHDnRyv9mr164DJ+Gow830Tf7YZH4OO jyjlN1K+pTCuMUDDOpCKxfEKqc8Fd7QmRFi9CF0zMsK0Sy31KFPE2tnFYYVecpTPREcN lC3g== X-Gm-Message-State: AOAM533jqM9DpOHYoKib4YBfBKihqK+9ZTJpy//vj3oKoancZXCtYsDn G8y+kV9dXO8TlWeCQKnHKBzTHwtfgrDkVWd3 X-Google-Smtp-Source: ABdhPJzYHNswCcbHcgW0wNMPRcc7bLHtp/XxoMk6vPZpmeWZNTSCk1KDN1QAOExFy+sqomoOqwDI8g== X-Received: by 2002:a5d:544b:: with SMTP id w11mr2192067wrv.1.1612340909326; Wed, 03 Feb 2021 00:28:29 -0800 (PST) Received: from ?IPv6:2a0a:1580:0:1::100c? (ovpn1.odiso.net. [2a0a:1580:2000::3f]) by smtp.gmail.com with ESMTPSA id o9sm2380437wrw.81.2021.02.03.00.28.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Feb 2021 00:28:28 -0800 (PST) Message-ID: From: aderumier@odiso.com To: Proxmox VE development discussion Date: Wed, 03 Feb 2021 09:28:27 +0100 In-Reply-To: <46f3dc57889d0bd0bfc84f5a946dad12d179ed5b.camel@odiso.com> References: <20210114171108.756728-1-aderumier@odiso.com> <46f3dc57889d0bd0bfc84f5a946dad12d179ed5b.camel@odiso.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.152 Adjusted score from AWL reputation of From: address DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [cloudinit.pm, opennebula.io, readthedocs.io] Subject: Re: [pve-devel] [PATCH qemu-server] cloudinit: add sshdeletehostkeys option X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2021 08:28:37 -0000 Le lundi 01 février 2021 à 17:12 +0100, aderumier@odiso.com a écrit : > > > > [0] https://cloudinit.readthedocs.io/en/latest/topics/cli.html#clea > > n > > > The main problem currently is indeed that we change instance-id at > each rebuild of the cloud-init disk. > But I'm not sure that's it's possible to change ip address when > keeping same instance-id, because ip configuration is done > at the cloudinit-init-local service, at it's already done once.  > Maybe this was the historic reason why we change the the instance-id > each time, I don't remember exactly. > I'll check that tomorrow to be sure, but indeed, keeping the > instance-id should be the clean way. Hi, I have redone tests with cloud-init. So, the problem with networking config, is it's really only done once by instance-id , and they are no way to change that. (it's done in cloud-init local, and it's not possible to change that like the others modules). So, we really need to change instance-id each time. Also, the ssh module manage both user ssh public keys, and host private keys. So the only way is the trick of this patch to disable the host key generation after first boot. Currently I'm not using cloud-init, but I wonder if it's really the good tool to manage configuration after the first boot. (It's has been created by cloud-provider to really only run once at first boot, and after that the configuration don't change). I have looked on the net, and found than opennebula provide a nice tool to manage configuration at boot, but also changes in live. https://github.com/OpenNebula/addon-context-linux It's only simple a simple iso config drive with environment variables + bash script + service for boot + udev rules to handle cdrom media changes/nic plug/unplug live events. Historically, opennebula was using cloud-init too (they are also an opennebula config drive driver in cloud-init) https://cloudinit.readthedocs.io/en/latest/topics/datasources/opennebula.html but it was not matching their workload, so they have created their own script. https://forum.opennebula.io/t/one-context-vs-cloud-init/1641 I have tested it, with a small patch in CloudInit.pm to generate the cloudera context format, it's just working out of the box. I can manage ips,hostname,sshkeys,resize partition dynamically without any trick. I really like it, and with simple bash script + env var in config drive, it's possible to easily adapt them for special need. (I have some tricky network config in my production network) a windows version is available too: https://github.com/OpenNebula/addon-context-windows What do you think to add this new datasource format support in current Cloudinit.pm ? Here a sample (not cleaned yet): +sub generate_opennebula { + my ($conf, $vmid, $drive, $volname, $storeid) = @_; + + my ($hostname, $fqdn) = get_hostname_fqdn($conf, $vmid); + + my $content = ""; + + my $username = $conf->{ciuser}; + my $password = encode_base64($conf->{cipassword}); + $keys = [map { my $key = $_; chomp $key; $key } split(/\n/, $keys)]; + $keys = [grep { /\S/ } @$keys]; + $content .= "SSH_PUBLIC_KEY=\""; + + foreach my $k (@$keys) { + $content .= "$k\n"; + } + $content .= "\"\n"; + + } + + my ($searchdomains, $nameservers) = get_dns_conf($conf); + if ($nameservers && @$nameservers) { + $nameservers = join(' ', @$nameservers); + $content .= "DNS=\"$nameservers\"\n"; + } + + $content .= "NETWORK=YES\n"; + $content .= "SET_HOSTNAME=prout2\n"; + + if ($searchdomains && @$searchdomains) { + $searchdomains = join(' ', @$searchdomains); + $content .= "SEARCH_DOMAIN=\"$searchdomains\"\n"; + } + + my @ifaces = grep { /^net(\d+)$/ } keys %$conf; + foreach my $iface (sort @ifaces) { + (my $id = $iface) =~ s/^net//; + next if !$conf->{"ipconfig$id"}; + my $net = PVE::QemuServer::parse_ipconfig($conf- >{"ipconfig$id"}); + my $ethid = "ETH$id"; + + my $mac = lc $net->{hwaddr}; + if ($net->{ip}) { + if ($net->{ip} eq 'dhcp') { + $content .= "\n"; #opennebule don't handle DHCP config..... + } else { + my ($addr, $mask) = split_ip4($net->{ip}); + $content .= $ethid."_IP=$addr\n"; + $content .= $ethid."_MASK=$mask\n"; + $content .= $ethid."_MAC=$mac\n"; + $content .= $ethid."_GATEWAY=$net->{gw}\n" if $net- >{gw}; + } + } + + } + + my $files = { + '/context.sh' => $content, + }; + commit_cloudinit_disk($conf, $vmid, $drive, $volname, $storeid, $files, 'CONTEXT'); +} + @@ -461,13 +531,14 @@ sub read_cloudinit_snippets_file { my $cloudinit_methods = { configdrive2 => \&generate_configdrive2, nocloud => \&generate_nocloud, + opennebula => \&generate_opennebula, };