From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id CCE111FF2AB for ; Tue, 16 Jul 2024 16:40:58 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E9AF81DC12; Tue, 16 Jul 2024 16:41:25 +0200 (CEST) Date: Tue, 16 Jul 2024 16:41:06 +0200 To: pve-devel@lists.proxmox.com MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE development discussion List-Post: From: MAbeeTT via pve-devel Precedence: list Cc: MAbeeTT X-Mailman-Version: 2.1.29 X-BeenThere: pve-devel@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: MAbeeTT@gmail.com, Proxmox VE development discussion List-Help: Subject: [pve-devel] cloudinit: RFC proposal for unwanted and unexpected regeneration of instance-id Content-Type: multipart/mixed; boundary="===============0131947352886529937==" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" --===============0131947352886529937== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-devel@lists.proxmox.com Delivered-To: pve-devel@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E8B55C0D53 for ; Tue, 16 Jul 2024 16:41:24 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C5B861DAFF for ; Tue, 16 Jul 2024 16:41:24 +0200 (CEST) Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 16 Jul 2024 16:41:24 +0200 (CEST) Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-58f9874aeb4so7144788a12.0 for ; Tue, 16 Jul 2024 07:41:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721140877; x=1721745677; darn=lists.proxmox.com; h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc :subject:date:message-id:reply-to; bh=4BBAwho7/diCYVhrAPfZxUTrIy4HJDyWVVQTswVY3Pk=; b=PTm3LRAjOWw2bhSx7rVUZsjPtNQ5ytHFvCD0/Vh5TJVHLSbRZ61W3vc7+HZ+r2k2nI PENGxFmssCWxNkT1RE6mMMwCQq0gQhwF4HZ106m9Zz1txpGy/qZDU/cX1SAMye2mc6Cv Qg7DHd7qzuzlUuX/1LawONeLtO/uCHgDewbXVJM2CHDWlQ9Z7G5+MmsjQKBoQQgZ9pGm 3mCGbmzjOPYE2kkDIVXgo6XiTgQVEPNxlYr5Bcu9hYud8OAe3f+Hn9rWJxS2MDF+qu4t WVf3fECwaZFFE902tvcC9LL/VoCa1+qWGzEZTcTyltUG63ZmtQNMhINw/6GOHqmQQQCx D5ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721140877; x=1721745677; h=to:subject:message-id:date:from:reply-to:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=4BBAwho7/diCYVhrAPfZxUTrIy4HJDyWVVQTswVY3Pk=; b=gud1hn3QK8l63kJdvKZHVfaGdI8irqTyzA7tRnJUnw+GGS7hUIvUTVi44byOslv6gK 8S4/kk5PciOIcQNvDCkNnl1z2SBNQabjY1xaaHR+g6nGM+LelSTrdU+L2G3i2DrZbMEQ xT85MFQ/Qq+UityvuPYTFS6C8qMCiDbVfit5v/RdqWBXWRx/wW9lVgP6ZLa8dWkqtgOA 0z60+m0xiNrip8T+ap4pQO4209KcKKBcECyWlRBOgJ0NXEWpeFIsVxcaJuBRat+GAQ0a +ujOypyJUrJN+ISyGCwWcr5T2Afa6a5T2eIRx9yBOl8t/hsWnAaFjdAC3MDcjE32aj+B vLmA== X-Gm-Message-State: AOJu0YwoxOaLIktdhjDHy9zCOtvFEsNgNXOrA2863EesD7/zvz8Sk7O1 wxP2DTVvPA3pfw9lum+pNn8HJz35v94MsiBLNJJ8Ep4FiHfgESElMuy4+gVQA2T3wmwofM1aZrn bYVz7kmHLTyekEm/nZXhiRkH/DhEgbbIdRi65Ag== X-Google-Smtp-Source: AGHT+IH5j3q0eI6OJJFjSPxsEkMYl0V59gce4xy0C0qJip34lVHytuidSNOqIG1OJsV3YQM58zHMWVnGh4rwFwm25bw= X-Received: by 2002:a17:906:a0cb:b0:a77:e141:a50d with SMTP id a640c23a62f3a-a79ea5d0946mr166685166b.31.1721140877147; Tue, 16 Jul 2024 07:41:17 -0700 (PDT) MIME-Version: 1.0 Reply-To: MAbeeTT@gmail.com From: MAbeeTT Date: Tue, 16 Jul 2024 16:41:06 +0200 Message-ID: Subject: cloudinit: RFC proposal for unwanted and unexpected regeneration of instance-id To: pve-devel@lists.proxmox.com Content-Type: text/plain; charset="UTF-8" X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com,readthedocs.io] Hello all, I am Matias from Spain, raised in Argentina where I met PVE from version 3 when trying to find an opensource KVM and container solution for an internal lab. After backup on proxmox PVE7 and restore in PVE8 [ 8.2.4 ] in my personal lab I got new instance-id's hash for restored VMs. Searching in the source code I see the root cause is the commit cloudinit "pass through hostname via fqdn field" [0]. In certain conditions with the change in the commit without user intervention in the VM a new key fqdn is created for the userdata, the userdata info feeds the hash[1][2] which is in fact the value for the key instance-id[3] of the meta-data file. With a new instance-id the cloud-init agent in the VM takes the "per-instance" configuration and actions, instead of the "per-boot" configuration[4]. This is a problem not limited to new ssh keys, because users could generate VM templates with specific actions to be triggered only with a new VM/instance. I propose you for future releases using only user explicit setup options related with cloudinit setup (name, sshkeys, cipassword), I mean explicit and ignore default values. So in case of future changes as the referred commit there will not be new instance-id as the user does not generate explicitly new cloudinit source of info, then no new instance, no surprises for VM administrator. I am far away from being a Perl developer, but I can put my best effort during my spare time. Anyway I would like to know what you think since what I am proposing changes the current behaviour of PVE cloudinit, maybe these changes could be part of PVE 9? Thanks for your attention, Regards, Matias Pecchia [0]: https://git.proxmox.com/?p=qemu-server.git;a=commitdiff;h=3e546c5ada47da8434bb58d27a3aa7d9823e7fa4 [1]: https://git.proxmox.com/?p=qemu-server.git;a=blob;f=PVE/QemuServer/Cloudinit.pm;h=abc6b1421b38c67f3de46ea075d5f8ac2fe599ef;hb=1c5001c2e7f8b73cdcf192d23714985eaddc17ed#l497 [2]: https://git.proxmox.com/?p=qemu-server.git;a=blob;f=PVE/QemuServer/Cloudinit.pm;h=abc6b1421b38c67f3de46ea075d5f8ac2fe599ef;hb=1c5001c2e7f8b73cdcf192d23714985eaddc17ed#l481 [3]: https://git.proxmox.com/?p=qemu-server.git;a=blob;f=PVE/QemuServer/Cloudinit.pm;h=abc6b1421b38c67f3de46ea075d5f8ac2fe599ef;hb=1c5001c2e7f8b73cdcf192d23714985eaddc17ed#l476 [4]: https://cloudinit.readthedocs.io/en/latest/explanation/boot.html#first-boot-determination -- .::MAbeeTT::. mabeett [at] gmail [ dot] com --===============0131947352886529937== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel --===============0131947352886529937==--