DAB for LXC in PVE 4?

[apmuthu]

Is there any DAB for LXC in PVE 4 as yet?

Can an existing PVE 3.x template be used to create an LXC in PVE 4?

 

[tom]

yes.

> apt-get install dab

https://git.proxmox.com/?p=dab.git;a=summary

you need to test if your existing templates build successfully on the new dab, but I assume they will.

 

[apmuthu]

On 2015-06-29, a commit was made to the git repo for DAB:
do not regenerate sshd host keys

For PVE 3.x is the second diff necessary for OpenVZ?

@@ -1338,9 +1338,6 @@ EOD
     # reset password
     $self->ve_command ("usermod -L root");
 
-    # regenerate sshd host keys
-    $self->install_init_script ($script_ssh_init, 2, 14);
-
     if ($mta eq 'postfix') {
        $data = "postfix postfix/main_mailer_type select No configuration\n";
        $self->ve_debconfig_set ($data);

 

[dietmar]

For PVE 3.x is the second diff necessary for OpenVZ?

We do not longer support OpenVZ with dab (use old dab version for OpenVZ instead).

 

[apmuthu]

I understand that you no longer support OpenVZ now that the later kernels have dropped it.
All I wanted to know was why ssh keys are no longer needed to be generated for LXC.

Attached is the updated DAB.pm file for use in PVE 3.x - community (my) supported version.

 

[dietmar]

All I wanted to know was why ssh keys are no longer needed to be generated for LXC.

We create them at container creation time.

 

[apmuthu]

Even in OpenVZ, the ssh keys are created during container creation - hence the said diffs must be valid for PVE 3.x as well - isn't it? Therefore, ssh keys should have been deleted and then created during container creation time for OpenVZ (in PVE 3.x) using DAB to have worked well hitherto ....

 

[dietmar]

hence the said diffs must be valid for PVE 3.x as well - isn't it?

No, it is required for OpenVZ.

 

[apmuthu]

No, it is required for OpenVZ.

No, it is NOT required for OpenVZ (PVE 3.x)
or
Yes, it IS required for OpenVZ (PVE 3.x)

 

[dietmar]

Yes, it IS required for OpenVZ

 

[apmuthu]

Thanks, will checkout.

 

[apmuthu]

If you are using upto pve-manager v3.4-6 (tested), do not apply the portion of the patch listed in the #3 post in this thread but use the patched DAB.pm file in the #5 post in this thread (contains Debian jessie, and Ubuntu later versions). Otherwise, the SSH keys will not get regenerated and you will land up getting the same keys for all newly created containers that the base template has on it's creation. Refer changelog for pve-manager. Have not tested the later versions of pve-manager in PVE 3.4 but see no reason why it should be any different atleast until pve-manager v3.4-9.

Tested the issue with:

# pveversion -v
proxmox-ve-2.6.32: 3.4-156 (running kernel: 2.6.32-39-pve)
pve-manager: 3.4-6 (running version: 3.4-6/102d4547)
pve-kernel-2.6.32-39-pve: 2.6.32-156
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.7-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.10-2
pve-cluster: 3.0-17
qemu-server: 3.4-6
pve-firmware: 1.1-4
libpve-common-perl: 3.0-24
libpve-access-control: 3.0-16
libpve-storage-perl: 3.0-33
pve-libspice-server1: 0.12.4-3
vncterm: 1.1-8
vzctl: 4.0-1pve6
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 2.2-10
ksm-control-daemon: 1.1-1
glusterfs-client: 3.5.2-1

The vzctl binary allows create/clone of container and it is up-to-date as far as PVE 3.4 version is concerned.

The contents of the SSH keys must be different for different containers (except hot/cold standby clones):

/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub