[TUTORIAL] PVE9 Create a VM Template for a Debian Trixie Server with Cloud-Init

G

gfngfn256

Distinguished Member
Mar 29, 2023
2,737
894
153
Just wanted to share my (successful) procedure for creating in PVE9 a VM Template for a Debian Trixie Server with Cloud-Init, which I have done in the past for previous Debian versions in PVE8. This is most useful to quickly spin up a Debian server for any purpose.

The following procedure was successfully done in a Debian server running 12.11 as a VM within PVE9:

Code: 
apt install libguestfs-tools  #needed for the virt-customize tool

wget https://cloud.debian.org/images/cloud/trixie/latest/debian-13-genericcloud-amd64.qcow2 #the current Trixie latest cloud image available

sha512sum debian-13-genericcloud-amd64.qcow2 #check against https://cloud.debian.org/images/cloud/trixie/latest/SHA512SUMS


#customize the image:

virt-customize -a debian-13-genericcloud-amd64.qcow2  --install qemu-guest-agent,curl,wget,nano,rsync,htop,tmux #tools I like to add

virt-customize -a debian-13-genericcloud-amd64.qcow2 --run-command "sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config" #to enable root login which is off by default

virt-customize -a debian-13-genericcloud-amd64.qcow2 --run-command "sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config" #to enable SSH authentication by password - my use choice

qemu-img convert -O qcow2 -c -o preallocation=off debian-13-genericcloud-amd64.qcow2 debian-13-genericcloud-amd64-shrink.qcow2 #convert & compress qcow2 image


#send image to PVE host:

scp debian-13-genericcloud-amd64-shrink.qcow2 root@........................... #enter desired location on host node

In PVE host:

  • Create a VM 200 # use {vmid} you wish
  • Name: Debian-Trixie-CloudINIT-Template #name I used
  • Do not use any media, Qemu Agent (ticked), Remove all disk, 2 cores x86-64-v2-AES, 4096 RAM #settings I chose
  • Set to not run on completion

In Host node shell:
Code: 
qm importdisk 200 debian-13-genericcloud-amd64-shrink.qcow2 Storage --format qcow2 #change 200 to the actual {vmid} you used above & required Storage location, I used 'Storage'

In GUI of VM 200 (or your {vmid} as above):
  • Remove the CD/DVD drive # I don't need one
  • Add unused disk as scsi0, ssd on discard on default nocache #my choices, adjust accordingly
  • Add cloud-init drive as ide0
  • In cloud-init set User as root & password, set IPV4 as dhcp #my choices, adjust accordingly
  • In VM Options set boot order scsi0 as first & only boot device
  • Convert VM 200 (or your {vmid} as above) to Template

Done! #I make a backup of this VM template once done.

Testing:
  • Create a Full clone
  • Set Cloud-Init settings of the clone as required & regenerate Cloud-Init image
  • Start cloned VM (This will fully setup the VM & should fully Update & Upgrade it)
  • Shutdown
  • In GUI; Remove Cloud-Init drive from Hardware
Done!
 
Last edited:
  • Like
Reactions: jtru and Johannes S
muzammal said:
and is it must to do step
Click to expand...
No.

muzammal said:
in case i forget password so i can generate new from cloudinit
Click to expand...
Yes, works perfectly to change new password, (make sure to regenerate Cloud-Init image in GUI) - I tested this.

In addition, even if you do remove the Cloud-Init drive, you can always later re-add a Cloud-Init drive (from GUI, VM Hardware) & then change password (make sure to regenerate Cloud-Init image in GUI) - I tested this.
 
muzammal said:
I can't use SSH with a password. What could be the reason?
Click to expand...
Ubuntu is a little more tricky with this.

I must tell you I haven't actually messed with Jammy at all but I dabbled a bit with Plucky to create a VM template with Could-Init successfully.

However I did not adjust the image I used (plucky-server-cloudimg-amd64.img) - I believe this should be done correctly on a Ubuntu server.

Concerning the password issue with SSH:
I found that on Ubuntu Plucky, you need to adjust a file:
Code: 
sudo nano /etc/ssh/sshd_config.d/60-cloudimg-settings.conf

#change 'PasswordAuthentication no' to:
PasswordAuthentication yes
 
I created a script, to run on proxmox, to similarly create a Debian VM template:
Bash: 
#!/bin/bash
# makes a cloud-init template vm from URL
# call like ./proxmox_create_debian_template.sh 9000 tank

# Check for root priviliges
if [[ $EUID -ne 0 ]]; then
   printf "Please run as root:\nsudo %s\n" "${0}"
   exit 1
fi

TEMPLATE_VMID=$1
VM_STORAGE=$2

URL="https://cloud.debian.org/images/cloud/trixie/daily/latest/debian-13-genericcloud-amd64-daily.qcow2"
# TODO: check URL ends in '.qcow2'

TEMPLATE_NAME=$(basename "$URL" .qcow2)

IMAGE_PATH="${PWD}/${TEMPLATE_NAME}.qcow2"
SHRUNK_IMAGE_PATH="${PWD}/${TEMPLATE_NAME}-shrunk.qcow2"

# TODO: make these configurable
VM_CORES=2
VM_MEMORY=2048
DEFAULT_USER="debian"
DEFAULT_USER_PASSWORD="debian"

if ! command -v virt-customize >/dev/null 2>&1
then
    echo "virt-customize could not be found, please install the libguestfs-tools package"
    exit 1
fi

wget -q --show-progress -O "$IMAGE_PATH" "$URL"

virt-customize -a "$IMAGE_PATH" \
    --install "qemu-guest-agent" \
    --timezone "Europe/London" \
    --truncate "/etc/machine-id"
qemu-img convert -O qcow2 -c -o preallocation=off "$IMAGE_PATH" "$SHRUNK_IMAGE_PATH"

qm create "$TEMPLATE_VMID" \
    --name "template-$TEMPLATE_NAME" \
    --ostype "l26" \
    --machine "q35,viommu=virtio" \
    --bios "ovmf" \
    --efidisk0 "${VM_STORAGE}:1,efitype=4m,pre-enrolled-keys=0" \
    --tpmstate0 "${VM_STORAGE}:0,version=v2.0" \
    --cpu "host" \
    --cores "$VM_CORES" \
    --memory "$VM_MEMORY" \
    --serial0 "socket" \
    --vga "serial0" \
    --agent "enabled=1" \
    --net0 "virtio,bridge=vmbr0" \
    --scsihw "virtio-scsi-single" \
    --scsi0 "${VM_STORAGE}:0,import-from=$SHRUNK_IMAGE_PATH,discard=on" \
    --scsi1 "${VM_STORAGE}:cloudinit" \
    --boot "order=scsi0" \
    --ciuser "$DEFAULT_USER" \
    --cipassword "$DEFAULT_USER_PASSWORD" \
    --ipconfig0 "ip6=auto,ip=dhcp" \

qm disk resize "$TEMPLATE_VMID" "scsi0" "8G"
qm template "$TEMPLATE_VMID"
rm "$IMAGE_PATH" "$SHRUNK_IMAGE_PATH"

It appears to successfully create a template:

code_language.shell: 
$ sudo ./proxmox_create_debian_template.sh 9000 tank

/home/nick/debian-13-genericcloud- 100%[===============================================================>] 321.75M  15.0MB/s    in 22s
[   0.0] Examining the guest ...
[   7.1] Setting a random seed
virt-customize: warning: random seed could not be set for this type of
guest
[   7.2] Setting the machine ID in /etc/machine-id
[   7.2] Installing packages: qemu-guest-agent
[  11.8] Setting the timezone: Europe/London
[  11.9] Truncating: /etc/machine-id
[  11.9] SELinux relabelling
[  12.4] Finishing off
transferred 0.0 B of 528.0 KiB (0.00%)
transferred 528.0 KiB of 528.0 KiB (100.00%)
transferred 528.0 KiB of 528.0 KiB (100.00%)
efidisk0: successfully created disk 'tank:vm-9000-disk-0,efitype=4m,pre-enrolled-keys=0,size=1M'
transferred 0.0 B of 3.0 GiB (0.00%)
transferred 1.5 GiB of 3.0 GiB (50.46%)
transferred 3.0 GiB of 3.0 GiB (100.00%)
scsi0: successfully created disk 'tank:vm-9000-disk-1,size=3G'
scsi1: successfully created disk 'tank:vm-9000-cloudinit,media=cdrom'
tpmstate0: successfully created disk 'tank:vm-9000-disk-2,size=4M,version=v2.0'

However if I clone the template and start a VM, while it initially boots the kernel it appears to fail in the initramfs as it cannot find root partition:

code_language.shell: 
$ sudo qm clone 9000 101 --name "foobar" && sudo qm start 101 && sudo qm terminal 101

create linked clone of drive efidisk0 (tank:base-9000-disk-0)
create linked clone of drive scsi0 (tank:base-9000-disk-1)
create full clone of drive scsi1 (tank:vm-9000-cloudinit)
create full clone of drive tpmstate0 (tank:base-9000-disk-2)
transferred 0.0 B of 4.0 MiB (0.00%)
transferred 2.0 MiB of 4.0 MiB (50.00%)
transferred 4.0 MiB of 4.0 MiB (100.00%)
transferred 4.0 MiB of 4.0 MiB (100.00%)
generating cloud-init ISO
swtpm: Formatting 'file:///dev/zvol/tank/vm-101-disk-2' as new linear NVRAM store
swtpm_setup: Starting vTPM manufacturing as root:root @ Fri 19 Sep 2025 01:23:57 PM BST
swtpm_setup: TPM is listening on Unix socket.
swtpm_setup: Successfully created RSA 2048 EK with handle 0x81010001.
swtpm_setup:   Invoking /usr/bin/swtpm_localca --type ek --ek c6159aea8c9d033c0c2f49a24961e701d7f3ccd2b6a141ef4b70f33d104af68d7dd9cd879a182ac28d75b31560c15e6d7cec5937429ccec6a76547bcf8866d7c6bd8c939275d8ca193cc4bce725e58947453efa2060a3091acaa2b147565e7106e45aca1129020e4a1e554cbc7d145ed8871e61dcd6c34d9bdac762381c8b00ad8141097a56149442107cc6709b632fa66036d73db34044d1917252c5fc651328b7e40c2b474dbcc308687ceab6fd564678366dde415c3559938b6bb691fd62824adeb0e6cd043cfc037d1605d8f7378153c6647743f2473a4d1db9cead561446916086bd38cf8700e58a3ff14677f31db4211860545c5868ec8bd322b991819 --dir /tmp/swtpm_setup.certs.I2PUC3 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
swtpm_setup: swtpm_localca: Successfully created EK certificate locally.
swtpm_setup:   Invoking /usr/bin/swtpm_localca --type platform --ek c6159aea8c9d033c0c2f49a24961e701d7f3ccd2b6a141ef4b70f33d104af68d7dd9cd879a182ac28d75b31560c15e6d7cec5937429ccec6a76547bcf8866d7c6bd8c939275d8ca193cc4bce725e58947453efa2060a3091acaa2b147565e7106e45aca1129020e4a1e554cbc7d145ed8871e61dcd6c34d9bdac762381c8b00ad8141097a56149442107cc6709b632fa66036d73db34044d1917252c5fc651328b7e40c2b474dbcc308687ceab6fd564678366dde415c3559938b6bb691fd62824adeb0e6cd043cfc037d1605d8f7378153c6647743f2473a4d1db9cead561446916086bd38cf8700e58a3ff14677f31db4211860545c5868ec8bd322b991819 --dir /tmp/swtpm_setup.certs.I2PUC3 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
swtpm_setup: swtpm_localca: Successfully created platform certificate locally.
swtpm_setup: Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
swtpm_setup: Successfully created NVRAM area 0x1c08000 for platform certificate.
swtpm_setup: Successfully created ECC EK with handle 0x81010016.
swtpm_setup:   Invoking /usr/bin/swtpm_localca --type ek --ek x=d727b55ccf0f4996ea3d0f3634a3280c0bdd3a28d680f62bdcad9078365b7bd825426b430b4975399f733728513d0e6e,y=27f10cc5742254fc5f13c231595024d65315e0154eb9073d998dbb4292aa3341985598ec7916c74e0e036c16b43b96d8,id=secp384r1 --dir /tmp/swtpm_setup.certs.I2PUC3 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
swtpm_setup: swtpm_localca: Successfully created EK certificate locally.
swtpm_setup: Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
swtpm_setup: Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
swtpm_setup: Successfully authored TPM state.
swtpm_setup: Ending vTPM manufacturing @ Fri 19 Sep 2025 01:23:57 PM BST
starting serial terminal on interface serial0 (press Ctrl+O to exit)
BdsDxe: loading Boot0001 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1E,0x0)/Pci(0x4,0x0)/Pci(0x1,0x0)/Scsi(0x0,0x0)
BdsDxe: starting Boot0001 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1E,0x0)/Pci(0x4,0x0)/Pci(0x1,0x0)/Scsi(0x0,0x0)
error: no suitable video mode found.
  Booting `Debian GNU/Linux'

Loading Linux 6.12.43+deb13-cloud-amd64 ...
Loading initial ramdisk ...
EFI stub: Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path
EFI stub: Measured initrd data into PCR 9
[    0.000000] Linux version 6.12.43+deb13-cloud-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-14 (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #1 SMP PREEMPT_DYNAMIC Debian 6.12.43-1 (2025-08-27)
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.12.43+deb13-cloud-amd64 root=PARTUUID=2b506898-e678-45bd-b712-3b990bd34bd1 ro console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0

<SNIP, REMOVE kernel output>

[    0.934193] Run /init as init process
Loading, please wait...
Starting systemd-udevd version 257.8-1~deb13u2
[    1.017470] SCSI subsystem initialized
Begin: Loading essential drivers ... done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... done.
Begin: Waiting for root file system ... Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
[   11.081789] pci 0000:00:1c.0: deferred probe pending: (reason unknown)
[   11.082386] pci 0000:00:1c.1: deferred probe pending: (reason unknown)
[   11.082948] pci 0000:00:1c.2: deferred probe pending: (reason unknown)
[   11.083522] pci 0000:00:1c.3: deferred probe pending: (reason unknown)
[   11.084100] pci 0000:00:1e.0: deferred probe pending: (reason unknown)
[   11.084683] pci 0000:05:01.0: deferred probe pending: (reason unknown)
[   11.085260] pci 0000:05:02.0: deferred probe pending: (reason unknown)
[   11.085841] pci 0000:05:03.0: deferred probe pending: (reason unknown)
[   11.086349] pci 0000:05:04.0: deferred probe pending: (reason unknown)
[   11.086829] pci 0000:06:03.0: deferred probe pending: (reason unknown)
[   11.087299] pci 0000:06:08.0: deferred probe pending: (reason unknown)
[   11.087786] pci 0000:06:12.0: deferred probe pending: (reason unknown)
[   11.088264] pci 0000:09:01.0: deferred probe pending: (reason unknown)
[   11.088633] pci 0000:09:02.0: deferred probe pending: (reason unknown)
[   11.088967] pci 0000:00:1f.2: deferred probe pending: (reason unknown)
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
done.
Gave up waiting for root file system device.  Common problems:
 - Boot args (cat /proc/cmdline)
   - Check rootdelay= (did the system wait long enough?)
 - Missing modules (cat /proc/modules; ls /dev)
ALERT!  PARTUUID=2b506898-e678-45bd-b712-3b990bd34bd1 does not exist.  Dropping to a shell!
(initramfs)

Anyone know what might be wrong here? Perhaps incorrect options to the `qm create` command?
 
Last edited:
NickB said:
Anyone know what might be wrong here?
Click to expand...
I believe that when you are using the qm clone command you are in fact creating a linked clone rather than a full clone. This I believe is the default when using that command on a VM Template.
According to the docs, you should add the option --full to make it a complete clone of all disks.
 
That still fails in the same way in the initramfs :(

code_language.shell: 
$ sudo qm clone 9000 101 --full 1 --name foobar && sudo qm start 101 && sudo qm terminal 101

create full clone of drive efidisk0 (tank:base-9000-disk-0)
create full clone of drive scsi0 (tank:base-9000-disk-1)
transferred 0.0 B of 8.0 GiB (0.00%)
transferred 81.9 MiB of 8.0 GiB (1.00%)

transferred 8.0 GiB of 8.0 GiB (100.00%)
create full clone of drive scsi1 (tank:vm-9000-cloudinit)
create full clone of drive tpmstate0 (tank:base-9000-disk-2)
transferred 0.0 B of 4.0 MiB (0.00%)
transferred 2.0 MiB of 4.0 MiB (50.00%)
transferred 4.0 MiB of 4.0 MiB (100.00%)
transferred 4.0 MiB of 4.0 MiB (100.00%)
generating cloud-init ISO
swtpm: Formatting 'file:///dev/zvol/tank/vm-101-disk-2' as new linear NVRAM store
swtpm_setup: Starting vTPM manufacturing as root:root @ Fri 19 Sep 2025 04:34:32 PM BST
swtpm_setup: TPM is listening on Unix socket.
swtpm_setup: Successfully created RSA 2048 EK with handle 0x81010001.
swtpm_setup:   Invoking /usr/bin/swtpm_localca --type ek --ek c3929c4d11dc111c8b5ca95b656acee795505439a1aa0fda5f21777311fb5427b0e6c808dba600d9c5987a40c31d4bde70530583f7c62bc58d25a16b563d8f2e015105090127cdb1891e5cc449949d8f7eb8eb66317a4658427037f3185499d13977ced2060e24420f8bb4ef934476d38cc97fe8d6a4806b48b03b7ad53e295dac65097f6e0b8cb84d141960c78f1f25a9f7ad459a2f9693eba44820cbace556d271945af7f138da29a08ecbdca15a4d2dda568fbedec24e36b70cd8a0bb18374b09c98b98a1850659cb08e11396fb2b35b0207f6490b041018f4804768a3f640adc1e3160a9a6f4f83fec0f7571e263d17c74855297778c02a515f81c94f9b9 --dir /tmp/swtpm_setup.certs.K8ZOC3 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
swtpm_setup: swtpm_localca: Successfully created EK certificate locally.
swtpm_setup:   Invoking /usr/bin/swtpm_localca --type platform --ek c3929c4d11dc111c8b5ca95b656acee795505439a1aa0fda5f21777311fb5427b0e6c808dba600d9c5987a40c31d4bde70530583f7c62bc58d25a16b563d8f2e015105090127cdb1891e5cc449949d8f7eb8eb66317a4658427037f3185499d13977ced2060e24420f8bb4ef934476d38cc97fe8d6a4806b48b03b7ad53e295dac65097f6e0b8cb84d141960c78f1f25a9f7ad459a2f9693eba44820cbace556d271945af7f138da29a08ecbdca15a4d2dda568fbedec24e36b70cd8a0bb18374b09c98b98a1850659cb08e11396fb2b35b0207f6490b041018f4804768a3f640adc1e3160a9a6f4f83fec0f7571e263d17c74855297778c02a515f81c94f9b9 --dir /tmp/swtpm_setup.certs.K8ZOC3 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
swtpm_setup: swtpm_localca: Successfully created platform certificate locally.
swtpm_setup: Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
swtpm_setup: Successfully created NVRAM area 0x1c08000 for platform certificate.
swtpm_setup: Successfully created ECC EK with handle 0x81010016.
swtpm_setup:   Invoking /usr/bin/swtpm_localca --type ek --ek x=c60e5e2aa8a6c6dec9c7f1126c19d3677eb24b3285aa4c4d851ab402ff4caede7e6ee41c484010aa2065de89cb96648b,y=92699d3117db4e5ddf580a6b57d7acba0ad24f7dfb669135dbe5d881f7feb0271272869eec3a8fc2e1bfb29ebe39d587,id=secp384r1 --dir /tmp/swtpm_setup.certs.K8ZOC3 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
swtpm_setup: swtpm_localca: Successfully created EK certificate locally.
swtpm_setup: Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
swtpm_setup: Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
swtpm_setup: Successfully authored TPM state.
swtpm_setup: Ending vTPM manufacturing @ Fri 19 Sep 2025 04:34:33 PM BST
starting serial terminal on interface serial0 (press Ctrl+O to exit)
BdsDxe: loading Boot0001 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1E,0x0)/Pci(0x4,0x0)/Pci(0x1,0x0)/Scsi(0x0,0x0)
BdsDxe: starting Boot0001 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1E,0x0)/Pci(0x4,0x0)/Pci(0x1,0x0)/Scsi(0x0,0x0)
error: no suitable video mode found.
  Booting `Debian GNU/Linux'

Loading Linux 6.12.43+deb13-cloud-amd64 ...
Loading initial ramdisk ...
EFI stub: Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path
EFI stub: Measured initrd data into PCR 9
[    0.000000] Linux version 6.12.43+deb13-cloud-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-14 (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #1 SMP PREEMPT_DYNAMIC Debian 6.12.43-1 (2025-08-27)
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.12.43+deb13-cloud-amd64 root=PARTUUID=2b506898-e678-45bd-b712-3b990bd34bd1 ro console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0

<SNIP, kernel ouptut>

[    0.874937] Run /init as init process
Loading, please wait...
Starting systemd-udevd version 257.8-1~deb13u2
[    0.949569] SCSI subsystem initialized
Begin: Loading essential drivers ... done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... done.
Begin: Waiting for root file system ... Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
[   11.071101] pci 0000:00:1c.0: deferred probe pending: (reason unknown)
[   11.071516] pci 0000:00:1c.1: deferred probe pending: (reason unknown)
[   11.071910] pci 0000:00:1c.2: deferred probe pending: (reason unknown)
[   11.072384] pci 0000:00:1c.3: deferred probe pending: (reason unknown)
[   11.072778] pci 0000:00:1e.0: deferred probe pending: (reason unknown)
[   11.073217] pci 0000:05:01.0: deferred probe pending: (reason unknown)
[   11.073703] pci 0000:05:02.0: deferred probe pending: (reason unknown)
[   11.074186] pci 0000:05:03.0: deferred probe pending: (reason unknown)
[   11.074667] pci 0000:05:04.0: deferred probe pending: (reason unknown)
[   11.075151] pci 0000:06:03.0: deferred probe pending: (reason unknown)
[   11.075612] pci 0000:06:08.0: deferred probe pending: (reason unknown)
[   11.076061] pci 0000:06:12.0: deferred probe pending: (reason unknown)
[   11.076504] pci 0000:09:01.0: deferred probe pending: (reason unknown)
[   11.076883] pci 0000:09:02.0: deferred probe pending: (reason unknown)
[   11.077345] pci 0000:00:1f.2: deferred probe pending: (reason unknown)
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
done.
Gave up waiting for root file system device.  Common problems:
 - Boot args (cat /proc/cmdline)
   - Check rootdelay= (did the system wait long enough?)
 - Missing modules (cat /proc/modules; ls /dev)
ALERT!  PARTUUID=2b506898-e678-45bd-b712-3b990bd34bd1 does not exist.  Dropping to a shell!
(initramfs)
 
I think (possibly) the cloning/booting procedure maybe failing at the OVMF(UEFI) stage with that efidisk0 (tpmstate0 etc?). I always do the above with the Default (SeaBIOS) and the Machine Default (i440fx), so no efidisk or tpmstate.

So maybe give that a try & see if it works.
 
Even when not creating a template and cloning, and just creating a VM instead it still fails using:

Bash: 
#!/bin/bash
# makes a cloud-init template vm from URL
# call like ./proxmox_create_debian_template.sh 9000 tank
set -e

# Check for root priviliges
if [[ $EUID -ne 0 ]]; then
   printf "Please run as root:\nsudo %s\n" "${0}"
   exit 1
fi

TEMPLATE_VMID=$1
VM_STORAGE=$2
URL="${3:-"https://cloud.debian.org/images/cloud/trixie/latest/debian-13-genericcloud-amd64.qcow2"}"
# TODO: check URL ends in '.qcow2'

# TODO: make these configurable
VM_CORES=2
VM_MEMORY=2048
VM_DISK_SIZE=8G
DEFAULT_USER="debian"
DEFAULT_USER_PASSWORD="debian"

if ! command -v virt-customize >/dev/null 2>&1
then
    echo "virt-customize could not be found, please install the libguestfs-tools package"
    exit 1
fi

WORK_DIR=$(mktemp --suffix _prox_template_download -d)
trap 'rm -rf "$WORK_DIR"' EXIT

TEMPLATE_NAME=$(basename "$URL" .qcow2)
IMAGE_PATH="${WORK_DIR}/${TEMPLATE_NAME}.qcow2"
SHRUNK_IMAGE_PATH="${WORK_DIR}/${TEMPLATE_NAME}-shrunk.qcow2"

wget --no-verbose --show-progress -O "$IMAGE_PATH" "$URL"

virt-customize -a "$IMAGE_PATH" \
    --install "qemu-guest-agent" \
    --timezone "Europe/London" \
    --truncate "/etc/machine-id"
qemu-img convert -O qcow2 -c -o preallocation=off "$IMAGE_PATH" "$SHRUNK_IMAGE_PATH"

qm create "$TEMPLATE_VMID" \
    --name "template-$TEMPLATE_NAME" \
    --ostype "l26" \
    --machine "q35,viommu=virtio" \
    --bios "ovmf" \
    --efidisk0 "${VM_STORAGE}:1,efitype=4m,pre-enrolled-keys=0" \
    --tpmstate0 "${VM_STORAGE}:0,version=v2.0" \
    --cpu "host" \
    --cores "$VM_CORES" \
    --memory "$VM_MEMORY" \
    --serial0 "socket" \
    --vga "serial0" \
    --agent "enabled=1" \
    --net0 "virtio,bridge=vmbr0" \
    --scsihw "virtio-scsi-single" \
    --scsi0 "${VM_STORAGE}:0,import-from=$SHRUNK_IMAGE_PATH,discard=on" \
    --scsi1 "${VM_STORAGE}:cloudinit" \
    --boot "order=scsi0" \
    --ciuser "$DEFAULT_USER" \
    --cipassword "$DEFAULT_USER_PASSWORD" \
    --ipconfig0 "ip6=auto,ip=dhcp" \

qm disk resize "$TEMPLATE_VMID" "scsi0" "$VM_DISK_SIZE"

code_language.shell: 
$ sudo ./proxmox_create_debian_template.sh 9000 tank

/tmp/tmp.zpmMG5mWPT_prox_template_ 100%[===============================================================>] 324.50M  16.3MB/s    in 21s
2025-09-21 09:01:26 URL:https://saimei.ftp.acc.umu.se/images/cloud/trixie/latest/debian-13-genericcloud-amd64.qcow2 [340262912/340262912] -> "/tmp/tmp.zpmMG5mWPT_prox_template_download/debian-13-genericcloud-amd64.qcow2" [1]
[   0.0] Examining the guest ...
[   8.5] Setting a random seed
virt-customize: warning: random seed could not be set for this type of
guest
[   8.6] Setting the machine ID in /etc/machine-id
[   8.6] Installing packages: qemu-guest-agent
[  12.6] Setting the timezone: Europe/London
[  12.6] Truncating: /etc/machine-id
[  12.6] SELinux relabelling
[  12.6] Finishing off
transferred 0.0 B of 528.0 KiB (0.00%)
transferred 528.0 KiB of 528.0 KiB (100.00%)
transferred 528.0 KiB of 528.0 KiB (100.00%)
efidisk0: successfully created disk 'tank:vm-9000-disk-0,efitype=4m,pre-enrolled-keys=0,size=1M'
transferred 0.0 B of 3.0 GiB (0.00%)
transferred 3.0 GiB of 3.0 GiB (100.00%)
scsi0: successfully created disk 'tank:vm-9000-disk-1,discard=on,size=3G'
scsi1: successfully created disk 'tank:vm-9000-cloudinit,media=cdrom'
tpmstate0: successfully created disk 'tank:vm-9000-disk-2,size=4M,version=v2.0'

$ sudo qm start 9000 && sudo qm terminal 9000

generating cloud-init ISO
swtpm: Formatting 'file:///dev/zvol/tank/vm-9000-disk-2' as new linear NVRAM store
swtpm_setup: Starting vTPM manufacturing as root:root @ Sun 21 Sep 2025 09:02:47 AM BST
swtpm_setup: TPM is listening on Unix socket.
swtpm_setup: Successfully created RSA 2048 EK with handle 0x81010001.
swtpm_setup:   Invoking /usr/bin/swtpm_localca --type ek --ek bd61285d7b96b08400a4faee14843f34d08d3fdf39b9086eca5e076ef2ea94fb04ba887f14971d585a55faf352540cd368eb556ff90efc91dfff09f819a447b48843334a78e95ebb8091ada9d9194fdb5cfbd9cc7b3cf26f460fa98035ea7af09d5d1c253a5674cddeb822c2896fc7c863cc5890956bb77944a87b1cc9593be41e654c3596d0036292187074368218dbee21cf514b32f51b29e94e190210c9691379de5939dbc64f476e72241cb7db2c81d981ad022a3bce85c5e2f818f168642092195868eac506f7a06ec9ffc97e0dcb16f0866db2bd2e90140e1843fab1790d31fa12ae12f978a69e18fc9d804e3ae8acefbd1beba4c716e8a36c74c32b2b --dir /tmp/swtpm_setup.certs.2A44C3 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
swtpm_setup: swtpm_localca: Successfully created EK certificate locally.
swtpm_setup:   Invoking /usr/bin/swtpm_localca --type platform --ek bd61285d7b96b08400a4faee14843f34d08d3fdf39b9086eca5e076ef2ea94fb04ba887f14971d585a55faf352540cd368eb556ff90efc91dfff09f819a447b48843334a78e95ebb8091ada9d9194fdb5cfbd9cc7b3cf26f460fa98035ea7af09d5d1c253a5674cddeb822c2896fc7c863cc5890956bb77944a87b1cc9593be41e654c3596d0036292187074368218dbee21cf514b32f51b29e94e190210c9691379de5939dbc64f476e72241cb7db2c81d981ad022a3bce85c5e2f818f168642092195868eac506f7a06ec9ffc97e0dcb16f0866db2bd2e90140e1843fab1790d31fa12ae12f978a69e18fc9d804e3ae8acefbd1beba4c716e8a36c74c32b2b --dir /tmp/swtpm_setup.certs.2A44C3 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
swtpm_setup: swtpm_localca: Successfully created platform certificate locally.
swtpm_setup: Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
swtpm_setup: Successfully created NVRAM area 0x1c08000 for platform certificate.
swtpm_setup: Successfully created ECC EK with handle 0x81010016.
swtpm_setup:   Invoking /usr/bin/swtpm_localca --type ek --ek x=36b84999f8f3bf99c213844e8163e130903ed387704f6a9164dcbfb52b50f7cbf51e68699bd8da3642e432623e18ff4a,y=5c59c4585e42af1d3205d7acef6338c3c2b07223837ea64a110e820c7ab71590222ccc8a84cc729daf9b33dd6826d77a,id=secp384r1 --dir /tmp/swtpm_setup.certs.2A44C3 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
swtpm_setup: swtpm_localca: Successfully created EK certificate locally.
swtpm_setup: Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
swtpm_setup: Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
swtpm_setup: Successfully authored TPM state.
swtpm_setup: Ending vTPM manufacturing @ Sun 21 Sep 2025 09:02:47 AM BST
starting serial terminal on interface serial0 (press Ctrl+O to exit)
BdsDxe: loading Boot0001 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1E,0x0)/Pci(0x4,0x0)/Pci(0x1,0x0)/Scsi(0x0,0x0)
BdsDxe: starting Boot0001 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1E,0x0)/Pci(0x4,0x0)/Pci(0x1,0x0)/Scsi(0x0,0x0)
error: no suitable video mode found.
  Booting `Debian GNU/Linux'

Loading Linux 6.12.43+deb13-cloud-amd64 ...
Loading initial ramdisk ...
EFI stub: Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path
EFI stub: Measured initrd data into PCR 9
[    0.000000] Linux version 6.12.43+deb13-cloud-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-14 (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #1 SMP PREEMPT_DYNAMIC Debian 6.12.43-1 (2025-08-27)
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.12.43+deb13-cloud-amd64 root=PARTUUID=173d3a92-b26f-46a4-8221-12f461677f0c ro console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0
[    0.000000] BIOS-provided physical RAM map:
[    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000002ffff] usable
[    0.000000] BIOS-e820: [mem 0x0000000000030000-0x000000000004ffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000000050000-0x000000000009efff] usable
[    0.000000] BIOS-e820: [mem 0x000000000009f000-0x000000000009ffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007d0cdfff] usable
[    0.000000] BIOS-e820: [mem 0x000000007d0ce000-0x000000007d0d1fff] ACPI data
[    0.000000] BIOS-e820: [mem 0x000000007d0d2000-0x000000007d0dafff] usable
[    0.000000] BIOS-e820: [mem 0x000000007d0db000-0x000000007d0ddfff] ACPI data
[    0.000000] BIOS-e820: [mem 0x000000007d0de000-0x000000007e8ebfff] usable
[    0.000000] BIOS-e820: [mem 0x000000007e8ec000-0x000000007eb6bfff] reserved
[    0.000000] BIOS-e820: [mem 0x000000007eb6c000-0x000000007eb7dfff] ACPI data
[    0.000000] BIOS-e820: [mem 0x000000007eb7e000-0x000000007ebfdfff] ACPI NVS
[    0.000000] BIOS-e820: [mem 0x000000007ebfe000-0x000000007efc9fff] usable
[    0.000000] BIOS-e820: [mem 0x000000007efca000-0x000000007efcbfff] ACPI NVS
[    0.000000] BIOS-e820: [mem 0x000000007efcc000-0x000000007effffff] usable
[    0.000000] BIOS-e820: [mem 0x000000007f000000-0x000000007fffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000e0000000-0x00000000efffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
[    0.000000] printk: legacy bootconsole [earlyser0] enabled
[    0.000000] NX (Execute Disable) protection: active
[    0.000000] APIC: Static calls initialized

<SNIP, lots of kernel output>

[    0.904725] Run /init as init process
Loading, please wait...
Starting systemd-udevd version 257.8-1~deb13u2
[    0.985716] SCSI subsystem initialized
Begin: Loading essential drivers ... done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... done.
Begin: Waiting for root file system ... Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
[   11.079045] pci 0000:00:1c.0: deferred probe pending: (reason unknown)
[   11.079427] pci 0000:00:1c.1: deferred probe pending: (reason unknown)
[   11.079840] pci 0000:00:1c.2: deferred probe pending: (reason unknown)
[   11.080324] pci 0000:00:1c.3: deferred probe pending: (reason unknown)
[   11.080795] pci 0000:00:1e.0: deferred probe pending: (reason unknown)
[   11.081229] pci 0000:05:01.0: deferred probe pending: (reason unknown)
[   11.081607] pci 0000:05:02.0: deferred probe pending: (reason unknown)
[   11.082084] pci 0000:05:03.0: deferred probe pending: (reason unknown)
[   11.082549] pci 0000:05:04.0: deferred probe pending: (reason unknown)
[   11.082998] pci 0000:06:03.0: deferred probe pending: (reason unknown)
[   11.083437] pci 0000:06:08.0: deferred probe pending: (reason unknown)
[   11.083825] pci 0000:06:12.0: deferred probe pending: (reason unknown)
[   11.084234] pci 0000:09:01.0: deferred probe pending: (reason unknown)
[   11.084657] pci 0000:09:02.0: deferred probe pending: (reason unknown)
[   11.085108] pci 0000:00:1f.2: deferred probe pending: (reason unknown)
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
Begin: Running /scripts/local-block ... done.
done.
Gave up waiting for root file system device.  Common problems:
 - Boot args (cat /proc/cmdline)
   - Check rootdelay= (did the system wait long enough?)
 - Missing modules (cat /proc/modules; ls /dev)
ALERT!  PARTUUID=173d3a92-b26f-46a4-8221-12f461677f0c does not exist.  Dropping to a shell!
(initramfs)

So it seems likely to be something related to the config options passed to the `qm create` command. Though none of them look obviously incorrect to me for a debian cloud image, I'll continue to experiment with varying these options and see if the behaviour/failure changes.
 
ok, so failure I was seeing was with:
Bash: 
qm create "$TEMPLATE_VMID" \
    --name "template-$TEMPLATE_NAME" \
    --ostype "l26" \
    --machine "q35,viommu=virtio" \
    --bios "ovmf" \
    --efidisk0 "${VM_STORAGE}:1,efitype=4m,pre-enrolled-keys=0" \
    --tpmstate0 "${VM_STORAGE}:0,version=v2.0" \
    --cpu "host" \
    --cores "$VM_CORES" \
    --memory "$VM_MEMORY" \
    --serial0 "socket" \
    --vga "serial0" \
    --agent "enabled=1" \
    --net0 "virtio,bridge=vmbr0" \
    --scsihw "virtio-scsi-single" \
    --scsi0 "${VM_STORAGE}:0,import-from=$SHRUNK_IMAGE_PATH,discard=on" \
    --scsi1 "${VM_STORAGE}:cloudinit" \
    --boot "order=scsi0" \
    --ciuser "$DEFAULT_USER" \
    --cipassword "$DEFAULT_USER_PASSWORD" \
    --ipconfig0 "ip6=auto,ip=dhcp" \

changing the machine type from q35,viommu=virtio to pc and it successfully found the root filesystem and completed booting:
Bash: 
qm create "$TEMPLATE_VMID" \
    --name "template-$TEMPLATE_NAME" \
    --ostype "l26" \
    --machine "pc" \
    --bios "ovmf" \
    --efidisk0 "${VM_STORAGE}:1,efitype=4m,pre-enrolled-keys=0" \
    --tpmstate0 "${VM_STORAGE}:0,version=v2.0" \
    --cpu "host" \
    --cores "$VM_CORES" \
    --memory "$VM_MEMORY" \
    --serial0 "socket" \
    --vga "serial0" \
    --agent "enabled=1" \
    --net0 "virtio,bridge=vmbr0" \
    --scsihw "virtio-scsi-single" \
    --scsi0 "${VM_STORAGE}:0,import-from=$SHRUNK_IMAGE_PATH,discard=on" \
    --scsi1 "${VM_STORAGE}:cloudinit" \
    --boot "order=scsi0" \
    --ciuser "$DEFAULT_USER" \
    --cipassword "$DEFAULT_USER_PASSWORD" \
    --ipconfig0 "ip6=auto,ip=dhcp" \

Which is a shame as to be able to add things like viommu and PCIe passthrough etc it would be good to use Q35. It would useful to understand why the Debian cloud image with the above config fails when using q35....
 
You must log in or register to reply here.
Top Bottom