API: Possible To Add Custom Entries To Container Config File?

[new2proxmox]

When creating a container via the api I'd like to be able to add a custom entry to the container config file - something like this:

lxc.apparmor.raw: #include <mystuff>

Is this possible?

I reviewed the api doc for creating container (https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}/lxc) but don't quite see an option in there that might allow for this. Hoping there's a nice workaround.

Thanks!

 

[Matthias.]

You could set it for an existing container in nodes/{node}/lxc/{vmid}/config

 

[new2proxmox]

Hi:

Thanks.

hmmm....is there a particular attribute in the PUT action you think might work?

It looks like it's the same set of attributes available when a container is being created.

Thanks again.

 

[fabian]

no, these raw options are only parsed from the config file if set there, there is no way to set/manage them over the API..

 

[new2proxmox]

Thanks.

Do you know if it is possible to create a container from a template using the API? Maybe I can create a template with those raw options in the config file already and use it as the base for a new container?

Thanks.

 

[fabian]

I think the lxc.* options are copied when doing a clone, yes.

 

[new2proxmox]

Thanks.

I'm not thinking about a clone since the clone api doesn't seem allow for all the options as the create api. (eg: I can't set ip addresses etc.)

Instead, I'm wondering if I can create a container template (not an os template) that contains the raw settings and then use that as the basis for a new container (instead of using the os template) when using the create lxc api.

Thanks.

 

[fabian]

huh? create does allow setting IP addresses (else our GUI wouldn't be able to do that either ). the only things not settable when creating a container are the raw lxc.* options

for containers there are two kinds of templates:
- ostemplate (tar archive stored on a storage as content type "template"), these are just the container contents without any config, used for creating a container
- template containers (regular container converted to a template, consists of a PVE CT config file + volume(s) on storages), these are a full container just made immutable, you can create clones (full or linked, depending on storage support) from them, but they cannot be used in a 'create' API call.

you can also create full clones from non-template containers.

 

[new2proxmox]

Hi.

Thanks. The create api does allow for all options. The CLONE api call does not unfortunately (at least that's what I see from the documentation).

So I can't easily create a container from a template container using the CLONE api call that allows me to set things like the ip address and so on.

Or am I mis-reading the documentation ?

Thanks.

 

[fabian]

yeah, you'd just use the config endpoint afterwards to update the config (or even leave stuff like nics out of the template and only add them after cloning).

 

[new2proxmox]

Possible Workaround:

If all new containers are going to use the same custom entries I might be able to still use the create api (instead of the clone - config combo) if I place the custom config entries in /etc/lxc/default.conf.

Not sure about the long term ramifications of that though.

 

[fabian]

PVE will not know about them then, and not take them into account whatsoever. this can lead to issues for all the obvious reasons.

 

[new2proxmox]

Thanks for that feedback.

So PVE makes assumptions about the contents of the /etc/lxc/default.conf file and expects that it never changes? Meaning that we can't make any LXC config changes in the OS outside of the PVE environment, right?

Thanks.

 

[fabian]

yes.