[SOLVED] Q: How best to work with cloud-init and lxc ?

norbertk

Renowned Member
Jan 20, 2014
17
6
68
Hello all,
i have some hosts running on a local proxmox server and on the hetzner cloud. On proxmox I work with lxc containers.

I try to script the setup of these machines as much as possible and strive to define them completely with 'source code' .

In this context I learned about 'cloud-init' which opens a lot of possibilities. Hetzer cloud offers the option to submit cloud-init user-data during creation of a machine and I read in the Cloud-init tutorial that lxc offers this possibility too.

The forum entries here and the sources I found on the net describe the combination of proxmox and cloud-init with virtual machines and not containers.

Is there something special to know if I want to work with lxc ?

Any pointers and ideas welcome and many thanks for reading

Norbert
 
  • Like
Reactions: pcuci and LEI
You can use mini cloud images (available both for Ubuntu and Rocky) as vm-templates in the proxmox and spin them up whenever you like. The best thing is whenever you will spin up a new VM off of it, it will be updated to the latest version
 
You can use mini cloud images (available both for Ubuntu and Rocky) as vm-templates in the proxmox and spin them up whenever you like. The best thing is whenever you will spin up a new VM off of it, it will be updated to the latest version
So we don't talk about lxc here, but quemu - VMs ?
 
In a way I gave up, but I found a solution I like:

In one single step i get a strong base to work with ansible in a new container


On the proxmox node I place 2 generic scripts:

Bash:
#!/bin/bash
SCRIPT=_provsion_script.sh
pct push  $1 /usr/local/bin/$SCRIPT  usr/local/bin/$SCRIPT -perms 700
pct exec $1 /usr/local/bin/$SCRIPT

_provision_script.sh itself looks like this:

Bash:
#!/bin/bash
#managed by ansible
set -e
FILENAME=/var/local/proxmox_provisioned
if [ -f $FILENAME ] ; then
        echo "bereits initialisiert, Datei $FILENAME existiert"
        exit 1
else
        cat << EOF  >  /etc/ssh/sshd_config.d/99-initial.conf
        AuthorizedKeysFile /etc/ssh/authorized_keys/%u
        PermitRootLogin no
        ListenAddress 0.0.0.0:<portno>
        ListenAddress [::]:<portno>
EOF
        # apt update, upgrate install sudo

        apt update
        apt upgrade -y
        apt install sudo

        # user ansible

        adduser --system --home /home/ansible --ingroup staff --shell /bin/bash ansible

        # ... ssh

        mkdir -p  /etc/ssh/authorized_keys
        cat <<EOF > /etc/ssh/authorized_keys/ansible
        ssh-ed25519 xxxxxxxxxx
        chown ansible:staff /etc/ssh/authorized_keys/ansible

        # ... sudo

        cat <<EOF > /etc/sudoers.d/ansible
        ansible ALL=(ALL:ALL) NOPASSWD:ALL
EOF
        chmod 0440 /etc/sudoers.d/ansible

        # restart sshd

        systemctl restart sshd.service
        systemctl status  sshd.service
        echo 'Done' $(date) > $FILENAME
fi

I create new node and call
Bash:
./provision_lxc.sh <vmid>

If I have no access to the node (like for example at hetzner) I can start the `_provision_script.sh` as root and get tzhe same result. The whole thing is aimed at debian.
 
In a way I gave up, but I found a solution I like:

In one single step i get a strong base to work with ansible in a new container

On the proxmox node I place 2 generic scripts:

Bash:
#!/bin/bash
SCRIPT=_provsion_script.sh
pct push  $1 /usr/local/bin/$SCRIPT  usr/local/bin/$SCRIPT -perms 700
pct exec $1 /usr/local/bin/$SCRIPT

_provision_script.sh itself looks like this:

Bash:
#!/bin/bash
#managed by ansible
set -e
FILENAME=/var/local/proxmox_provisioned
if [ -f $FILENAME ] ; then
        echo "bereits initialisiert, Datei $FILENAME existiert"
        exit 1
else
        cat << EOF  >  /etc/ssh/sshd_config.d/99-initial.conf
        AuthorizedKeysFile /etc/ssh/authorized_keys/%u
        PermitRootLogin no
        ListenAddress 0.0.0.0:<portno>
        ListenAddress [::]:<portno>
EOF
        # apt update, upgrate install sudo

        apt update
        apt upgrade -y
        apt install sudo

        # user ansible

        adduser --system --home /home/ansible --ingroup staff --shell /bin/bash ansible

        # ... ssh

        mkdir -p  /etc/ssh/authorized_keys
        cat <<EOF > /etc/ssh/authorized_keys/ansible
        ssh-ed25519 xxxxxxxxxx
        chown ansible:staff /etc/ssh/authorized_keys/ansible

        # ... sudo

        cat <<EOF > /etc/sudoers.d/ansible
        ansible ALL=(ALL:ALL) NOPASSWD:ALL
EOF
        chmod 0440 /etc/sudoers.d/ansible

        # restart sshd

        systemctl restart sshd.service
        systemctl status  sshd.service
        echo 'Done' $(date) > $FILENAME
fi

I create new node and call
Bash:
./provision_lxc.sh <vmid>

If I have no access to the node (like for example at hetzner) I can start the `_provision_script.sh` as root and get tzhe same result. The whole thing is aimed at Debian.
Thank you for this example. I was thinking about using this, but as I was looking at each step trying to understand what the script does, I think I discovered a typo. Shouldn't there be another EOF after the line "ssh-ed25519 xxxxxxxxxx"?

Without this I think all of the text until the next EOF will be added to /etc/ssh/authorized_keys/ansible and the command "chown ansible:staff /etc/ssh/authorized_keys/ansible" would not be run and nothing would be added to "/etc/sudoers.d/ansible".
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!