[pve-devel] [PATCH 1/8 container] cloudinit: introduce config parameters

Daniel Herzig Mon, 10 Feb 2025 04:07:44 -0800

From: Leo Nunner <l.nun...@proxmox.com>

Introduce configuration parameters for cloud-init. Like with VMs, it's
possible to specify:
    - user
    - password
    - ssh keys
    - enable/disable updates on first boot


It's also possible to pass through custom config files for the user and
vendor settings. We don't allow configuring the network through
cloud-init, since it will clash with whatever configuration we already
did for the container.

Signed-off-by: Leo Nunner <l.nun...@proxmox.com>
---
 src/PVE/API2/LXC.pm        |  3 ++
 src/PVE/API2/LXC/Config.pm |  7 ++++-
 src/PVE/LXC/Config.pm      | 61 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 7cb5122..d6e647d 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -2515,6 +2515,9 @@ __PACKAGE__->register_method({
 
        my $pending_delete_hash = 
PVE::LXC::Config->parse_pending_delete($conf->{pending}->{delete});
 
+       $conf->{cipassword} = '**********' if defined($conf->{cipassword});
+       $conf->{pending}->{cipassword} = '********** ' if 
defined($conf->{pending}->{cipassword});
+
        return PVE::GuestHelpers::config_with_pending_array($conf, 
$pending_delete_hash);
     }});
 
diff --git a/src/PVE/API2/LXC/Config.pm b/src/PVE/API2/LXC/Config.pm
index 5cbc014..55e9730 100644
--- a/src/PVE/API2/LXC/Config.pm
+++ b/src/PVE/API2/LXC/Config.pm
@@ -79,7 +79,7 @@ __PACKAGE__->register_method({
        } else {
            $conf = PVE::LXC::Config->load_current_config($param->{vmid}, 
$param->{current});
        }
-
+       $conf->{cipassword} = '**********' if $conf->{cipassword};
        return $conf;
     }});
 
@@ -148,6 +148,11 @@ __PACKAGE__->register_method({
        $param->{cpuunits} = PVE::CGroup::clamp_cpu_shares($param->{cpuunits})
            if defined($param->{cpuunits}); # clamp value depending on cgroup 
version
 
+       if (defined(my $cipassword = $param->{cipassword})) {
+           $param->{cipassword} = PVE::Tools::encrypt_pw($cipassword)
+               if $cipassword !~ /^\$(?:[156]|2[ay])(\$.+){2}/;
+       }
+
        my $code = sub {
 
            my $conf = PVE::LXC::Config->load_config($vmid);
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 5cc37f7..e3ed93b 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -450,6 +450,63 @@ my $features_desc = {
     },
 };
 
+my $cicustom_fmt = {
+    user => {
+       type => 'string',
+       optional => 1,
+       description => 'To pass a custom file containing all user data to the 
container via cloud-init.',
+       format => 'pve-volume-id',
+       format_description => 'volume',
+    },
+    vendor => {
+       type => 'string',
+       optional => 1,
+       description => 'To pass a custom file containing all vendor data to the 
container via cloud-init.',
+       format => 'pve-volume-id',
+       format_description => 'volume',
+    },
+};
+PVE::JSONSchema::register_format('pve-pct-cicustom', $cicustom_fmt);
+
+my $confdesc_cloudinit = {
+    cienable => {
+       optional => 1,
+       type => 'boolean',
+       description => "cloud-init: provide cloud-init configuration to 
container.",
+    },
+    ciuser => {
+       optional => 1,
+       type => 'string',
+       description => "cloud-init: User name to change ssh keys and password 
for instead of the"
+           ." image's configured default user.",
+    },
+    cipassword => {
+       optional => 1,
+       type => 'string',
+       description => 'cloud-init: Password to assign the user. Using this is 
generally not'
+           .' recommended. Use ssh keys instead. Also note that older 
cloud-init versions do not'
+           .' support hashed passwords.',
+    },
+    ciupgrade => {
+       optional => 1,
+       type => 'boolean',
+       description => 'cloud-init: do an automatic package update on boot.'
+    },
+    cicustom => {
+       optional => 1,
+       type => 'string',
+       description => 'cloud-init: Specify custom files to replace the 
automatically generated'
+           .' ones at start.',
+       format => 'pve-pct-cicustom',
+    },
+    sshkeys => {
+       optional => 1,
+       type => 'string',
+       format => 'urlencoded',
+       description => "cloud-init: Setup public SSH keys (one key per line, 
OpenSSH format).",
+    },
+};
+
 my $confdesc = {
     lock => {
        optional => 1,
@@ -622,6 +679,10 @@ my $confdesc = {
     },
 };
 
+foreach my $key (keys %$confdesc_cloudinit) {
+    $confdesc->{$key} = $confdesc_cloudinit->{$key};
+}
+
 my $valid_lxc_conf_keys = {
     'lxc.apparmor.profile' => 1,
     'lxc.apparmor.allow_incomplete' => 1,
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH 1/8 container] cloudinit: introduce config parameters

Reply via email to