From d09f497d11f6ae2be1c29b18b5de0278e654d976 Mon Sep 17 00:00:00 2001 From: June Date: Thu, 13 Feb 2025 01:09:36 +0100 Subject: [PATCH 1/8] remove openipmi from template as it results in a crashing service It can always be installed after the fact, if indeed needed. --- build-proxmox-template | 1 + 1 file changed, 1 insertion(+) diff --git a/build-proxmox-template b/build-proxmox-template index db73021..863f123 100755 --- a/build-proxmox-template +++ b/build-proxmox-template @@ -38,6 +38,7 @@ rm debian-12-generic-amd64.tar.xz virt-customize -a disk.raw \ --update \ --install qemu-guest-agent \ + --uninstall openipmi \ --run-command 'systemctl enable qemu-guest-agent' \ --run-command 'systemctl enable fstrim.timer' \ --edit '/etc/ssh/sshd_config:s,#?Port.*,Port 42666,' From 3b66b655dac4d474bbe779cbadacb51979c2629c Mon Sep 17 00:00:00 2001 From: June Date: Thu, 13 Feb 2025 01:12:40 +0100 Subject: [PATCH 2/8] don't set a custom SSH port in the templ. as we now standardized on 22 Also see: https://git.hamburg.ccc.de/CCCHH/ansible-infra/commit/e3a1443df9ecda267b83402f76192e2a5bf7ca7b --- build-proxmox-template | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build-proxmox-template b/build-proxmox-template index 863f123..29adf75 100755 --- a/build-proxmox-template +++ b/build-proxmox-template @@ -40,8 +40,7 @@ virt-customize -a disk.raw \ --install qemu-guest-agent \ --uninstall openipmi \ --run-command 'systemctl enable qemu-guest-agent' \ - --run-command 'systemctl enable fstrim.timer' \ - --edit '/etc/ssh/sshd_config:s,#?Port.*,Port 42666,' + --run-command 'systemctl enable fstrim.timer' qm destroy ${VMID} || true qm create ${VMID} --name "creating-vm" --memory 2048 --net0 virtio,bridge=${BRIDGE} From ea0fc6e65aeb76020dfefc148823273015473d45 Mon Sep 17 00:00:00 2001 From: June Date: Sun, 16 Feb 2025 23:33:36 +0100 Subject: [PATCH 3/8] make settings configurable via environment variables set externally --- README.md | 5 ++++- build-proxmox-template | 10 +++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 21902ea..dbce297 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,10 @@ The script uses the package [`libguestfs-tools`](https://libguestfs.org)' `virt- ## Building the Template ### Configuration Options -Verify that the settings at the beginning of the script are suitable to the cluster you want to create the template from. + +The following settings are available for configuration by setting the respective environment variable. +Verify that the configured settings are suitable for the cluster you want to create the template for. +If left unset, the respective default value will be used. | Variable | Default | Description | | --------- | --------------------------------------- | ---------------------------------------------------------------------- | diff --git a/build-proxmox-template b/build-proxmox-template index db73021..c4263e5 100755 --- a/build-proxmox-template +++ b/build-proxmox-template @@ -5,11 +5,11 @@ # Needs apt install libguestfs-tools # -VMID=9023 -STORAGE=local-zfs -OS=debian-12 -NAME=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d) -BRIDGE=vmbr0,tag=208 +: "${VMID:=9023}" +: "${STORAGE:=local-zfs}" +: "${OS:=debian-12}" +: "${NAME:=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)}" +: "${BRIDGE:=vmbr0,tag=208}" set -eE From ab47e4f43c92a668607e4297c19414407c752e4f Mon Sep 17 00:00:00 2001 From: June Date: Sun, 16 Feb 2025 23:29:32 +0100 Subject: [PATCH 4/8] use downloaded authorized_keys Use the authorized_keys getting downloaded into the temp directory, by popping out of it later. --- README.md | 2 -- build-proxmox-template | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index dbce297..9bfac04 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,6 @@ If left unset, the respective default value will be used. `cloud-init` will create a user `chaos`, by default with a locked password, and authorized keys initialized. Password-less `sudo` is configured, so you can run commands as root. -The script expects `authorized_keys` to be in the current directory. Copy the correct contents from the [appropriate repository](https://gitlab.hamburg.ccc.de/ccchh/infrastructure-authorized-keys). - `sshd` has been configured to listen on port 42666 instead of 22. ### Run the Script diff --git a/build-proxmox-template b/build-proxmox-template index c4263e5..189bb7d 100755 --- a/build-proxmox-template +++ b/build-proxmox-template @@ -46,7 +46,6 @@ qm destroy ${VMID} || true qm create ${VMID} --name "creating-vm" --memory 2048 --net0 virtio,bridge=${BRIDGE} qm importdisk ${VMID} disk.raw ${STORAGE} rm disk.raw -popd qm set ${VMID} --scsihw virtio-scsi-pci --scsi0 ${STORAGE}:vm-${VMID}-disk-0,ssd=1,discard=on qm set ${VMID} --ide2 ${STORAGE}:cloudinit @@ -64,3 +63,4 @@ qm set ${VMID} --ipconfig0 ip=dhcp qm set ${VMID} --name ${NAME} --tags debian12 qm cloudinit update ${VMID} qm template ${VMID} +popd From 07abc842f0b6cdf0e8368fde92f6ada96cec88af Mon Sep 17 00:00:00 2001 From: June Date: Sun, 16 Feb 2025 23:40:59 +0100 Subject: [PATCH 5/8] make URL to use for downloading authorized_keys file configurable --- README.md | 15 ++++++++------- build-proxmox-template | 3 ++- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 9bfac04..56bb5a0 100644 --- a/README.md +++ b/README.md @@ -12,13 +12,14 @@ The following settings are available for configuration by setting the respective Verify that the configured settings are suitable for the cluster you want to create the template for. If left unset, the respective default value will be used. -| Variable | Default | Description | -| --------- | --------------------------------------- | ---------------------------------------------------------------------- | -| `VMID` | 9023 | ID the template should have in Proxmox | -| `STORAGE` | `local-zfs` | Pool the disks should be created in | -| `OS` | `debian-12` | `virt-builder` name of the OS to install | -| `NAME` | `chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)` | name of the template | -| `BRIDGE` | `vmbr0,tag=208` | name of the bridge to use and any parameters needed, like the VLAN tag | +| Variable | Default | Description | +| --------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | +| `VMID` | 9023 | ID the template should have in Proxmox | +| `STORAGE` | `local-zfs` | Pool the disks should be created in | +| `OS` | `debian-12` | `virt-builder` name of the OS to install | +| `NAME` | `chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)` | name of the template | +| `BRIDGE` | `vmbr0,tag=208` | name of the bridge to use and any parameters needed, like the VLAN tag | +| `AUTHORIZED_KEYS_URL` | `https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys` | URL to download the authorized_keys file to use from | ### User Account, sshd, and `authorized_keys` diff --git a/build-proxmox-template b/build-proxmox-template index 189bb7d..90bf843 100755 --- a/build-proxmox-template +++ b/build-proxmox-template @@ -10,6 +10,7 @@ : "${OS:=debian-12}" : "${NAME:=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)}" : "${BRIDGE:=vmbr0,tag=208}" +: "${AUTHORIZED_KEYS_URL:=https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys}" set -eE @@ -27,7 +28,7 @@ cleanup() { } -wget -4 https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys -O authorized_keys +wget -4 "$AUTHORIZED_KEYS_URL" -O authorized_keys wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.tar.xz -O debian-12-generic-amd64.tar.xz wget https://cloud.debian.org/images/cloud/bookworm/latest/SHA512SUMS -O SHA512SUMS sha512sum --ignore-missing -c SHA512SUMS From c84cf7b8d04c49f4c99663b2b65530bd110b2522 Mon Sep 17 00:00:00 2001 From: June Date: Sun, 16 Feb 2025 23:33:36 +0100 Subject: [PATCH 6/8] make settings configurable via environment variables set externally --- README.md | 5 ++++- build-proxmox-template | 10 +++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 21902ea..dbce297 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,10 @@ The script uses the package [`libguestfs-tools`](https://libguestfs.org)' `virt- ## Building the Template ### Configuration Options -Verify that the settings at the beginning of the script are suitable to the cluster you want to create the template from. + +The following settings are available for configuration by setting the respective environment variable. +Verify that the configured settings are suitable for the cluster you want to create the template for. +If left unset, the respective default value will be used. | Variable | Default | Description | | --------- | --------------------------------------- | ---------------------------------------------------------------------- | diff --git a/build-proxmox-template b/build-proxmox-template index 29adf75..970fdd5 100755 --- a/build-proxmox-template +++ b/build-proxmox-template @@ -5,11 +5,11 @@ # Needs apt install libguestfs-tools # -VMID=9023 -STORAGE=local-zfs -OS=debian-12 -NAME=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d) -BRIDGE=vmbr0,tag=208 +: "${VMID:=9023}" +: "${STORAGE:=local-zfs}" +: "${OS:=debian-12}" +: "${NAME:=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)}" +: "${BRIDGE:=vmbr0,tag=208}" set -eE From 524c839e2cf365d09d4e331114e2f5ab8615474d Mon Sep 17 00:00:00 2001 From: June Date: Sun, 16 Feb 2025 23:29:32 +0100 Subject: [PATCH 7/8] use downloaded authorized_keys Use the authorized_keys getting downloaded into the temp directory, by popping out of it later. --- README.md | 2 -- build-proxmox-template | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index dbce297..9bfac04 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,6 @@ If left unset, the respective default value will be used. `cloud-init` will create a user `chaos`, by default with a locked password, and authorized keys initialized. Password-less `sudo` is configured, so you can run commands as root. -The script expects `authorized_keys` to be in the current directory. Copy the correct contents from the [appropriate repository](https://gitlab.hamburg.ccc.de/ccchh/infrastructure-authorized-keys). - `sshd` has been configured to listen on port 42666 instead of 22. ### Run the Script diff --git a/build-proxmox-template b/build-proxmox-template index 970fdd5..b97855c 100755 --- a/build-proxmox-template +++ b/build-proxmox-template @@ -46,7 +46,6 @@ qm destroy ${VMID} || true qm create ${VMID} --name "creating-vm" --memory 2048 --net0 virtio,bridge=${BRIDGE} qm importdisk ${VMID} disk.raw ${STORAGE} rm disk.raw -popd qm set ${VMID} --scsihw virtio-scsi-pci --scsi0 ${STORAGE}:vm-${VMID}-disk-0,ssd=1,discard=on qm set ${VMID} --ide2 ${STORAGE}:cloudinit @@ -64,3 +63,4 @@ qm set ${VMID} --ipconfig0 ip=dhcp qm set ${VMID} --name ${NAME} --tags debian12 qm cloudinit update ${VMID} qm template ${VMID} +popd From 6d16e2e4ae9779bf9b759913876d045e706a1d72 Mon Sep 17 00:00:00 2001 From: June Date: Sun, 16 Feb 2025 23:40:59 +0100 Subject: [PATCH 8/8] make URL to use for downloading authorized_keys file configurable --- README.md | 15 ++++++++------- build-proxmox-template | 3 ++- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 9bfac04..56bb5a0 100644 --- a/README.md +++ b/README.md @@ -12,13 +12,14 @@ The following settings are available for configuration by setting the respective Verify that the configured settings are suitable for the cluster you want to create the template for. If left unset, the respective default value will be used. -| Variable | Default | Description | -| --------- | --------------------------------------- | ---------------------------------------------------------------------- | -| `VMID` | 9023 | ID the template should have in Proxmox | -| `STORAGE` | `local-zfs` | Pool the disks should be created in | -| `OS` | `debian-12` | `virt-builder` name of the OS to install | -| `NAME` | `chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)` | name of the template | -| `BRIDGE` | `vmbr0,tag=208` | name of the bridge to use and any parameters needed, like the VLAN tag | +| Variable | Default | Description | +| --------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | +| `VMID` | 9023 | ID the template should have in Proxmox | +| `STORAGE` | `local-zfs` | Pool the disks should be created in | +| `OS` | `debian-12` | `virt-builder` name of the OS to install | +| `NAME` | `chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)` | name of the template | +| `BRIDGE` | `vmbr0,tag=208` | name of the bridge to use and any parameters needed, like the VLAN tag | +| `AUTHORIZED_KEYS_URL` | `https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys` | URL to download the authorized_keys file to use from | ### User Account, sshd, and `authorized_keys` diff --git a/build-proxmox-template b/build-proxmox-template index b97855c..31d36ea 100755 --- a/build-proxmox-template +++ b/build-proxmox-template @@ -10,6 +10,7 @@ : "${OS:=debian-12}" : "${NAME:=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)}" : "${BRIDGE:=vmbr0,tag=208}" +: "${AUTHORIZED_KEYS_URL:=https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys}" set -eE @@ -27,7 +28,7 @@ cleanup() { } -wget -4 https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys -O authorized_keys +wget -4 "$AUTHORIZED_KEYS_URL" -O authorized_keys wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.tar.xz -O debian-12-generic-amd64.tar.xz wget https://cloud.debian.org/images/cloud/bookworm/latest/SHA512SUMS -O SHA512SUMS sha512sum --ignore-missing -c SHA512SUMS