Proxmox VE Full Course: Class 8 – Creating Container Templates

Welcome back to LearnLinuxTV’s full course on Proxmox Virtual Environment! In class #8, we look at the process of converting a container into a template, that can then be used as a basis for launching additional containers.

YouTube player

Notable Replies

  1. I just wanted to note that @jay says at 5:30 that you don’t want to disconnect your ssh session after deleting the host keys…

    One really nice thing about proxmox is that you can always log in to the console from the GUI even if you have screwed up your ssh config.

    Very helpful for people like me.

  2. In the end of this video, @jay assigns the homework of how to automate the process of creating a template.

    Below is a script I use to prepare a container to become a template. I am also learning systemd at the same time so this might be a bit overly complicated.

    # I use apt-cacher-ng to cache .deb file before installation 
    echo 'Acquire::http::Proxy "http://apt-cacher.lan.arpa:3142";' | sudo tee -a /etc/apt/apt.conf.d/00aptproxy
    
    
    # Update cache and upgrade
    apt update
    apt dist-upgrade -y
    
    
    # Delete machine-id and ssh_host_* files to prevent potential conflict
    truncate -s 0 /etc/machine-id
    rm /etc/ssh/ssh_host_*
    
    
    # Every container is pre populated with an ansible user, password, and public key
    # so ansible can contact the container as needed.
    useradd ansible -s /bin/bash -m -G sudo
    #FIXME figure out how to set password without needing to hardcode it here.
    echo ansible:******** | chpasswd
    sudo -H -u ansible bash -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa'
    echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZU7YrdJij2vchTR5csMI+C2I13FYbrpsvnWTO+yGhy/Zw+rAC64slHp57f6E3qhimX0t+CeVV0UBAmRKt9gdi3ZeeOLu0BpzC2RMjOvhTlqBkZ8CoGysRqoaeBQG8loMRlaaOWifFcdAEILEgp6wri4xwHJwt2SLV9FeNJ9eRb0i/IflPbzwMP7EIm4Kn0vtl8XIdsSfqO1FT+2hR3SvrnY7GB7vNcQhb0WB8vaszcNxy9E1T1shBNiBlZKstoMFtV8uN2BuupIzNrG+y4ySMWa/+g2jN8QUu095EhTSNaVzK46A72j23mOvxOKJp/IFUvAZQvscj6uTZAwxESsax4Q2zdGKeYKmkErc8Vjee6rRSsUfk+1NRS/60I/Z99f7zGmvQcXRGuMuYh9QxNXMvlY/Fn9XT7CQbPsqWxG/ehpIBGmV65yPE9T21hKg7bVlo0PnyHa3A+Dt/7rKTfVCev/h+80BzBe6rmCZx/PdRb9bHiKs/tMKi6ePvDmkzECc= ansible@ansible' | sudo tee -a /home/ansible/.ssh/authorized_keys
    
    
    # Create a systemd service which runs whenever the cloned system boots
    tee /etc/systemd/system/firstboot.service <<EOF
    [Unit]
    Description=One time boot script
    [Service]
    Type=simple
    ExecStart=/firstboot.sh
    [Install]
    WantedBy=multi-user.target 
    EOF
    
    # Enable the firstboot service
    systemctl enable firstboot.service
    
    
    #Create the script which run by the firstboot serivce
    # The special sauce is that the scrip disables the firstboot service, deletes
    # the firstboot.service file and itself after running.
    tee /firstboot.sh <<EOF
    #!/bin/bash
    rm /etc/ssh/ssh_host_* 
    dpkg-reconfigure openssh-server
    
    systemctl disable firstboot.service 
    rm -rf /etc/systemd/system/firstboot.service
    rm -f /firstboot.sh
    EOF
    
    # Make firstboot exacutable
    chmod +x /firstboot.sh
    
    #Clean the apt cache and unnesessary packages
    apt clean
    apt autoremove
    
    #convert to template
    
  3. Not sure what I am doing wrong with this, I had the same problem with the previous video.What was happening is I couldn’t ssh into the server, the ssh config files were still missing. I found that if you entered “sudo cloud-init clean” it would recreate the ssh configs. But with the container I do not see that “fix” . I know I can recreate them with the console, but want to know why they didn’t reconfigure on their own.

  4. Avatar for jay jay says:

    I haven’t had a chance to look at this in a while, but it’s entirely possible there could be a bug in the container image that prevents it from working. That’s just a guess though, I’d need to spend some time recreating the scenario to know for sure. Containers in Proxmox shouldn’t behave differently, but as we all are aware, there are definitely edge-cases.

Continue the discussion at community.learnlinux.tv

Participants

Avatar for system Avatar for mainedan Avatar for dfarning Avatar for jay