Hello all,

I have a proxmox server with some VMs on it.

I want to make an Ubuntu 22.04 template with cloud-init but I have a problem later with the ansible user.

The question are :

- how to do the point 1 below ?

- is it good to create ansible user directly in proxmox template ?

I am sorry if this post is difficult to read but english is not my native language and configuration is a bit tricky for me to understand.

The main goal is :

  1. to install the certificat directly to the ansible user to not have to enable ssh_pwauth
  2. to have an username equal to the machine name with uid 1000 (example below with docker05). This user will be used later to launch the docker container
  3. to have an ansible user with user id different that 1000
  4. to have an ansible playbook to do the first configuration steps (apt update, timezone settings, change hostname, …)

The point 4 is already working.

Cloud config

#cloud-config
user: ansible
passwd: {expire: false}
password: xxxxx
ssh_pwauth: True

Template creation

This is the template used for template creation (but little bit customized and added yml snippets to enable ssh by password) : https://www.apalrd.net/posts/2023/pve_cloud/

As I understand, if I add ssh key directly to this script, il will be available for all users and I don’t want this.

  1. create the template with user “ansible” and ssh with password auth possible in sshd config by adding a snippets with cloud config

Use template to do new VM (example docker05)

  1. copy the template (full)
  2. start the vms
  3. use my ansible “host” with a playbook to connect to the new vm, create user (docker05), disable ansible authentification etc

After these operation, The vms is ready but there are some things not good :

  1. the user ansible have the 1000 user id that is used most of time by docker compose template by default
  2. the user ansible is in some group that are not needed (video, plugdev, …)
  3. the user docker05 who exec docker have the id 1001 so I must change my docker compose file according to this uid
  4. if I add a cert to
  • Patelanicon@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    If I understand your question right You have ssh_authorized_keys where you put ssh keys for each user https://cloudinit.readthedocs.io/en/stable/reference/modules.html#users-and-groups And about UID users has field ‘uid’ that you can set (more in this doc above)

    About second question it’s up to you :) in my terraform I have cloudinit template where I pass hostname, apt packages and additional commands after setup as terraform templatefile

  • Richmondez@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I use opentofu and the bgp proxmox terraform provider to automate this. You don’t even need to set up templates as you can download and use cloud images for the various distributions with terraform and use them to initialise the boot disk on the VM. You can define your users in the terraform and it will use cloud init to provision them including specifying uids and ssh keys.