1
submitted 11 months ago by bisol@alien.top to c/main@selfhosted.forum

Hello all,

I have a proxmox server with some VMs on it.

I want to make an Ubuntu 22.04 template with cloud-init but I have a problem later with the ansible user.

The question are :

- how to do the point 1 below ?

- is it good to create ansible user directly in proxmox template ?

I am sorry if this post is difficult to read but english is not my native language and configuration is a bit tricky for me to understand.

The main goal is :

  1. to install the certificat directly to the ansible user to not have to enable ssh_pwauth
  2. to have an username equal to the machine name with uid 1000 (example below with docker05). This user will be used later to launch the docker container
  3. to have an ansible user with user id different that 1000
  4. to have an ansible playbook to do the first configuration steps (apt update, timezone settings, change hostname, ...)

The point 4 is already working.

Cloud config

#cloud-config
user: ansible
passwd: {expire: false}
password: xxxxx
ssh_pwauth: True

Template creation

This is the template used for template creation (but little bit customized and added yml snippets to enable ssh by password) : https://www.apalrd.net/posts/2023/pve_cloud/

As I understand, if I add ssh key directly to this script, il will be available for all users and I don't want this.

  1. create the template with user "ansible" and ssh with password auth possible in sshd config by adding a snippets with cloud config

Use template to do new VM (example docker05)

  1. copy the template (full)
  2. start the vms
  3. use my ansible "host" with a playbook to connect to the new vm, create user (docker05), disable ansible authentification etc

After these operation, The vms is ready but there are some things not good :

  1. the user ansible have the 1000 user id that is used most of time by docker compose template by default
  2. the user ansible is in some group that are not needed (video, plugdev, ...)
  3. the user docker05 who exec docker have the id 1001 so I must change my docker compose file according to this uid
  4. if I add a cert to
you are viewing a single comment's thread
view the rest of the comments
[-] Richmondez@alien.top 1 points 11 months ago

I use opentofu and the bgp proxmox terraform provider to automate this. You don't even need to set up templates as you can download and use cloud images for the various distributions with terraform and use them to initialise the boot disk on the VM. You can define your users in the terraform and it will use cloud init to provision them including specifying uids and ssh keys.

this post was submitted on 22 Nov 2023
1 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS