Skip to main content

Adding New Templates

cat /etc/If, for whatever reason we need to generate a new template (for example to update the default OS version) this is how to do it.

Video resource: Cloud-Init Proxmox Tutorial Video resource: Proxmox VE Full Course: Class 6 - Creating Virtual Machine Templates

Updating ISOs

In order to create a VM with a given base image (in ISO format) you need to first download it and place it in the correct directory. I would recommend using wget directly on the proxmox server that way you can have the server download it directly, rather than downloading it yourself and 'scp'ing it.

$ sudo su
# cd /var/lib/vz/template/iso
# wget --content-disposition <download-link>

Once it has been downloaded it should be made available in the image list when you go to create a VM.

Creating the VM

Follow the steps in 4. Provisioning VMs, specifically the part about provisioning servers from ISO.

Installing / Configuring cloud-init

In order to install cloud-init you should first check if it's already installed:

$ sudo dpkg --get-selections | grep cloud-init

If it's not it's safe to proceed

$ sudo apt install cloud-init

If it is already installed you should purge it and start fresh.

$ sudo apt remove --purge cloud-init

Next we need to configure the template

Configuring the template

/etc/cloud/cloud.cfg

This cloud init config creates an account for Rian and setups up the default packages.

# The top level settings are used as module
# and system configuration.

# A set of users which may be applied and/or used by various modules
# when a 'default' entry is found it will reference the 'default_user'
# from the distro configuration specified below
users:
#   - default
    - name: errityr
      lock_passwd: False
      passwd: $6$/x0Cl9.FiLHQx4tA$.MY6egpYKXXaZJAVmIuLzm/6SfRgVKactHBG6sh5bpJZWqPUJcCjc6rc9AzmSsSoruZfB4DNZpe0Jd10gBe0Q0
      gecos: Rian Errity
      ssh_authorized_keys:
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHb4IJKF1vD01NE7fbEaG5OJidbTeOE5vUGtJhUwfC+Y errityr
      groups: lp, lpadmin, scanner, adm, systemd-journal, plugdev, netdev, cdrom, floppy, tape, audio, video, render, sudo, tty, staff, shadow, utmp, disk, kmem, dialout, dip, fax, voice, users, wheel, src, bluetooth, libvirt, kvm
      shell: /bin/bash
      sudo: ALL=(ALL) ALL

# If this is set, 'root' will not be able to ssh in and they
# will get a message to login instead as the above $user (debian)
disable_root: true

# This will cause the set+update hostname module to not operate (if true)
preserve_hostname: false

# This prevents cloud-init from rewriting apt's sources.list file,
# which has been a source of surprise.
apt_preserve_sources_list: true

# Example datasource config
# datasource:
#    Ec2:
#      metadata_urls: [ 'blah.com' ]
#      timeout: 5 # (defaults to 50 seconds)
#      max_wait: 10 # (defaults to 120 seconds)

# The modules that run in the 'init' stage
cloud_init_modules:
 - migrator
 - seed_random
 - bootcmd
 - write-files
 - growpart
 - resizefs
 - disk_setup
 - mounts
 - set_hostname
 - update_hostname
 - update_etc_hosts
 - ca-certs
 - rsyslog
 - users-groups
 - ssh

# The modules that run in the 'config' stage
cloud_config_modules:
# Emit the cloud config ready event
# this can be used by upstart jobs for 'start on cloud-config'.
 - emit_upstart
 - ssh-import-id
 - locale
 - set-passwords
 - grub-dpkg
 - apt-pipelining
 - apt-configure
 - ntp
 - timezone "Europe/Dublin"
 - disable-ec2-metadata
 - runcmd

# The modules that run in the 'final' stage
cloud_final_modules:
 - package-update-upgrade-install
 - fan
 - rightscale_userdata
 - scripts-vendor
 - scripts-per-once
 - scripts-per-boot
 - scripts-per-instance
 - scripts-user
 - ssh-authkey-fingerprints
 - keys-to-console
 - phone-home
 - final-message
 - power-state-change

# System and/or distro specific settings
# (not accessible to handlers/transforms)
system_info:
   # This will affect which distro class gets used
   distro: debian
   # Default user name + that default users groups (if added/used)
#   default_user:
#     name: debian
#     lock_passwd: True
#     gecos: Debian
#     groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video]
#     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
#     shell: /bin/bash
   # Other config here will be given to the distro class and/or path classes
   paths:
      cloud_dir: /var/lib/cloud/
      templates_dir: /etc/cloud/templates/
      upstart_dir: /etc/init/
   package_mirrors:
     - arches: [default]
       failsafe:
         primary: http://deb.debian.org/debian
         security: http://security.debian.org/
   ssh_svcname: ssh

bootcmd:
  - date > /etc/birth_certificate

packages:
  - git
  - curl
  - tmux
  - sudo

/etc/cloud/cloud.cfg.d/99-abair.cfg

This just tells cloud init that we don't have any form of webserver with further configuration options, which it would expect from major cloud providers like AWS.

datasource_list: [ NoCloud, None ]
datasource:
  NoCloud:
    fs_label: system-boot

Cleaning and setting up the template

Once you have cloud-init configured make sure to clean the previous run files

$ sudo cloud-init clean

Now remove the ssh host keys

$ sudo rm /etc/ssh/ssh_host_*

And the machine-id Now set /etc/machine-id to be 0 bytes long (wipe it)

$ sudo truncate -s 0 /etc/machine-id

Now set other containers of the machine id to be symbolic links back to the file we just emptied out

$ rm /var/lib/dbus/machine-id
$ ln -s /etc/machine-id /var/lib/dbus/machine-id

Clean apt cache — No point keeping an out of date cache into spawned clones.

$ sudo apt clean

Clear any obsolete or orphaned packages

$ sudo apt autoremove

Now it's safe to power off the VM and turn it into a template

$ sudo poweroff