Thanks to Christian Hofstaedtler and Peter van Dijk I discovered Proxmox-VE, an Open Source virtualization platform for running Virtual Appliances and Virtual Machines. I could fill reams of paper telling you about all the things I don't know about Proxmox, but I won't; their Web site takes care of that...

Here's a screen shot of what the rather slick Web console looks like as it's running in a Virtualbox on my Mac at the moment.

Proxmox

Proxmox supports KVM and OpenVZ in a single package, and I'm currently interested in running lots of OpenVZ containers from templates which are basically extracted "into" Proxmox and then launched.

There are a few settings I need tweaked on a container before I can use it: I have to create a user and provision an SSH key for running Ansible against the containers.

One solution would be to extract the content of the template (a compressed tar file), modify its content and repackage, but I supposed it could be done a bit more elegantly, which it can.

OpenVZ supports so-called action scripts, which run, say, when a container is started or stopped. This is what I finally came up with.

In Proxmox, the container configuration files are located in /etc/pve/nodes/proxmox/openvz. Herein I create vps.mount which is run by the host when a container is mounted:

#!/bin/bash

.  /etc/pve/nodes/proxmox/openvz/talk-to-ct.sh &
disown
exit 0

(Note how talk-to-ct.sh is sourced into the background and then disowned -- we must not block at this point because OpenVZ is starting the container.)

Within talk-to-ct.sh we have to wait a bit until the container is online (i.e. running). I'm omitting that here, but I ought to check with vzctl whether the container status actually is "running". Instead I just wait a bit, hoping that the container will be ready within ten seconds.

#!/bin/bash

sleep 10

/usr/sbin/vzctl runscript ${VEID} /etc/pve/nodes/proxmox/openvz/run-in-ct

By now, Proxmox has started the container, and our script is sleeping. At the end of it's rest, it will use vzctl to run the run-in-ct script in the actual container: the manual says about runscript:

runs specified shell script in the container. Argument script is a file on the host system which contents is read by vzctl and executed in the context of the container. For a run‐ ning container, the command jumps into the container and executes the script.

And what does my run-in-ct script do? It creates a user and sets up an SSH public key so that I can provision the container with Ansible.

#!/bin/sh

# This script is run in a container

cat > /etc/profile.d/jpm.sh <<!EOPROFILE
set -o vi
alias l='ls -l'
alias r='fc -e -'
!EOPROFILE

if ! grep -q '^ansible:' /etc/passwd; then
    groupadd --force --gid 1000 ansible

    useradd --comment 'Ansible' \
        --home-dir /home/ansible \
        --gid ansible \
        --no-create-home \
        -r \
        --shell /bin/sh \
        --uid 1001 ansible
fi

if ! test -d /home/ansible; then
    mkdir -p /home/ansible
    chown ansible:ansible /home/ansible
fi

if ! test -d /home/ansible/.ssh; then
    mkdir -p /home/ansible/.ssh
    chown -R ansible:ansible /home/ansible/.ssh
fi

if ! test -f /home/ansible/.ssh/authorized_keys; then
    cat > /home/ansible/.ssh/authorized_keys <<EOF
ssh-dss AAAAB3Nz .... 5ug3PLO9D3D7TBSZ2Pw== ansible-prov
EOF
    chown ansible:ansible /home/ansible/.ssh/authorized_keys
    chmod 600 /home/ansible/.ssh/authorized_keys
fi

cat > /etc/sudoers.d/ansible <<!ENDSUDOERS
ansible ALL=(ALL) NOPASSWD: ALL
!ENDSUDOERS
chmod 440 /etc/sudoers.d/ansible

Whether I start containers from the Proxmox CLI with vzctl or from the Web interface is irrelevant: in both cases these steps are performed. I like to think this is like a mini-kickstart for OpenVZ containers. :-)

I use Proxmox-VE as a portable data center.

Flattr this
OpenVZ, Proxmox, and virtual :: 28 Nov 2012 :: e-mail

Comments

blog comments powered by Disqus