Thanks to Christian Hofstaedtler and Peter van Dijk I discovered Proxmox-VE, an Open Source virtualization platform for running Virtual Appliances and Virtual Machines. I could fill reams of paper telling you about all the things I don’t know about Proxmox, but I won’t; their Web site takes care of that…
Here’s a screen shot of what the rather slick Web console looks like as it’s running in a Virtualbox on my Mac at the moment.
Proxmox supports KVM and OpenVZ in a single package, and I’m currently interested in running lots of OpenVZ containers from templates which are basically extracted “into” Proxmox and then launched.
There are a few settings I need tweaked on a container before I can use it: I have to create a user and provision an SSH key for running Ansible against the containers.
One solution would be to extract the content of the template (a compressed tar file), modify its content and repackage, but I supposed it could be done a bit more elegantly, which it can.
OpenVZ supports so-called action scripts, which run, say, when a container is started or stopped. This is what I finally came up with.
In Proxmox, the container configuration files are located in /etc/pve/nodes/proxmox/openvz. Herein I create vps.mount which is run by the host when a container is mounted:
#!/bin/bash
. /etc/pve/nodes/proxmox/openvz/talk-to-ct.sh &
disown
exit 0(Note how talk-to-ct.sh is sourced into the background and then disowned –
we must not block at this point because OpenVZ is starting the container.)
Within talk-to-ct.sh we have to wait a bit until the container is online
(i.e. running). I’m omitting that here, but I ought to check with vzctl
whether the container status actually is "running". Instead I just wait a
bit, hoping that the container will be ready within ten seconds.
#!/bin/bash
sleep 10
/usr/sbin/vzctl runscript ${VEID} /etc/pve/nodes/proxmox/openvz/run-in-ctBy now, Proxmox has started the container, and our script is sleeping. At the end of it’s rest, it will use vzctl to run the run-in-ct script in the actual container: the manual says about runscript:
runs specified shell script in the container. Argument script is a file on the host system which contents is read by vzctl and executed in the context of the container. For a run‐ ning container, the command jumps into the container and executes the script.
And what does my run-in-ct script do? It creates a user and sets up an SSH public key so that I can provision the container with Ansible.
#!/bin/sh
# This script is run in a container
cat > /etc/profile.d/jpm.sh <<!EOPROFILE
set -o vi
alias l='ls -l'
alias r='fc -e -'
!EOPROFILE
if ! grep -q '^ansible:' /etc/passwd; then
groupadd --force --gid 1000 ansible
useradd --comment 'Ansible' \
--home-dir /home/ansible \
--gid ansible \
--no-create-home \
-r \
--shell /bin/sh \
--uid 1001 ansible
fi
if ! test -d /home/ansible; then
mkdir -p /home/ansible
chown ansible:ansible /home/ansible
fi
if ! test -d /home/ansible/.ssh; then
mkdir -p /home/ansible/.ssh
chown -R ansible:ansible /home/ansible/.ssh
fi
if ! test -f /home/ansible/.ssh/authorized_keys; then
cat > /home/ansible/.ssh/authorized_keys <<EOF
ssh-dss AAAAB3Nz .... 5ug3PLO9D3D7TBSZ2Pw== ansible-prov
EOF
chown ansible:ansible /home/ansible/.ssh/authorized_keys
chmod 600 /home/ansible/.ssh/authorized_keys
fi
cat > /etc/sudoers.d/ansible <<!ENDSUDOERS
ansible ALL=(ALL) NOPASSWD: ALL
!ENDSUDOERS
chmod 440 /etc/sudoers.d/ansibleWhether I start containers from the Proxmox CLI with vzctl or from the Web interface is irrelevant: in both cases these steps are performed. I like to think this is like a mini-kickstart for OpenVZ containers. :-)
I use Proxmox-VE as a portable data center.