Thanks to Christian Hofstaedtler and Peter van Dijk I discovered Proxmox-VE, an Open Source virtualization platform for running Virtual Appliances and Virtual Machines. I could fill reams of paper telling you about all the things I don’t know about Proxmox, but I won’t; their Web site takes care of that…

Here’s a screen shot of what the rather slick Web console looks like as it’s running in a Virtualbox on my Mac at the moment.


Proxmox supports KVM and OpenVZ in a single package, and I’m currently interested in running lots of OpenVZ containers from templates which are basically extracted “into” Proxmox and then launched.

There are a few settings I need tweaked on a container before I can use it: I have to create a user and provision an SSH key for running Ansible against the containers.

One solution would be to extract the content of the template (a compressed tar file), modify its content and repackage, but I supposed it could be done a bit more elegantly, which it can.

OpenVZ supports so-called action scripts, which run, say, when a container is started or stopped. This is what I finally came up with.

In Proxmox, the container configuration files are located in /etc/pve/nodes/proxmox/openvz. Herein I create vps.mount which is run by the host when a container is mounted:


.  /etc/pve/nodes/proxmox/openvz/ &
exit 0

(Note how is sourced into the background and then disowned – we must not block at this point because OpenVZ is starting the container.)

Within we have to wait a bit until the container is online (i.e. running). I’m omitting that here, but I ought to check with vzctl whether the container status actually is "running". Instead I just wait a bit, hoping that the container will be ready within ten seconds.


sleep 10

/usr/sbin/vzctl runscript ${VEID} /etc/pve/nodes/proxmox/openvz/run-in-ct

By now, Proxmox has started the container, and our script is sleeping. At the end of it’s rest, it will use vzctl to run the run-in-ct script in the actual container: the manual says about runscript:

runs specified shell script in the container. Argument script is a file on the host system which contents is read by vzctl and executed in the context of the container. For a run‐ ning container, the command jumps into the container and executes the script.

And what does my run-in-ct script do? It creates a user and sets up an SSH public key so that I can provision the container with Ansible.


# This script is run in a container

cat > /etc/profile.d/ <<!EOPROFILE
set -o vi
alias l='ls -l'
alias r='fc -e -'

if ! grep -q '^ansible:' /etc/passwd; then
	groupadd --force --gid 1000 ansible

	useradd --comment 'Ansible' \
		--home-dir /home/ansible \
		--gid ansible \
		--no-create-home \
		-r \
		--shell /bin/sh \
		--uid 1001 ansible

if ! test -d /home/ansible; then
	mkdir -p /home/ansible
	chown ansible:ansible /home/ansible

if ! test -d /home/ansible/.ssh; then
	mkdir -p /home/ansible/.ssh
	chown -R ansible:ansible /home/ansible/.ssh

if ! test -f /home/ansible/.ssh/authorized_keys; then
	cat > /home/ansible/.ssh/authorized_keys <<EOF
ssh-dss AAAAB3Nz .... 5ug3PLO9D3D7TBSZ2Pw== ansible-prov
	chown ansible:ansible /home/ansible/.ssh/authorized_keys
	chmod 600 /home/ansible/.ssh/authorized_keys

cat > /etc/sudoers.d/ansible <<!ENDSUDOERS
chmod 440 /etc/sudoers.d/ansible

Whether I start containers from the Proxmox CLI with vzctl or from the Web interface is irrelevant: in both cases these steps are performed. I like to think this is like a mini-kickstart for OpenVZ containers. :-)

I use Proxmox-VE as a portable data center.

OpenVZ, Proxmox, and virtual :: 28 Nov 2012 :: e-mail