Implement Proxmox VE (proxmoxve) Support
#1652
Comments
|
Related issues: #736 and coreos/ignition#1790 |
|
Afterburn implementation will have to be completely different from ibmcloud: they use a weird MIME-encoding format for SSH keys and such that seems pretty unique to them. Since Ignition can provide ssh keys (and Proxmox doesn't actually have a UI for any of my proposed Ignition support), maybe we can ignore Afterburn for this platform? If using the custom cloud-init support as I am suggesting then I don't think any other/extra metadata (such as the hostname) will available to the platform. If it means anything, my personal workflow for CoreOS on Proxmox so far is the following:
Then, if I clone the VM template in Proxmox, it's ready for a Proxmox-style cloud-init provisioning data to install any necessary packages, create users, set SSH keys, and any other provisioning. This can actually be set via the Proxmox GUI. A negative side effect of doing the above and not providing any authentication information via Ignition or Afterburn (and then essentially replacing Afterburn with cloud-init) is that the VM will warn you that Ignition and Afterburn weren't provided with any provisioning data. Another negative side effect is that, of course, Ignition is the RedHat/Fedora/CoreOS/Flatcar way, not cloud-init. But it works -- I've deployed CoreOS (as well as ublue-os/ucore) this way for simple homelab workloads, and they're solid as ever |
|
Re. Afterburn support, there's a pending PR for it already in coreos/afterburn#1023, so we can just link to that from the checklist. It hasn't been reviewed in depth yet, but I don't see anything about having to decode SSH keys there. Re. the cloud-init UX, we definitely want to avoid users jumping through those hoops. Ignition and Afterburn should be able to read from the same metadata sources that cloud-init does to provision the node (i.e. files in attached config drive). From my understanding of #736, the Proxmox UI doesn't make it easy to pass !cloud-init userdata, but it is possible on the command line (see #736 (comment)). |
|
Indeed, Proxmox only allows you to pass arbitrary data using the command line. coreos/afterburn#1023 is reading Proxmox-style cloud-init data anyway, rather than Ignition data shoehorned into place as I was suggesting. I think that this would make a much better user experience, at the expense of being more limited than arbitrary Ignition data. The only reason I didn't suggest doing this was because I figured that interpreting the cloud-init data sources might be out-of-scope for the Ignition project, and of course it's more limiting, but I do think it would provide a better UX. Perhaps both could be supported? In other words, if the first line of |
|
I am looking to start using FCOS on a test Proxmox VM host. Is there anything I can do to help out with this endeavor? It looks like coreos/ignition#1790 needs testing and review. @dustymabe if you or @jlebon can point me in the right direction for doing the testing, I offer myself as tribute. I should have my test Proxmox server online in a few weeks. |
|
@b- I presume #736 (comment) is still the latest state of things? I.e. that there is no sane way for users to provide arbitrary user-data to the instance without jumping through various hoops? So obviously, ideally we would enhance Proxmox to allow that more easily. I'm confused though, putting aside the CLI/API workarounds, if Proxmox fully owns the generated cloud-init, how do users provide their own cloud-init to do whatever else they want? Or is there a section of the web UI where they can type in extra cloud-init configs that get merged in? (Or is the expectation that you basically always just follow up with some config mgmt tool?) |
|
So basically if I'm understanding this right:
So Proxmox essentially uses cloud-init user-data as its platform metadata mechanism. Which... isn't great but we can live with I guess.
I'm kinda thinking actually that we just keep this in Afterburn and don't add any Ignition support for this at all for now if we don't really expect users to jump through the hoops necessary to set an Ignition config. (Though if there's an RFE somewhere in progress to have Proxmox make it easier to pass your own user-data, that changes things.) Afterburn would just parse the strict subset of the cloud-init YAML schema that Proxmox uses. If it's somehow possible for users to pass in some custom cloud-init snippets that get merged in, then we should error out so we don't pretend to understand all of cloud-init's schema. |
|
maybe we could hook into the https://pve.proxmox.com/wiki/Cloud-Init_Support#_custom_cloud_init_configuration |
That is correct.
I like this idea a lot. I think this probably would be the simplest path forward to making Proxmox-flavored CoreOS images that anybody could use. |
|
also of interest - some discussion of support for fw_cfg upstream: https://bugzilla.proxmox.com/show_bug.cgi?id=4068#c5 |
This is what I was suggesting as an additional/alternative to parsing the Proxmox-flavored subset of the cloud-init yaml. The nice things about this approach is that it could also work on bare metal, as well as any other hypervisor, if one just makes a disk with the right volume name, format, and a single file or two. Perhaps maybe a separate "baremetal" target could be made that would accept an ignition file passed via cicustom or on a USB stick/CD drive with the proper volume name? EDIT: (because I don't want to spam this topic)
I mean this with the utmost respect to the Proxmox team, but that issue and many other "nice to haves" on their bugzilla never really make much progress. I don't know if it's worth it to wait for them… |
That is correct
Custom cloud-init metadata can be provided via one of two ways: The first way, which is the The second way is to manually create a cloud-init drive. To be clear (and I'm sorry if I keep repeating myself), the way Proxmox actually supplies the cloud-init metadata is by creating an ISO9660 image with a given volume name and a few files with specific filenames on it. I only mention this to make it clear why I think that a separate target format ("baremetal") supporting a custom ignition config provided that way as well would be nice: You could manually (or with a simple script) build an image or physical disk following that format, and then provide that to either any generic VM or baremetal PC, without needing to also supply boot args. [1]: Proxmox terminology for text file like an ignition file, or a shell script ("hook script") to be run on VM operations |
|
Hi everyone, First, I would disregard anything based on hook scripts. This is our current setup in order to provide ignition configuration to the guest OS on proxmoxve, it is quite messy, the surface of modification to be applied on the proxmoxve cluster is non trivial, and updating scripts is cumbersome => This is why we started to work with @arcln on afterburn and ignition. The afterburn modification (for instance coreos/afterburn#1023) which allows it to parse cloud-init metadata generated by Proxmoxve is from my standpoint the minimal viable modification necessary for smooth operations of afterburn based OSes. It does not specifically respect the intent of ignition based OSes, but at least render them usable on a proxmoxve setup. Then, should you want to benefit from ignition (and we rather do !), it seems that the most logical/reasonable path is :
From our standpoint we would rather have the two PR validated / corrected and then merged as it would allow full control of the OS through proxmoxVE API (with proper terraform support btw), as well as basic OS configuration through GUI. Happy to discuss / challenge this point of view ... |
|
OK, so it sounds like the How does this compare to the "attach your own ISO" approach? Does that require any special privileges? Is it part of the regular UX of a Proxmox user? (I.e. how common is it to have to resort to generating your own ISO to attach to your VM?) I think it'd be nice to support passing in Ignition configs, but it sounds to me like we need to optimize for the Afterburn cloud-init case instead to better match expectactions (i.e. that'd be what we primarily document, and the custom Ignition case would be an advanced section). |
|
The main problems related to building a custom iso (for instance through terraform on a station) are the upload to the proxmoxve cluster as well as the storage medium configured at the cluster level to receive such file. Should you want to stick with custom iso, it would require:
Or you can leverage from proxmoxve snippets:
I am very much in favor of the later option for two reasons:
but I admit that it requires a modification of ignition in order to look at the right location (as proposed in coreos/ignition#1844) |
|
@abuisine are you certain that snippets can be uploaded via the API? That's the snag I got caught on when working on this a few months ago — I could not find an API call to actually upload or create a snippet. I looked pretty thoroughly… and I'm 100% certain there's no GUI method to manage snippets. (Additionally, snippet storage isn't configured by default last time I checked either, so I also am not sure what you mean by "replicated by default") If there is such an API call (and by all means there should be one), I absolutely agree that snippets + cicustom are the right way for this. But as it stands it seems to be missing parts. To be clear, the only reason I suggest actually making a custom iso is because driving the cicustom methods via API seems impossible as it stands. I don't think a custom ISO is ideal, but rather just a relatively reasonable way to work around the lack of a complete API. |
|
Hi, let me double check all this and get back to you. |
|
Hi @b- Regarding the replication of snippets, we usually configure their path on So in light of this, I guess the arguments to justify an ignition modification are minimal: I think we still prefer (at Enix, the company I am working at with @arcln) to upload a json file as a snippet and let proxmoxve generate the iso for us. The argument behind this is more related our usage of terraform. We would rather generate an ignition through a terraform provider like https://github.com/community-terraform-providers/terraform-provider-ignition, rather than an iso image ... because it requires some extra binaries like So in short the question would be : |
|
For the reasons mentioned above, I do think that supporting the Proxmox subset of cloud-init would still be more useful to more people than ignition-as-cicustom data. Ideally both would be supported (possibly in their own separate flavors), but _It Would Be Nice_™ to be able to spin up a CoreOS VM on Proxmox without messing around with anything, too… |
|
Can you confirm the following: Support of the Promox subset of cloud-init only requires an afterburn modification. Support of ignition-as-cicustom data requires an ignition modification and is probably less useful. For the CoreOS VM on Proxmox without messing around with anything ... apart from DHCP I guess we are far from the goal :P |
|
Can someone provide an example of a Proxmox-provided cloud-init config? Is e.g. https://github.com/enix/afterburn/blob/proxmoxve/tests/fixtures/proxmoxve/dhcp/user-data (from coreos/afterburn#1023) an accurate example? (Weird that they would provide both The thing is there are keys in there that Afterburn is not really designed to handle and I don't think we should add support for. Basically of the user-data we should just support Re. Anyway, short-term the problem there is that we'll simply not be able to apply the network config on FCOS, which means that... yeah just DHCP will work. We should document that limitation too. I think for completeness we indeed should also add support in Ignition for advanced users. In that case, (1) Ignition should no-op if the user-data starts with |
|
The config you'll find in Afterburn tests (the one you linked) was directly copied from Proxmox VE and is accurate. For the Finally, our Afterburn PR looks for |
Actually the other way around, at least on an Ubuntu 22.04 VM I provisioned on my home server. This behavior is definitely weird and confusing, but it sort of makes sense? I set a username in the Proxmox Web UI (e.g., If you leave the I haven't tested it specifically in a while, but what's supposed to happen in such a situation (with no user-provided username) is that a distro-specific default username is chosen (e.g., But if you do specify a username (e.g., |
|
OK gotcha. In that case, we can't support that either. I think we can basically say that we'll always create the Ideally, we could add metadata to the image somehow that Proxmox could query to know what is/isn't supported and reflect that in the web UI. But ideally ideally, Proxmox would have first-class support for Ignition and/or custom user-data. :) |
I think this is reasonable, as long as setting the
I imagine this might be possible in "the future™," at least because Proxmox's LXC support relies on a similar metadata to pick some distro-specific behavior.
Hard agree. Honestly, I wish they could at least do what Oracle Cloud's web UI does, which is a big text box whose contents becomes the @jlebon would it be useful for me to attach a |
Yeah, ignoring it will give that behaviour. (We always create the
I think there's an example config in the Afterburn PR tests: https://github.com/enix/afterburn/blob/proxmoxve/tests/fixtures/proxmoxve/static/network-config |
Implement Proxmox VE (
proxmoxve) SupportThis issue is to track support for the Proxmox VE hypervisor, which is a free and open source KVM+Qemu platform.
The official reserved platform ID is
proxmoxve, and the implementation is probably going to be mostly ripped from theibmcloudprovider to start with, as it uses the same standard for its own cloud-init data.The format for this issue is taken from the Implementing a new emerging platform document.
During Development
Create PRs addressing the following:
If the platform supports it (unlikely), add userdata deletion(Cloud Only) Add check-in if needed (unlikely)provisioning-<platform>.adocthat walks through how to setup the new platformmodules/ROOT/nav.adocthat points to new documentationmerge documentation with
guestfishcommands:At Release
There are no "At Release" steps as we do not produce new boot images for
emerging platforms/
The text was updated successfully, but these errors were encountered: