bisol

joined 1 year ago
 

Hello all,

I have a proxmox server with some VMs on it.

I want to make an Ubuntu 22.04 template with cloud-init but I have a problem later with the ansible user.

The question are :

- how to do the point 1 below ?

- is it good to create ansible user directly in proxmox template ?

I am sorry if this post is difficult to read but english is not my native language and configuration is a bit tricky for me to understand.

The main goal is :

  1. to install the certificat directly to the ansible user to not have to enable ssh_pwauth
  2. to have an username equal to the machine name with uid 1000 (example below with docker05). This user will be used later to launch the docker container
  3. to have an ansible user with user id different that 1000
  4. to have an ansible playbook to do the first configuration steps (apt update, timezone settings, change hostname, ...)

The point 4 is already working.

Cloud config

#cloud-config
user: ansible
passwd: {expire: false}
password: xxxxx
ssh_pwauth: True

Template creation

This is the template used for template creation (but little bit customized and added yml snippets to enable ssh by password) : https://www.apalrd.net/posts/2023/pve_cloud/

As I understand, if I add ssh key directly to this script, il will be available for all users and I don't want this.

  1. create the template with user "ansible" and ssh with password auth possible in sshd config by adding a snippets with cloud config

Use template to do new VM (example docker05)

  1. copy the template (full)
  2. start the vms
  3. use my ansible "host" with a playbook to connect to the new vm, create user (docker05), disable ansible authentification etc

After these operation, The vms is ready but there are some things not good :

  1. the user ansible have the 1000 user id that is used most of time by docker compose template by default
  2. the user ansible is in some group that are not needed (video, plugdev, ...)
  3. the user docker05 who exec docker have the id 1001 so I must change my docker compose file according to this uid
  4. if I add a cert to
[–] bisol@alien.top 1 points 1 year ago

https://newreleases.io/

Newreleases is good to watch favourite github / docker images too.

For a tool, yes, watchtower or pullio (https://hotio.dev/scripts/pullio/)