Proxmox VE Full Course: Class 8 - Creating Container Templates

Originally published at: Proxmox VE Full Course: Class 8 – Creating Container Templates – LearnLinuxTV

Welcome back to LearnLinuxTV’s full course on Proxmox Virtual Environment! In class #8, we look at the process of converting a container into a template, that can then be used as a basis for launching additional containers.

1 Like

I just wanted to note that @jay says at 5:30 that you don’t want to disconnect your ssh session after deleting the host keys…

One really nice thing about proxmox is that you can always log in to the console from the GUI even if you have screwed up your ssh config.

Very helpful for people like me.

In the end of this video, @jay assigns the homework of how to automate the process of creating a template.

Below is a script I use to prepare a container to become a template. I am also learning systemd at the same time so this might be a bit overly complicated.

# I use apt-cacher-ng to cache .deb file before installation 
echo 'Acquire::http::Proxy "";' | sudo tee -a /etc/apt/apt.conf.d/00aptproxy

# Update cache and upgrade
apt update
apt dist-upgrade -y

# Delete machine-id and ssh_host_* files to prevent potential conflict
truncate -s 0 /etc/machine-id
rm /etc/ssh/ssh_host_*

# Every container is pre populated with an ansible user, password, and public key
# so ansible can contact the container as needed.
useradd ansible -s /bin/bash -m -G sudo
#FIXME figure out how to set password without needing to hardcode it here.
echo ansible:******** | chpasswd
sudo -H -u ansible bash -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa'
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZU7YrdJij2vchTR5csMI+C2I13FYbrpsvnWTO+yGhy/Zw+rAC64slHp57f6E3qhimX0t+CeVV0UBAmRKt9gdi3ZeeOLu0BpzC2RMjOvhTlqBkZ8CoGysRqoaeBQG8loMRlaaOWifFcdAEILEgp6wri4xwHJwt2SLV9FeNJ9eRb0i/IflPbzwMP7EIm4Kn0vtl8XIdsSfqO1FT+2hR3SvrnY7GB7vNcQhb0WB8vaszcNxy9E1T1shBNiBlZKstoMFtV8uN2BuupIzNrG+y4ySMWa/+g2jN8QUu095EhTSNaVzK46A72j23mOvxOKJp/IFUvAZQvscj6uTZAwxESsax4Q2zdGKeYKmkErc8Vjee6rRSsUfk+1NRS/60I/Z99f7zGmvQcXRGuMuYh9QxNXMvlY/Fn9XT7CQbPsqWxG/ehpIBGmV65yPE9T21hKg7bVlo0PnyHa3A+Dt/7rKTfVCev/h+80BzBe6rmCZx/PdRb9bHiKs/tMKi6ePvDmkzECc= ansible@ansible' | sudo tee -a /home/ansible/.ssh/authorized_keys

# Create a systemd service which runs whenever the cloned system boots
tee /etc/systemd/system/firstboot.service <<EOF
Description=One time boot script

# Enable the firstboot service
systemctl enable firstboot.service

#Create the script which run by the firstboot serivce
# The special sauce is that the scrip disables the firstboot service, deletes
# the firstboot.service file and itself after running.
tee / <<EOF
rm /etc/ssh/ssh_host_* 
dpkg-reconfigure openssh-server

systemctl disable firstboot.service 
rm -rf /etc/systemd/system/firstboot.service
rm -f /

# Make firstboot exacutable
chmod +x /

#Clean the apt cache and unnesessary packages
apt clean
apt autoremove

#convert to template

Not sure what I am doing wrong with this, I had the same problem with the previous video.What was happening is I couldn’t ssh into the server, the ssh config files were still missing. I found that if you entered “sudo cloud-init clean” it would recreate the ssh configs. But with the container I do not see that “fix” . I know I can recreate them with the console, but want to know why they didn’t reconfigure on their own.

I haven’t had a chance to look at this in a while, but it’s entirely possible there could be a bug in the container image that prevents it from working. That’s just a guess though, I’d need to spend some time recreating the scenario to know for sure. Containers in Proxmox shouldn’t behave differently, but as we all are aware, there are definitely edge-cases.