Proxmox VE Full Course: Class 8 - Creating Container Templates

Originally published at: Proxmox VE Full Course: Class 8 – Creating Container Templates – LearnLinuxTV

Welcome back to LearnLinuxTV’s full course on Proxmox Virtual Environment! In class #8, we look at the process of converting a container into a template, that can then be used as a basis for launching additional containers.

1 Like

I just wanted to note that @jay says at 5:30 that you don’t want to disconnect your ssh session after deleting the host keys…

One really nice thing about proxmox is that you can always log in to the console from the GUI even if you have screwed up your ssh config.

Very helpful for people like me.

In the end of this video, @jay assigns the homework of how to automate the process of creating a template.

Below is a script I use to prepare a container to become a template. I am also learning systemd at the same time so this might be a bit overly complicated.

# I use apt-cacher-ng to cache .deb file before installation 
echo 'Acquire::http::Proxy "http://apt-cacher.lan.arpa:3142";' | sudo tee -a /etc/apt/apt.conf.d/00aptproxy


# Update cache and upgrade
apt update
apt dist-upgrade -y


# Delete machine-id and ssh_host_* files to prevent potential conflict
truncate -s 0 /etc/machine-id
rm /etc/ssh/ssh_host_*


# Every container is pre populated with an ansible user, password, and public key
# so ansible can contact the container as needed.
useradd ansible -s /bin/bash -m -G sudo
#FIXME figure out how to set password without needing to hardcode it here.
echo ansible:******** | chpasswd
sudo -H -u ansible bash -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa'
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZU7YrdJij2vchTR5csMI+C2I13FYbrpsvnWTO+yGhy/Zw+rAC64slHp57f6E3qhimX0t+CeVV0UBAmRKt9gdi3ZeeOLu0BpzC2RMjOvhTlqBkZ8CoGysRqoaeBQG8loMRlaaOWifFcdAEILEgp6wri4xwHJwt2SLV9FeNJ9eRb0i/IflPbzwMP7EIm4Kn0vtl8XIdsSfqO1FT+2hR3SvrnY7GB7vNcQhb0WB8vaszcNxy9E1T1shBNiBlZKstoMFtV8uN2BuupIzNrG+y4ySMWa/+g2jN8QUu095EhTSNaVzK46A72j23mOvxOKJp/IFUvAZQvscj6uTZAwxESsax4Q2zdGKeYKmkErc8Vjee6rRSsUfk+1NRS/60I/Z99f7zGmvQcXRGuMuYh9QxNXMvlY/Fn9XT7CQbPsqWxG/ehpIBGmV65yPE9T21hKg7bVlo0PnyHa3A+Dt/7rKTfVCev/h+80BzBe6rmCZx/PdRb9bHiKs/tMKi6ePvDmkzECc= ansible@ansible' | sudo tee -a /home/ansible/.ssh/authorized_keys


# Create a systemd service which runs whenever the cloned system boots
tee /etc/systemd/system/firstboot.service <<EOF
[Unit]
Description=One time boot script
[Service]
Type=simple
ExecStart=/firstboot.sh
[Install]
WantedBy=multi-user.target 
EOF

# Enable the firstboot service
systemctl enable firstboot.service


#Create the script which run by the firstboot serivce
# The special sauce is that the scrip disables the firstboot service, deletes
# the firstboot.service file and itself after running.
tee /firstboot.sh <<EOF
#!/bin/bash
rm /etc/ssh/ssh_host_* 
dpkg-reconfigure openssh-server

systemctl disable firstboot.service 
rm -rf /etc/systemd/system/firstboot.service
rm -f /firstboot.sh
EOF

# Make firstboot exacutable
chmod +x /firstboot.sh

#Clean the apt cache and unnesessary packages
apt clean
apt autoremove

#convert to template