Hello all,
I have a proxmox server with some VMs on it.
I want to make an Ubuntu 22.04 template with cloud-init but I have a problem later with the ansible user.
The question are :
- how to do the point 1 below ?
- is it good to create ansible user directly in proxmox template ?
I am sorry if this post is difficult to read but english is not my native language and configuration is a bit tricky for me to understand.
The main goal is :
- to install the certificat directly to the ansible user to not have to enable ssh_pwauth
- to have an username equal to the machine name with uid 1000 (example below with docker05). This user will be used later to launch the docker container
- to have an ansible user with user id different that 1000
- to have an ansible playbook to do the first configuration steps (apt update, timezone settings, change hostname, …)
The point 4 is already working.
Cloud config
#cloud-config
user: ansible
passwd: {expire: false}
password: xxxxx
ssh_pwauth: True
Template creation
This is the template used for template creation (but little bit customized and added yml snippets to enable ssh by password) : https://www.apalrd.net/posts/2023/pve_cloud/
As I understand, if I add ssh key directly to this script, il will be available for all users and I don’t want this.
- create the template with user “ansible” and ssh with password auth possible in sshd config by adding a snippets with cloud config
Use template to do new VM (example docker05)
- copy the template (full)
- start the vms
- use my ansible “host” with a playbook to connect to the new vm, create user (docker05), disable ansible authentification etc
After these operation, The vms is ready but there are some things not good :
- the user ansible have the 1000 user id that is used most of time by docker compose template by default
- the user ansible is in some group that are not needed (video, plugdev, …)
- the user docker05 who exec docker have the id 1001 so I must change my docker compose file according to this uid
- if I add a cert to
If I understand your question right You have ssh_authorized_keys where you put ssh keys for each user https://cloudinit.readthedocs.io/en/stable/reference/modules.html#users-and-groups And about UID users has field ‘uid’ that you can set (more in this doc above)
About second question it’s up to you :) in my terraform I have cloudinit template where I pass hostname, apt packages and additional commands after setup as terraform templatefile