RE: Custom config / cloud-init

@Pilow password: as a global option and passwd: or plain_text_passwd: under users: key are two different things. The first one sets the password for the default user, ubuntu on Ubuntu if I recall correctly, while the others set password for the user specified in the users: key.

Read the docs people

What he is talking about is Security Identifier (SID) and is specific to Windows. Each Windows machine must have a unique SID in an AD environment. Cloned machines will have identical SID which is bad.

The solution to this problem is sysprep, a Windows tool that will reset SID and other parameters so that each Windows installation is uniquely identifiable. This is something done inside a machine, of course, and is not something that can be done on HV level. VMware, and Hyper-V as seen here, have integrated support for invoking sysprep (or equivalent) during the machine cloning process. This is achieved by sending a signal to the management agent inside a machine (e.g. VMware Guest Tools).

As far as I know, XenServer/XCP-ng management agent is rudimentary and does not have this functionality. In world of XenServer/XCP-ng, machine has to be syspreped manually before it is cloned.

@acebmxer Great. These are some YAML basics. You should read more about it . Following AI instructions without understanding is not going to take you far.

Just to confirm. After copying new install.img to my PXE environment, unattended installation went smoothly with my answer file.

A milestone has been achieved . All of my modules have been merged upstream. I've updated the first post with new info.

That will most probably be all for Ansible 2.8. I'm keeping some improvements and possibly more modules for Ansible 2.9. Currently, I'm thinking about what other modules could be useful so I could implement them. Any suggestion or wish would be much appreciated.

@nuentes Oh no, no. Your system is not destroyed beyond repair. It can be repaired. It's just that it is almost impossible or too much of a hustle for anyone to try to help you over forum. Someone has to sit in front of your machine to do it.

My only guess is that ChatGPT instructed you to make changes based on a CentOS system but XCP-ng and Xen virtualization in general is much different than regular CentOS. It has two stage boot process. First the Xen kernel boots and then a special virtual machine called Dom0 is booted. What you are accessing and reconfiguring is in fact this VM, not the underlying "system". So it's like a two layer system and some configuration must be done on Xen layer, some on Dom0 layer. I'm unfortunately unfamiliar with exact specifics on kernel and initrd image generation for this case so I can't spot where thing have gone wrong.

In short terms. Instead of going back and forth and trying a lot of different things, it's more time saving and simpler to reinstall the system and restore metadata if you already have a backup.

Has anyone been able to install Ubuntu 24.04 in VM from current official ISO? It seems that official ISOs (i.e. installer) still use unpatched kernel 6.8.0-22. Are there any newer ISO builds that I'm not aware of?

EDIT:
Sorry. False alarm. I screwed up my PXE settings. There was some leftover kernel and initrd images from beta versions of ISO. Kernel and initrd from latest ISOs work properly.

@acebmxer Did you do:

cloud-init clean --logs --seed

before converting the VM to template?

Also, network configuration is not part of the cloud-config (aka user data). In XO, there is a separate field called "Network config" where it should be specified. See examples at the end of the guide I pasted earlier. network: key should also be removed (commented in the examples).

@acebmxer said in Custom config / cloud-init:

Think I figured it out. first i was using the wrong key. A lot of going back and forth trying new keys forgot to swap back to original...

new config...

#cloud-config
hostname: {name}
users:
  - name: newusername
    gecos: New User
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: users, admin
    shell: /bin/bash
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3....18ZbA

Any suggestions should I not use something in the above config if the server was in production?

• Well... NOPASSWD:ALL can be considered a security issue because user is not required to type a password to gain root privileges. If someone gains access to this user via for example stolen SSH key or some exploit, it will automatically have access to the root user.

• It is enough to put the user into "sudo" group for it to gain sudo privileges (with password required) because there is already this global sudoers rule:

  %sudo ALL=(ALL:ALL) ALL

• Adding the user to users and admin groups is a little bit contradictory. It should either be users or admin. Also, admin group does not exist on Ubuntu 24.04. It existed in some earlier versions but I'm not sure when and why it disappeared. It's best to just add the user to the sudo group so it can run commands as root and adm group (yes adm, not "admin") so it can view system logs (/var/log) without using sudo. This is if you are creating admin type user. If the user is just a regular user, you can add it to the users group but it's not necessary. If you are confused, don't worry, I'm too .

This is for Ubuntu, other operating systems have other principles and rules so there is no universal solution.

@BSmithITGuy said in Ubuntu 22.04.5 custom template - additional steps missing from documentation:

If you are trying to create an Ubuntu template and are having trouble on XCP-NG 8.3 (some or all probably applies to previous versions), keep reading.

Very nice. Very thorough. This inspired me to share a relevant part of my cleanup script. Maybe it will be of some additional help to everyone:

echo "Resetting machine ID..."
> /etc/machine-id
rm -f /etc/machine-info

echo "Cleaning APT cache..."
apt-get clean

echo "Removing netplan configuration..."
# Ubuntu < 24.04
rm -f /etc/netplan/00-installer-config.yaml
# Ubuntu >= 24.04
rm -f /etc/netplan/50-cloud-init.yaml

echo "Cloud-init cleanup..."
if [[ -f "/etc/cloud/clean.d/99-installer" ]]; then
    chmod a-x /etc/cloud/clean.d/99-installer
fi

# Ubuntu < 24.04
rm -f /etc/cloud/cloud.cfg.d/99-installer.cfg /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
# Ubuntu >= 24.04
rm -f /etc/cloud/cloud.cfg.d/90-installer-network.cfg

if [[ -x "$(command -v cloud-init)" ]]; then
    cloud-init clean --logs --seed
else
    echo "  No cloud-init detected. Skipping cloud-init cleanup!"
fi

echo "Removing SSH host keys..."
find /etc/ssh/ -type f -name 'ssh_host_*' -delete

The code is self explanatory but here are some additional tips:

• It's nice to do cleanup of APT cache. This will free up some space but also force the user to update APT cache on first run after VM has been provisioned. If APT cache is not cleaned, it will grow stale over time inside a template and, after some time, package installation in new VMs will start to break. Doing apt update before any package installation is good practice but people tend to easily forget it. This will force them to do it.
• Ubuntu installer relies on some cloud-init config for some first boot setup which has to be removed if cloud-init is to be used once again for provisioning VMs. You correctly identified these files for removal but there is a difference in Ubuntu older than 24.04 and Ubuntu 24.04 and newer.
• The reason I do chmod a-x /etc/cloud/clean.d/99-installer is to prevent cloud-init from removing /etc/cloud/ds-identify.cfg when doing cloud-init clean (default behavior). Because I override the default /etc/cloud/ds-identify.cfg, I don't want cloud-init clean to remove it. I remove all the other files explicitly. Additional note, /etc/cloud/clean.d/99-installer should not be removed. It should just be chmoded because it is part of the cloud-init package and will reappear on cloud-init package update.
• It's better to use cloud-init clean --logs --seed command to clean any runtime cloud-init leftovers and logs instead of removing them explicitly like rm -rf /var/lib/cloud/instance.
• SSH host keys should be removed so that they can be regenerated on first boot of newly provisioned VM. If you don't do it, all your VMs will have same host keys which could be considered as security issue.

@denis.grilli I understand... but my experience is that even with the default scanning interval the logs become the problem when you get in the range of tens of SRs, thousands of disks. MajorP93's infra is quite small so I believe there is something additional that is spamming the logs... or there is some additional trigger for SR scan.

Update: maybe the default value changed in recent versions?

@Pilow agreed. This shouldn't be the norm. auto-scan-interval=120 is not going to be good for everyone. The majority of people probably don't have any problem with the default value, even in larger deployments.

On the other hand, the real cause of the issue is still elusive.

@MajorP93 Amount of logging is directly proportional to the number of hosts, VMs, SRs and clients (Xen Orchestra, XCP-ng Center...). If you have a lot of those, it's rather normal to have huge logs.

Now, 5 hosts and 2 SRs does not seem to be much so I wouldn't expect you to have problems with huge logs. There could be something going on there. Try restarting your hosts to clear any stuck processes and internal tasks that could potentially spam the logs.

We started having problems with /var/log size when we got in a range of 15+ hosts, 10+ SRs and 1000+ VMs per pool. Unfortunately, log partition cannot be expanded as it is at the end of the disk, followed only by the swap. The workaround we did is to patch the installer to create a large 8GB log partition instead of standard 4GB. Of course, we had to reinstall all of our hosts.

@acebmxer rc in first column means "residual configuration". This means that the package is removed but there are some leftover configuration files so that, for example, when you reinstall the package at later time, the package will use preserved configuration. To remove residual configuration and package completely, use:

sudo apt purge xen-guest-agent

@acebmxer Great. These are some YAML basics. You should read more about it . Following AI instructions without understanding is not going to take you far.

@acebmxer said in Custom config / cloud-init:

...

network:
  version: 2
  ethernets:
    enX0:      # or whatever your interface name is
      dhcp4: false
      addresses: - 10.100.10.206/24
      gateway4: 10.100.10.254
      nameservers:
          addresses:
               - 10.100.10.254
               - 1.1.1.1

Address should be on the next line:

      addresses:
      - 10.100.10.206/24

Regarding 50-cloud-init.yaml, AI is lying .

@nuentes metadata in this context is just XAPI database. In other words, it only contains information about your VMs, SRs, networks, pools etc. It does not contain anything system level. It is not a backup of the host system.

As far as I know, but someone from Vates can confirm, metadata backup functionality in XO is based on XAPI pool-dump-database command:

xe pool-dump-database file-name=dump.xml

There is some info about it here:

https://docs.xenserver.com/en-us/xenserver/8/dr/backup.html

P.S. I guess metadata backup is also XML just like XAPI state file (database). I don't know why JSON came to my mind regarding metadata backup.

@Greg_E Theoretically yes. I've never been in such situation so I would have to learn, experiment and improvise along the way. If you can mount the file system of the host, you can find XAPI database in this location:

/var/lib/xcp/state.db

This is an XML formated file. I don't know if this is the same format as metadata backup (I think it's JSON instead). So you could possibly restore this file to proper location and restart the host but you would probably need to change some references in it, like UUIDs of local file systems on a freshly installed system. Other possibility is that the state file could be converted to metadata backup and imported but I'm not aware of there being any such conversion tool. It would have to be improvised.

There is always alot you can do. It just depends how deep you want to go, how complex you can go and how much time you can spare.

@acebmxer Did you do:

cloud-init clean --logs --seed

before converting the VM to template?

Also, network configuration is not part of the cloud-config (aka user data). In XO, there is a separate field called "Network config" where it should be specified. See examples at the end of the guide I pasted earlier. network: key should also be removed (commented in the examples).

@nuentes Oh no, no. Your system is not destroyed beyond repair. It can be repaired. It's just that it is almost impossible or too much of a hustle for anyone to try to help you over forum. Someone has to sit in front of your machine to do it.

My only guess is that ChatGPT instructed you to make changes based on a CentOS system but XCP-ng and Xen virtualization in general is much different than regular CentOS. It has two stage boot process. First the Xen kernel boots and then a special virtual machine called Dom0 is booted. What you are accessing and reconfiguring is in fact this VM, not the underlying "system". So it's like a two layer system and some configuration must be done on Xen layer, some on Dom0 layer. I'm unfortunately unfamiliar with exact specifics on kernel and initrd image generation for this case so I can't spot where thing have gone wrong.

In short terms. Instead of going back and forth and trying a lot of different things, it's more time saving and simpler to reinstall the system and restore metadata if you already have a backup.