XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. dj423
    D
    Offline
    • Profile
    • Following 1
    • Followers 0
    • Topics 9
    • Posts 42
    • Groups 0

    dj423

    @dj423

    19
    Reputation
    26
    Profile views
    42
    Posts
    0
    Followers
    1
    Following
    Joined
    Last Online

    dj423 Unfollow Follow

    Best posts made by dj423

    • RE: Cloud-init success

      @VGerris

      Sure, I have several configs in production depending on the use-case/role for the node.

      Here is a sanitized version of one of the more basic configs for Ubuntu images for reference:

      #cloud-config
      hostname: {name}%
      users:
      ## Add users
        - name: user1
          groups: sudo
          lock_passwd: false
          passwd: $6$xxxx.......
          ssh_authorized_keys:
            - ssh-ed25519 <my-key-ed25519>
          shell: /bin/bash
      ## Add ansible acct & key
        - name: ansible
          groups: sudo
          lock_passwd: false
          passwd: $6$xxxxxx736363535353.8ahdVT625S/
          ssh_authorized_keys:
            - ssh-ed25519 <somekey>
          shell: /bin/bash
      package_update: true
      package_upgrade: true
      packages:
        - build-essential
        - htop
        - nano
        - nfs-common
        - git
      locale: en_US.UTF-8
      timezone: America/New_York
      runcmd:
        - mkdir /mnt/v-nas
        - date > /etc/birth_certificate
        - mount /dev/cdrom /mnt
        - bash /mnt/Linux/install.sh
        - umount /dev/cdrom
      
      

      Just add your pw hashes and key strings and tweak what you need for your config. This one is pretty basic so it runs through fairly quick and loads the xen-tools.

      I have a very large "universal" one for Debian, Redhat, Centos, Rocky, Ubuntu with jinja templating and all the snazzy features I can sanitize and share if you like that I use for both VM's and containers.

      posted in Advanced features
      D
      dj423
    • RE: % characters in cloud-init configs render as 0 in instance

      @julien-f said in % characters in cloud-init configs render as 0 in instance:

      @dj423 It should be fixed in the master branch: https://github.com/vatesfr/xen-orchestra/commit/30e6d4b4f14ddbb6ee34cd456e4ca707486df2db

      • {index} is now used in place of %
      • % is still working when Multiple VMs is enabled
      • % and \% will be replaced by % when Multiple VMs is disabled

      Wow! First of all big Thank you for getting that in place so fast. I updated, and for grins provisioned an Oracle 9.4 VM in XO using the same templated config (without the escaped /%) and it worked flawless.

      snippet:
      {% if distro == 'rocky' or distro == 'centos' or distro == 'ol' or distro == 'almalinux' or distro == 'fedora' or distro == 'redhat' %}
      {% set group = 'wheel' %}
      

      Thanks again Julien!

      posted in Infrastructure as Code
      D
      dj423
    • RE: Introduce yourself!

      Hello, I am a systems engineer for a mid sized ISP. I have been mostly a VMware/Vsphere admin going back to 2007 back in my enterprise days. Even played with XEN project a bit prior to jumping into ESX. I started using xcp-ng in my personal lab to prototype cloud-init scripts, Ansible playbooks and other IaC toolstacks, and to have a solid reliable virtualization stack to run my hosted apps, email, and websites. Thanks to the xcp-ng team for such a stable and easy to use system! The support is top notch!
      Dj

      posted in Off topic
      D
      dj423
    • Updated configs for cloud-init

      Re: Cloud-init success

      Had a chance to "refresh" some cloud-init configs for some later distros (Debian 12, Ubuntu 24.04, Rocky Linux 9.3, etc.) so thought I would share some example configs that are used mainly for bootstrapping new VM's and or containers.

      This first one is targeted at deb based distros and sets up an Incus container host. Like most configs I use this one is pretty specific pulling key files and configs from an NFS share, rsyslog target, etc., but gives an idea what can be done for detailed provisioning of instances, aside from just slapping your SSH keys on and letting ansible take over. With this I can have a fresh VM provisioned in about 5 minutes.

      I always like to run a status check after init:

      root@IncusTEST20:~# cloud-init status --long
      status: done
      boot_status_code: enabled-by-generator
      last_update: Sat, 26 Jul 2024 17:29:50 +0000
      detail:
      DataSourceNoCloud [seed=/dev/xvdc][dsmode=net]
      

      Then we can query the user-data to see how it rendered from the config injected into the nocloud datasource:
      root@IncusTEST20:~# cloud-init query userdata

      #cloud-config
          hostname: IncusTEST20
          users:
            - name: foo
              groups: sudo
              lock_passwd: false
              passwd: $6$10023$EKz8eWTDXQO3x7.4ff0ZNJLsl9q6RB.l8pZN9nq8BzT42zzOn7O4r./ybHeVa/l0W0/FARK/2Ttg177ywAP0Z1
              ssh_authorized_keys:
                - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqTfKkUKEGxOi62A9tCWMslqF5i9xm0aMN+ZxWgHuR6 foobar-ed25519-20240725
              shell: /bin/bash
            - name: bar
              groups: sudo
              lock_passwd: false
              passwd: $6$10023$EKz8eWTDXQO3x7.4ff0ZNJLsl9q6RB.l8pZN9nq8BzT42zzOn7O4r./ybHeVa/l0W0/FARK/2Ttg177ywAP0Z1
              ssh_authorized_keys:
                - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqTfKkUKEGxOi62A9tCWMslqF5i9xm0aMN+ZxWgHuR6 foobar-ed25519-20240725
              shell: /bin/bash
          locale: en_US.UTF-8
          timezone: America/New_York
          resize_rootfs: true
          mounts:
            - ["192.168.99.2:/mnt/Vault/lxd", "/mnt/lxd", "nfs", "auto,nofail,noatime,nolock,intr,tcp,actimeo=1800,user,suid", "0", "0"]
            - ["192.168.0.54:/mnt/raid/backup", "/mnt/nas", "nfs", "auto,nofail,noatime,nolock,intr,tcp,actimeo=1800,user,suid", "0", "0"]
          rsyslog:
            remotes:
              log_serv: "192.168.50.35:5140"
          write_files:
            - path: /etc/init.d/incus.sh
              owner: root:root
              permissions: 0o755
              defer: true
              content: |
                #!/bin/bash
                curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc
                sh -c 'cat <<EOF > /etc/apt/sources.list.d/zabbly-incus-lts-6.0.sources
                Enabled: yes
                Types: deb
                URIs: https://pkgs.zabbly.com/incus/lts-6.0
                Suites: $(. /etc/os-release && echo ${VERSION_CODENAME})
                Components: main
                Architectures: $(dpkg --print-architecture)
                Signed-By: /etc/apt/keyrings/zabbly.asc
                EOF'
                apt update -y
                dpkg --configure -a
                apt install incus incus-ui-canonical -y
                mkdir -p /root/.config
                mkdir -p /root/.config/rclone
                mount -a
                cp /mnt/lxd/.config/.encode /root/.encode
                cp /mnt/lxd/.config/rclone.conf /root/.config/rclone/rclone.conf
                chmod 600 /root/.config/rclone/rclone.conf
                # Delete self
                rm "${0}"
          runcmd:
            - mkdir /mnt/lxd
            - mkdir /mnt/nas
            - date > /etc/birth_certificate
            - [ mount /dev/cdrom /mnt ]
            - [ bash /mnt/Linux/install.sh ]
            - [ umount /dev/cdrom ]
            - [ sh, /etc/init.d/incus.sh ]
          package_update: true
          package_upgrade: true
          packages:
            - htop
            - nano
            - curl
            - wget
            - nfs-common
            - btrfs-progs
            - bridge-utils
            - build-essential
            - rclone
      

      Here is a more universal config with jinja templating syntax that can be targeted at many distros and using an 'if distro' will configure the instance based on the distro value in metadata:

      This one targets debian, ubuntu, centos, redhat and rocky linux 8 and up - notice the ##template: jinja at the top, this allows jinja to render and process:

      ## template: jinja
      #cloud-config
      {% set u1 = 'foobar' %}
      {% set u1pass = '$6$10023$EKz8eWTDXQO3x7.4ff0ZNJLsl9q6RB.l8pZN9nq8BzT42zzOn7O4r./ybHeVa/l0W0/FARK/2Ttg177ywAP0Z1' %}
      {% set u1key = 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqTfKkUKEGxOi62A9tCWMslqF5i9xm0aMN+ZxWgHuR6 foobar-ed25519-20240725' %}
      {% set u2 = 'ansible' %}
      {% set u2pass = '$6$10023$EKz8eWTDXQO3x7.4ff0ZNJLsl9q6RB.l8pZN9nq8BzT42zzOn7O4r./ybHeVa/l0W0/FARK/2Ttg177ywAP0Z1' %}
      {% set u2key = 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqTfKkUKEGxOi62A9tCWMslqF5i9xm0aMN+ZxWgHuR6 foobar-ed25519-20240725' %}
      locale: en_US.UTF-8
      timezone: America/New_York
      runcmd:
        - mkdir /mnt/v-nas
        - mkdir /mnt/home
        - date > /etc/birth_certificate
      rsyslog:
        remotes:
          log_serv: "192.168.50.35:5140"
      {% if distro == 'rocky' or distro == 'centos' or distro == 'redhat' %}
      {% set group = 'wheel' %}
      repo_update: true
      repo_upgrade: all
      yum_repos:
        epel-release:
          name: Extra Packages for Enterprise Linux 9 - Release
          baseurl: http://download.fedoraproject.org/pub/epel/9/Everything/$basearch
          enabled: true
          failovermethod: priority
          gpgcheck: true
          gpgkey: http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
      package_upgrade: true
      packages:
        - htop
        - nano
      {% elif distro == 'ubuntu' or distro == 'debian' %}
      {% set group = 'sudo' %}
      package_update: true
      package_upgrade: true
      packages:
        - htop
        - nano
        - build-essential
      users:
        - name: {{ u1 }}
          groups: {{ group }}
          lock_passwd: false
          passwd: {{ u1pass }}
          ssh_authorized_keys:
            - {{ u1key }}
          shell: /bin/bash
        - name: {{ u2 }}
          groups: {{ group }}
          lock_passwd: false
          passwd: {{ u2pass }}
          ssh_authorized_keys:
            - {{ u2key }}
          shell: /bin/bash
      {%- endif %}
      

      Just a note, to consume jinja templating, you need cloud-init 22.x or higher, with the jinja package installed in your template/image.

      For anyone wanting to tinker with these, (these are not my keys or password hashes, these I just threw in for demonstration purposes and for the wiki page). The password for the accounts is "foobar" and the matching private key is:

      -----BEGIN OPENSSH PRIVATE KEY-----
      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
      QyNTUxOQAAACBKk3ypFChBsToutgPbQljLJaheYvcZtGjDfmcVoB7kegAAAKADtgJ2A7YC
      dgAAAAtzc2gtZWQyNTUxOQAAACBKk3ypFChBsToutgPbQljLJaheYvcZtGjDfmcVoB7keg
      AAAEC1DHPxJPEU3Ywf14x7k7IMXt1nKPvwBmG6vAXsZceiVUqTfKkUKEGxOi62A9tCWMsl
      qF5i9xm0aMN+ZxWgHuR6AAAAF2Zvb2Jhci1lZDI1NTE5LTIwMjQwNzI1AQIDBAUG
      -----END OPENSSH PRIVATE KEY-----
      

      Enjoy!

      posted in Advanced features
      D
      dj423
    • Cloud-init success

      I thought I would share some success with cloud-init. I know it has been a pain for others to get working. Please disregard if this is old news.

      Just for fun, I wanted to see if I could just use the stock/prebuilt Ubuntu 22.04-LTS cloud ready images I have used in production. Almost like magic it worked fantastic. I expected hours of pain and debugging like others have had to suffer. However to it took me about 2 minutes to spin up a fully configured Ubuntu VM with all my PKI keys, users, updates, packages, configs, etc.

      So here is what I did, just in case this is helpful for any other noobies like myself getting acquainted with XO and using cloud-init.

      So I used the prebuilt cloud image for Ubuntu found here: https://cloud-images.ubuntu.com/jammy/current/

      Step 1:
      I selected the "jammy-server-cloudimg-amd64.ova" stock file for vmware/virtual box and downloaded.

      Step 2:
      Then in XO, I imported the file as a VM - import - VM.

      Step 3:
      Then I went into settings, and created a new cloud config with my usual user, ssh, packages, and other custom settings as I normally use in the lab for testing prior to rolling into production. I just copy/pasted my full config, and saved it.

      Step 4:
      Then I converted the cloud image VM I imported in step 2 into a template.

      Step 5:
      Then I created a fresh VM, using this new template, making sure to select my cloud-init config by checking the "Custom config" selection under Install settings.

      Step 6:
      Then I opened the console to watch for FAIL errors. Everything looked good. Then I logged in with my ansible account configured in the cloud-init. Then I tested from my ansible control node, and logged in. I inspected /var/log/cloud-init.log for any errors, and finally I ran "cloud-init query userdata" to see how it rendered the config settings. Everything works as it should.

      Next I will try the cloud-init config with jinja2 template directives and see if the jinja engine works as well, so I can use one config for all distros I will be using. Then test network config settings. Then test on Centos, Rocky, RHEL cloud-ready images and report back if I run into any snags on those.

      posted in Advanced features
      D
      dj423
    • RE: Virtualbox OVA import an option?

      @olivierlambert
      Yes. It should be said, that XCP-ng FAR exceeds my expectations! No matter what I throw at it, it just works fantastic. 😁

      posted in Compute
      D
      dj423
    • RE: Virtualbox OVA import an option?

      @dj423

      Update: In case anyone runs across this OVA/app, It imported fine, with no issues at all. I did not end up running it since the apps fell short of my expectations, but the process of importing it worked flawlessly.

      Have a great day!

      posted in Compute
      D
      dj423
    • RE: Virtualbox OVA import an option?

      @olivierlambert
      Ok thanks Oliver! I will report back how it goes.

      posted in Compute
      D
      dj423
    • RE: Dynamic cloudinit network config [FEATURE REQUEST]

      @encryptblockr

      FWIW: I know I have done this from cli using xo-cli in a bash script.

      I don't have all that code handy at the moment, but here is a hack from memory as an example:

      #! /bin/bash
      
      while IFS=',' read -r name_c1 ip_c2
      do
          file=v1-$ip_c2.yaml
      
          cat >> "$file" << EOF
      network:
        version: 1
        config:
          - type: physical
            name: eth0
            subnets:
              - type: static
                address: $ip_c2/24
                gateway: 192.168.0.1
          - type: nameserver
            address:
              - 192.168.0.10
              - 192.168.23.50
            search:
              - example.tld
      EOF
      
      xo-cli vm.create bootAfterCreate=true cloudConfig="$(cat /root/user.yaml)" networkConfig="$(cat $file)" clone=true name_label="$name_c1" template=0856a8d6-7761-f39d-f968-290b18a1bd42 VIFs='json:[{"network":"ca96456f-3843-26f5-7075-1e54xxxx121xxf97"}]' hvmBootFirmware=bios copyHostBiosStrings=true
      
      rm $file
      done <  prov-list
      exit
      

      prov-list example:

      Bookworm,192.168.0.217
      Noble1,192.168.0.218
      Jammy1,192.168.0.219
      Oracle9,192.168.0.222
      Rocky9,192.168.0.223
      Fedora40,192.168.0.224
      

      If you wanted to do different networks, that is a bit more complicated, but just need a variable to render.

      Sorry on my tablet and I don't have a better example handy. But this should get you close, and can be handy when you need to stand up a few dozen VM's.

      posted in Xen Orchestra
      D
      dj423
    • RE: Ubuntu 24.04 Cloud Image Template Not Working

      @encryptblockr said in Ubuntu 24.04 Cloud Image Template Not Working:

      did you mount the guest tools cdrom to the cloud image before you created a template from it?

      No, I just make my base images (for the end template) as generic as possible, and I do all mounts, package installs, accounts, keys, including the xe-guest utils package all in the user-data config for cloud-init. Makes the configurations more uniform across all stacks I have to maintain and scales really well with jinja templates.

      also what is point of {name}% in below? can you explain? where does it get {name} from and what is % use?

      That pulls the hostname from metadata that is provided by the nocloud datasource.

      If you ever want to see all the metadata available (for example, say your provisioning plane does dynamic configuration from some backend IAS platform, and you need logic that renders metadata to run different configurations; run the following after login:

      cloud-init query -a
      

      For example, I run different configurations based on what the 'distro' value is -
      example:

      cloud-init query -f {{v1.distro}}
      
      {% if distro in ['rocky', 'ol', 'centos', 'fedora', 'redhat', 'almalinux'] -%}
      //do the rpm things//
      

      This allows us to run completely different configuration settings based on what distro its being run in, or even what virtualization platform it is running on. Some platforms won't use the hostname, or fqdn meta values, so I have some if logic that only adds it when vendordata is null, example;

      {% if vendordata == '' %}
      fqdn: {name}
      {% endif %}
      

      Probably more than you wanted to know, but that's a brief summary of cloud-init metadata.

      posted in Xen Orchestra
      D
      dj423

    Latest posts made by dj423

    • RE: Dynamic cloudinit network config [FEATURE REQUEST]

      @julien-f

      Would that be something like this for a dynamic network config as an example?

      network:
        version: 1
        config:
          - type: physical
            name: enX0
            subnets:
              - type: static
                address: 192.168.99.{index}/24
                gateway: 192.168.99.1
          - type: nameserver
            address:
              - 172.31.31.1
              - 192.168.45.11
            search:
              - example.tld
      

      I plan to test this at some point, but I don't do a whole lot of bulk provisioning myself. Just curious.

      posted in Xen Orchestra
      D
      dj423
    • RE: Dynamic cloudinit network config [FEATURE REQUEST]

      @encryptblockr

      FWIW: I know I have done this from cli using xo-cli in a bash script.

      I don't have all that code handy at the moment, but here is a hack from memory as an example:

      #! /bin/bash
      
      while IFS=',' read -r name_c1 ip_c2
      do
          file=v1-$ip_c2.yaml
      
          cat >> "$file" << EOF
      network:
        version: 1
        config:
          - type: physical
            name: eth0
            subnets:
              - type: static
                address: $ip_c2/24
                gateway: 192.168.0.1
          - type: nameserver
            address:
              - 192.168.0.10
              - 192.168.23.50
            search:
              - example.tld
      EOF
      
      xo-cli vm.create bootAfterCreate=true cloudConfig="$(cat /root/user.yaml)" networkConfig="$(cat $file)" clone=true name_label="$name_c1" template=0856a8d6-7761-f39d-f968-290b18a1bd42 VIFs='json:[{"network":"ca96456f-3843-26f5-7075-1e54xxxx121xxf97"}]' hvmBootFirmware=bios copyHostBiosStrings=true
      
      rm $file
      done <  prov-list
      exit
      

      prov-list example:

      Bookworm,192.168.0.217
      Noble1,192.168.0.218
      Jammy1,192.168.0.219
      Oracle9,192.168.0.222
      Rocky9,192.168.0.223
      Fedora40,192.168.0.224
      

      If you wanted to do different networks, that is a bit more complicated, but just need a variable to render.

      Sorry on my tablet and I don't have a better example handy. But this should get you close, and can be handy when you need to stand up a few dozen VM's.

      posted in Xen Orchestra
      D
      dj423
    • RE: Ubuntu 24.04 Cloud Image Template Not Working

      @encryptblockr said in Ubuntu 24.04 Cloud Image Template Not Working:

      did you mount the guest tools cdrom to the cloud image before you created a template from it?

      No, I just make my base images (for the end template) as generic as possible, and I do all mounts, package installs, accounts, keys, including the xe-guest utils package all in the user-data config for cloud-init. Makes the configurations more uniform across all stacks I have to maintain and scales really well with jinja templates.

      also what is point of {name}% in below? can you explain? where does it get {name} from and what is % use?

      That pulls the hostname from metadata that is provided by the nocloud datasource.

      If you ever want to see all the metadata available (for example, say your provisioning plane does dynamic configuration from some backend IAS platform, and you need logic that renders metadata to run different configurations; run the following after login:

      cloud-init query -a
      

      For example, I run different configurations based on what the 'distro' value is -
      example:

      cloud-init query -f {{v1.distro}}
      
      {% if distro in ['rocky', 'ol', 'centos', 'fedora', 'redhat', 'almalinux'] -%}
      //do the rpm things//
      

      This allows us to run completely different configuration settings based on what distro its being run in, or even what virtualization platform it is running on. Some platforms won't use the hostname, or fqdn meta values, so I have some if logic that only adds it when vendordata is null, example;

      {% if vendordata == '' %}
      fqdn: {name}
      {% endif %}
      

      Probably more than you wanted to know, but that's a brief summary of cloud-init metadata.

      posted in Xen Orchestra
      D
      dj423
    • RE: Ubuntu 24.04 Cloud Image Template Not Working

      @encryptblockr

      For reference, if you are testing network configs, here is a basic static ip v1 example I use to configure all distros, debian, ubuntu, RHEL, Rocky, Alma, Oracle linux, etc.

      network:
        version: 1
        config:
          - type: physical
            name: enX0
            subnets:
              - type: static
                address: 192.168.0.xx/24
                gateway: 192.168.0.1
          - type: nameserver
            address:
              - 192.168.0.1
              - 192.168.90.50
            search:
              - example.tld
      

      Works very well for me, as I am lazy and want to do as little manual configuration as possible, and XCP-ng and XO make that so easy. Most ENI, network-manager, systemd-networkd, netplan network stacks render this config fine. FYI

      posted in Xen Orchestra
      D
      dj423
    • RE: Ubuntu 24.04 Cloud Image Template Not Working

      @encryptblockr
      Oh good! Glad you got it working.

      Keep in mind for those 'public' cloud images, (for anyone that uses them) you can have cloud-init install the xe guest utils at initialization as long as you have the guest-tools.iso mounted at bootup in the console within xo;

      d6feb452-ed0f-4e96-a990-d4d979d926a0-image.png

      Sounds like you are getting the hang of it. Best of luck!

      posted in Xen Orchestra
      D
      dj423
    • RE: Ubuntu 24.04 Cloud Image Template Not Working

      @encryptblockr

      Just add the commands to your cloud config in user-data;

      runcmd:
        - mount /dev/cdrom /mnt
        - bash /mnt/Linux/install.sh
        - umount /dev/cdrom
      
      
      posted in Xen Orchestra
      D
      dj423
    • RE: Ubuntu 24.04 Cloud Image Template Not Working

      @encryptblockr

      You are using version 2 of your network config, did you happen to install netplanio package to consume your version 2 config, and is it enabled in the image you created? Otherwise, I have better luck with the version 1 network configs.

      posted in Xen Orchestra
      D
      dj423
    • RE: Ubuntu 24.04 Cloud Image Template Not Working

      @encryptblockr

      Pretty sure you want the 'nocloud' data source as well. You can have cloud-init mount and install the xe guest tools if the virtual cd is attached at bootup.

      posted in Xen Orchestra
      D
      dj423
    • RE: Ubuntu 24.04 Cloud Image Template Not Working

      @encryptblockr

      I don't see your users block in that config

      Example:

      users:
      ## Add users
        - name: user1
          groups: sudo
          lock_passwd: false
          passwd: $6$xxxx.......
          ssh_authorized_keys:
            - ssh-ed25519 <my-key-ed25519>
      

      So that may be an issue. See my examples for a guide.

      posted in Xen Orchestra
      D
      dj423
    • RE: Ubuntu 24.04 Cloud Image Template Not Working

      @encryptblockr

      That guide may be a bit outdated. I would suggest following the guide I have posted over at https://xcp-ng.org/forum/topic/6821/cloud-init-success/3 for more recent noble/jammy cloud images.

      and if you can, use the cloud images provided by ubuntu/canonical as the base. Over here: https://cloud-images.ubuntu.com/noble/current/

      Can you provide any details on what didn't work? If you need to generate the base image from scratch, I can help but that is a bit more involved and challenging. Much better to go with the pre-canned cloud images when possible.

      posted in Xen Orchestra
      D
      dj423