OEM: Provide Proxmox images

[pothos]

This pulls in flatcar/bootengine#91
and flatcar/init#115 to run afterburn for
hostname, network, SSH key, and metadata attribute setup. The afterburn
support for the SSH key and hostname parses the user-data when it's
cloud-init. The coreos-cloudinit support is not there but can be added
in addition: We need to add a new provider that varies from the existing
config drive support because the file is called user-data and not
user_data, and it needs to look for a filesystem label cidata and not
config-2.

Related to: flatcar/Flatcar#1040

How to use

Follow-up: fix coreos-cloudinit as mentioned above, and better don't make it work through the mount unit trigger but explicitly

Testing done

Jenkins

• Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update)
• Inspected CI output for image differences: /boot and /usr size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.

TODO: bump init and bootengine once related PRs are merged

[github-actions]

Build action triggered: https://github.com/flatcar/scripts/actions/runs/11665808382

[arcln]

Hello, there is an existing Igntion PR that should work at coreos/ignition#1790. Could you include the Ignition PR into this one so we can do further testing?

[pothos]

Hello, there is an existing Igntion PR that should work at coreos/ignition#1790. Could you include the Ignition PR into this one so we can do further testing?

This needs to be reworked first and we have to drop the afterburn integration in Flatcar as the afterburn PR relies on cloud-init userdata and because Flatcar will run coreos-cloudinit anyway if it doesn't see Ignition user-data we would have it processed twice. For the network config that can be quite confusing because the afterburn network unit would only support a subset.

[pothos]

Triggered a new build with the Ignition PR included

[arcln]

@pothos hey, it looks like the build never started, can you take a look please ? (cc @plgueugnon)

[tormath1]

@pothos hey, it looks like the build never started, can you take a look please ? (cc @plgueugnon)

@arcln hey, pothos is AFK for now. I'll take over this PR. A CI build has been triggered :)

[tormath1]

@arcln here's the proxmox image if you want to try it: http://bincache.flatcar-linux.net/images/amd64/9999.0.101+kai-proxmox-support/flatcar_production_proxmoxve_image.img.bz2

[arcln]

Thank you, I tried the image and it didn't work because of a problem in the ignition PR (see coreos/ignition#1790 (comment)). Can you please run a new build when the PR is fixed ? Thanks

[tormath1]

Thank you, I tried the image and it didn't work because of a problem in the ignition PR (see coreos/ignition#1790 (comment)). Can you please run a new build when the PR is fixed ? Thanks

@arcln ah I see, I already got this issue once. I started a new build with an updated patch: https://github.com/flatcar/scripts/pull/1783/files#diff-c65e2140094c80c4b4ce5c7c8494b6e4e72b78ef0692d236ffee1fb3932e11c5R157

[arcln]

great. it seems that the build needs approval once again @tormath1

[tormath1]

@arcln it builds directly on our Jenkins (github actions only build for qemu targets) - I'll let you know once it's done.

[tormath1]

@arcln image is available here: http://bincache.flatcar-linux.net/images/amd64/9999.0.102+kai-proxmox-support/flatcar_production_proxmoxve_image.img.bz2

[tormath1]

🔈 Proxmox users - Ignition and Afterburn are now released and ingested into Flatcar. I need your help to test this freshly built image: http://bincache.flatcar-linux.net/images/amd64/9999.9.100+kai-proxmox-support/flatcar_production_proxmoxve_image.img.bz2 using this documentation: https://github.com/flatcar/flatcar-website/pull/337/files (or any other method)

@abuisine @arcln @fhemberger @mcbenjemaa

[fhemberger]

@tormath1 Tried to test the image following the given documentation, fails to start:

[   57.120718] localhost systemd[1]: Finished ignition-mount.service - Ignition (mount).
[   62.633185] localhost coreos-metadata[704]: Error: failed to run
[   62.633185] localhost coreos-metadata[704]: Caused by:
[   62.633185] localhost coreos-metadata[704]:     0: fetching metadata from provider
[   62.633185] localhost coreos-metadata[704]:     1: maximum number of retries (3) reached
[   62.633185] localhost coreos-metadata[704]:     2: failed to mount (read-only) source '/dev/disk/by-label/cidata' to target '/tmp/afterburn-Kk3KoQ', with type 'iso9660'
[   62.633185] localhost coreos-metadata[704]:     3: ENOENT: No such file or directory

Here is the complete dump of rdsosreport.txt

Ignition config is stored via qm set $VM_ID --cicustom "user=local:snippets/user-data". (Took it from another Flatcar VM I tested before.)

EDIT: It was a documentation issue, one important line was missing which activates the cloud-init support in Proxmox VE.

[fhemberger]

@tormath1 Added qm set $VM_ID --ide2 local:cloudinit, restarted the VM and the provisioning works! 🎉

[tormath1]

@tormath1 Added qm set $VM_ID --ide2 local:cloudinit, restarted the VM and the provisioning works! 🎉

Great news, we should add this in the documentation. Thank you so much for testing and investigating this. So Ignition provisioning is working and what about coreos-metadata.service ? Do you have some metadata in /run/metadata/flatcar ? And what about flatcar-digitalocean-network.service ? (the name is legacy, it has nothing to see with Digital Ocean).

[fhemberger]

@tormath1 I already amended the documentation PR, this is the process for me:
flatcar/flatcar-website#337 (review)

---

what about coreos-metadata.service? Do you have some metadata in /run/metadata/flatcar?

core@flatcar ~ $ systemctl status coreos-metadata.service
○ coreos-metadata.service - Flatcar Metadata Agent
     Loaded: loaded (/usr/lib/systemd/system/coreos-metadata.service; disabled; preset: disabled)
     Active: inactive (dead)
  Condition: start condition unmet at Fri 2024-10-25 10:39:50 UTC; 24min ago
             ├─ ConditionKernelCommandLine=|flatcar.oem.id=ec2 was not met
             ├─ ConditionKernelCommandLine=|coreos.oem.id=ec2 was not met
             ├─ ConditionKernelCommandLine=|flatcar.oem.id=azure was not met
             ├─ ConditionKernelCommandLine=|coreos.oem.id=azure was not met
             ├─ ConditionKernelCommandLine=|flatcar.oem.id=digitalocean was not met
             ├─ ConditionKernelCommandLine=|coreos.oem.id=digitalocean was not met
             ├─ ConditionKernelCommandLine=|flatcar.oem.id=gce was not met
             ├─ ConditionKernelCommandLine=|coreos.oem.id=gce was not met
             ├─ ConditionKernelCommandLine=|flatcar.oem.id=openstack was not met
             ├─ ConditionKernelCommandLine=|coreos.oem.id=openstack was not met
             ├─ ConditionKernelCommandLine=|flatcar.oem.id=packet was not met
             ├─ ConditionKernelCommandLine=|coreos.oem.id=packet was not met
             ├─ ConditionKernelCommandLine=|flatcar.oem.id=scaleway was not met
             ├─ ConditionKernelCommandLine=|flatcar.oem.id=hetzner was not met
             ├─ ConditionKernelCommandLine=|flatcar.oem.id=kubevirt was not met
             └─ ConditionKernelCommandLine=|flatcar.oem.id=akamai was not met

The coreos-metadata.service is missing a line ConditionKernelCommandLine=|flatcar.oem.id=proxmoxve, that's why /run/metadata/flatcar wasn't created.

I ran the script manually, after that the metadata was present:

core@flatcar ~ $ sudo /usr/bin/coreos-metadata --cmdline --attributes=/run/metadata/flatcar
Oct 25 11:11:21.706 WARN user-data does not have the expected header `#cloud-config`, ignoring this file

core@flatcar ~ $ cat /run/metadata/flatcar
AFTERBURN_PROXMOXVE_INSTANCE_ID=ae1808cd94103dab0a5f9dcbc2b93e0b0f8d9b51

---

And what about flatcar-digitalocean-network.service? (the name is legacy, it has nothing to see with Digital Ocean).

core@flatcar ~ $ systemctl status flatcar-digitalocean-network.service
Unit flatcar-digitalocean-network.service could not be found.

There's no such service (or similarly named). 🤷

[mcbenjemaa]

This image is failed to boot for me

[fhemberger]

@mcbenjemaa Did you follow the procedure here?
flatcar/flatcar-website#337 (review)

Could you please provide a bit more context?

[mcbenjemaa]

flatcar/flatcar-website#337 (review)

@mcbenjemaa Did you follow the procedure here? flatcar/flatcar-website#337 (review)

Could you please provide a bit more context?

I just converted the VM into a template and then tried to add the config drive into a new clone, which didn't work.

[fhemberger]

@mcbenjemaa You still need to provide your ignition.json. Proxmox' own cloud-init parameters are not enough (yet).

Creating the VM in the GUI doesn't work at the moment, but should work via CLI (steps linked in my comment above).

[mcbenjemaa]

@mcbenjemaa You still need to provide your ignition.json. Proxmox' own cloud-init parameters are not enough (yet).

Creating the VM in the GUI doesn't work at the moment, but should work via CLI (steps linked in my comment above).

Can you try to mount /dev/disk/by-label/cidata into some tmp folder, and let me know what is inside there?

[tormath1]

@fhemberger @mcbenjemaa many thanks for trying again Flatcar on Proxmox! I started a discussion to avoid spamming and distracting the PR review. You can continue the discussion here if you need: flatcar/Flatcar#1573

[fhemberger]

@pothos Could you please add the following change to your PR:

https://github.com/flatcar/scripts/blob/main/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata.service

--- coreos-metadata.service             2024-10-25 16:14:39.499357398 +0200
+++ coreos-metadata.service-proxmoxve   2024-10-25 16:14:55.180153512 +0200
@@ -25,6 +25,8 @@

 ConditionKernelCommandLine=|flatcar.oem.id=akamai

+ConditionKernelCommandLine=|flatcar.oem.id=proxmoxve
+
 Description=Flatcar Metadata Agent

 [Service]

[donch]

Hi @tormath1 , i've tested your build on Proxmox using the cloud-init configuration and it works well (at least for network configuration and SSH keys). By the way, the hostname configuration process strips any FQDN: if you set 'test.vm-1', only 'test' will be retained as the hostname.

Will continue testing the ignition part.

[tormath1]

@pothos Could you please add the following change to your PR:

https://github.com/flatcar/scripts/blob/main/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata.service

--- coreos-metadata.service             2024-10-25 16:14:39.499357398 +0200
+++ coreos-metadata.service-proxmoxve   2024-10-25 16:14:55.180153512 +0200
@@ -25,6 +25,8 @@

 ConditionKernelCommandLine=|flatcar.oem.id=akamai

+ConditionKernelCommandLine=|flatcar.oem.id=proxmoxve
+
 Description=Flatcar Metadata Agent

 [Service]

Now available here: http://bincache.flatcar-linux.net/images/amd64/9999.9.101+kai-proxmox-support/flatcar_production_proxmoxve_image.img.bz2

[fhemberger]

@tormath1 Works fine for me, /run/metadata/flatcar is now created successfully. 👍

[donch]

I was able to sucessfully configure a proxmox VM using ignition including user creation, file creation, custom sysext deployment, systemd unit 🎉
By the way, the service coreos-metadata-sshkeys@core.service is failing when no ssh pub key are supplied but may not be related to this PR

[tormath1]

Thanks everyone involved in the testing of the image, that's truly appreciated ❤️ There is one last thing to sort out: flatcar/Flatcar#1573 (reply in thread) before going ahead.

[abuisine]

Thanks everyone involved in the testing of the image, that's truly appreciated ❤️ There is one last thing to sort out: flatcar/Flatcar#1573 (reply in thread) before going ahead.

Hi, we got an extra test with @donch if you do not mind : complete configuration via terraform (upload of snippets and cicustom). We should have the feedback today.

[fhemberger]

@abuisine I used Terraform provider bpg/proxmox@0.66.3 to create a VM with an ignition.json config snippet. Worked for me with just this little caveat:

Error: resizing disk: error waiting for VM disk resize: All attempts fail:
│ #1: task "UPID:xxx:0028F421:0E5B0594:67237B38:resize:1000:xxx@xxx!xxx:" failed to complete with exit code: shrinking disks is not supported
│ 
│   with proxmox_virtual_environment_vm.flatcar,
│   on virtual_machine.tf line 1, in resource "proxmox_virtual_environment_vm" "flatcar":
│    1: resource "proxmox_virtual_environment_vm" "flatcar" {

But this is an issue with the provider, starting the VM and everything after worked as expected.

[donch]

Thanks everyone involved in the testing of the image, that's truly appreciated ❤️ There is one last thing to sort out: flatcar/Flatcar#1573 (reply in thread) before going ahead.

Hi, we got an extra test with @donch if you do not mind : complete configuration via terraform (upload of snippets and cicustom). We should have the feedback today.

Hi @tormath1 , i was able to create a VM using Terraform with these providers :

• community-terraform-providers/ignition v2.3.5 to generate the ignition config
• bpg/proxmox v0.66.3 to create the VM and attach the generated snippet.

All is working fine 👌

[fhemberger]

@donch Did you run into the resize issue as well? If not, it would be great if you could share your snippet for proxmox_virtual_environment_vm and proxmox_virtual_environment_file (ISO).

[donch]

@fhemberger no issue on my side. You may have a disk smaller than the image size ? That's why you get the "shrinking" issue i guess.

Here are my snippets:

resource "proxmox_virtual_environment_file" "cloud_config" {
  content_type = "snippets"
  datastore_id = "mystore"
  node_name    = "pve-1"

  source_raw {
    data      = data.ignition_config.config.rendered
    file_name = local.ignition_filename
  }
}


resource "proxmox_virtual_environment_vm" "flatcar" {
  name        = "donch.flatcar-2"
  node_name   = "pve-1"
  vm_id       = local.vm_id
  started     = false

  clone {
    vm_id = 9051
    full  = true
  }

  memory {
    dedicated = 2048
  }

  cpu {
    cores = 2
  }

  disk {
    size            = 12
    datastore_id    = "mystore"
    interface       = "scsi0"
  }

  network_device {
    bridge = "vmbr0"
    model  = "virtio"
    vlan_id = 1234
  }

  agent {
    enabled = true
  }

  initialization {
    datastore_id = "mystore"
    user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
  }

}

[abuisine]

Alright so it seems ok except the default behavior while no configuration is provided.
Is this a go then ? or no go ?

[tormath1]

Alright so it seems ok except the default behavior while no configuration is provided. Is this a go then ? or no go ?

Hi, it's not only a default behavior: the instance does not boot if no configuration is provided. I'm currently checking this. We aim for a Flatcar release by the end of the week, if it's not solved by this time I will merge this PR. It's ok to have this support in Alpha, even incomplete, we will get more feedback on it.

EDIT: Upstream issue: coreos/afterburn#1126