Changes for page proxmox

Last modified by Kevin Wiki on 2026/05/18 15:44

From 2.3 to 2.2 From 11.8 to 11.7

From version

11.7

edited by Kevin Wiki
on 2026/05/18 15:42

Change comment: There is no comment for this version

To version

2.3

edited by Kevin Wiki
on 2025/07/05 20:14

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)
Attachments (0 modified, 1 added, 0 removed)
- image.jpg

Details

Page properties

Content

@@ -4,694 +4,18 @@
  (((
  {{children/}}
++= Getting started - vm & lxc templates =
--= Getting Started with Proxmox VE LXC and VM Templates =
++List and import lxc templates:
--Proxmox VE (PVE) allows users to create and manage both LXC containers and KVM virtual machines (VMs). This guide walks you through the process of downloading, importing, and creating templates for both.
--
--== LXC Templates ==
--
--LXC containers are lightweight and ideal for running Linux services with minimal overhead.
--
--=== List Available Templates ===
--
--To view the available LXC templates:
--
--{{code language="bash"}}
++```
  pveam list
--{{/code}}
--
--=== Download Templates ===
--
--Use the pveam download command to import templates to the local storage:
--
--{{code language="bash"}}
  pveam download local ubuntu-22.04-standard_22.04-1_amd64.tar.gz
  pveam download local ubuntu-24.04-standard_24.04-1_amd64.tar.zst
  pveam download local debian-12-standard_11.7-1_amd64.tar.zst
--{{/code}}
--Once downloaded, these templates can be used to create new LXC containers from the Proxmox web interface or via CLI.
--
--== VM Template from Ubuntu Cloud Image ==
--
--KVM VMs are ideal when you need full virtualization, for instance, to run Windows or more complex Linux systems.
--
--=== Download Ubuntu Cloud Image ===
--
--Download the official Ubuntu 24.04 cloud [[image:]]
--
--{{code language="bash"}}
--wget http://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img
--{{/code}}
--
--=== Create the Virtual Machine ===
--
--Create a new VM with ID 910 (you can pick any unused ID):
--
--{{code language="bash"}}
--qm create 910 -name template-ubuntu-jammy -memory 2048 -net0 virtio,bridge=vmbr0 -cores 2 -sockets 1
--{{/code}}
--
--=== Import and Attach the Disk ===
--
--Choose the correct storage (replace nvme if you use a different storage name):
--
--{{code language="bash"}}
--qm importdisk 910 ubuntu-24.04-server-cloudimg-amd64.img nvme
--qm set 910 -scsihw virtio-scsi-pci -virtio0 nvme:vm-910-disk-0
--{{/code}}
--
--=== Configure the VM ===
--
--{{code language="bash"}}
--qm set 910 -serial0 socket
--qm set 910 -boot c -bootdisk virtio0
--qm set 910 -agent 1
--qm set 910 -hotplug disk,network,usb
--qm set 910 -vcpus 1
--qm set 910 -vga qxl
--qm set 910 -ide2 nvme:cloudinit
--qm resize 910 virtio0 +8G
--{{/code}}
--
--
--If your disk is using SCSI instead of virtio, resize like this:
--
--{{code language="bash"}}
--qm resize 910 scsi0 +8G
--{{/code}}
--
--=== Convert the VM into a Template ===
--
--{{code language="bash"}}
--qm template 910
--{{/code}}
--
--Now you can use this template to clone new VMs instantly.
--
--== Bash Script to Automate Setup ==
--
--Install the above using bash script below
--
--=== setup_proxmox_templates.sh ===
--
--{{code language="bash"}}
--#!/bin/bash
--
--# Exit on errors
--set -e
--
--echo "Downloading LXC templates..."
--pveam download nvme ubuntu-22.04-standard_22.04-1_amd64.tar.zst
--pveam download nvme ubuntu-24.04-standard_24.04-2_amd64.tar.zst
--pveam download nvme alpine-3.21-default_20241217_amd64.tar.xz
--pveam download nvme debian-12-standard_12.7-1_amd64.tar.zst
--
--echo "Downloading Ubuntu cloud image..."
--wget -N http://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img
--
--echo "Creating VM Template..."
--qm create 910 -name template-ubuntu-jammy -memory 2048 -net0 virtio,bridge=vmbr0 -cores 2 -sockets 1 && 1
--
--# qm importdisk 910 ubuntu-24.04-server-cloudimg-amd64.img nvme
--# qm set 910 -scsihw virtio-scsi-pci -scsi0-virtio0 nvme:910/vm-910-disk-0
--qm set 910 -scsihw virtio-scsi-pci -scsi0 nvme:0,import-from=/mnt/nvmestorage/template/iso/ubuntu-24.04-server-cloudimg-amd64.img
--
--qm set 910 -serial0 socket
--qm set 910 -boot c -bootdisk virtio0
--qm set 910 -agent 1
--qm set 910 -hotplug disk,network,usb
--qm set 910 -vcpus 1
--qm set 910 -vga qxl
--qm set 910 -ide2 nvme:cloudinit
--# qm resize 910 scsi0 +8G
--
--read -p "Confirm converting to template by pressing Enter"
--qm template 910
--
--echo "Templates setup complete."
--{{/code}}
--
--
--= VM runtime setup =
--
--After creating the VM and before making it into a template there are some programs and settings we want to ensure exists always.
--
--(% id="cke_bm_721114S" style="display:none" %)** **(%%)**clear bash history** to not leave any configuration in history, clear and disable history file before proceeding:
--
--{{code language="bash"}}
--unset HISTFILE
--export HISTSIZE=0
--export HISTFILESIZE=0
--
--sudo rm /.bash_history
--rm ~/.bash_history
--{{/code}}
--
--**qemu-guest-agent** is for allowing proxmox to query information from the VM such as IP address, shutdown commands, etc
--
--{{code language="bash"}}
--sudo apt update
--sudo apt upgrade -y
--sudo apt install qemu-guest-agent -y
--
--sudo systemctl enable qemu-guest-agent.service
--sudo systemctl start qemu-guest-agent.service
--{{/code}}
--
--**reset machine-id** to not have overlapping ids from same template
--
--{{code language="bash"}}
--cat /dev/null > /etc/machine-id
--cat /dev/null > /var/lib/dbus/machine-id
--{{/code}}
--
--**cloud-init** is a great hook for installing or configuring programs or receiving variables from cloudinit CDROM drive. Making it easier to change IP, hostname, DNS, username/password, etc between VMs.
--
--If you used a cloud-init base image it will have run the default cloudinit which installs and configures a bunch of systems. To clean this up run:
  ```
--```
--Reset cloud-init to run all init and modules at next boot:
--{{code language="bash"}}
--cloud-init clean
--{{/code}}
--
--This is a debian example of what we are looking for:
--
--{{code language="yaml"}}
--# The top level settings are used as module
--# and system configuration.
--# A set of users which may be applied and/or used by various modules
--# when a 'default' entry is found it will reference the 'default_user'
--# from the distro configuration specified below
--
--# If this is set, 'root' will not be able to ssh in and they
--# will get a message to login instead as the default $user
--disable_root: true
--
--# This will cause the set+update hostname module to not operate (if true)
--preserve_hostname: false
--
--apt:
--   # This prevents cloud-init from rewriting apt's sources.list file,
--   # which has been a source of surprise.
--   preserve_sources_list: true
--
--# manually managed resolv
--manage_resolv_conf: false
--
--package_update: true
--packages:
--  - qemu-guest-agent
--
--# The modules that run in the 'init' stage
--cloud_init_modules:
-- - seed_random
-- - bootcmd
-- - write-files
-- - growpart
-- - resizefs
-- - disk_setup
-- - mounts
-- - set_hostname
-- - update_hostname
-- - update_etc_hosts
-- - ca-certs
-- - rsyslog
-- - users-groups
-- - ssh
--
--# The modules that run in the 'config' stage
--cloud_config_modules:
-- - keyboard
-- - locale
-- - set-passwords
-- - grub-dpkg
-- - apt-pipelining
-- - apt-configure
-- - ntp
-- - timezone
-- - disable-ec2-metadata
-- - runcmd
--
--# The modules that run in the 'final' stage
--cloud_final_modules:
-- - package-update-upgrade-install
-- - write-files-deferred
-- - scripts-vendor
-- - scripts-per-once
-- - scripts-per-boot
-- - scripts-per-instance
-- - scripts-user
-- - ssh-authkey-fingerprints
--# - keys-to-console
-- - install-hotplug
--# - phone-home
-- - final-message
-- - power-state-change
--
--runcmd:
--  - systemctl enable qemu-guest-agent.service
--
--# System and/or distro specific settings
--# (not accessible to handlers/transforms)
--system_info:
--   # This will affect which distro class gets used
--   distro: debian
--   # Other config here will be given to the distro class and/or path classes
--   paths:
--      cloud_dir: /var/lib/cloud/
--      templates_dir: /etc/cloud/templates/
--   package_mirrors:
--     - arches: [default]
--       failsafe:
--         primary: https://deb.debian.org/debian
--         security: https://deb.debian.org/debian-security
--   ssh_svcname: ssh
--{{/code}}
--
--Cleanup script:
--
--{{code language="bash"}}
--#!/usr/bin/env bash
--# =============================================================================
--# cloud-init Cleanup & Uninstall Script
--# Generated from: cloud.cfg (Debian, default user: debian)
--#
--# What this script does:
--#   1. Reverses all cloud-init module side effects
--#   2. Removes packages installed by cloud-init modules
--#   3. Restores config files to pre-cloud-init state where possible
--#   4. Cleans up cloud-init's own state/cache
--#
--# Usage:
--#   sudo bash cloudinit-cleanup.sh [--dry-run] [--full-uninstall]
--#
--#   --dry-run         Print what would be done, make no changes
--#   --full-uninstall  Also remove cloud-init itself (not just its effects)
--#
--# WARNING: Run this only on instances you intend to decommission or reprovision.
--#          Some operations (hostname reset, user removal) are destructive.
--# =============================================================================
--
--set -euo pipefail
--
--# ── Colour helpers ────────────────────────────────────────────────────────────
--RED='\033[0;31m'; YELLOW='\033[1;33m'; GREEN='\033[0;32m'
--CYAN='\033[0;36m'; BOLD='\033[1m'; RESET='\033[0m'
--
--info()    { echo -e "${CYAN}[INFO]${RESET}  $*"; }
--ok()      { echo -e "${GREEN}[OK]${RESET}    $*"; }
--warn()    { echo -e "${YELLOW}[WARN]${RESET}  $*"; }
--danger()  { echo -e "${RED}[DANGER]${RESET} $*"; }
--section() { echo -e "\n${BOLD}━━━  $* ━━━${RESET}"; }
--
--# ── Argument parsing ──────────────────────────────────────────────────────────
--DRY_RUN=false
--FULL_UNINSTALL=false
--
--for arg in "$@"; do
--  case "$arg" in
--    --dry-run)         DRY_RUN=true ;;
--    --full-uninstall)  FULL_UNINSTALL=true ;;
--    --help|-h)
--      sed -n '3,20p' "$0" | sed 's/^# \?//'
--      exit 0
--      ;;
--    *)
--      echo "Unknown argument: $arg" >&2
--      exit 1
--      ;;
--  esac
--done
--
--# ── Root check ────────────────────────────────────────────────────────────────
--if [[ $EUID -ne 0 ]]; then
--  danger "This script must be run as root (sudo)."
--  exit 1
--fi
--
--# ── Dry-run wrapper ───────────────────────────────────────────────────────────
--# All destructive calls go through run() so --dry-run is respected everywhere
--run() {
--  if $DRY_RUN; then
--    echo -e "  ${YELLOW}[DRY-RUN]${RESET} $*"
--  else
--    eval "$@"
--  fi
--}
--
--$DRY_RUN && warn "DRY-RUN mode — no changes will be made.\n"
--
--# =============================================================================
--# 1. CLOUD_INIT_MODULES — init stage
--# =============================================================================
--
--# ── ca-certs ──────────────────────────────────────────────────────────────────
--section "ca-certs"
--info "Removing custom CAs added by cloud-init..."
--
--# cloud-init drops certs into /usr/local/share/ca-certificates/
--if ls /usr/local/share/ca-certificates/cloud-init-* &>/dev/null 2>&1; then
--  run "rm -f /usr/local/share/ca-certificates/cloud-init-*"
--  run "update-ca-certificates --fresh"
--  ok "Custom CAs removed and trust store rebuilt."
--else
--  info "No cloud-init-managed custom CAs found."
--fi
--
--run "rm -f /var/lib/cloud/instance/sem/config_ca_certs"
--
--# ── rsyslog ───────────────────────────────────────────────────────────────────
--section "rsyslog"
--info "Removing cloud-init rsyslog configuration..."
--run "rm -f /etc/rsyslog.d/20-cloud-init.conf"
--if systemctl is-active --quiet rsyslog 2>/dev/null; then
--  run "systemctl restart rsyslog"
--  ok "rsyslog restarted."
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_rsyslog"
--
--# ── users-groups (default user: debian) ──────────────────────────────────────
--section "users-groups — default user 'debian'"
--warn "Removing user 'debian' and their home directory."
--warn "Ensure you have another admin account before doing this!"
--
--if id debian &>/dev/null 2>&1; then
--  # Kill any active sessions for this user first
--  run "pkill -u debian || true"
--  run "deluser --remove-home debian 2>/dev/null || userdel -r debian 2>/dev/null || true"
--  ok "User 'debian' removed."
--else
--  info "User 'debian' does not exist, skipping."
--fi
--
--# Remove groups that were created for this user (only if empty/unused)
--for grp in adm audio cdrom dialout dip floppy plugdev video; do
--  if getent group "$grp" &>/dev/null; then
--    info "Group '$grp' exists (system group — leaving in place)."
--  fi
--done
--
--run "rm -f /var/lib/cloud/instance/sem/config_users_groups"
--
--# =============================================================================
--# 2. CLOUD_CONFIG_MODULES — config stage
--# =============================================================================
--
--# ── snap ──────────────────────────────────────────────────────────────────────
--section "snap"
--if command -v snap &>/dev/null; then
--  info "Removing all installed snaps..."
--  # Snaps must be removed in dependency order; loop until none left
--  while snap list 2>/dev/null | grep -v "^Name" | grep -q .; do
--    snap list 2>/dev/null | awk 'NR>1 {print $1}' | while read -r pkg; do
--      run "snap remove --purge '$pkg' 2>/dev/null || true"
--    done
--  done
--
--  info "Stopping and disabling snapd..."
--  run "systemctl stop snapd.service snapd.socket snapd.seeded.service 2>/dev/null || true"
--  run "systemctl disable snapd.service snapd.socket 2>/dev/null || true"
--
--  info "Removing snapd package..."
--  run "apt-get purge -y snapd 2>/dev/null || true"
--
--  info "Removing snap directories..."
--  run "rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /root/snap"
--  run "rm -rf /home/*/snap"
--
--  info "Removing snap loopback mounts..."
--  mount | grep '/snap/' | awk '{print $3}' | while read -r mp; do
--    run "umount '$mp' 2>/dev/null || true"
--  done
--
--  ok "snap and snapd fully removed."
--else
--  info "snap not installed, skipping."
--fi
--
--run "rm -f /var/lib/cloud/instance/sem/config_snap"
--
--# ── ssh-import-id ─────────────────────────────────────────────────────────────
--section "ssh-import-id"
--info "Removing ssh-import-id if installed..."
--run "apt-get purge -y ssh-import-id 2>/dev/null || true"
--# Imported keys would have been written to the user's authorized_keys
--if [[ -f /home/debian/.ssh/authorized_keys ]]; then
--  warn "Review /home/debian/.ssh/authorized_keys for externally imported keys."
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_ssh_import_id"
--
--# ── set-passwords ─────────────────────────────────────────────────────────────
--section "set-passwords"
--info "Locking 'debian' user password (enforcing key-only auth)..."
--run "passwd -l debian 2>/dev/null || true"
--
--info "Ensuring SSH password authentication is disabled..."
--if [[ -f /etc/ssh/sshd_config ]]; then
--  run "sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config"
--  run "grep -q 'PasswordAuthentication no' /etc/ssh/sshd_config || echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config"
--  run "systemctl reload ssh 2>/dev/null || true"
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_set_passwords"
--ok "Password auth locked down."
--
--# ── grub-dpkg ─────────────────────────────────────────────────────────────────
--section "grub-dpkg"
--info "Clearing grub-dpkg debconf seeding..."
--run "echo '' | debconf-set-selections <<< 'grub-pc grub-pc/install_devices multiselect' 2>/dev/null || true"
--run "rm -f /var/lib/cloud/instance/sem/config_grub_dpkg"
--ok "grub-dpkg debconf state cleared (GRUB install device reset to empty)."
--
--# ── disable-ec2-metadata ──────────────────────────────────────────────────────
--section "disable-ec2-metadata"
--info "Re-enabling EC2 metadata service access (removing block if present)..."
--run "rm -f /run/cloud-init/enabled"
--run "iptables -D OUTPUT -d 169.254.169.254 -j DROP 2>/dev/null || true"
--run "ip6tables -D OUTPUT -d fd00:ec2::254 -j DROP 2>/dev/null || true"
--run "rm -f /var/lib/cloud/instance/sem/config_disable_ec2_metadata"
--
--# ── byobu ─────────────────────────────────────────────────────────────────────
--section "byobu"
--info "Removing byobu configuration and package..."
--run "rm -rf /etc/byobu"
--run "rm -f /etc/profile.d/Z97-byobu.sh /etc/profile.d/byobu.sh"
--run "rm -rf /home/debian/.byobu /root/.byobu"
--run "apt-get purge -y byobu 2>/dev/null || true"
--run "rm -f /var/lib/cloud/instance/sem/config_byobu"
--ok "byobu removed."
--
--# =============================================================================
--# 3. CLOUD_FINAL_MODULES — final stage
--# =============================================================================
--
--# ── package-update-upgrade-install ───────────────────────────────────────────
--section "package-update-upgrade-install"
--warn "Packages installed via cloud-init's package module cannot be auto-detected."
--warn "Review your user-data 'packages:' list and remove manually if needed."
--run "rm -f /var/lib/cloud/instance/sem/config_package_update_upgrade_install"
--
--# ── fan ───────────────────────────────────────────────────────────────────────
--section "fan (Ubuntu Fan networking)"
--if command -v fanctl &>/dev/null || dpkg -s ubuntu-fan &>/dev/null 2>&1; then
--  info "Removing ubuntu-fan networking..."
--  run "systemctl stop fanatic 2>/dev/null || true"
--  run "apt-get purge -y ubuntu-fan 2>/dev/null || true"
--  run "rm -f /etc/network/fan"
--  ok "ubuntu-fan removed."
--else
--  info "ubuntu-fan not installed, skipping."
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_fan"
--
--# ── landscape ────────────────────────────────────────────────────────────────
--section "landscape"
--if dpkg -s landscape-client &>/dev/null 2>&1; then
--  info "Removing Landscape client..."
--  run "systemctl stop landscape-client 2>/dev/null || true"
--  run "apt-get purge -y landscape-client landscape-common 2>/dev/null || true"
--  run "rm -rf /etc/landscape /var/lib/landscape"
--  ok "Landscape client removed."
--else
--  info "Landscape client not installed, skipping."
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_landscape"
--
--# ── lxd ──────────────────────────────────────────────────────────────────────
--section "lxd"
--if command -v lxd &>/dev/null; then
--  info "Removing LXD and all containers/images..."
--  run "lxc list --format csv -c n 2>/dev/null | while read -r c; do lxc delete --force \"\$c\"; done || true"
--  run "snap remove --purge lxd 2>/dev/null || apt-get purge -y lxd lxd-client liblxc1 2>/dev/null || true"
--  run "rm -rf /var/lib/lxd /var/snap/lxd"
--  ok "LXD removed."
--else
--  info "LXD not installed, skipping."
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_lxd"
--
--# ── puppet ───────────────────────────────────────────────────────────────────
--section "puppet"
--if command -v puppet &>/dev/null || dpkg -s puppet-agent &>/dev/null 2>&1; then
--  info "Removing Puppet agent..."
--  run "systemctl stop puppet 2>/dev/null || true"
--  run "apt-get purge -y puppet puppet-agent 2>/dev/null || true"
--  run "rm -rf /etc/puppet /var/lib/puppet /opt/puppetlabs"
--  ok "Puppet removed."
--else
--  info "Puppet not installed, skipping."
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_puppet"
--
--# ── chef ─────────────────────────────────────────────────────────────────────
--section "chef"
--if command -v chef-client &>/dev/null; then
--  info "Removing Chef client..."
--  run "systemctl stop chef-client 2>/dev/null || true"
--  run "apt-get purge -y chef 2>/dev/null || true"
--  run "rm -rf /etc/chef /var/log/chef /var/lib/chef /var/cache/chef /var/backups/chef /var/run/chef"
--  ok "Chef removed."
--else
--  info "Chef not installed, skipping."
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_chef"
--
--# ── mcollective ───────────────────────────────────────────────────────────────
--section "mcollective"
--if dpkg -s mcollective &>/dev/null 2>&1; then
--  info "Removing MCollective..."
--  run "systemctl stop mcollective 2>/dev/null || true"
--  run "apt-get purge -y mcollective 2>/dev/null || true"
--  run "rm -rf /etc/mcollective"
--  ok "MCollective removed."
--else
--  info "MCollective not installed, skipping."
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_mcollective"
--
--# ── salt-minion ───────────────────────────────────────────────────────────────
--section "salt-minion"
--if command -v salt-minion &>/dev/null || dpkg -s salt-minion &>/dev/null 2>&1; then
--  info "Removing Salt minion..."
--  run "systemctl stop salt-minion 2>/dev/null || true"
--  run "apt-get purge -y salt-minion salt-common 2>/dev/null || true"
--  run "rm -rf /etc/salt /var/cache/salt /var/log/salt /var/run/salt"
--  ok "Salt minion removed."
--else
--  info "salt-minion not installed, skipping."
--fi
--run "rm -f /var/lib/cloud/instance/sem/config_salt_minion"
--
--# ── reset_rmc ─────────────────────────────────────────────────────────────────
--section "reset_rmc (IBM Power)"
--# Only relevant on IBM Power hardware; safe no-op on other platforms
--run "rm -f /var/lib/cloud/instance/sem/config_reset_rmc"
--info "reset_rmc semaphore cleared (no-op on non-IBM-Power hardware)."
--
--# ── phone-home ────────────────────────────────────────────────────────────────
--section "phone-home"
--info "Clearing phone-home state..."
--run "rm -f /var/lib/cloud/instance/sem/config_phone_home"
--# Revoke any iptables allow-rule if phone-home was whitelisted
--info "If you added firewall rules for phone-home, remove them manually."
--ok "phone-home state cleared."
--
--# ── keys-to-console / ssh-authkey-fingerprints ────────────────────────────────
--section "keys-to-console / ssh-authkey-fingerprints"
--info "Removing console key output scripts..."
--run "rm -f /etc/profile.d/ssh-key-fingerprints.sh"
--run "rm -f /var/lib/cloud/instance/sem/config_keys_to_console"
--run "rm -f /var/lib/cloud/instance/sem/config_ssh_authkey_fingerprints"
--
--# =============================================================================
--# resolv.conf — restore after systemd-resolved removal
--# =============================================================================
--section "resolv.conf reset (systemd-resolved removed)"
--
--RESOLV="/etc/resolv.conf"
--
--# Detect what's currently there
--if [[ -L "$RESOLV" ]]; then
--  info "Found symlink: $RESOLV -> $(readlink -f "$RESOLV")"
--  info "Removing dangling symlink left by systemd-resolved..."
--  run "rm -f '$RESOLV'"
--else
--  info "$RESOLV is a plain file — backing it up before overwriting..."
--  run "cp '$RESOLV' '${RESOLV}.bak.$(date +%Y%m%d%H%M%S)'"
--fi
--
--# Write a static resolv.conf with sensible production defaults.
--# Adjust nameservers to match your infrastructure (internal DNS, VPC resolver, etc.)
--info "Writing static $RESOLV..."
--run "cat > '$RESOLV' <<'EOF'
--# /etc/resolv.conf — managed manually (systemd-resolved is not installed)
--nameserver 1.1.1.1
--nameserver 8.8.8.8
--nameserver 2606:4700:4700::1111
--
--# search your.internal.domain
--
--options timeout:2 attempts:3 rotate
--EOF"
--
--run "chmod 644 '$RESOLV'"
--run "chown root:root '$RESOLV'"
--
--# Verify DNS resolution works with the new config
--info "Testing DNS resolution..."
--if $DRY_RUN; then
--  echo -e "  ${YELLOW}[DRY-RUN]${RESET} getent hosts debian.org"
--elif getent hosts debian.org &>/dev/null; then
--  ok "DNS resolution working."
--else
--  warn "DNS resolution test failed — check nameservers in $RESOLV"
--fi
--
--# =============================================================================
--# SUMMARY
--# =============================================================================
--section "Cleanup Complete"
--
--echo ""
--echo -e "${BOLD}Actions performed:${RESET}"
--echo "  ✓ Hostname reset to 'localhost' (/etc/hostname, /etc/hosts)"
--echo "  ✓ Custom CA certificates removed, trust store rebuilt"
--echo "  ✓ rsyslog cloud-init config removed"
--echo "  ✓ User 'debian' removed (with home directory)"
--echo "  ✓ SSH host keys regenerated"
--echo "  ✓ snap/snapd removed"
--echo "  ✓ ssh-import-id removed"
--echo "  ✓ Password authentication locked (key-only enforced)"
--echo "  ✓ grub-dpkg debconf seeding cleared"
--echo "  ✓ byobu removed"
--echo "  ✓ hotplug udev rule removed"
--echo "  ✓ phone-home state cleared"
--echo "  ✓ All cloud-init semaphores and cache cleared"
--echo "  ✓ Landscape / LXD / Puppet / Chef / Salt / MCollective checked and removed if present"
--echo ""
--echo -e "${YELLOW}Manual review required:${RESET}"
--echo "  ⚠  Files written by write-files — check your user-data for target paths"
--echo "  ⚠  Packages installed via 'packages:' in user-data"
--echo "  ⚠  Scripts run from scripts-user / scripts-per-instance / scripts-vendor"
--echo "  ⚠  /home/debian/.ssh/authorized_keys — if user was not removed"
--echo "  ⚠  Any firewall rules added for phone-home or disable-ec2-metadata"
--echo ""
--if $FULL_UNINSTALL; then
--  echo -e "${RED}cloud-init has been fully removed from this system.${RESET}"
--else
--  echo -e "${CYAN}cloud-init is still installed. Run with --full-uninstall to remove it too.${RESET}"
--fi
--echo ""
--echo -e "${GREEN}Done.${RESET}"
--
--{{/code}}
--
--
--
--
  )))

image.jpg

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.kevin

Size

...	...	@@ -1,0 +1,1 @@
	1	+40.8 KB

Content

Changes for page proxmox

Summary

Details

Navigation

Recently Modified