Create-a-Container front end webserver implentation#11
Conversation
Commit to push the new container creator website to the repository for review.
maxklema
left a comment
maxklema
left a comment
There was a problem hiding this comment.
Great work. I really like this site and its ease-of-use. Just a few things to cleanup, first.
create-a-container/views/form.html
Outdated
| <label for="DEPLOY_ON_START">Deploy on Start</label> | ||
| <select id="DEPLOY_ON_START" name="DEPLOY_ON_START" required> | ||
| <option value="n">No</option> | ||
| <option value="y">Yes</option> | ||
| </select> |
There was a problem hiding this comment.
We can remove this part for now. But, we will have to expand the form later on if a user wants to automatically deploy.
There was a problem hiding this comment.
Removed from form in latest commit
create-a-container/views/form.html
Outdated
| <label for="CONTAINER_PASSWORD">Container Password</label> | ||
| <input type="password" id="CONTAINER_PASSWORD" name="CONTAINER_PASSWORD" required> | ||
|
|
||
| <label for="passwordConfirm">Confirm Password</label> | ||
| <input type="password" id="passwordConfirm" name="passwordConfirm" required> |
There was a problem hiding this comment.
Since we are migrating to LDAP, we will no longer need a container password field(s).
There was a problem hiding this comment.
What I will probably end up doing since the password is somewhat useless, but required so we don't lock out the root user account from running pct enter CTID in the hypervisor is modify the logic behind the container creation process to generate a random 20 character password. Let me know what you think and we can proceed from there.
There was a problem hiding this comment.
What I will probably end up doing since the password is somewhat useless, but required so we don't lock out the root user account from running
pct enter CTIDin the hypervisor is modify the logic behind the container creation process to generate a random 20 character password. Let me know what you think and we can proceed from there.
I was thinking of implementing a solution like that, too. It's a good idea. We would not provide this password to the user though, correct?
There was a problem hiding this comment.
I dont believe there to be a point, its not going to be required by the user and outputting root password in plaintext somewhat scares me. I updated the var in the create-container script file to reflect the change.
There was a problem hiding this comment.
I agree. Perhaps we can send this CONTAINER_PASSWORD into the register-container.sh (script that updates iptables and port_map.json) and create a field in port_map.json with the root password. Would that be insecure?
create-a-container/views/form.html
Outdated
| <label for="OTHER_PORT">Other Port (optional, forwards TCP & UDP)</label> | ||
| <input type="number" id="OTHER_PORT" name="OTHER_PORT" placeholder="e.g., 8080"> |
There was a problem hiding this comment.
We can remove this field for now as I might re-structure it later on.
| ssh -t root@10.15.0.4 "bash -c \"/var/lib/vz/snippets/create-container.sh \ | ||
| '$CONTAINER_NAME' \ | ||
| '$CONTAINER_PASSWORD' \ | ||
| '$GH_ACTION' \ | ||
| '$HTTP_PORT' \ | ||
| '$PROXMOX_USERNAME' \ | ||
| '$KEY_BASENAME' \ | ||
| '$PROTOCOL_BASE_FILE' \ | ||
| '$DEPLOY_ON_START' \ | ||
| '${PROJECT_REPOSITORY:-}' \ | ||
| '${PROJECT_BRANCH:-}' \ | ||
| '${PROJECT_ROOT:-}' \ | ||
| '${INSTALL_COMMAND:-}' \ | ||
| '${BUILD_COMMAND:-}' \ | ||
| '${START_COMMAND:-}' \ | ||
| '${RUNTIME_LANGUAGE:-}' \ | ||
| '${ENV_FOLDER:-}' \ | ||
| '${SERVICES_FILE:-}' \ | ||
| '$LINUX_DISTRIBUTION' \ | ||
| '${MULTI_COMPONENT:-}' \ | ||
| '${ROOT_START_COMMAND:-}' \ |
There was a problem hiding this comment.
Some of these variables are not longer required to be passed in, and passing them anyway will disrupt the container creation script this calls on the hypervisor. Reference the newest container creation script in create container 'container' for the updated ssh command.
Adjusting root password to random 20 character alphanumeric with LDAP integration in place.
maxklema
left a comment
maxklema
left a comment
There was a problem hiding this comment.
Tested and works fine. We will add/save root password in another PR.
2 participants
Front end webpage for interns to use to create their containers on demand in an easy to use seamless format. Interns can also use this to view their active running containers along with their designated ports and operating system if container was created after 7/30/25