Deploying your Kali-linux templates with Cloud-init, under Proxmox VE

Deploying your KVM virtual machines via Cloud-init, is a fast and flexible way to deploy your KVM virtual machines. With the Proxmox template system.

But what if your distribution doesn't include Cloud-init in its prebuild (qcow2,raw,...) ?

That's what this article is all about, so we'll take a look at how to make the famous Kali-linux pentesting and forensic distribution 'compatible' with Cloud-init.

Creating the future Kali-linux template

 qm create 103 \
    --name template-kalilinux \
    --agent 1 \
    --memory 4096 \
    --bios seabios
    --sockets 1 --cores 4
    --cpu host
    --net0 virtio,bridge=vmbr0 \
    --scsihw virtio-scsi-single

Retrieving the QEMU prebuild image from Kali linux

wget -P /mnt/pve/DS418/template/iso/ https://cdimage.kali.org/kali-2023.1/kali-linux-2023.1-qemu-amd64.7z
7z x /mnt/pve/DS418/template/iso/kali-linux-2023.1-qemu-amd64.7z

Modification of the image for Cloud-init support

Check necessary packages

apt install -y libguestfs-tools p7zip-full

Cloud-init added to Kali image :

virt-customize -a /mnt/pve/DS418/template/iso/kali-linux-2023.1-qemu-amd64.qcow2 --install cloud-init

We'll take this opportunity to install the QEMU agent, and enable SSH (the latter is not active by default under Kali):

virt-customize -a /mnt/pve/DS418/template/iso/kali-linux-2023.1-qemu-amd64.qcow2 --install qemu-guest-agent
virt-customize -a /mnt/pve/DS418/template/iso/kali-linux-2023.1-qemu-amd64.qcow2 --run-command 'systemctl enable ssh.service'

Import disk image

qm importdisk 103 /mnt/pve/DS418/template/iso/kali-linux-2023.1-qemu-amd64.qcow2 local-btrfs --format qcow2
# All that's left is to attach the disk from the web interface.
# A single command-line alternative for both import and attachment
qm set 103 --scsi0 local-btrfs:0,import-from=/mnt/pve/DS418/template/iso/kali-linux-2023.1-qemu-amd64.qcow2

Cloud-init configuration

Add Cloud-init disk

qm set 103 --ide0 local-btrfs:cloudinit

Define boot order

qm set 103 --boot c --bootdisk scsi0

Add VGA interface for console access

The documentation recommends configuring the interface in serial, as follows:

qm set 103 --serial0 socket --vga serial0

But we're going to use an alternative method (to make Kali accessible from NoVNC):

qm set 103 --vga std

Convert VM to template

qm template 103

Setting Cloud-init parameters

qm set 103 --ciuser USER --cipassword PASSWORD 
qm set 103 --sshkey /PATH/TO/YOUR/key.pub
qm set 103 --ipconfig0 ip=192.168.2.12/24,gw=192.168.2.1

Deploying from template

All that's left to do is clone your Kali-linux template over and over again.
if you modify the Configuration of the template or one of your clones, don't forget to regenerate the Cloud-init image.

qm clone 103 104 --name kali-104

Resources :

• https://pve.proxmox.com/pve-docs/qm.1.html
• https://pve.proxmox.com/wiki/Cloud-Init_Support
• https://pve.proxmox.com/wiki/VM_Templates_and_Clones
• https://wiki.debian.org/ThomasChung/CloudImage
• https://docs.openstack.org/image-guide/obtain-images.html