LoopAware-Infra/windows-iac-vm-tooling
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
windows-iac-vm-tooling/PROXMOX_ACCESS.md

195 lines
3.6 KiB
Markdown
Raw Normal View History

feat: Add Proxmox access setup documentation - Created PROXMOX_ACCESS.md with setup instructions - Updated credentials with actual values from cred repo - Added SSL certificate setup for Proxmox API access - Documented 3 options: API token, password, SSH key
2026-02-06 17:28:15 +00:00
# 🔐 Proxmox Access Setup
This guide explains how to configure Proxmox API access for the Windows automation pipeline.
## Current Status
| Method | Status | Notes |
|--------|--------|-------|
| API Token | ❌ Not working | Token not found on server |
| SSH Key | ❌ Permission denied | Keys not authorized |
| Password | ⚠️ Not tested | gg334h2tuvw (from dynamic-infra.yaml) |
---
## Option 1: Create New API Token (Recommended)
### Step 1: Access Proxmox Web UI
1. Open browser to: `https://10.32.2.11:8006`
2. Login as: `root`
3. Navigate to: **Datacenter****API Tokens**
### Step 2: Create New Token
```
Click: Add
----------
Token ID: windows-iac-tooling
User: root@pam
Expire: Never (or select date)
Privilege Separation: Unchecked (or use VM.Admin)
```
### Step 3: Save Credentials
**IMPORTANT:** Save the token immediately - it will not be shown again!
```
Token ID: root@pam!windows-iac-tooling
Token Secret: <COPY_THIS_NOW>
```
### Step 4: Update Configuration
```bash
# Update packer/variables.pkr.hcl or .env
export PKR_VAR_proxmox_password="<your-token-secret>"
```
---
## Option 2: Password Authentication
The `dynamic-infra.yaml` file contains an alternative password:
```
Username: root
Password: gg334h2tuvw
```
### Test Password Access
```bash
curl -v --max-time 5 "https://10.32.2.11:8006/api2/json" \
-u "root@pam:gg334h2tuvw"
```
### Update Configuration
```hcl
# In packer/windows.pkr.hcl
source "proxmox-iso" "windows-11" {
proxmox_url = "https://10.32.2.11:8006/api2/json"
username = "root@pam"
password = "gg334h2tuvw" # Use this password
...
}
```
---
## Option 3: SSH Key Setup
### Add SSH Key to Proxmox
```bash
# Copy your public key to Proxmox
ssh-copy-id root@10.32.2.11
# Or manually:
cat ~/.ssh/id_ed25519.pub | ssh root@10.32.2.11 'cat >> /root/.ssh/authorized_keys'
```
### Test SSH Access
```bash
ssh root@10.32.2.11 "hostname"
```
### Expected Output
```
la-vmh-07
```
---
## Verify Proxmox API Access
### After Setting Up Authentication
```bash
# Test with API token
TOKEN="<your-token-secret>"
curl -s "https://10.32.2.11:8006/api2/json/cluster/resources" \
--header "Authorization: PVEAPIToken=root@pam!windows-iac-tooling:$TOKEN"
```
### Expected Response
```json
{
"data": [
{
"status": "running",
"vmid": "100",
"name": "pve",
...
}
]
}
```
---
## Common Issues
### "no tokenid specified"
**Cause:** Token doesn't exist or is malformed
**Fix:** Create new token in Proxmox UI
### "401 unauthorized"
**Cause:** Invalid credentials
**Fix:** Verify token secret is correct (no extra spaces)
### SSL Certificate Error
**Cause:** Self-signed certificate
**Fix:** Install CA certificate
```bash
openssl s_client -connect 10.32.2.11:8006 -showcerts </dev/null 2>&1 | \
sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > /tmp/pve-ca.crt
cp /tmp/pve-ca.crt /usr/local/share/ca-certificates/pve-ca.crt
update-ca-certificates
```
---
## Proxmox Nodes Reference
| Node | IP | Description |
|------|-----|-------------|
| la-vmh-07 | 10.32.2.11 | AI and Development |
| la-vmh-11 | 10.32.2.1 | Network server |
| la-vmh-12 | 10.32.2.21 | Production (public) |
| la-vmh-13 | 10.32.2.31 | Production (private) |
---
## Next Steps
After configuring access:
1. ✅ Verify API connectivity
2. 📝 Update `.env` with credentials
3. 🔨 Run `./build-template.sh --check`
4. 🚀 Execute full build
---
## Security Notes
- ✅ Use API tokens over passwords when possible
- ✅ Set token expiration dates
- ✅ Use minimum required privileges (VM.Admin)
- ✅ Never commit credentials to git
- ✅ Rotate tokens quarterly
Reference in a new issue Copy permalink