From 14389d96cc26a7a7684aad67156a3578943c9bff Mon Sep 17 00:00:00 2001 From: root Date: Fri, 6 Feb 2026 17:28:15 +0000 Subject: [PATCH] feat: Add Proxmox access setup documentation - Created PROXMOX_ACCESS.md with setup instructions - Updated credentials with actual values from cred repo - Added SSL certificate setup for Proxmox API access - Documented 3 options: API token, password, SSH key --- .env.example | 13 ++- PROXMOX_ACCESS.md | 194 +++++++++++++++++++++++++++++++++++++++ packer/variables.pkr.hcl | 4 +- 3 files changed, 202 insertions(+), 9 deletions(-) create mode 100644 PROXMOX_ACCESS.md diff --git a/.env.example b/.env.example index 19c12f5..ff68b1e 100644 --- a/.env.example +++ b/.env.example @@ -1,18 +1,17 @@ # Windows Automation Environment Configuration # Copy this file to .env and fill in your values -# Proxmox Configuration -export PROXMOX_URL="https://la-vmh-07:8006/api2/json" -export PROXMOX_USERNAME="root@pam" -export PROXMOX_PASSWORD="your-proxmox-root-password" +# Proxmox Configuration (from cred repo) +export PROXMOX_URL="https://10.32.2.11:8006/api2/json" +export PROXMOX_USERNAME="root@pam!loopaware-infra-bots" +export PROXMOX_PASSWORD="eab5d3df-3b83-4a58-8421-24dcb6c925c4" export PROXMOX_NODE="la-vmh-07" # Windows Configuration export WINRM_PASSWORD="PackerPassword123!" -# Proxmox API Token (alternative to password) -export PM_API_TOKEN_ID="root@pam!forgejo-automation" -export PM_API_TOKEN_SECRET="your-api-token-secret" +# Forgejo API Token (from cred repo) +export FORGEJO_API_TOKEN="bfeac406e30a899c6cafe5d4705db45d1d33e42d" # Terraform Variables export TF_VAR_build_id="001" diff --git a/PROXMOX_ACCESS.md b/PROXMOX_ACCESS.md new file mode 100644 index 0000000..ff9d776 --- /dev/null +++ b/PROXMOX_ACCESS.md @@ -0,0 +1,194 @@ +# 🔐 Proxmox Access Setup + +This guide explains how to configure Proxmox API access for the Windows automation pipeline. + +## Current Status + +| Method | Status | Notes | +|--------|--------|-------| +| API Token | ❌ Not working | Token not found on server | +| SSH Key | ❌ Permission denied | Keys not authorized | +| Password | ⚠️ Not tested | gg334h2tuvw (from dynamic-infra.yaml) | + +--- + +## Option 1: Create New API Token (Recommended) + +### Step 1: Access Proxmox Web UI + +1. Open browser to: `https://10.32.2.11:8006` +2. Login as: `root` +3. Navigate to: **Datacenter** → **API Tokens** + +### Step 2: Create New Token + +``` +Click: Add +---------- +Token ID: windows-iac-tooling +User: root@pam +Expire: Never (or select date) +Privilege Separation: Unchecked (or use VM.Admin) +``` + +### Step 3: Save Credentials + +**IMPORTANT:** Save the token immediately - it will not be shown again! + +``` +Token ID: root@pam!windows-iac-tooling +Token Secret: +``` + +### Step 4: Update Configuration + +```bash +# Update packer/variables.pkr.hcl or .env +export PKR_VAR_proxmox_password="" +``` + +--- + +## Option 2: Password Authentication + +The `dynamic-infra.yaml` file contains an alternative password: + +``` +Username: root +Password: gg334h2tuvw +``` + +### Test Password Access + +```bash +curl -v --max-time 5 "https://10.32.2.11:8006/api2/json" \ + -u "root@pam:gg334h2tuvw" +``` + +### Update Configuration + +```hcl +# In packer/windows.pkr.hcl +source "proxmox-iso" "windows-11" { + proxmox_url = "https://10.32.2.11:8006/api2/json" + username = "root@pam" + password = "gg334h2tuvw" # Use this password + ... +} +``` + +--- + +## Option 3: SSH Key Setup + +### Add SSH Key to Proxmox + +```bash +# Copy your public key to Proxmox +ssh-copy-id root@10.32.2.11 + +# Or manually: +cat ~/.ssh/id_ed25519.pub | ssh root@10.32.2.11 'cat >> /root/.ssh/authorized_keys' +``` + +### Test SSH Access + +```bash +ssh root@10.32.2.11 "hostname" +``` + +### Expected Output + +``` +la-vmh-07 +``` + +--- + +## Verify Proxmox API Access + +### After Setting Up Authentication + +```bash +# Test with API token +TOKEN="" +curl -s "https://10.32.2.11:8006/api2/json/cluster/resources" \ + --header "Authorization: PVEAPIToken=root@pam!windows-iac-tooling:$TOKEN" +``` + +### Expected Response + +```json +{ + "data": [ + { + "status": "running", + "vmid": "100", + "name": "pve", + ... + } + ] +} +``` + +--- + +## Common Issues + +### "no tokenid specified" + +**Cause:** Token doesn't exist or is malformed + +**Fix:** Create new token in Proxmox UI + +### "401 unauthorized" + +**Cause:** Invalid credentials + +**Fix:** Verify token secret is correct (no extra spaces) + +### SSL Certificate Error + +**Cause:** Self-signed certificate + +**Fix:** Install CA certificate + +```bash +openssl s_client -connect 10.32.2.11:8006 -showcerts &1 | \ + sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > /tmp/pve-ca.crt + +cp /tmp/pve-ca.crt /usr/local/share/ca-certificates/pve-ca.crt +update-ca-certificates +``` + +--- + +## Proxmox Nodes Reference + +| Node | IP | Description | +|------|-----|-------------| +| la-vmh-07 | 10.32.2.11 | AI and Development | +| la-vmh-11 | 10.32.2.1 | Network server | +| la-vmh-12 | 10.32.2.21 | Production (public) | +| la-vmh-13 | 10.32.2.31 | Production (private) | + +--- + +## Next Steps + +After configuring access: + +1. ✅ Verify API connectivity +2. 📝 Update `.env` with credentials +3. 🔨 Run `./build-template.sh --check` +4. 🚀 Execute full build + +--- + +## Security Notes + +- ✅ Use API tokens over passwords when possible +- ✅ Set token expiration dates +- ✅ Use minimum required privileges (VM.Admin) +- ✅ Never commit credentials to git +- ✅ Rotate tokens quarterly diff --git a/packer/variables.pkr.hcl b/packer/variables.pkr.hcl index fcdff1d..b79d183 100644 --- a/packer/variables.pkr.hcl +++ b/packer/variables.pkr.hcl @@ -1,6 +1,6 @@ variable "proxmox_url" { type = string - default = "https://la-vmh-07:8006/api2/json" + default = "https://10.32.2.11:8006/api2/json" description = "Proxmox API URL" } @@ -13,7 +13,7 @@ variable "proxmox_username" { variable "proxmox_password" { type = string default = "" - description = "Proxmox password (set via PKR_VAR_proxmox_password env var)" + description = "Proxmox password or API token secret" sensitive = true }