# 🔐 Proxmox Access Setup This guide explains how to configure Proxmox API access for the Windows automation pipeline. ## Current Status | Method | Status | Notes | |--------|--------|-------| | API Token | ❌ Not working | Token not found on server | | SSH Key | ❌ Permission denied | Keys not authorized | | Password | ⚠️ Not tested | gg334h2tuvw (from dynamic-infra.yaml) | --- ## Option 1: Create New API Token (Recommended) ### Step 1: Access Proxmox Web UI 1. Open browser to: `https://10.32.2.11:8006` 2. Login as: `root` 3. Navigate to: **Datacenter** → **API Tokens** ### Step 2: Create New Token ``` Click: Add ---------- Token ID: windows-iac-tooling User: root@pam Expire: Never (or select date) Privilege Separation: Unchecked (or use VM.Admin) ``` ### Step 3: Save Credentials **IMPORTANT:** Save the token immediately - it will not be shown again! ``` Token ID: root@pam!windows-iac-tooling Token Secret: ``` ### Step 4: Update Configuration ```bash # Update packer/variables.pkr.hcl or .env export PKR_VAR_proxmox_password="" ``` --- ## Option 2: Password Authentication The `dynamic-infra.yaml` file contains an alternative password: ``` Username: root Password: gg334h2tuvw ``` ### Test Password Access ```bash curl -v --max-time 5 "https://10.32.2.11:8006/api2/json" \ -u "root@pam:gg334h2tuvw" ``` ### Update Configuration ```hcl # In packer/windows.pkr.hcl source "proxmox-iso" "windows-11" { proxmox_url = "https://10.32.2.11:8006/api2/json" username = "root@pam" password = "gg334h2tuvw" # Use this password ... } ``` --- ## Option 3: SSH Key Setup ### Add SSH Key to Proxmox ```bash # Copy your public key to Proxmox ssh-copy-id root@10.32.2.11 # Or manually: cat ~/.ssh/id_ed25519.pub | ssh root@10.32.2.11 'cat >> /root/.ssh/authorized_keys' ``` ### Test SSH Access ```bash ssh root@10.32.2.11 "hostname" ``` ### Expected Output ``` la-vmh-07 ``` --- ## Verify Proxmox API Access ### After Setting Up Authentication ```bash # Test with API token TOKEN="" curl -s "https://10.32.2.11:8006/api2/json/cluster/resources" \ --header "Authorization: PVEAPIToken=root@pam!windows-iac-tooling:$TOKEN" ``` ### Expected Response ```json { "data": [ { "status": "running", "vmid": "100", "name": "pve", ... } ] } ``` --- ## Common Issues ### "no tokenid specified" **Cause:** Token doesn't exist or is malformed **Fix:** Create new token in Proxmox UI ### "401 unauthorized" **Cause:** Invalid credentials **Fix:** Verify token secret is correct (no extra spaces) ### SSL Certificate Error **Cause:** Self-signed certificate **Fix:** Install CA certificate ```bash openssl s_client -connect 10.32.2.11:8006 -showcerts &1 | \ sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > /tmp/pve-ca.crt cp /tmp/pve-ca.crt /usr/local/share/ca-certificates/pve-ca.crt update-ca-certificates ``` --- ## Proxmox Nodes Reference | Node | IP | Description | |------|-----|-------------| | la-vmh-07 | 10.32.2.11 | AI and Development | | la-vmh-11 | 10.32.2.1 | Network server | | la-vmh-12 | 10.32.2.21 | Production (public) | | la-vmh-13 | 10.32.2.31 | Production (private) | --- ## Next Steps After configuring access: 1. ✅ Verify API connectivity 2. 📝 Update `.env` with credentials 3. 🔨 Run `./build-template.sh --check` 4. 🚀 Execute full build --- ## Security Notes - ✅ Use API tokens over passwords when possible - ✅ Set token expiration dates - ✅ Use minimum required privileges (VM.Admin) - ✅ Never commit credentials to git - ✅ Rotate tokens quarterly