14389d96cc
Some checks are pending
Build and Release / build-sign-package (push) Waiting to run
- Created PROXMOX_ACCESS.md with setup instructions - Updated credentials with actual values from cred repo - Added SSL certificate setup for Proxmox API access - Documented 3 options: API token, password, SSH key
3.6 KiB
3.6 KiB
🔐 Proxmox Access Setup
This guide explains how to configure Proxmox API access for the Windows automation pipeline.
Current Status
| Method | Status | Notes |
|---|---|---|
| API Token | ❌ Not working | Token not found on server |
| SSH Key | ❌ Permission denied | Keys not authorized |
| Password | ⚠️ Not tested | gg334h2tuvw (from dynamic-infra.yaml) |
Option 1: Create New API Token (Recommended)
Step 1: Access Proxmox Web UI
- Open browser to:
https://10.32.2.11:8006 - Login as:
root - Navigate to: Datacenter → API Tokens
Step 2: Create New Token
Click: Add
----------
Token ID: windows-iac-tooling
User: root@pam
Expire: Never (or select date)
Privilege Separation: Unchecked (or use VM.Admin)
Step 3: Save Credentials
IMPORTANT: Save the token immediately - it will not be shown again!
Token ID: root@pam!windows-iac-tooling
Token Secret: <COPY_THIS_NOW>
Step 4: Update Configuration
# Update packer/variables.pkr.hcl or .env
export PKR_VAR_proxmox_password="<your-token-secret>"
Option 2: Password Authentication
The dynamic-infra.yaml file contains an alternative password:
Username: root
Password: gg334h2tuvw
Test Password Access
curl -v --max-time 5 "https://10.32.2.11:8006/api2/json" \
-u "root@pam:gg334h2tuvw"
Update Configuration
# In packer/windows.pkr.hcl
source "proxmox-iso" "windows-11" {
proxmox_url = "https://10.32.2.11:8006/api2/json"
username = "root@pam"
password = "gg334h2tuvw" # Use this password
...
}
Option 3: SSH Key Setup
Add SSH Key to Proxmox
# Copy your public key to Proxmox
ssh-copy-id root@10.32.2.11
# Or manually:
cat ~/.ssh/id_ed25519.pub | ssh root@10.32.2.11 'cat >> /root/.ssh/authorized_keys'
Test SSH Access
ssh root@10.32.2.11 "hostname"
Expected Output
la-vmh-07
Verify Proxmox API Access
After Setting Up Authentication
# Test with API token
TOKEN="<your-token-secret>"
curl -s "https://10.32.2.11:8006/api2/json/cluster/resources" \
--header "Authorization: PVEAPIToken=root@pam!windows-iac-tooling:$TOKEN"
Expected Response
{
"data": [
{
"status": "running",
"vmid": "100",
"name": "pve",
...
}
]
}
Common Issues
"no tokenid specified"
Cause: Token doesn't exist or is malformed
Fix: Create new token in Proxmox UI
"401 unauthorized"
Cause: Invalid credentials
Fix: Verify token secret is correct (no extra spaces)
SSL Certificate Error
Cause: Self-signed certificate
Fix: Install CA certificate
openssl s_client -connect 10.32.2.11:8006 -showcerts </dev/null 2>&1 | \
sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > /tmp/pve-ca.crt
cp /tmp/pve-ca.crt /usr/local/share/ca-certificates/pve-ca.crt
update-ca-certificates
Proxmox Nodes Reference
| Node | IP | Description |
|---|---|---|
| la-vmh-07 | 10.32.2.11 | AI and Development |
| la-vmh-11 | 10.32.2.1 | Network server |
| la-vmh-12 | 10.32.2.21 | Production (public) |
| la-vmh-13 | 10.32.2.31 | Production (private) |
Next Steps
After configuring access:
- ✅ Verify API connectivity
- 📝 Update
.envwith credentials - 🔨 Run
./build-template.sh --check - 🚀 Execute full build
Security Notes
- ✅ Use API tokens over passwords when possible
- ✅ Set token expiration dates
- ✅ Use minimum required privileges (VM.Admin)
- ✅ Never commit credentials to git
- ✅ Rotate tokens quarterly