Build and Release / build-sign-package (push) Waiting to run

Details

feat: Add Proxmox access setup documentation

- Created PROXMOX_ACCESS.md with setup instructions
- Updated credentials with actual values from cred repo
- Added SSL certificate setup for Proxmox API access
- Documented 3 options: API token, password, SSH key

2026-02-06 17:28:15 +00:00

3.6 KiB

Raw Blame History

🔐 Proxmox Access Setup

This guide explains how to configure Proxmox API access for the Windows automation pipeline.

Current Status

Method	Status	Notes
API Token	❌ Not working	Token not found on server
SSH Key	❌ Permission denied	Keys not authorized
Password	⚠️ Not tested	gg334h2tuvw (from dynamic-infra.yaml)

Option 1: Create New API Token (Recommended)

Step 1: Access Proxmox Web UI

Open browser to: https://10.32.2.11:8006
Login as: root
Navigate to: Datacenter → API Tokens

Step 2: Create New Token

Click: Add
----------
Token ID: windows-iac-tooling
User: root@pam
Expire: Never (or select date)
Privilege Separation: Unchecked (or use VM.Admin)

Step 3: Save Credentials

IMPORTANT: Save the token immediately - it will not be shown again!

Token ID:     root@pam!windows-iac-tooling
Token Secret: <COPY_THIS_NOW>

Step 4: Update Configuration

# Update packer/variables.pkr.hcl or .env
export PKR_VAR_proxmox_password="<your-token-secret>"

Option 2: Password Authentication

The dynamic-infra.yaml file contains an alternative password:

Username: root
Password: gg334h2tuvw

Test Password Access

curl -v --max-time 5 "https://10.32.2.11:8006/api2/json" \
  -u "root@pam:gg334h2tuvw"

Update Configuration

# In packer/windows.pkr.hcl
source "proxmox-iso" "windows-11" {
  proxmox_url = "https://10.32.2.11:8006/api2/json"
  username    = "root@pam"
  password    = "gg334h2tuvw"  # Use this password
  ...
}

Option 3: SSH Key Setup

Add SSH Key to Proxmox

# Copy your public key to Proxmox
ssh-copy-id root@10.32.2.11

# Or manually:
cat ~/.ssh/id_ed25519.pub | ssh root@10.32.2.11 'cat >> /root/.ssh/authorized_keys'

Test SSH Access

ssh root@10.32.2.11 "hostname"

Expected Output

la-vmh-07

Verify Proxmox API Access

After Setting Up Authentication

# Test with API token
TOKEN="<your-token-secret>"
curl -s "https://10.32.2.11:8006/api2/json/cluster/resources" \
  --header "Authorization: PVEAPIToken=root@pam!windows-iac-tooling:$TOKEN"

Expected Response

{
  "data": [
    {
      "status": "running",
      "vmid": "100",
      "name": "pve",
      ...
    }
  ]
}

Common Issues

"no tokenid specified"

Cause: Token doesn't exist or is malformed

Fix: Create new token in Proxmox UI

"401 unauthorized"

Cause: Invalid credentials

Fix: Verify token secret is correct (no extra spaces)

SSL Certificate Error

Cause: Self-signed certificate

Fix: Install CA certificate

openssl s_client -connect 10.32.2.11:8006 -showcerts </dev/null 2>&1 | \
  sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > /tmp/pve-ca.crt

cp /tmp/pve-ca.crt /usr/local/share/ca-certificates/pve-ca.crt
update-ca-certificates

Proxmox Nodes Reference

Node	IP	Description
la-vmh-07	10.32.2.11	AI and Development
la-vmh-11	10.32.2.1	Network server
la-vmh-12	10.32.2.21	Production (public)
la-vmh-13	10.32.2.31	Production (private)

Next Steps

After configuring access:

✅ Verify API connectivity
📝 Update .env with credentials
🔨 Run ./build-template.sh --check
🚀 Execute full build

Security Notes

✅ Use API tokens over passwords when possible
✅ Set token expiration dates
✅ Use minimum required privileges (VM.Admin)
✅ Never commit credentials to git
✅ Rotate tokens quarterly

3.6 KiB Raw Blame History