|
| 1 | +--- |
| 2 | +title: Setup provider configuration |
| 3 | +description: This guide provides instructions on how to configure the provider |
| 4 | +--- |
| 5 | + |
| 6 | +# 1. Create API Token |
| 7 | +You can create an API Token for a user via the Proxmox UI, or via the command line on the Proxmox host or cluster: |
| 8 | + |
| 9 | +- Create a user: |
| 10 | + |
| 11 | + ```sh |
| 12 | + sudo pveum user add terraform@pve |
| 13 | + ``` |
| 14 | + |
| 15 | +- Create a role for the user (you can skip this step if you want to use any of the existing roles): |
| 16 | + |
| 17 | + ```sh |
| 18 | + sudo pveum role add Terraform -privs "Mapping.Audit Mapping.Modify Mapping.Use Permissions.Modify Pool.Allocate Pool.Audit Realm.AllocateUser Realm.Allocate SDN.Allocate SDN.Audit Sys.Audit Sys.Console Sys.Incoming Sys.Modify Sys.AccessNetwork Sys.PowerMgmt Sys.Syslog User.Modify Group.Allocate SDN.Use VM.Allocate VM.Audit VM.Backup VM.Clone VM.Config.CDROM VM.Config.CPU VM.Config.Cloudinit VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Console VM.Migrate VM.Monitor VM.PowerMgmt VM.Snapshot.Rollback VM.Snapshot Datastore.Allocate Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit" |
| 19 | + ``` |
| 20 | + |
| 21 | + ~> The list of privileges above is only an example, please review it and adjust to your needs. |
| 22 | + Refer to the [privileges documentation](https://pve.proxmox.com/pve-docs/pveum.1.html#_privileges) for more details. |
| 23 | + |
| 24 | +- Assign the role to the previously created user: |
| 25 | + |
| 26 | + ```sh |
| 27 | + sudo pveum aclmod / -user terraform@pve -role Terraform |
| 28 | + ``` |
| 29 | + |
| 30 | +- Create an API token for the user: |
| 31 | + |
| 32 | + ```sh |
| 33 | + sudo pveum user token add terraform@pve provider --privsep=0 |
| 34 | + ``` |
| 35 | +<br> |
| 36 | + |
| 37 | +# 2. Configure SSH on Proxmox Node |
| 38 | +Since we’re using a custom image, a working SSH connection to the Proxmox node is required for the proxmox_virtual_environment_file Terraform resource. |
| 39 | + |
| 40 | +🚫 Don't use the root user — instead, let’s create a dedicated user for this first. 👤✅ |
| 41 | +
|
| 42 | +
|
| 43 | +-> `sudo` may not be installed by default on Proxmox VE nodes. You can install it via the command line on the Proxmox host: `apt install sudo` |
| 44 | +
|
| 45 | +
|
| 46 | +You can configure the `sudo` privilege for the user via the command line on the Proxmox host. |
| 47 | +In the example below, we create a user `terraform` and assign the `sudo` privilege to it. Run the following commands on each Proxmox node in the root shell: |
| 48 | +
|
| 49 | +- Create a new system user: |
| 50 | +
|
| 51 | + ```sh |
| 52 | + useradd -m terraform |
| 53 | + ``` |
| 54 | + |
| 55 | +
|
| 56 | +- Configure the `sudo` privilege for the user, by adding a new sudoers file to the `/etc/sudoers.d` directory: |
| 57 | +
|
| 58 | + ```sh |
| 59 | + visudo -f /etc/sudoers.d/terraform |
| 60 | + ``` |
| 61 | +
|
| 62 | + Add the following lines to the file: |
| 63 | +
|
| 64 | + ```text |
| 65 | + terraform ALL=(root) NOPASSWD: /sbin/pvesm |
| 66 | + terraform ALL=(root) NOPASSWD: /sbin/qm |
| 67 | + terraform ALL=(root) NOPASSWD: /usr/bin/tee /var/lib/vz/* |
| 68 | + ``` |
| 69 | +
|
| 70 | + If you're using a different datastore for snippets, not the default `local`, you should add the datastore's mount point to the sudoers file as well, for example: |
| 71 | + |
| 72 | + ```text |
| 73 | + terraform ALL=(root) NOPASSWD: /usr/bin/tee /mnt/pve/cephfs/* |
| 74 | + ``` |
| 75 | +
|
| 76 | + You can find the mount point of the datastore by running `pvesh get /storage/<name>` on the Proxmox node. |
| 77 | +<br> |
| 78 | +
|
| 79 | +- Copy your SSH public key to the `~/.ssh/authorized_keys` file of the `terraform` user on the target node. |
| 80 | + <br> |
| 81 | +
|
| 82 | +- Test the SSH connection and password-less `sudo`: |
| 83 | + |
| 84 | + ```sh |
| 85 | + ssh terraform@<target-node> sudo pvesm apiinfo |
| 86 | + ``` |
| 87 | +
|
| 88 | + You should be able to connect to the target node and see the output containing `APIVER <number>` on the scr |
| 89 | +
|
| 90 | +
|
| 91 | +- Before saving private key in secret store, you should replace linebreaks with \n |
| 92 | + ```sh |
| 93 | + cat proxmox_homelab | awk '{printf "%s\\n", $0}' |
| 94 | + ``` |
| 95 | +<br> |
| 96 | +
|
| 97 | +# 3. Configure the providers.tf part in Terraform |
| 98 | +
|
| 99 | +```terraform |
| 100 | +terraform { |
| 101 | + required_providers { |
| 102 | + proxmox = { |
| 103 | + source = "bpg/proxmox" |
| 104 | + version = ">= 0.69.0, < 1.0.0" |
| 105 | + } |
| 106 | + } |
| 107 | +} |
| 108 | +
|
| 109 | +provider "proxmox" { |
| 110 | + endpoint = "https://your-proxmox-host.dev/api2/json" |
| 111 | + api_token = var.proxmox_api_key |
| 112 | + ssh { |
| 113 | + agent = true |
| 114 | + username = "terraform" |
| 115 | + private_key = var.terraform_proxmox_private_key |
| 116 | +
|
| 117 | + } |
| 118 | +} |
| 119 | +``` |
| 120 | +
|
| 121 | +🚀 You're all set! |
| 122 | +You should now be able to deploy a cluster using the module. ✅ |
0 commit comments