Terraform Proxmox

criando a role no servidor proxmox

pveum role add TerraformUser -privs "Datastore.Allocate \
  Datastore.AllocateSpace Datastore.AllocateTemplate \
  Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify \
  SDN.Use VM.Allocate VM.Audit VM.Clone VM.Config.CDROM \
  VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType \
  VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate \
  VM.Monitor VM.PowerMgmt User.Modify"

criando o grupo

pveum group add terraform-users

adicionando permissões ao grupo

pveum acl modify / -group terraform-users -role TerraformUser

criando o usuário terraform

pveum useradd terraform@pam -groups terraform-users

gerando o token

pveum user token add terraform@pam token -privsep 0

saída esperada

full-tokenid | terraform@pam!token
info         | {"privsep":"0"}
value        | TOKEN

pronto, agora temos o token.

credentials.sh

eu gosto de criar esse arquivo para carregar as credenciais

### api token #########################

# use single quotes for the API token ID 
# because of the exclamation mark

export PM_API_TOKEN_ID='terraform-prov@pve!mytoken'
export PM_API_TOKEN_SECRET="token"

### user/pass #########################

#export PM_USER="root@pam"
#export PM_PASS="password"

main.tf

terraform {
  required_providers {
    proxmox = {
      source = "Telmate/proxmox"
      version = "3.0.2-rc03"
    }
  }
}

provider "proxmox" {
  pm_api_url = "https://51.222.xxx.xxx:8006/api2/json"
  pm_tls_insecure = true
  pm_timeout    = 600
  pm_log_enable = true
  pm_log_file   = "terraform-plugin-proxmox.log"
  pm_debug      = true
  pm_log_levels = {
    _default    = "debug"
    _capturelog = ""
  }
}

kvm.tf

resource "proxmox_vm_qemu" "gitlab" {
 name        = "gitlab"
 target_node = "alpha"
 clone       = "kvm-debian12-docker"
 full_clone  = true
 kvm         = true
 vmid        = 102
 onboot      = true
 skip_ipv6   = true
 memory      = 12288
 ciupgrade   = true
 ciuser      = "gutocarvalho"
 ipconfig0   = "ip=192.168.222.102/22,gw=192.168.222.1"
 nameserver  = "1.1.1.1"
 scsihw      = "virtio-scsi-pci"
 tags        = "gitlab"
 cpu {
   cores    = 8
 }
 network {
   id        = 0
   bridge    = "vmbr1"
   firewall  = false
   model     = "virtio"
 }
 disks {
  ide {
    ide2 {
      cloudinit {
        storage = "local"
      }
    }
  }
  scsi {
    scsi0 {
      disk {
        format               = "qcow2"
        size                 = "20G"
        storage              = "local"
        replicate            = true
      }
    }
  }
 }
}

lxc

resource "proxmox_lxc" "psono" {
  target_node     = "alpha"
  vmid            = "101"
  hostname        = "psono"
  clone           = "lxc-debian12-docker"
  full            = true
  onboot          = true
  nameserver      = "1.1.1.1"
  tags            = "community-script;docker"
  description     = <<EOT
lxc para rodar gerenciador de senhas
EOT

  cores = 2
  memory = 4098
  swap = 512

  rootfs {
    storage = "local"
    size    = "30G"
  }

  network {
    name     = "eth0"
    bridge   = "vmbr1"
    ip       = "192.168.222.101/22"
    gw       = "192.168.222.1"
    firewall = false
  }

  features {
    fuse    = false
    nesting = true
    mount   = "nfs;cifs"
  }

}