New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation enhancement: Proxmox Builder #184
Comments
Hi @udf2457, |
Unfortunatley my security head comes first and so whilst my sysadmin heart wants to experiment with Packer on Proxmox, my security head says "not on your nelly giving root on live/semi-live systems". ;-) As far as I can tell from brief internet researches I can't run a test instance of Proxmox on AWS, and I don't have access to spare bare-metal box at the present time. So I'm afraid I'll have to leave the ball in your court in terms of experimentation. |
Hi @udf2457 after some try&die here are some commands that works for me :
Hope it helps. |
@RemiDesgrange Thanks for your guide! It does not work however, if you want packer to upload the ISO file to Proxmox. As I am entirely new to Proxmox, I do not know how to extend the role privileges. Maybe you can chime in here? |
The way I'm building my image with packer, the iso is already on the PVE instance. Feel free to add |
Hello, so I just did this configuration on my cluster and settled on the following config:
If a separate datastore for images is used also the following is needed:
This is because packer deletes the ephemeral images on this datastore at the end of its run which requires the Datastore.Allocate permission which the normal DatastoreUser does not have. If you follow this setup you will have VM Pool where the packer user can create and delete only its own VMs which are isolated from the rest of the cluster. I think this should be the least amount of privileges to be able to execute all necessary packer tasks. I followed this discussion on the Proxmox forum for this setup: https://forum.proxmox.com/threads/allow-user-to-create-vms-but-only-see-and-manage-those-created-by-itself.121222/ |
Dear Packer Team,
Re: Your Proxmox Builder Docs (https://www.packer.io/docs/builders/proxmox.html)
It would be nice if you actually documented precisely what permissions Packer's Proxomox builder is expecting.
As you know Proxomox allows granular definition of user privileges (https://pve.proxmox.com/wiki/User_Management)
As you also know, its 2019 ... and so "principle of least privilege" is king, not "meh, just give it god rights". ;-)
TL;DR ... Does the Proxmox builder really need
Sys.PowerMgmt
,Sys.Console
,User.Modify
etc. etc. etc.The text was updated successfully, but these errors were encountered: