inital commit - lab pve managed by opentofu

.terraform.lock.hcl

@@ -0,0 +1,24 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/telmate/proxmox" {
+  version     = "3.0.2-rc04"
+  constraints = "3.0.2-rc04"
+  hashes = [
+    "h1:ZPr93UUVOw1aCqsODLXsqNQ9Lq/WafX5jgCCLxKBHl4=",
+    "zh:00586a3e02061734f5ff4c309696ec1bbd6e00a7ed1281c44626f02929417f6e",
+    "zh:05af12aababd0a67a95309a803123f3c238b16ecdb73dc59c8d9c3d4a0b691c5",
+    "zh:4b6457bd0138f5c66c8b7043bdbffe3b8abcce2383293d77f653dbd77d14428f",
+    "zh:7b1b6e76d6b03c7829b8dadeb30de236782be314f5146d9f29ee12bd01961d7a",
+    "zh:87c21e0a8244b73c62ad3221773ec1c72fb918e0025b0664183a8ad8bebeb5bc",
+    "zh:954997c550285dfc167977683b97b045dd62923c251fad32c4ca81b564c2005f",
+    "zh:98781ef0199877580256e9f9a7f0666107f76af23f54f67d6392a66a6f5001b5",
+    "zh:9fc4dbd1752e2b9125223be2dd25597c0e6d534aa784c4829af3c3e3e58eb973",
+    "zh:a3f672019aee2d45c202668b95c48113e3c50001b740bd48956738ad1418c6b7",
+    "zh:a539852a4034132442e6dc6f644444994d83b0dc7a4d30bbe6464de420cfdf2d",
+    "zh:aade0b50a559a1da683c49ec8527e5e66b12ed42d4b1f10e69b25cbbf6c67805",
+    "zh:bdb7c2b78cfe039247948fa75fad49f871f8a8bb9b969aec4c45a24edc80ab0f",
+    "zh:c16209a6748f87a379a5a3132ca4f471a4807bd478664499593e09433ba39b7b",
+    "zh:cb015fb4a0a50d151c35c6a3505cdf7a337edd0b65eba82a43c8142c523adfb8",
+  ]
+}

.terraform/providers/registry.opentofu.org/telmate/proxmox/3.0.2-rc04/darwin_arm64/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

.terraform/providers/registry.opentofu.org/telmate/proxmox/3.0.2-rc04/darwin_arm64/README.md

@@ -0,0 +1,51 @@
+[![Build Status](https://travis-ci.com/Telmate/terraform-provider-proxmox.svg?branch=master)](https://travis-ci.com/Telmate/terraform-provider-proxmox)
+
+# Terraform provider plugin for Proxmox
+
+This repository provides a Terraform provider for
+the [Proxmox virtualization platform](https://pve.proxmox.com/pve-docs/) and exposes Terraform resources to provision
+QEMU VMs and LXC Containers.
+
+## Getting Started
+
+In order to get started, use [the documentation included in this repository](docs/index.md). The documentation contains
+a list of the options for the provider. Moreover, there are some guides available how to combine options and start
+specific VMs.
+
+## Quick Start
+
+Follow this [install guide](docs/guides/installation.md) to install the plugin.
+
+## Known Limitations
+
+* `proxmox_vm_qemu`.`disk`.`size` attribute does not match what is displayed in the Proxmox UI.
+* Updates to `proxmox_vm_qemu` resources almost always result as a failed task within the Proxmox UI. This appears to be
+  harmless and the desired configuration changes do get applied.
+* When using the `proxmox_lxc` resource, the provider will crash unless `rootfs` is defined.
+* When using the Network Boot mode (PXE), a valid NIC must be defined for the VM, and the boot order must specify network first.
+
+## Contributing
+
+When contributing, please also add documentation to help other users.
+
+### Debugging the provider
+
+Debugging is available for this provider through the Terraform Plugin SDK versions 2.0.0. Therefore, the plugin can be
+started with the debugging flag `--debug`.
+
+For example (using [delve](https://github.com/go-delve/delve) as Debugger):
+
+```bash
+dlv exec --headless ./terraform-provider-my-provider -- --debug
+```
+
+For more information about debugging a provider please
+see: [Debugger-Based Debugging](https://www.terraform.io/docs/extend/debugging.html#debugger-based-debugging)
+
+## Useful links
+
+* [Proxmox](https://www.proxmox.com/en/)
+* [Proxmox documentation](https://pve.proxmox.com/pve-docs/)
+* [Terraform](https://www.terraform.io/)
+* [Terraform documentation](https://www.terraform.io/docs/index.html)
+* [Recommended ISO builder](https://github.com/Telmate/terraform-ubuntu-proxmox-iso)

credentials.auto.tfvars

@@ -0,0 +1,9 @@
+proxmox_api_url = "https://pve.lab.softbox.net:8006/api2/json"
+proxmox_api_token_id = "root@pam!tofu"
+proxmox_api_token_secret = "abb30a27-6d10-4d1e-8f3c-a02c355b3ee9"
+
+#lxc_passwd = "reliyyaeknpt3"
+#vm_passwd = "reliyyaeknpt3"
+
+
+

provider.tf

@@ -0,0 +1,33 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "telmate/proxmox"
+      version = "3.0.2-rc04"
+    }
+  }
+}
+
+variable "proxmox_api_url" {
+    type = string
+}
+
+variable "proxmox_api_token_id" {
+    type = string
+    sensitive = true
+}
+
+variable "proxmox_api_token_secret" {
+    type = string
+    sensitive = true
+}
+
+provider "proxmox" {
+
+  pm_api_url = var.proxmox_api_url
+  pm_api_token_id = var.proxmox_api_token_id
+  pm_api_token_secret = var.proxmox_api_token_secret
+
+  pm_tls_insecure = true
+}
+
+

snippets/freeipa.yml

@@ -0,0 +1,11 @@
+#cloud-config
+runcmd:
+  - dnf update
+  - dnf install -y qemu-guest-agent
+  - systemctl start qemu-guest-agent
+  - systemctl enable --now qemu-guest-agent
+  # Fedora does not install firewall-cmd by default
+#  - firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps
+#  - firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --permanent
+  # Install freeipa and dns component
+  - dnf install -y freeipa-server freeipa-server-dns

templates/lxc-demo-1.tf

@@ -0,0 +1,35 @@
+# variable "lxc_passwd" {
+#     type = string
+#     sensitive = true
+# }
+# 
+# resource "proxmox_lxc" "lxc_demo_1" {
+#     target_node = "pve"
+#     ostemplate = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
+#     password = var.lxc_passwd
+#     unprivileged = true
+#     vmid = "0"
+# 
+#     ssh_public_keys = <<-EOT
+#       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzh23ZkSVNbmDKk9esAT9qNkOoYFLhpX2nSLKPJaDVZ petar.cubela@sbx-mac-lab.local
+#     EOT
+# 
+# 
+#     features {
+#         nesting = true
+#     }
+#     hostname = "lxc-demo-1"
+# 
+#     network {
+#         name = "eth1"
+#         bridge = "vmbr1"
+#         ip = ""
+#         ip6 = "auto"
+#     }
+# 
+#     rootfs {
+#       storage = "local-zfs"
+#       size    = "8G"
+#     }
+# 
+# }

templates/vm-demo-1.tf

@@ -0,0 +1,67 @@
+#resource "proxmox_vm_qemu" "vm-demo-1" {
+#    name = "terraform-test-vm"
+#
+#    # Node name has to be the same name as within the cluster
+#    # this might not include the FQDN
+#    target_node = "pve"
+#
+#    # The template name to clone this vm from
+#    clone = "temp-debian-13"
+#
+#    # Activate QEMU agent for this VM
+#    agent = 1
+#
+#    os_type = "cloud-init"
+#    vmid = 0
+#    
+#    cpu {
+#        cores = 2
+#        sockets = 1
+#        type = "host"
+#    }
+#    memory      = 2048
+#    scsihw      = "virtio-scsi-single"
+#
+#    # Setup the disk
+#    disks {
+#      scsi {
+#        scsi0 {
+#          # We have to specify the disk from our template, else Terraform will think it's not supposed to be there
+#          disk {
+#            storage = "local-zfs"
+#            # The size of the disk should be at least as big as the disk in the template. If it's smaller, the disk will be recreated
+#            size    = "8G" 
+#          }
+#        }
+#      }
+#      ide {
+#        # Some images require a cloud-init disk on the IDE controller, others on the SCSI or SATA controller
+#        ide1 {
+#          cloudinit {
+#            storage = "local-zfs"
+#          }
+#        }
+#      }
+#    }    
+#    # Setup the network interface and assign a vlan tag: 256
+#
+#    network {
+#        id = 0
+#        model = "virtio"
+#        bridge = "vmbr1"
+#        macaddr   = "bc:24:11:de:ca:28"
+#    }
+#
+#    boot = "order=scsi0"
+#
+#    # Setup the ip address using cloud-init.
+#    # Keep in mind to use the CIDR notation for the ip.
+#    ipconfig0 = "ip6=auto"
+#    ciuser = "reliyya"
+#    cicustom   = "vendor=local:snippets/qemu-guest-agent.yml" # /var/lib/vz/snippets/qemu-guest-agent.yml
+#    ciupgrade  = true
+#
+#    sshkeys = <<EOF
+#      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzh23ZkSVNbmDKk9esAT9qNkOoYFLhpX2nSLKPJaDVZ petar.cubela@sbx-mac-lab.local
+#    EOF
+#}

vm-demo-1.tf

@@ -0,0 +1,70 @@
+resource "proxmox_vm_qemu" "vm-demo-1" {
+    name = "sbx-lab-sssd"
+
+    # Node name has to be the same name as within the cluster
+    # this might not include the FQDN
+    target_node = "pve"
+
+    # The template name to clone this vm from
+    clone = "template-24.04-noble"
+
+    # Activate QEMU agent for this VM
+    agent = 1
+
+    os_type = "cloud-init"
+    vmid = 112
+    vm_state = "stopped"
+    
+    cpu {
+        cores = 2
+        sockets = 1
+        type = "host"
+    }
+    memory      = 2048
+    scsihw      = "virtio-scsi-single"
+
+    # Setup the disk
+    disks {
+      scsi {
+        scsi0 {
+          # We have to specify the disk from our template, else Terraform will think it's not supposed to be there
+          disk {
+            storage = "local-lvm"
+            # The size of the disk should be at least as big as the disk in the template. If it's smaller, the disk will be recreated
+            size    = "8G" 
+          }
+        }
+      }
+      ide {
+        # Some images require a cloud-init disk on the IDE controller, others on the SCSI or SATA controller
+        ide1 {
+          cloudinit {
+            storage = "local-lvm"
+          }
+        }
+      }
+    }    
+    # Setup the network interface and assign a vlan tag: 256
+
+    network {
+        id = 0
+        model = "virtio"
+        bridge = "vmbr0"
+        macaddr   = "bc:24:11:de:ca:28"
+    }
+    nameserver = "10.11.12.66"
+
+    boot = "order=scsi0"
+    tags = "ad,ldap,sssd,samba,kerberos"
+
+    # Setup the ip address using cloud-init.
+    # Keep in mind to use the CIDR notation for the ip.
+    ipconfig0 = "ip=dhcp"
+    ciuser = "sbxadmin"
+    cicustom   = "vendor=local:snippets/qemu-guest-agent.yml" # /var/lib/vz/snippets/qemu-guest-agent.yml
+    ciupgrade  = true
+
+    sshkeys = <<EOF
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzh23ZkSVNbmDKk9esAT9qNkOoYFLhpX2nSLKPJaDVZ petar.cubela@sbx-mac-lab.local
+    EOF
+}

vm_freeipa.tf

@@ -0,0 +1,70 @@
+resource "proxmox_vm_qemu" "vm-freeipa" {
+    name = "ipa"
+
+    # Node name has to be the same name as within the cluster
+    # this might not include the FQDN
+    target_node = "pve"
+
+    # The template name to clone this vm from
+    clone = "temp-fedora-38"
+
+    # Activate QEMU agent for this VM
+    agent = 1
+
+    os_type = "cloud-init"
+    vmid = 111
+    vm_state = "running"
+    
+    cpu {
+        cores = 2
+        sockets = 1
+        type = "host"
+    }
+    memory      = 2048
+    scsihw      = "virtio-scsi-pci"
+
+    # Setup the disk
+    disks {
+      scsi {
+        scsi0 {
+          # We have to specify the disk from our template, else Terraform will think it's not supposed to be there
+          disk {
+            storage = "local-lvm"
+            # The size of the disk should be at least as big as the disk in the template. If it's smaller, the disk will be recreated
+            size    = "16G" 
+          }
+        }
+      }
+      ide {
+        # Some images require a cloud-init disk on the IDE controller, others on the SCSI or SATA controller
+        ide1 {
+          cloudinit {
+            storage = "local-lvm"
+          }
+        }
+      }
+    }    
+    # Setup the network interface and assign a vlan tag: 256
+
+    network {
+        id = 0
+        model = "virtio"
+        bridge = "vmbr0"
+        macaddr   = "bc:24:11:de:cb:30"
+    }
+    nameserver = "9.9.9.9"
+
+    boot = "order=scsi0"
+    tags = "ldap,samba,kerberos,dns,pki"
+
+    # Setup the ip address using cloud-init.
+    # Keep in mind to use the CIDR notation for the ip.
+    ipconfig0   = "ip=10.11.12.65/24,gw=10.11.12.254"
+    ciuser      = "sbxadmin"
+    cicustom    = "vendor=local:snippets/qemu-guest-agent.yml" # /var/lib/vz/snippets/qemu-guest-agent.yml
+    ciupgrade   = true
+
+    sshkeys = <<EOF
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzh23ZkSVNbmDKk9esAT9qNkOoYFLhpX2nSLKPJaDVZ petar.cubela@sbx-mac-lab.local
+    EOF
+}

vm_freeipa_client.tf

@@ -0,0 +1,70 @@
+resource "proxmox_vm_qemu" "vm_freeipa_client" {
+    name = "ipa-client"
+
+    # Node name has to be the same name as within the cluster
+    # this might not include the FQDN
+    target_node = "pve"
+
+    # The template name to clone this vm from
+    clone = "temp-fedora-38"
+
+    # Activate QEMU agent for this VM
+    agent = 1
+
+    os_type = "cloud-init"
+    vmid = 113
+    vm_state = "running"
+    
+    cpu {
+        cores = 2
+        sockets = 1
+        type = "host"
+    }
+    memory      = 2048
+    scsihw      = "virtio-scsi-pci"
+
+    # Setup the disk
+    disks {
+      scsi {
+        scsi0 {
+          # We have to specify the disk from our template, else Terraform will think it's not supposed to be there
+          disk {
+            storage = "local-lvm"
+            # The size of the disk should be at least as big as the disk in the template. If it's smaller, the disk will be recreated
+            size    = "16G" 
+          }
+        }
+      }
+      ide {
+        # Some images require a cloud-init disk on the IDE controller, others on the SCSI or SATA controller
+        ide1 {
+          cloudinit {
+            storage = "local-lvm"
+          }
+        }
+      }
+    }    
+    # Setup the network interface and assign a vlan tag: 256
+
+    network {
+        id = 0
+        model = "virtio"
+        bridge = "vmbr0"
+        macaddr   = "bc:24:11:de:cb:31"
+    }
+    nameserver = "10.11.12.65,10.11.12.254"
+
+    boot = "order=scsi0"
+    tags = "ldap,samba,kerberos,dns,pki"
+
+    # Setup the ip address using cloud-init.
+    # Keep in mind to use the CIDR notation for the ip.
+    ipconfig0   = "ip=10.11.12.13/24,gw=10.11.12.254"
+    ciuser      = "sbxadmin"
+    cicustom    = "vendor=local:snippets/qemu-guest-agent.yml" # /var/lib/vz/snippets/qemu-guest-agent.yml
+    ciupgrade   = true
+
+    sshkeys = <<EOF
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzh23ZkSVNbmDKk9esAT9qNkOoYFLhpX2nSLKPJaDVZ petar.cubela@sbx-mac-lab.local
+    EOF
+}