Skip to content

Commit 1c990fd

Browse files
TinyblargonTinyblargon
authored
Merge pull request #1428 from ivan-penchev/fix-docs
chore(docs): clarify docs on VM.Monitor
2 parents 6cead4b + 70f7ebc commit 1c990fd

File tree

1 file changed

+19
-11
lines changed

1 file changed

+19
-11
lines changed

docs/index.md

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -6,38 +6,46 @@ and [proxmox_lxc](resources/lxc.md).
66

77
## Creating the Proxmox user and role for terraform
88

9-
The particular privileges required may change but here is a suitable starting point rather than using cluster-wide
10-
Administrator rights
9+
To ensure security, it's best practice to create a dedicated user and role for Terraform instead of using cluster-wide Administrator rights.
10+
The particular privileges required may change but here is a suitable starting point.
1111

1212
Log into the Proxmox cluster or host using ssh (or mimic these in the GUI) then:
1313

1414
- Create a new role for the future terraform user.
1515
- Create the user "terraform-prov@pve"
1616
- Add the TERRAFORM-PROV role to the terraform-prov user
1717

18+
### Proxmox 9 and Newer
19+
20+
In Proxmox 9, the `VM.Monitor` privilege was deprecated and is no longer required.
21+
1822
```bash
19-
pveum role add TerraformProv -privs "Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate VM.Monitor VM.PowerMgmt SDN.Use"
23+
pveum role add TerraformProv -privs "Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate VM.PowerMgmt SDN.Use"
2024
pveum user add terraform-prov@pve --password <password>
2125
pveum aclmod / -user terraform-prov@pve -role TerraformProv
2226
```
2327

24-
Promox 9 : Remove `VM.Monitor` from the "privs" line.
28+
### Proxmox 8 and Older
2529

26-
After the role is in use, if there is a need to modify the privileges, simply issue the command showed, adding or
27-
removing privileges as needed.
28-
29-
Proxmox > 8:
30+
For older versions of Proxmox, the `VM.Monitor` privilege is required.
3031

3132
```bash
32-
pveum role modify TerraformProv -privs "Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate VM.Monitor VM.PowerMgmt SDN.Use"
33+
pveum role add TerraformProv -privs "Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Monitor VM.Migrate VM.PowerMgmt SDN.Use"
34+
pveum user add terraform-prov@pve --password <password>
35+
pveum aclmod / -user terraform-prov@pve -role TerraformProv
3336
```
3437

35-
Proxmox < 8:
38+
### Modifying Privileges
39+
40+
If you need to adjust the role's permissions later, you can use the `pveum role modify` command. Simply add or remove privileges from the `-privs` list as needed.
41+
For example if you are migrating from Proxmox 8 to 9, you may run the following command to remove `VM.Monitor`
3642

3743
```bash
38-
pveum role modify TerraformProv -privs "Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate VM.Monitor VM.PowerMgmt"
44+
pveum role modify TerraformProv -privs "Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate VM.PowerMgmt SDN.Use"
3945
```
4046

47+
### Using an API Token (Recommended)
48+
4149
The provider also supports using an API token rather than a password. To create an API token, use the following command:
4250

4351
```bash

0 commit comments

Comments
 (0)