vpnwall-services/TERRAFORM-PROXMOX-101.md

## create_template.sh
#create_template.sh
#Execute on pve
#wget https://cloud.debian.org/images/cloud/OpenStack/current-10/debian-10-openstack-amd64.qcow2
#wget https://cloud.debian.org/images/cloud/buster/20220911-1135/debian-10-generic-amd64-20220911-1135.qcow2
wget https://cloud.debian.org/images/cloud/bullseye/20231013-1532/debian-11-generic-amd64-20231013-1532.qcow2
sudo apt install libguestfs-tools -y
sudo virt-customize -a debian-11-generic-amd64-20231013-1532.qcow2 --install qemu-guest-agent
qm create 900 --name debian-10-openstack-amd64 --net0 virtio,bridge=vmbr0
qm importdisk 900 debian-10-generic-amd64-20220911-1135.qcow2 local-lvm
qm set 900 --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-900-disk-0
qm set 900 --ide2 local-lvm:cloudinit
qm set 900 --boot c --bootdisk scsi0
qm set 900 --serial0 socket --vga serial0
cat << EOF > /etc/pve/pub_keys/xxxx.pub
ssh-rsa xxxxxxxxxxxxxxxxxx
EOF
qm set 900 -sshkey /etc/pve/pub_keys/xxxx.pub
qm template 900

## files_cloud_init_deb10.cloud_config
#files/cloud_init_deb10.cloud_config
#cloud-config

package_update: true
package_upgrade: true

# APT fails to acquire GPG keys if package dirmngr is missing
bootcmd:
  - [ cloud-init-per, once, dirmngr-aptupdate, apt-get, update ]
  - [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, dirmngr, -y ]
  - [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, gnupg2, -y ]

apt:
  sources:
    saltstack.list:
      source: "deb http://repo.saltstack.com/py3/debian/10/amd64/latest buster main"
      filename: saltstack.list
      key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: GnuPG v2

        mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
        m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
        tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
        WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
        kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
        gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
        YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
        qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
        WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
        yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
        nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
        4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
        /NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
        9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
        9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
        uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
        zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
        GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
        PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
        AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
        WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
        vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
        T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
        1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
        fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
        MA==
        =dtMN
        -----END PGP PUBLIC KEY BLOCK-----

packages:
  - jq
  - curl
  - qemu-guest-agent
  - salt-minion

users:
- name: stuart
  groups: sudo
  shell: /bin/bash
  sudo: ['ALL=(ALL) NOPASSWD:ALL']
  ssh_authorized_keys:
    - ${ssh_key}

preserve_hostname: false
manage_etc_hosts: false
fqdn: ${hostname}.${domain}

configsalt:
  - &config_salt |
    echo "master: salt-master.${domain}" >> /etc/salt/minion
    echo "domain: ${domain}" >> /etc/salt/grains
    echo "startup_states: 'highstate'" >> /etc/salt/minion
    echo "id: ${hostname}.${domain}" >> /etc/salt/minion
    hostnamectl set-hostname "${hostname}.${domain}" > /etc/hostname

restartsalt:
  - &restart_salt |
    systemctl restart salt-minion.service

runcmd:
 - [ sh, -c, *config_salt ]
 - [ sh, -c, *restart_salt ]

## provider.tf
terraform {
  required_providers {
    proxmox = {
      source = "telmate/proxmox"
      version = "2.7.4"
    }
  }
}
provider "proxmox" {
  pm_api_url = "https://pve.xxx.xxxxx:8006/api2/json"
  pm_api_token_id = "root@pam!new_token"
  pm_api_token_secret = "xxxxxxxxxxxxxxxxx"
  pm_tls_insecure = true
}

## soc.tf
#soc.tf
# Source the Cloud Init Config file
data "template_file" "cloud_init_deb10_soc-1" {
  template  = "${file("${path.module}/files/cloud_init_deb10.cloud_config")}"

  vars = {
    ssh_key = file("/my/public/key/path/to/deploy/on/vm")
    hostname = "xxxxxxxx"
    domain = "xxx.xxx"
  }
}

# Create a local copy of the file, to transfer to Proxmox
resource "local_file" "cloud_init_deb10_soc-1" {
  content   = data.template_file.cloud_init_deb10_soc-1.rendered
  filename  = "${path.module}/files/user_data_cloud_init_deb10_soc-1.cfg"
}

# Transfer the file to the Proxmox Host
resource "null_resource" "cloud_init_deb10_soc-1" {
  connection {
    type    = "ssh"
    user    = "root"
    private_key = file("/my/priv/key/path/for/ssh/retrieval/of/cloudinit")
    host    = "xxx.pve.ipx.xxx"
  }

  provisioner "file" {
    source       = local_file.cloud_init_deb10_soc-1.filename
    destination  = "/snippets/cloud_init_deb10_soc-1.yml"
  }
}


# Create the VM
resource "proxmox_vm_qemu" "soc-1" {
  depends_on = [
    null_resource.cloud_init_deb10_soc-1
  ]

  name = "soc-1"
  target_node = "pve"

  # Clone from debian-cloudinit template
  clone = var.template_name
  os_type = "cloud-init"

  # Cloud init options
  cicustom = "user=local:/storage/snippets/cloud_init_deb10_soc-1.yml"
  ipconfig0 = "ip=xxx.ipx.vmx.xxx/24,gw=xxx.xxx.xxx.xxx"

  memory       = 512
  agent        = 1

  bootdisk = "scsi0"
  scsihw       = "virtio-scsi-pci"

  disk {
    size            = "10G"
    type            = "scsi"
    storage         = "local-lvm"
  }

  # Set the network
  network {
    model = "virtio"
    bridge = "vmbr0"
    macaddr = "00:ff:ff:ff:ff:ff"
  }
  lifecycle {
     ignore_changes = [
       network
     ]
  }
}

## TERRAFORM-PROXMOX-101.md

      
    Raw
  

              TERRAFORM-PROXMOX-101.md
            
          
    # https://blog.levassb.ovh/post/terraform/


Create apiuser on proxmox Datacenter => Storage => Create user => terraform
apitokens => root @pam / new_token / privesc: no


Snippets folder Storage =>
snippets / /storage/snippets /Snippets


Add permissions to apiuser Permissions =>


/ root@pam!new_token PVEVMAdmin
/storage/local-lvm root@pam!new_token Administrator
/storage/snippets root@pam!new_token Administrator


## vars.tf
#vars.tf
variable "ssh_key" {
  default = "ssh-rsa xxxxxxxxxxxxxxxxxx"
}
variable "proxmox_host" {
    default = "pve"
}
variable "template_name" {
    default = "debian-10-openstack-amd64"
}
	#create_template.sh
	#Execute on pve
	#wget https://cloud.debian.org/images/cloud/OpenStack/current-10/debian-10-openstack-amd64.qcow2
	#wget https://cloud.debian.org/images/cloud/buster/20220911-1135/debian-10-generic-amd64-20220911-1135.qcow2
	wget https://cloud.debian.org/images/cloud/bullseye/20231013-1532/debian-11-generic-amd64-20231013-1532.qcow2
	sudo apt install libguestfs-tools -y
	sudo virt-customize -a debian-11-generic-amd64-20231013-1532.qcow2 --install qemu-guest-agent
	qm create 900 --name debian-10-openstack-amd64 --net0 virtio,bridge=vmbr0
	qm importdisk 900 debian-10-generic-amd64-20220911-1135.qcow2 local-lvm
	qm set 900 --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-900-disk-0
	qm set 900 --ide2 local-lvm:cloudinit
	qm set 900 --boot c --bootdisk scsi0
	qm set 900 --serial0 socket --vga serial0
	cat << EOF > /etc/pve/pub_keys/xxxx.pub
	ssh-rsa xxxxxxxxxxxxxxxxxx
	EOF
	qm set 900 -sshkey /etc/pve/pub_keys/xxxx.pub
	qm template 900
	#files/cloud_init_deb10.cloud_config
	#cloud-config

	package_update: true
	package_upgrade: true

	# APT fails to acquire GPG keys if package dirmngr is missing
	bootcmd:
	- [ cloud-init-per, once, dirmngr-aptupdate, apt-get, update ]
	- [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, dirmngr, -y ]
	- [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, gnupg2, -y ]

	apt:
	sources:
	saltstack.list:
	source: "deb http://repo.saltstack.com/py3/debian/10/amd64/latest buster main"
	filename: saltstack.list
	key: \|
	-----BEGIN PGP PUBLIC KEY BLOCK-----
	Version: GnuPG v2

	mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
	m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
	tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
	WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
	kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
	gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
	YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
	qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
	WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
	yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
	nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
	4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
	/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
	9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
	9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
	uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
	zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
	GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
	PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
	AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
	WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
	vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
	T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
	1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
	fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
	MA==
	=dtMN
	-----END PGP PUBLIC KEY BLOCK-----

	packages:
	- jq
	- curl
	- qemu-guest-agent
	- salt-minion

	users:
	- name: stuart
	groups: sudo
	shell: /bin/bash
	sudo: ['ALL=(ALL) NOPASSWD:ALL']
	ssh_authorized_keys:
	- ${ssh_key}

	preserve_hostname: false
	manage_etc_hosts: false
	fqdn: ${hostname}.${domain}

	configsalt:
	- &config_salt \|
	echo "master: salt-master.${domain}" >> /etc/salt/minion
	echo "domain: ${domain}" >> /etc/salt/grains
	echo "startup_states: 'highstate'" >> /etc/salt/minion
	echo "id: ${hostname}.${domain}" >> /etc/salt/minion
	hostnamectl set-hostname "${hostname}.${domain}" > /etc/hostname

	restartsalt:
	- &restart_salt \|
	systemctl restart salt-minion.service

	runcmd:
	- [ sh, -c, *config_salt ]
	- [ sh, -c, *restart_salt ]
	terraform {
	required_providers {
	proxmox = {
	source = "telmate/proxmox"
	version = "2.7.4"
	}
	}
	}
	provider "proxmox" {
	pm_api_url = "https://pve.xxx.xxxxx:8006/api2/json"
	pm_api_token_id = "root@pam!new_token"
	pm_api_token_secret = "xxxxxxxxxxxxxxxxx"
	pm_tls_insecure = true
	}
	#soc.tf
	# Source the Cloud Init Config file
	data "template_file" "cloud_init_deb10_soc-1" {
	template = "${file("${path.module}/files/cloud_init_deb10.cloud_config")}"

	vars = {
	ssh_key = file("/my/public/key/path/to/deploy/on/vm")
	hostname = "xxxxxxxx"
	domain = "xxx.xxx"
	}
	}

	# Create a local copy of the file, to transfer to Proxmox
	resource "local_file" "cloud_init_deb10_soc-1" {
	content = data.template_file.cloud_init_deb10_soc-1.rendered
	filename = "${path.module}/files/user_data_cloud_init_deb10_soc-1.cfg"
	}

	# Transfer the file to the Proxmox Host
	resource "null_resource" "cloud_init_deb10_soc-1" {
	connection {
	type = "ssh"
	user = "root"
	private_key = file("/my/priv/key/path/for/ssh/retrieval/of/cloudinit")
	host = "xxx.pve.ipx.xxx"
	}

	provisioner "file" {
	source = local_file.cloud_init_deb10_soc-1.filename
	destination = "/snippets/cloud_init_deb10_soc-1.yml"
	}
	}


	# Create the VM
	resource "proxmox_vm_qemu" "soc-1" {
	depends_on = [
	null_resource.cloud_init_deb10_soc-1
	]

	name = "soc-1"
	target_node = "pve"

	# Clone from debian-cloudinit template
	clone = var.template_name
	os_type = "cloud-init"

	# Cloud init options
	cicustom = "user=local:/storage/snippets/cloud_init_deb10_soc-1.yml"
	ipconfig0 = "ip=xxx.ipx.vmx.xxx/24,gw=xxx.xxx.xxx.xxx"

	memory = 512
	agent = 1

	bootdisk = "scsi0"
	scsihw = "virtio-scsi-pci"

	disk {
	size = "10G"
	type = "scsi"
	storage = "local-lvm"
	}

	# Set the network
	network {
	model = "virtio"
	bridge = "vmbr0"
	macaddr = "00:ff:ff:ff:ff:ff"
	}
	lifecycle {
	ignore_changes = [
	network
	]
	}
	}
	#vars.tf
	variable "ssh_key" {
	default = "ssh-rsa xxxxxxxxxxxxxxxxxx"
	}
	variable "proxmox_host" {
	default = "pve"
	}
	variable "template_name" {
	default = "debian-10-openstack-amd64"
	}