Prerequest
Since PVE 8 has bug with terraform. so I highly recommand use pve 7
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| sudo apt-get update && sudo apt-get install -y gnupg software-properties-common
wget -O- https://apt.releases.hashicorp.com/gpg | \
gpg --dearmor | \
sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
gpg --no-default-keyring \
--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
--fingerprint
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \
sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
sudo apt-get install terraform
|
Generate tf login token on pve node
1
2
3
4
5
6
| pveum role delete TerraformProv
pveum user delete terraform-prov@pve
pveum role add TerraformProv -privs "Datastore.AllocateSpace Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate VM.Monitor VM.PowerMgmt"
pveum user add terraform-prov@pve
pveum aclmod / -user terraform-prov@pve -role TerraformProv
pveum user token add terraform-prov@pve terraform-token --privsep=0
|
Output:
1
2
3
4
5
6
7
8
9
| ┌──────────────┬──────────────────────────────────────┐
│ key │ value │
╞══════════════╪══════════════════════════════════════╡
│ full-tokenid │ terraform-prov@pve!terraform-token │
├──────────────┼──────────────────────────────────────┤
│ info │ {"privsep":"0"} │
├──────────────┼──────────────────────────────────────┤
│ value │ b092fe96-4c36-46c6-a477-b0bb5919e653 │
└──────────────┴──────────────────────────────────────┘
|
Create main.tf file
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
| terraform {
required_providers {
proxmox = {
source = "telmate/proxmox"
}
}
}
provider "proxmox" {
pm_tls_insecure = true
pm_api_url = "https://192.168.11.53:8006/api2/json"
pm_api_token_id = "terraform-prov@pve!terraform-token"
pm_api_token_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
resource "proxmox_vm_qemu" "proxmox-vyos" {
count = 1
name = "vyos-${count.index + 1}"
desc = "vyos Iac Test environment"
# PVE Node
target_node = "debian"
# cloud-init template
clone = "template-vyos-1.3.6"
# guest agent
agent = 0
os_type = "cloudinit"
onboot = true
# CPU
cores = 4
sockets = 1
cpu = "host"
# mem
memory = 512
scsihw = "virtio-scsi-single"
bootdisk = "scsi0"
# disk
disk {
slot = 0
size = "2G"
type = "scsi"
storage = "SSD"
iothread = 1
}
# newtork
network {
model = "virtio"
bridge = "vmbr0"
}
network {
model = "virtio"
bridge = "vmbr1"
}
lifecycle {
ignore_changes = [
network,
]
}
# set fix ip address
ipconfig0 = "ip=192.168.11.9${count.index + 1}/24,gw=192.168.11.1"
ipconfig1 = "ip=192.168.110.9${count.index + 1}/24,gw=192.168.110.1"
# ssh key SSH key
ciuser = "user"
sshkeys = <<EOF
%%YOUR_SSH_KEY%%
EOF
}
|
Apply
1
2
3
4
5
6
7
8
9
10
11
| # init
terraform init
# format tf file
terraform fmt
# validate
terraform validate
terraform plan
terraform apply
|
Destroy
Reference
