search

Telmate / terraform-provider-proxmox

Terraform provider plugin for proxmox
MIT License
2.14k stars 517 forks source link

VMs are not being created, Proxmox 8.0.3, terraform-provider-proxmox_v2.9.14 #798

Closed denis-ev closed 1 year ago

denis-ev commented 1 year ago

Does anyone else has this problem too?

Proxmox version: 8.0.3

I'm trying to use terraform to spin up some images, but this keeps failing. The API User has full Administrator permissions.

Any idea/help appreciated!

Cheers,

main.tf

terraform {
  required_providers {
    proxmox = {
      source  = "Telmate/proxmox"
      version = "2.9.14"
    }
    sops = {
      source  = "carlpett/sops"
      version = "0.7.2"
    }
  }
}

data "sops_file" "proxmox_secrets" {
  source_file = "secret.sops.yaml"
}

provider "proxmox" {
  pm_api_url = data.sops_file.proxmox_secrets.data["pm_api_url"]

  pm_api_token_id = data.sops_file.proxmox_secrets.data["pm_api_token_id"]

  pm_api_token_secret = data.sops_file.proxmox_secrets.data["pm_api_token_secret"]

  pm_tls_insecure = false

  pm_debug = true
}

resource "proxmox_vm_qemu" "k8s_master" {
  count = 2
  name  = "master-${count.index + 1}" 

  target_node = "pve01"

  clone      = "fedora-38-cloudinit-template"
  full_clone = false

  agent    = 1
  os_type  = "cloud-init"
  cores    = 4
  sockets  = 1
  cpu      = "x86-64-v2-AES"
  memory   = 5120
  scsihw   = "virtio-scsi-pci"
  bootdisk = "scsi0"

  disk {
    slot = 0
    size     = "20G"
    type     = "scsi"
    storage  = "data-lvm"
    iothread = 1
  }

  network {
    model  = "virtio"
    bridge = "vmbr0"
  }

  lifecycle {
    ignore_changes = [
      network,
    ]
  }

  ipconfig0  = "ip=10.1.1.8${count.index + 1}/24,gw=10.1.1.2"
  nameserver = "10.1.1.2"

  sshkeys = <<EOF
  ${data.sops_file.proxmox_secrets.data["ssh_key"]}
  EOF
}

Proxmox version: 8.0.3

2023-06-27T22:07:49.362+0800 [INFO]  provider.terraform-provider-proxmox_v2.9.14: 2023/06/27 22:07:49 [DEBUG][QemuVmCreate] cloning VM: timestamp=2023-06-27T22:07:49.362+0800
2023-06-27T22:07:49.379+0800 [INFO]  provider.terraform-provider-proxmox_v2.9.14: 2023/06/27 22:07:49 [DEBUG][QemuVmCreate] cloning VM: timestamp=2023-06-27T22:07:49.379+0800
2023-06-27T22:07:49.455+0800 [INFO]  provider.terraform-provider-proxmox_v2.9.14: 2023/06/27 22:07:49 [DEBUG][QemuVmCreate] cloning VM: timestamp=2023-06-27T22:07:49.454+0800
2023-06-27T22:07:49.471+0800 [INFO]  provider.terraform-provider-proxmox_v2.9.14: 2023/06/27 22:07:49 [DEBUG][QemuVmCreate] cloning VM: timestamp=2023-06-27T22:07:49.471+0800
2023-06-27T22:07:49.546+0800 [ERROR] provider.terraform-provider-proxmox_v2.9.14: Response contains error diagnostic: diagnostic_summary="403 Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use)" tf_proto_version=5.3 tf_req_id=550931d8-4a54-0b0c-9cdb-6b1227b294fe tf_rpc=ApplyResourceChange diagnostic_severity=ERROR tf_provider_addr=registry.terraform.io/telmate/proxmox @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto diagnostic_detail= tf_resource_type=proxmox_vm_qemu timestamp=2023-06-27T22:07:49.546+0800
2023-06-27T22:07:49.550+0800 [ERROR] provider.terraform-provider-proxmox_v2.9.14: Response contains error diagnostic: tf_resource_type=proxmox_vm_qemu tf_rpc=ApplyResourceChange diagnostic_detail= diagnostic_summary="403 Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use)" tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/telmate/proxmox tf_req_id=4d4a4998-3d04-f6ac-e73b-6401c9dc2c07 diagnostic_severity=ERROR @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto timestamp=2023-06-27T22:07:49.549+0800
2023-06-27T22:07:49.563+0800 [ERROR] provider.terraform-provider-proxmox_v2.9.14: Response contains error diagnostic: diagnostic_summary="403 Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use)" tf_resource_type=proxmox_vm_qemu @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/diag/diagnostics.go:55 diagnostic_detail= diagnostic_severity=ERROR tf_provider_addr=registry.terraform.io/telmate/proxmox tf_req_id=9153b49d-390e-232a-b939-2faaead7f6d6 tf_rpc=ApplyResourceChange @module=sdk.proto tf_proto_version=5.3 timestamp=2023-06-27T22:07:49.563+0800
2023-06-27T22:07:49.568+0800 [ERROR] provider.terraform-provider-proxmox_v2.9.14: Response contains error diagnostic: diagnostic_detail= diagnostic_summary="403 Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use)" tf_provider_addr=registry.terraform.io/telmate/proxmox tf_req_id=de62c23c-78a6-a7dc-faef-8f0ee30d4909 tf_resource_type=proxmox_vm_qemu @module=sdk.proto diagnostic_severity=ERROR tf_proto_version=5.3 tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/diag/diagnostics.go:55 timestamp=2023-06-27T22:07:49.568+0800
2023-06-27T22:07:49.577+0800 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2023-06-27T22:07:49.577+0800 [ERROR] vertex "proxmox_vm_qemu.k8s_worker[0]" error: 403 Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use)
2023-06-27T22:07:49.601+0800 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2023-06-27T22:07:49.601+0800 [ERROR] vertex "proxmox_vm_qemu.k8s_master[0]" error: 403 Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use)
2023-06-27T22:07:49.623+0800 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2023-06-27T22:07:49.623+0800 [ERROR] vertex "proxmox_vm_qemu.k8s_worker[2]" error: 403 Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use)
2023-06-27T22:07:49.644+0800 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2023-06-27T22:07:49.644+0800 [ERROR] vertex "proxmox_vm_qemu.k8s_worker[3]" error: 403 Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use)
glitchcrab commented 1 year ago

I'm still running 7.4, but I would guess that you need to add the SDN.Use permission to your user:

403 Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use

infinitydon commented 1 year ago

Adding SDN.Use permission fixed this for me in proxmox 8.0.2

denis-ev commented 1 year ago

Cheers, I thought just giving it administrator permissions to test should cover that. Haha

I'll try that later and let you know. Thanks

denis-ev commented 1 year ago

this worked! I had a role for the user and the permission Administrator for the user did not override the role.