Proxmox virtual machine *automation* in Terraform

00:00

hey everybody in one of my last videos

00:02

i've shown you how you can automate

00:04

custom virtual machine templates in

00:05

proxbox we use the free and open source

00:08

tool packer to automatically install our

00:10

images with ubuntu and we package it

00:12

with custom shell scripts to install

00:14

docker and set up an ip address or use

00:16

configuration with cloud init but there

00:18

was one big thing missing in this video

00:20

and this is automating the virtual

00:22

machines itself because we still cloned

00:24

this template manually to a new virtual

00:26

machine and we also needed to set up

00:28

credentials ip configurations and

00:30

resources in the web ui of proxbox and

00:33

that is exactly what i want to automate

00:35

in this video with one of my favorite

00:37

tools terraform so let's do this

00:42

by the way if you haven't watched the

00:44

previous video with packers don't worry

00:46

you can still follow this video along

00:48

because the terraform proxmox

00:49

integration doesn't need a custom image

00:52

prepared with packer you can use the

00:54

same automation scripts with any other

00:55

custom vm template you have created and

00:57

prepared with cloud init regardless of

01:00

how you've done it i also think it helps

01:02

to have some basic knowledge about

01:04

terraform because i probably won't cover

01:06

all the basics here so if you'd like to

01:08

learn more about terraform and packer

01:10

i've linked you both of my video

01:12

tutorials in the description of this one

01:14

and then you can check it out later and

01:16

of course you will also find the project

01:17

files for this tutorial on my personal

01:20

github page in the boilerplates

01:21

repository so just navigate to terraform

01:24

proxmox and then you will find the

01:26

templates that i'm explaining here in

01:28

this video

01:29

but before we start with the template

01:31

first i want to say a few words about

01:33

today's sponsor teleport

01:35

so we keep talking about amazing free

01:37

and open source tools teleport is an

01:39

access proxy to protect your remote

01:41

resources like ssh linux servers

01:43

kubernetes databases or web applications

01:46

with two-factor authentication and an

01:48

audit logging i always use it when i

01:50

need to log in from outside my home

01:52

network or securely access my cloud

01:54

resources is a great application so just

01:56

donate and try it out of course you will

01:58

find a link to their website in the

01:59

description down below okay so let's

02:01

first recap what you might or might not

02:04

know about terraform this is a free open

02:06

source infrastructure as code automation

02:09

tool so the goal of infrastructure is

02:11

code is that you don't need to set up

02:13

install and configure your it

02:14

infrastructure through web interfaces or

02:17

manual processes anymore instead you

02:19

define all the resources you need in

02:21

code very similar to a programming

02:23

language where you describe an object in

02:25

some states you want these resources to

02:27

have whatever you define in the code

02:29

therefore makes sure that this is

02:31

happening in your environment i've

02:33

previously used it to deploy cloud

02:34

infrastructure like kubernetes and

02:36

docker and it's a very common devops

02:38

tool that integrates well with other

02:40

cloud providers but i also recently

02:42

found a custom teraframe provider for

02:44

proxmox

02:46

i'm using proxmoxnow for quite some time

02:48

in my home lab and it's absolutely my

02:50

favorite hypervisor to run virtual

02:51

machines and i've also done some videos

02:54

about it and i guess many of you guys

02:55

will already use it

02:57

so let's take a look at the proxbox

02:59

provider in the terraform rager street

03:01

which is made by tellmate and you should

03:03

know that this is not an official

03:05

provider because hashicorp the vendor of

03:07

terraform opened terraform up for any

03:10

custom implementations and makes it very

03:12

easy for developers to write their own

03:14

extensions and the proxmox provider is

03:17

such a custom extension however i've

03:19

seen that it's around for quite some

03:21

time and supported by many people so

03:23

it's worth taking a look at the gita

03:25

project it's pretty cool and in the

03:27

official documentation you can also see

03:29

how you can use it in terraform to

03:31

connect it to your local proxmox server

03:33

but don't worry of course i will walk

03:34

you through this stuff as well

03:37

so first we need to create an api token

03:39

in proxmox because terraform needs to

03:42

somehow authenticate to our servers and

03:44

create the required resources if you

03:46

don't know how to do that in proxmox you

03:49

need to select your data center and go

03:50

to permissions api tokens add a new api

03:54

token for a specific user in my case

03:56

i've just used the root user here

03:58

because this user already has all the

04:00

privileges we need in terraform just

04:02

enter a name for the token id and now

04:05

it's really important to select the

04:06

privilege separation setting because we

04:09

want our api token to have the same

04:11

privileges as the root user

04:13

note that the api token secret will only

04:16

show up once so when you close the

04:17

window and forgot the secret you need to

04:19

create another one and then you just

04:21

need to copy this token and put these

04:23

settings in a credentials file in

04:25

terraform so take care the api token is

04:28

username and the token id separated with

04:30

an exclamation mark now that we have the

04:33

api token let's create the base files

04:35

for this project and i always start

04:37

creating a file which i call provider.tf

04:40

where i put all the general

04:41

configuration settings for terraform so

04:44

first i defined the required version for

04:46

it and the required provider section and

04:49

here we just need to define proxmox and

04:51

put the tailmate proxmox provider as our

04:53

source

04:54

if you want to specify a version you can

04:56

also do it as well here and then we need

04:59

to define three variables for the

05:01

proxmox credentials remember that you

05:03

should never store the actual secrets

05:05

here in the terraform project so just

05:07

declare the variables for the api url

05:10

the token id and the token secret as

05:12

string objects the last two ones is

05:14

sensitive

05:15

and i've then created a separate file

05:18

which i've called credentials.out.tfrs

05:21

here you can put the secrets in note

05:24

this file should not be included in any

05:26

repository so keep it secret because

05:28

here you can add the three variables to

05:30

connect to your proxmox server these

05:32

auto dot tfr files by the way are

05:34

special in terraform because they are

05:36

automatically loaded when you locate

05:38

them in the same project directory so

05:40

you don't need to specify them in the

05:42

command later very nice now let's come

05:44

back to the provider's file and here we

05:46

just need to set the three parameters

05:48

that are necessary for the connection to

05:50

the values of our variables and that

05:53

should be all no one more thing if

05:55

you're using a self-signed certificate

05:56

and your client doesn't trust the

05:58

connection to the proxmox ui you also

06:00

need to add a pmt ls insecure attribute

06:03

in the provider settings and set it to

06:05

true

06:06

but then that should be all so i've now

06:08

initiated the terraform project by

06:11

executing terraform in it until now that

06:13

all was pretty straightforward if you're

06:15

already familiar with terraform it

06:17

should be easy and now we can create the

06:18

file for our virtual machine resources

06:20

we want to create in proxmox so i've

06:22

just created a new file in the project

06:24

folder which i've called srv demo one

06:27

that will be a simple ubuntu server that

06:28

i want to create from a proxmox vm

06:30

template that i've already prepared in

06:33

packer so on my proxmox server you can

06:35

see these templates i want to use the

06:37

template with the id 902 which is just a

06:40

pre-installed ubuntu server in the 20.04

06:42

lts version now in the terraform file

06:45

i've created a resource from the type

06:48

proxbox vmq mo with the name srv demo1

06:51

and first you need to define the general

06:53

settings of the vm like the name the

06:55

description the vm id and what is the

06:57

target node so where do you want this vm

06:59

to be created on now the next parameter

07:02

is the agent and this is pretty

07:03

important it took me quite some time to

07:05

find it out because in the past i had

07:08

some problems with the speed of

07:09

terraform in combination with the

07:11

tailmate proxmox provider and after

07:14

researching i found out this has

07:16

something to do when the qmo guest agent

07:18

is installed on this virtual machine but

07:21

you haven't set this agent parameter

07:22

into the terraform resource so keep that

07:25

in mind when you're using the guest

07:26

agent in your vm template don't forget

07:29

to set this agent parameter to one and

07:31

now we can specify the other parameters

07:34

for this virtual machine like how many

07:36

cpu cores and sockets you want to give

07:38

it what should be the cpu mode and how

07:40

much memory the virtual machine should

07:41

have and of course from which vm

07:44

template you want to clone it from now

07:46

in this parameter you just need to set

07:48

the name of the vm template not the id

07:50

and it's also important to connect this

07:52

virtual machine to a network so i've

07:54

added my default vm bridge and now comes

07:56

something that also might be a bit

07:58

confusing because you can specify the

08:00

disk layout for this virtual machine but

08:03

be careful when you're using a vm

08:04

template because this vm template

08:06

already has a virtual hard drive because

08:09

it already has an operating system

08:10

installed on it and when you now specify

08:13

a disk in terraform they need to have

08:15

the exact same statements so take care

08:18

of that you're specifying the same

08:20

storage location the same type and size

08:22

for the disk otherwise if these settings

08:24

are different chevron will most likely

08:26

create a second hard disk on this vm if

08:28

the parameter don't match with the

08:30

template and now comes something that

08:32

i've already explained in my packer

08:34

tutorial and this is really amazing it

08:36

is cloud init remember in my packer

08:38

tutorial we've used cloud init to

08:40

specify settings that should be

08:42

provisioned when the virtual machine is

08:43

starting like an ip address add a dns

08:46

server or add username and password

08:49

and the terraform proxybox provider can

08:51

also do this for you so in this section

08:53

i have now specified the os type to

08:56

cloud init and gave this machine some

08:58

network configuration i added a static

09:00

ip and gave it a dns server and i also

09:03

added an additional user and a public

09:05

ssh key know that we've done all of this

09:08

stuff you can see it's not much that we

09:10

need to specify here so let's go into

09:12

terraform and run the terraform plan

09:14

command so this will tell us which

09:16

resources terraform will create when we

09:18

apply the changes and if everything is

09:20

okay you can run the terraform apply

09:22

command to make these changes happening

09:25

on proxmox you can see that it now

09:27

already starts connecting to the server

09:29

and it already creates the virtual

09:31

machine

09:32

now that might take some time to copy

09:34

because it uses a full clone and not a

09:36

linked clone image but after this is

09:38

done it starts up the virtual machine

09:40

and we should be able to just access it

09:42

with a static ip address we have defined

09:44

in the terraform file

09:46

and yeah we are just now connected to

09:48

our server and it just took like one and

09:51

a half minutes to create this new

09:52

virtual machine fully automatic in code

09:55

if you ask me that's really amazing so

09:57

currently i'm not managing any resources

09:59

on my proxbox server manually i've

10:01

created a few repositories for all my

10:03

production and testing vms

10:06

and i'm all managing entire from now and

10:08

you can by the way also create and

10:10

provision lxc containers as well i

10:12

personally haven't done this because i'm

10:14

not using alex c but i guess the process

10:16

will be very similar to the template

10:18

that i've just used in this video and i

10:20

hope this will help you in your project

10:22

as well so please tell me in the

10:23

comments what are you using to manage

10:25

your home lab infrastructure and as

10:27

always thanks everybody for watching

10:28

enjoy the rest of your day take care of

10:30

yourself and i see you soon bye