it-ops/llm-automation-docs-and-remediation-engine
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
llm-automation-docs-and-rem…/docs/PROXMOX_SETUP.md
dnviti 4bd436bb16
Some checks failed
CI/CD Pipeline / Run Tests (push) Has been skipped
Details
CI/CD Pipeline / Security Scanning (push) Has been skipped
Details
CI/CD Pipeline / Lint Code (push) Failing after 7m32s
Details
CI/CD Pipeline / Build and Push Docker Images (api) (push) Has been skipped
Details
CI/CD Pipeline / Build and Push Docker Images (chat) (push) Has been skipped
Details
CI/CD Pipeline / Build and Push Docker Images (frontend) (push) Has been skipped
Details
CI/CD Pipeline / Generate Documentation (push) Failing after 7m37s
Details
CI/CD Pipeline / Build and Push Docker Images (worker) (push) Has been skipped
Details
CI/CD Pipeline / Deploy to Staging (push) Has been skipped
Details
CI/CD Pipeline / Deploy to Production (push) Has been skipped
Details
feat: add Proxmox VE API authentication and real data collection 
Implement complete Proxmox API integration with support for both password
and API token authentication, replacing mock data with real infrastructure data.

**Authentication Features:**

1. **Dual Authentication Support**
   - API Token authentication (recommended, more secure)
   - Username + Password authentication (fallback)
   - Automatic fallback to mock data if not configured

2. **Configuration** (`src/datacenter_docs/utils/config.py`)
   - PROXMOX_HOST: Server hostname/IP
   - PROXMOX_PORT: API port (default 8006)
   - PROXMOX_USER: Username with realm (e.g., root@pam)
   - PROXMOX_PASSWORD: Password authentication
   - PROXMOX_TOKEN_NAME: API token name
   - PROXMOX_TOKEN_VALUE: API token secret
   - PROXMOX_VERIFY_SSL: SSL certificate verification
   - PROXMOX_TIMEOUT: API request timeout

3. **Real Data Collection** (`src/datacenter_docs/collectors/proxmox_collector.py`)
   - VMs: Iterate all nodes, collect QEMU VMs with full details
   - Containers: Collect LXC containers from all nodes
   - Nodes: Cluster node information and status
   - Cluster: Cluster configuration and quorum status
   - Storage: Storage pools with usage statistics
   - Networks: Network interfaces from all nodes
   - Automatic fallback to mock data on errors

4. **Comprehensive Documentation** (`docs/PROXMOX_SETUP.md`)
   - Step-by-step API token creation guide
   - Permission setup (PVEAuditor role)
   - Security best practices
   - Troubleshooting guide
   - Example configurations

5. **Environment Template** (`.env.example`)
   - Detailed Proxmox configuration section
   - Inline documentation for both auth methods
   - Security recommendations

**Security Features:**
- Supports read-only PVEAuditor role
- API tokens preferred over passwords
- SSL verification configurable
- Graceful degradation (uses mock data if API unavailable)
- No credentials in code (environment variables only)

**How to Configure:**

```bash
# Method 1: API Token (Recommended)
PROXMOX_HOST=proxmox.company.com
PROXMOX_USER=automation@pam
PROXMOX_TOKEN_NAME=docs-collector
PROXMOX_TOKEN_VALUE=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

# Method 2: Password
PROXMOX_HOST=proxmox.company.com
PROXMOX_USER=root@pam
PROXMOX_PASSWORD=your-secure-password
```

See `docs/PROXMOX_SETUP.md` for complete setup instructions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-20 19:27:11 +02:00

6.8 KiB
Raw Permalink Blame History

Proxmox VE API Integration Setup

This guide explains how to configure the Proxmox collector to connect to your Proxmox VE cluster and collect infrastructure data.

Prerequisites

  • Proxmox VE 7.0 or later
  • Network access to Proxmox API (default port 8006)
  • User account with appropriate permissions

Authentication Methods

The Proxmox collector supports two authentication methods:

Method 1: API Token (RECOMMENDED)

API tokens are more secure than passwords and can be easily revoked. They also support fine-grained permissions.

Advantages:

  • More secure (no password exposure)
  • Can be revoked independently
  • Fine-grained permissions
  • Best practice for automation

Setup Steps:

  1. Login to Proxmox Web UI

    • Navigate to https://your-proxmox-host:8006
    • Login with your credentials

  2. Navigate to API Tokens

    • Click on Datacenter in the left sidebar
    • Go to PermissionsAPI Tokens

  3. Create New Token

    • Click Add button
    • Configure the token:
      • User: Select or create a user (e.g., automation@pam)
      • Token ID: Give it a descriptive name (e.g., docs-collector)
      • Privilege Separation: Leave UNCHECKED for read-only access
      • Click Add

  4. Copy Token Secret

    • ⚠️ IMPORTANT: Copy the token secret immediately!
    • It will only be shown once and cannot be retrieved later
    • Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

  5. Set Permissions

    • Go to DatacenterPermissions
    • Click AddAPI Token Permission
    • Configure:
      • Path: / (root, for full access)
      • API Token: Select your token (e.g., automation@pam!docs-collector)
      • Role: PVEAuditor (read-only access)
      • Click Add

  6. Configure Environment Variables

    # In your .env file:
PROXMOX_HOST=proxmox.example.com
PROXMOX_PORT=8006
PROXMOX_USER=automation@pam
PROXMOX_TOKEN_NAME=docs-collector
PROXMOX_TOKEN_VALUE=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PROXMOX_VERIFY_SSL=false  # Set to true if using valid SSL cert

Method 2: Username + Password

Use this method only if API tokens are not available.

Setup Steps:

  1. Create Dedicated User (Optional but Recommended)

    • Go to DatacenterPermissionsUsers
    • Click Add
    • Configure:
      • User name: automation
      • Realm: pam or pve
      • Password: Set a strong password
      • Click Add

  2. Set Permissions

    • Go to DatacenterPermissions
    • Click AddUser Permission
    • Configure:
      • Path: /
      • User: Select your user (e.g., automation@pam)
      • Role: PVEAuditor
      • Click Add

  3. Configure Environment Variables

    # In your .env file:
PROXMOX_HOST=proxmox.example.com
PROXMOX_PORT=8006
PROXMOX_USER=automation@pam
PROXMOX_PASSWORD=your-secure-password
PROXMOX_VERIFY_SSL=false  # Set to true if using valid SSL cert

Roles and Permissions

The collector needs read-only access to gather infrastructure data.

Recommended Role: PVEAuditor

The PVEAuditor role provides read-only access to:

  • Virtual Machines (QEMU)
  • Containers (LXC)
  • Nodes and Cluster Status
  • Storage Information
  • Network Configuration

This role is perfect for documentation collection as it cannot modify anything.

Custom Role (Optional)

If you want even more restricted access, create a custom role:

  1. Go to DatacenterPermissionsRoles
  2. Click Create
  3. Name it DocCollector
  4. Select these privileges:
    • VM.Audit
    • Datastore.Audit
    • Sys.Audit
  5. Use this custom role when assigning permissions

Testing the Connection

After configuring credentials, test the connection:

# Using the test script
python scripts/test_proxmox_docs.py

You should see:

✓ Connected to Proxmox VE version X.Y
Collected N VMs from M nodes

If using mock data, you'll see:

Proxmox host not configured, using mock data for development

Troubleshooting

Connection Refused

Error: Connection failed: [Errno 111] Connection refused

Solutions:

  • Check PROXMOX_HOST is correct
  • Ensure port 8006 is accessible
  • Check firewall rules
  • Verify Proxmox API is running: systemctl status pveproxy

Authentication Failed

Error: Connection failed: 401 Unauthorized

Solutions:

  • Verify credentials are correct
  • Check user/token has required permissions
  • Ensure realm is correct (@pam or @pve)
  • For tokens: verify token ID matches exactly

SSL Certificate Errors

Error: SSL: CERTIFICATE_VERIFY_FAILED

Solutions:

  1. Quick Fix (Development): Set PROXMOX_VERIFY_SSL=false
  2. Production Fix:
    • Install valid SSL certificate on Proxmox
    • Or add Proxmox CA to trusted certificates
    • Set PROXMOX_VERIFY_SSL=true

Permission Denied

Error: 403 Forbidden or Permission denied

Solutions:

  • Check user/token has PVEAuditor role
  • Verify permission is set on path /
  • For tokens: ensure "Privilege Separation" is UNCHECKED

Timeout Errors

Error: Connection timeout after 30s

Solutions:

  • Increase timeout: PROXMOX_TIMEOUT=60
  • Check network latency
  • Verify Proxmox server is not overloaded

Security Best Practices

  1. Use API Tokens instead of passwords
  2. Use Read-Only Role (PVEAuditor)
  3. Dedicated User for automation (not root)
  4. Valid SSL Certificates in production (PROXMOX_VERIFY_SSL=true)
  5. Rotate Tokens periodically
  6. Audit Logs regularly to monitor API access
  7. Network Segmentation - restrict access to Proxmox API
  8. Secret Management - use vault for credentials (not .env in production)

Example Configuration

Development Environment

# .env
PROXMOX_HOST=192.168.1.100
PROXMOX_PORT=8006
PROXMOX_USER=automation@pam
PROXMOX_TOKEN_NAME=docs-dev
PROXMOX_TOKEN_VALUE=12345678-1234-1234-1234-123456789012
PROXMOX_VERIFY_SSL=false
PROXMOX_TIMEOUT=30

Production Environment

# .env (use secrets manager in real production!)
PROXMOX_HOST=proxmox.company.com
PROXMOX_PORT=8006
PROXMOX_USER=automation@pam
PROXMOX_TOKEN_NAME=docs-prod
PROXMOX_TOKEN_VALUE=87654321-4321-4321-4321-210987654321
PROXMOX_VERIFY_SSL=true
PROXMOX_TIMEOUT=60

Additional Resources

Support

If you encounter issues:

  1. Check this documentation
  2. Review logs: docker-compose logs chat worker
  3. Test with mock data first
  4. Verify Proxmox API access independently
  5. Open an issue on GitHub with logs