it-ops/llm-automation-docs-and-remediation-engine
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d11321835462a04b854cfac0c817c412eea9d5f
llm-automation-docs-and-rem…/docs/PROXMOX_SETUP.md
dnviti 4bd436bb16
Some checks failed
CI/CD Pipeline / Run Tests (push) Has been skipped
Details
CI/CD Pipeline / Security Scanning (push) Has been skipped
Details
CI/CD Pipeline / Lint Code (push) Failing after 7m32s
Details
CI/CD Pipeline / Build and Push Docker Images (api) (push) Has been skipped
Details
CI/CD Pipeline / Build and Push Docker Images (chat) (push) Has been skipped
Details
CI/CD Pipeline / Build and Push Docker Images (frontend) (push) Has been skipped
Details
CI/CD Pipeline / Generate Documentation (push) Failing after 7m37s
Details
CI/CD Pipeline / Build and Push Docker Images (worker) (push) Has been skipped
Details
CI/CD Pipeline / Deploy to Staging (push) Has been skipped
Details
CI/CD Pipeline / Deploy to Production (push) Has been skipped
Details
feat: add Proxmox VE API authentication and real data collection 
Implement complete Proxmox API integration with support for both password
and API token authentication, replacing mock data with real infrastructure data.

**Authentication Features:**

1. **Dual Authentication Support**
   - API Token authentication (recommended, more secure)
   - Username + Password authentication (fallback)
   - Automatic fallback to mock data if not configured

2. **Configuration** (`src/datacenter_docs/utils/config.py`)
   - PROXMOX_HOST: Server hostname/IP
   - PROXMOX_PORT: API port (default 8006)
   - PROXMOX_USER: Username with realm (e.g., root@pam)
   - PROXMOX_PASSWORD: Password authentication
   - PROXMOX_TOKEN_NAME: API token name
   - PROXMOX_TOKEN_VALUE: API token secret
   - PROXMOX_VERIFY_SSL: SSL certificate verification
   - PROXMOX_TIMEOUT: API request timeout

3. **Real Data Collection** (`src/datacenter_docs/collectors/proxmox_collector.py`)
   - VMs: Iterate all nodes, collect QEMU VMs with full details
   - Containers: Collect LXC containers from all nodes
   - Nodes: Cluster node information and status
   - Cluster: Cluster configuration and quorum status
   - Storage: Storage pools with usage statistics
   - Networks: Network interfaces from all nodes
   - Automatic fallback to mock data on errors

4. **Comprehensive Documentation** (`docs/PROXMOX_SETUP.md`)
   - Step-by-step API token creation guide
   - Permission setup (PVEAuditor role)
   - Security best practices
   - Troubleshooting guide
   - Example configurations

5. **Environment Template** (`.env.example`)
   - Detailed Proxmox configuration section
   - Inline documentation for both auth methods
   - Security recommendations

**Security Features:**
- Supports read-only PVEAuditor role
- API tokens preferred over passwords
- SSL verification configurable
- Graceful degradation (uses mock data if API unavailable)
- No credentials in code (environment variables only)

**How to Configure:**

```bash
# Method 1: API Token (Recommended)
PROXMOX_HOST=proxmox.company.com
PROXMOX_USER=automation@pam
PROXMOX_TOKEN_NAME=docs-collector
PROXMOX_TOKEN_VALUE=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

# Method 2: Password
PROXMOX_HOST=proxmox.company.com
PROXMOX_USER=root@pam
PROXMOX_PASSWORD=your-secure-password
```

See `docs/PROXMOX_SETUP.md` for complete setup instructions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-20 19:27:11 +02:00

6.8 KiB
Raw Blame History

Proxmox VE API Integration Setup

This guide explains how to configure the Proxmox collector to connect to your Proxmox VE cluster and collect infrastructure data.

Prerequisites

  • Proxmox VE 7.0 or later
  • Network access to Proxmox API (default port 8006)
  • User account with appropriate permissions

Authentication Methods

The Proxmox collector supports two authentication methods:

Method 1: API Token (RECOMMENDED)

API tokens are more secure than passwords and can be easily revoked. They also support fine-grained permissions.

Advantages:

  • More secure (no password exposure)
  • Can be revoked independently
  • Fine-grained permissions
  • Best practice for automation

Setup Steps:

  1. Login to Proxmox Web UI

    • Navigate to https://your-proxmox-host:8006
    • Login with your credentials

  2. Navigate to API Tokens

    • Click on Datacenter in the left sidebar
    • Go to PermissionsAPI Tokens

  3. Create New Token

    • Click Add button
    • Configure the token:
      • User: Select or create a user (e.g., automation@pam)
      • Token ID: Give it a descriptive name (e.g., docs-collector)
      • Privilege Separation: Leave UNCHECKED for read-only access
      • Click Add

  4. Copy Token Secret

    • ⚠️ IMPORTANT: Copy the token secret immediately!
    • It will only be shown once and cannot be retrieved later
    • Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

  5. Set Permissions

    • Go to DatacenterPermissions
    • Click AddAPI Token Permission
    • Configure:
      • Path: / (root, for full access)
      • API Token: Select your token (e.g., automation@pam!docs-collector)
      • Role: PVEAuditor (read-only access)
      • Click Add

  6. Configure Environment Variables

    # In your .env file:
PROXMOX_HOST=proxmox.example.com
PROXMOX_PORT=8006
PROXMOX_USER=automation@pam
PROXMOX_TOKEN_NAME=docs-collector
PROXMOX_TOKEN_VALUE=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PROXMOX_VERIFY_SSL=false  # Set to true if using valid SSL cert

Method 2: Username + Password

Use this method only if API tokens are not available.

Setup Steps:

  1. Create Dedicated User (Optional but Recommended)

    • Go to DatacenterPermissionsUsers
    • Click Add
    • Configure:
      • User name: automation
      • Realm: pam or pve
      • Password: Set a strong password
      • Click Add

  2. Set Permissions

    • Go to DatacenterPermissions
    • Click AddUser Permission
    • Configure:
      • Path: /
      • User: Select your user (e.g., automation@pam)
      • Role: PVEAuditor
      • Click Add

  3. Configure Environment Variables

    # In your .env file:
PROXMOX_HOST=proxmox.example.com
PROXMOX_PORT=8006
PROXMOX_USER=automation@pam
PROXMOX_PASSWORD=your-secure-password
PROXMOX_VERIFY_SSL=false  # Set to true if using valid SSL cert

Roles and Permissions

The collector needs read-only access to gather infrastructure data.

Recommended Role: PVEAuditor

The PVEAuditor role provides read-only access to:

  • Virtual Machines (QEMU)
  • Containers (LXC)
  • Nodes and Cluster Status
  • Storage Information
  • Network Configuration

This role is perfect for documentation collection as it cannot modify anything.

Custom Role (Optional)

If you want even more restricted access, create a custom role:

  1. Go to DatacenterPermissionsRoles
  2. Click Create
  3. Name it DocCollector
  4. Select these privileges:
    • VM.Audit
    • Datastore.Audit
    • Sys.Audit
  5. Use this custom role when assigning permissions

Testing the Connection

After configuring credentials, test the connection:

# Using the test script
python scripts/test_proxmox_docs.py

You should see:

✓ Connected to Proxmox VE version X.Y
Collected N VMs from M nodes

If using mock data, you'll see:

Proxmox host not configured, using mock data for development

Troubleshooting

Connection Refused

Error: Connection failed: [Errno 111] Connection refused

Solutions:

  • Check PROXMOX_HOST is correct
  • Ensure port 8006 is accessible
  • Check firewall rules
  • Verify Proxmox API is running: systemctl status pveproxy

Authentication Failed

Error: Connection failed: 401 Unauthorized

Solutions:

  • Verify credentials are correct
  • Check user/token has required permissions
  • Ensure realm is correct (@pam or @pve)
  • For tokens: verify token ID matches exactly

SSL Certificate Errors

Error: SSL: CERTIFICATE_VERIFY_FAILED

Solutions:

  1. Quick Fix (Development): Set PROXMOX_VERIFY_SSL=false
  2. Production Fix:
    • Install valid SSL certificate on Proxmox
    • Or add Proxmox CA to trusted certificates
    • Set PROXMOX_VERIFY_SSL=true

Permission Denied

Error: 403 Forbidden or Permission denied

Solutions:

  • Check user/token has PVEAuditor role
  • Verify permission is set on path /
  • For tokens: ensure "Privilege Separation" is UNCHECKED

Timeout Errors

Error: Connection timeout after 30s

Solutions:

  • Increase timeout: PROXMOX_TIMEOUT=60
  • Check network latency
  • Verify Proxmox server is not overloaded

Security Best Practices

  1. Use API Tokens instead of passwords
  2. Use Read-Only Role (PVEAuditor)
  3. Dedicated User for automation (not root)
  4. Valid SSL Certificates in production (PROXMOX_VERIFY_SSL=true)
  5. Rotate Tokens periodically
  6. Audit Logs regularly to monitor API access
  7. Network Segmentation - restrict access to Proxmox API
  8. Secret Management - use vault for credentials (not .env in production)

Example Configuration

Development Environment

# .env
PROXMOX_HOST=192.168.1.100
PROXMOX_PORT=8006
PROXMOX_USER=automation@pam
PROXMOX_TOKEN_NAME=docs-dev
PROXMOX_TOKEN_VALUE=12345678-1234-1234-1234-123456789012
PROXMOX_VERIFY_SSL=false
PROXMOX_TIMEOUT=30

Production Environment

# .env (use secrets manager in real production!)
PROXMOX_HOST=proxmox.company.com
PROXMOX_PORT=8006
PROXMOX_USER=automation@pam
PROXMOX_TOKEN_NAME=docs-prod
PROXMOX_TOKEN_VALUE=87654321-4321-4321-4321-210987654321
PROXMOX_VERIFY_SSL=true
PROXMOX_TIMEOUT=60

Additional Resources

Support

If you encounter issues:

  1. Check this documentation
  2. Review logs: docker-compose logs chat worker
  3. Test with mock data first
  4. Verify Proxmox API access independently
  5. Open an issue on GitHub with logs