Proxmox VE Automation with Ansible and Teleport Setup

Proxmox VE and Ansible Automation Notes

IMG_4981.jpeg

Overview

This document outlines the process of automating the creation, activation, and destruction of Windows VMs using Proxmox VE and Ansible. It includes prerequisites, steps to execute the tasks, and important notes for ensuring success.

Prerequisites

  1. Proxmox VE: Must be installed and configured.

    • Thoughts: Proxmox VE is essential as it acts as the virtualization platform. Ensure that the version of Proxmox supports all required features.

  2. Ansible: It needs to be installed on a control machine.

    • Thoughts: Ansible simplifies script execution across multiple VMs and facilitates automation through its playbook structure.

  3. OnlyKey: Must be configured to store Windows activation keys securely.

    • Thoughts: Security is paramount; OnlyKey aids in safely managing sensitive information like keys.

  4. Windows Activation Key: A valid Windows product key is necessary.

    • Thoughts: Ensure that the product key is legitimate to avoid activation issues.

Steps

1. Store Windows Keys on OnlyKey
  • Setup OnlyKey: Configure it to manage Windows activation keys.
    • Thoughts: This step allows for secure storage and retrieval of activation keys without hardcoding in scripts.
2. Ansible Playbook for VM Creation and Activation
  • File: create_and_activate_vm.yml
  • Tasks:
    • Create a new VM using Proxmox settings.
      • Ideas: Consider adjusting resource allocations (memory, CPU) based on your usage needs.
    • Wait for the VM to be ready.
      • Details: A timeout of 300 seconds provides sufficient time for resource allocation.
    • Retrieve Windows key from OnlyKey and activate the Windows OS.
      • Thoughts: The command needs proper error handling to manage failure during key retrieval.
YAML Configuration Snippet
# create_and_activate_vm.yml
---
- name: Create and activate Windows VM
  hosts: proxmox
  tasks:
    - name: Create a new VM
      proxmox_kvm:
        api_user: 'root@pam'
        api_password: 'your_password'
        api_host: 'your_proxmox_ip'
        node: 'proxmox_node'
        vmid: 100
        name: 'MyVM'
        memory: 2048
        cores: 2
        storage: 'local-vm'
        disk: 30G
        ostype: win10
        iso: 'local:iso/windows10.iso'
        net0: 'virtio,bridge=vmbr0'
        state: present
    # ... additional tasks
3. Ansible Playbook for VM Destruction and Deactivation
  • File: destroy_and_deactivate_vm.yml
  • Tasks:
    • Stop the VM and deactivate Windows.
      • Ideas: It’s crucial to stop the VM before deactivation for data integrity.
    • Remove the VM from Proxmox.
      • Details: Ensure this step is only executed once all tasks are confirmed successful.
YAML Configuration Snippet
# destroy_and_deactivate_vm.yml
---
- name: Destroy and deactivate Windows VM
  hosts: proxmox
  tasks:
    - name: Stop the VM
      proxmox_kvm:
        api_user: 'root@pam'
        api_password: 'your_password'
        api_host: 'your_proxmox_ip'
        node: 'proxmox_node'
        vmid: 100
        state: stopped
    # ... additional tasks

Notes

  1. Security: Ensure that communication between your script and OnlyKey is secure.

    • Thoughts: Consider using HTTPS and SSH keys where applicable to protect data in transit.

  2. Error Handling: Add error handling to manage cases where key retrieval or activation fails.

    • Ideas: Implement retries and logging mechanisms for improved troubleshooting.

  3. Testing: Thoroughly test the playbooks in a non-production environment to ensure they work as expected.

    • Additional Information: Testing can save time and resources by identifying potential issues before deployment.

By following these summarized steps and considerations, users can automate the lifecycle of Windows VMs in Proxmox VE using Ansible efficiently and securely.

Reference:

forum.proxmox.com
Automating the VM creation and delete - Proxmox Support Forum
forum.proxmox.com
Proxmox VM automation
www.youtube.com
Using Ansible to Create Proxmox Virtual Machines - YouTube

Notes on Teleport Setup Guide

IMG_4780.jpeg

General Overview

  • Teleport: An open-source tool designed to provide secure access to various infrastructures, including Kubernetes clusters and SSH servers. It's crucial for ensuring secure communication between clients.

Key Components

  • Teleport Server: Core component that handles user authentication and authorization.
  • Teleport Client: Used by users to access resources managed by Teleport.
  • SSH: Secure Shell protocol utilized for secure network services.

Initial Setup Steps

  1. Install Teleport Server: Essential for starting the Teleport service.

    • Command: sudo teleport install --config=/etc/teleport.yaml
    • Explanation: This command installs Teleport with the specified configuration file.

  2. Create Teleport configuration file: This file should contain critical information about the Teleport server settings.

    • Example Content: 
      teleport:
  nodename: "teleport-server"
  domain: "example.com"
  service:
    enabled: true
auth_service:
  enabled: true
  listen_addr: 0.0.0.0:3025
proxy_service:
  enabled: true
  listen_addr: 0.0.0.0:3080

Starting Teleport

  • Command: sudo service teleport start
  • Thoughts: This will launch the Teleport server, making it accessible for client connections.

Windows Client Setup

  1. Install requisite tools: To facilitate communication with the Teleport server.
  2. Set up Environment Variables:
    • Adding the path of the Teleport binary to the system's PATH variable ensures the commands can be executed from any prompt.

Usage Command Examples

  • Login to Teleport: Command to establish a secure connection to the Teleport server.
    • Example: tsh login --proxy=teleport-server:3080 --user=<username>
    • Significance: This command authenticates the user and establishes a session.

Resource Access

  • Access Resources: After logging in, users can access various resources managed by Teleport.
    • This feature significantly enhances security, as it controls who can access what resources.

Advanced Configuration

  • Logging: Essential for monitoring and troubleshooting.
    • Consider enabling detailed logging to keep track of connections and any potential issues.

Important Notes

  • Network Security: Ensure firewall settings allow traffic through required ports (e.g., 3025 for auth service, 3080 for proxy service).
  • Documentation: Always refer to the official Teleport documentation for detailed breakdowns of commands and configurations.

Potential Tables Extracted

Key ConfigurationExample Value
nodename"teleport-server"
domain"example.com"
auth_service_enabledtrue
proxy_service_enabledtrue
auth_service_listen0.0.0.0:3025
proxy_service_listen0.0.0.0:3080

Reference:

goteleport.com
Installing Teleport | Teleport Docs
goteleport.com
Linux
goteleport.com
Docker