35 lines
1.5 KiB
Markdown
35 lines
1.5 KiB
Markdown
# Proxmox API User Config — from old host (zlh-prod1)
|
|
|
|
## Source of truth
|
|
Copied from `/etc/pve/user.cfg` on old Denver host Mar 31 2026.
|
|
|
|
## Users needed
|
|
- `apiuser@pve` — main API user for container provisioning
|
|
- `ansible@pve` — automation user (recreate if needed)
|
|
|
|
## Roles needed
|
|
```
|
|
ZLH-API: Datastore.AllocateSpace, Datastore.Audit, SDN.Allocate, SDN.Audit, SDN.Use, Sys.Audit, Sys.Modify, VM.Allocate, VM.Audit, VM.Clone, VM.Config.CPU, VM.Config.Disk, VM.Config.Memory, VM.Config.Network, VM.Config.Options, VM.PowerMgmt
|
|
|
|
ZLH-API-CT: Datastore.AllocateSpace, Datastore.Audit, SDN.Use, VM.Allocate, VM.Audit, VM.Clone, VM.Config.CPU, VM.Config.Disk, VM.Config.Memory, VM.Config.Network, VM.Config.Options, VM.PowerMgmt
|
|
```
|
|
|
|
## ACLs needed for apiuser
|
|
```
|
|
/nodes/zlh1 apiuser@pve ZLH-API
|
|
/nodes/zlh1 apiuser@pve!zlh-api ZLH-API, ZLH-API-CT
|
|
/storage/zlh-thin apiuser@pve ZLH-API
|
|
/storage/zlh-thin apiuser@pve!zlh-api ZLH-API, ZLH-API-CT
|
|
/vms apiuser@pve ZLH-API
|
|
/vms apiuser@pve!zlh-api ZLH-API, ZLH-API-CT
|
|
/sdn apiuser@pve ZLH-API
|
|
/sdn apiuser@pve!zlh-api ZLH-API
|
|
```
|
|
|
|
## Notes
|
|
- Node name on new host is `zlh1` — replace `zlh-prod1` references
|
|
- `zlh-thin` storage needs to exist on new host for ACLs to apply
|
|
- SDN ACLs reference vmbr1/vmbr2/vmbr3 — verify these exist on new host
|
|
- Token name: `apiuser@pve!zlh-api` — generate new secret, update .env on zpac-api
|
|
- ansible@pve not critical for platform — skip unless needed
|