1.5 KiB
1.5 KiB
Proxmox API User Config — from old host (zlh-prod1)
Source of truth
Copied from /etc/pve/user.cfg on old Denver host Mar 31 2026.
Users needed
apiuser@pve— main API user for container provisioningansible@pve— automation user (recreate if needed)
Roles needed
ZLH-API: Datastore.AllocateSpace, Datastore.Audit, SDN.Allocate, SDN.Audit, SDN.Use, Sys.Audit, Sys.Modify, VM.Allocate, VM.Audit, VM.Clone, VM.Config.CPU, VM.Config.Disk, VM.Config.Memory, VM.Config.Network, VM.Config.Options, VM.PowerMgmt
ZLH-API-CT: Datastore.AllocateSpace, Datastore.Audit, SDN.Use, VM.Allocate, VM.Audit, VM.Clone, VM.Config.CPU, VM.Config.Disk, VM.Config.Memory, VM.Config.Network, VM.Config.Options, VM.PowerMgmt
ACLs needed for apiuser
/nodes/zlh1 apiuser@pve ZLH-API
/nodes/zlh1 apiuser@pve!zlh-api ZLH-API, ZLH-API-CT
/storage/zlh-thin apiuser@pve ZLH-API
/storage/zlh-thin apiuser@pve!zlh-api ZLH-API, ZLH-API-CT
/vms apiuser@pve ZLH-API
/vms apiuser@pve!zlh-api ZLH-API, ZLH-API-CT
/sdn apiuser@pve ZLH-API
/sdn apiuser@pve!zlh-api ZLH-API
Notes
- Node name on new host is
zlh1— replacezlh-prod1references zlh-thinstorage needs to exist on new host for ACLs to apply- SDN ACLs reference vmbr1/vmbr2/vmbr3 — verify these exist on new host
- Token name:
apiuser@pve!zlh-api— generate new secret, update .env on zpac-api - ansible@pve not critical for platform — skip unless needed