On Thu, 2022-04-07 at 12:27 +0200, Patryk Ściborek wrote:
> Hi Guys!
>
> I'm using Terraform to manage VMs running on Proxmox. I need to be
> able to
> upload snippets with custom cloud-init configuration. Right now I
> have to
> use scp/sftp to upload snippets so I have to use a system account. It
> looks
> that I'm not the only one having this issue:
> https://bugzilla.proxmox.com/show_bug.cgi?id=2208
>
> So I thought that I could implement a new API endpoint which would
> allow to
> create, read, update and delete snippets so other tools like
> Terraform
> would be able to use it.
>
> What do you think about this idea?
>
> Best regards,
> Patryk
Hi,
I've tried to adapt the patch to current PVE 7.1-12 (see below) but I
still get
proxmoxer.core.ResourceException: 501 Not Implemented: upload failed -
{'errors': b''}
When I try to upload a snippet.
My proxmoxer setup works for iso, the following succeeds:
proxmox.nodes(h).storage(s).upload.post(content="iso",filename=f)
But the following fails (f being read "rb" from some xxx.yaml)
proxmox.nodes(h).storage(s).upload.post(content="snippets",filename=f)
Not having snippet upload makes it impossible to use PVE auth realm
tokens to control permissions, you have to give a priviledged system
account to users *just* to be able to do cloud init with a yaml which
is not great security wise (and not practical).
I'm probably missing a few things to have a patch that works, I'm
willing to put some time on it if someone gives me directions.
Thanks!
Sincerely,
Laurent (paying PVE+PBS customer at work)
root@test:/usr/share/perl5# diff -u PVE/Storage.pm{-orig,}
--- PVE/Storage.pm-orig 2022-04-08 09:15:52.443943197 +0200
+++ PVE/Storage.pm 2022-04-08 09:17:23.457073570 +0200
@@ -412,6 +412,15 @@
return $plugin->get_subdir($scfg, 'iso');
}
+sub get_snippet_dir {
+ my ($cfg, $storeid) = @_;
+
+ my $scfg = storage_config($cfg, $storeid);
+ my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
+
+ return $plugin->get_subdir($scfg, 'snippets');
+}
+
sub get_vztmpl_dir {
my ($cfg, $storeid) = @_;
root@test:/usr/share/perl5# diff -u ./PVE/API2/Storage/Status.pm{-orig,}
--- ./PVE/API2/Storage/Status.pm-orig 2022-04-08 09:15:43.883836880 +0200
+++ ./PVE/API2/Storage/Status.pm 2022-04-08 10:23:43.914401204 +0200
@@ -381,7 +381,7 @@
content => {
description => "Content type.",
type => 'string', format => 'pve-storage-content',
- enum => ['iso', 'vztmpl'],
+ enum => ['iso', 'vztmpl', 'snippets'],
},
filename => {
description => "The name of the file to create. Caution: This
will be normalized!",
@@ -446,8 +446,10 @@
raise_param_exc({ filename => "wrong file extension" });
}
$path = PVE::Storage::get_vztmpl_dir($cfg, $param->{storage});
- } else {
- raise_param_exc({ content => "upload content type '$content' not
allowed" });
+ } elsif ($content eq 'snippets') {
+ $path = PVE::Storage::get_snippet_dir($cfg, $param->{storage});
+ } else {
+ raise_param_exc({ content => "upload content type '$content' not
allowed" });
}
die "storage '$param->{storage}' does not support '$content' content\n"
@@ -564,7 +566,7 @@
content => {
description => "Content type.", # TODO: could be optional &
detected in most cases
type => 'string', format => 'pve-storage-content',
- enum => ['iso', 'vztmpl'],
+ enum => ['iso', 'vztmpl', 'snippets'],
},
filename => {
description => "The name of the file to create. Caution: This
will be normalized!",
@@ -627,6 +629,8 @@
raise_param_exc({ filename => "wrong file extension" });
}
$path = PVE::Storage::get_vztmpl_dir($cfg, $storage);
+ } elsif ($content eq 'snippets') {
+ $path = PVE::Storage::get_snippet_dir($cfg, $storage);
} else {
raise_param_exc({ content => "upload content-type '$content' is not
allowed" });
}
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
