Terraform on inherent site https://inherently.xyz/tags/terraform/ Recent content in Terraform on inherent site Hugo en-us Mon, 27 Jan 2025 22:38:48 +0200 State of Homelab 2024 https://inherently.xyz/blog/homelab-2024/ Mon, 27 Jan 2025 22:38:48 +0200 https://inherently.xyz/blog/homelab-2024/ <p>When operating a homelab there is always something new to do or something waiting to be fixed. This post&rsquo;s aim is to detail the state of my homelab at the end of 2024 and beginning of 2025.</p> <h2 id="router">Router</h2> <p>The previous post was about virtualizing pfSense inside ProxMox but this setup is no longer in use. In its place, there is a new system running OPNSense on bare-metal. This was done for a few reasons, the main one being that I wanted to move away from pfSense. More than that, there was a circular dependency where the ProxMox host had to be up in order for the router to function but in order for the cluster nodes to talk to each other, the router needed to be online. In practice this was not a huge issue but it bothered me since it made experimenting more difficult because recreating the cluster meant taking down the router as well. I&rsquo;ve lost a few things, mainly pfblocker-ng and native tailscale integration but they&rsquo;re not as big of a loss as I had anticipated. In the end I think it was worth it, over the course of the past few years the company making pfSense has acted against the best interest of pfSense users and I did not feel like using their software anymore.</p> <h2 id="virtualization">Virtualization</h2> <p>I&rsquo;m still running ProxMox, although now it is a 3-node cluster. I&rsquo;ve spent a pretty significant amount of time tweaking the bootstrap process from a fresh install to having the entire homelab operational. Somewhere along the line I tried making it so non-cluster operation of multiple hosts was supported but gave up on that eventually. Each of the nodes has a 250GB SSD used as a boot drive and for node-local storage along with a 2TB HDD used as a Ceph OSD. Since the last post about using ansible and terraform with ProxMox, I&rsquo;ve figured out the process of adding tools to the debian image in the virtual machine template. There is also the option to deploy using GitLab CI so just making committing and pushing to the repo is enough to create a new virtual machine. The k3s virtual machine terraform configuration was improved significantly but I&rsquo;ve not adopted modules yet which seems to be the next step for organization-related improvements. I also run all software directly on top of debian virtual machines without containers to practice writing ansible. At work, our team runs everything in Docker so it could be a good idea to start moving to something similar at home for the sake of practice.</p> <h2 id="kubernetes">Kubernetes</h2> <p>The kubernetes cluster got a significant update. I&rsquo;ve adopted FluxCD to a greater degree, figured out secrets storage and a pretty good structure for the YAML files. The k3s cluster has 3 control plane nodes and 3 worker nodes, one per virtualization host. I&rsquo;m using longhorn for storage with plans to try and use the Ceph cluster as an additional storage class. The networking setup consists of MetalLB to have an IP in the subnet and then run ingress-nginx as the ingress controller on that IP. No plans for checking out Gateway API have been made at current but it is a good and necessary step forward in the ecosystem, I plan to move to it after things are a bit less in flux. The DNS is manual right now due to the low amount of services but I&rsquo;ve tested external-dns with PiHole and I&rsquo;m aware of the OPNSense webhook option, it remains to be seen what I&rsquo;ll end up using. The setup needs a bit more tender love and care but it&rsquo;s running well and doing what I need it to. I have plans to move more stuff to the cluster after the foundation is solid and not just have my own demo applications in there. The thought has crossed my mind to completely do away with ProxMox and then run Talos Linux bare metal on the systems but I&rsquo;d be losing out on some flexibility which I don&rsquo;t want to commit to right now. All in all, kubernetes is still pretty fun and the 1.30 and later releases have made good quality of life improvements.</p> <h2 id="nas">NAS</h2> <p>Since I upgraded my desktop, the old one&rsquo;s internals were transplanted to a different case are now a second NAS. I&rsquo;m saving up to get a big external drive so I can have an extra copy of the current main NAS so I can freely mess with them to have a solid backup solution. The changes in TrueNAS Scale regarding applications has left me waiting for things to settle down before I commit to a final setup. Overall nothing exciting on this front.</p> <h2 id="hardware">Hardware</h2> <p>I run mostly used office desktops and a basic managed switch. I have 3 Dell Optiplex machines: 2nd gen, 3rd gen and 4th gen Intel i5 CPUs with RAM sizes ranging from 16 to 32GB each. For storage they have a 250GB SSD and a 2TB HDD as mentioned earlier. The router is a Fujitsu equivalent desktop with a 4th gen Intel Pentium and 8GB of RAM as well as a 500GB SSD. My rackmount NAS is an i5 4570 with 16GB of RAM and 4x4TB HDDs in a 3-drive ZFS RAID-Z1 plus one hot spare. My backup NAS is an i7 4770 with 32GB of RAM and 2x8TB HDDs in a 2-way ZFS mirror. The main network switch is a Netgear GS724TV4, just a layer 2 managed gigabit switch.</p> <h2 id="conclusion">Conclusion</h2> <p>I wanted to write all of this down to have a reference for myself when I inevitably change something and it might help someone else as well. Also the blog is back(?) after more than a 2 year silence, hopefully I will not neglect it for that long again.</p> QEMU Guest Agent for Terraform on ProxMox https://inherently.xyz/blog/qemu-guest-agent-for-terraform-on-proxmox/ Wed, 27 Jul 2022 13:38:18 +0300 https://inherently.xyz/blog/qemu-guest-agent-for-terraform-on-proxmox/ <p>In a <a href="https://inherently.xyz/blog/ansible-terraform-and-proxmox/">previous post</a> I talked about how I set up proxmox in order to be able to provision virtual machines on it using terraform. Since then, I&rsquo;ve improved the setup by adding qemu-guest-agent to the template images without needing to create them myself from scratch and I&rsquo;d like to share it here.</p> <h2 id="the-problem">The Problem</h2> <p>A lot images intended for openstack or cloud use, be they debian or ubuntu or something else, do not include qemu-guest-agent by default. This means that we either don&rsquo;t get to enable that integration or have to do a complex dance of provisioning the VMs with the agent disabled, installing qemu-guest-agent, turning them off, applying a terraform plan with the agent enabled and booting them back up. Obviously that&rsquo;s very tedious, error-prone and time-consuming especially when creating and destroying potentially dozens of VMs for testing. To figure out a solution, I went down a bit of a rabbit hole and considered a few solutions before settling on one so I&rsquo;d like to take you through the selection process.</p> <h2 id="the-solutions">The Solutions</h2> <p>There are multiple ways to solve this problem and there isn&rsquo;t really a standard go-to recommended one. One of these might work better for your situation and that&rsquo;s great however I will be detailing why I didn&rsquo;t choose them.</p> <h3 id="images-with-qemu-guest-agent-pre-installed">Images with qemu-guest-agent pre-installed</h3> <p>This was my first instinct, just find images that have it already. Unfortunately I couldn&rsquo;t find a debian image that fit this criteria and overall it&rsquo;s not a reliable solution, some distros might simply elect to not include it.</p> <h3 id="terraform-remote-exec-provisioner">Terraform remote-exec provisioner</h3> <p>I found <a href="https://cloudalbania.com/posts/2022-01-homelab-with-proxmox-and-terraform/#considerations-when-creating-vms">this great blog post</a> by Besmir Zanaj which was really interesting and demonstrates how to use terraform to achieve post-provision VM customization. It is worth checking out however for something so basic that all virtual machines need I decided it was better to bake it into the template rather than have the action run on each VM individually. The example from the post about firewall rules is a great use-case for this functionality so it&rsquo;s not to be discarded entirely.</p> <h3 id="packer-proxmox-iso-builder">Packer proxmox-iso Builder</h3> <p>Packer is another tool from Hashicorp, the same company behind terraform, that can create images to be used with proxmox and then make templates based on those images. The functionality is offered by a plugin, specifically a builder, called <a href="https://www.packer.io/plugins/builders/proxmox/iso">proxmox-iso</a>. It didn&rsquo;t appear to be a terrible choice but the <a href="https://github.com/xcad2k/boilerplates/tree/main/packer/proxmox">configuration examples that I found</a> relied on launching ubuntu, waiting a certain amount of time then sending keystrokes to begin a no-cloud autoinstall. This seemed to me to be very error-prone and distro-specific so I skipped it. I don&rsquo;t believe it to be a complete dead-end and it&rsquo;s possible there is a better way to use it for what I want but I couldn&rsquo;t figure out how.</p> <h3 id="adding-qemu-guest-agent-using-guestfs-tools">Adding qemu-guest-agent using guestfs-tools</h3> <p>The last thing I looked into was using guestfs-tools to modify the image before creating a proxmox template out of it. Guest-fs tools is a set of tools for modifying virtual machine disk images that works on a lot of distros. After lots of searching, I came across <a href="https://austinsnerdythings.com/2021/08/30/how-to-create-a-proxmox-ubuntu-cloud-init-image/">an awesome blog post</a> by Austin Pivarnik which tackled basically the same problem. As detailed in the post itself, on debian-based systems which luckily proxmox is, we can install <code>libguestfs-tools</code> and then use the <code>virt-customize</code> command to alter the contents of a virtual machine image. How I added this to my setup:</p> <ul> <li>add <code>libguestfs-tools</code> to the list of packages installed by my proxmox setup ansible playbook</li> <li>add a task (adapted for all VM images) to the same playbook after downloading the image but before creating the template</li> <li>run playbook</li> <li>ta-da! You can see the changes I made <a href="https://gitlab.com/insanitywholesale/infra/-/commit/831fe44f103c3650a41eca4722cce794e67ca741">in this commit</a> where I also adjusted my terraform configuration and a couple other small things. I&rsquo;ve been very happy with this so far and aside from showing the guest IP in the proxmox web interface as well as allowing smooth shutdown it has also improved provisioning times.</li> </ul> <h2 id="conclusion">Conclusion</h2> <p>Having good templates for virtual machines on a virtualization platform is very important for automation. While it took quite a long time for me to find a suitable solution I am quite happy with where I ended up and the improvement to my homelab. Thank you for reading and I hope you learned something new.</p> Ansible, Terraform and Proxmox https://inherently.xyz/blog/ansible-terraform-and-proxmox/ Fri, 24 Jun 2022 23:24:57 +0300 https://inherently.xyz/blog/ansible-terraform-and-proxmox/ <p>In the continuing quest to improve my homelab I&rsquo;ve written a few ansible playbooks as well as terraform configuration to automate a lot of tasks. The initial setup of proxmox is handled by ansible, the provisioning of virtual machines is handled by terraform and the installation of k3s on the VMs is done by ansible.</p> <h2 id="proxmox-setup-with-ansible">Proxmox Setup with Ansible</h2> <p>Before getting to use all the shiny devops with a selfhosted solution, we need to do a bit of setup first. This isn&rsquo;t perfect since it&rsquo;s just ansible running a bash script but it gets the job done. The other issue,, is that a lot of cloud images don&rsquo;t include qemu-guest-agent and other packages by default. I have a few ideas how to solve that (check out this <a href="https://github.com/insanitywholesale/home-infra/blob/master/TODO.md">TODO.md</a> for more info) but haven&rsquo;t tested out anything yet. Since qemu-guest-agent and things like nfs-common are required on most VMs, a lot of redundant package installation happens but such is life for now. With that out of the way, let&rsquo;s start with how I configure proxmox.</p> <h3 id="host">Host</h3> <p>While proxmox has a lot of things ready to go out of the box, a bit of configuration is always required and even more so in this case. The goal of the following steps is to turn our hosts into capable, cloud-like, targets for provisioning resources using terraform.</p> <h4 id="repository">Repository</h4> <p>Initially the enterprise repository which we don&rsquo;t have a license to access is enabled. To fix this, I delete the file in <code>/etc/apt/sources.list.d</code> that contains it and add a file with the no-subscription repository. This might not be necessary since the <a href="https://github.com/lae/ansible-role-proxmox">lae.proxmox</a> ansible role can do essentially the same thing and many more. Here are the ansible tasks:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yml" data-lang="yml"><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">remove enterprise repo</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">file</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/etc/apt/sources.list.d/pve-enterprise.list</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l">absent</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">add no-subscription repo</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">copy</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l">pve-no-sub.list</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l">/etc/apt/sources.list.d/pve-no-subscription.list</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;0644&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">owner</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="template-vm">Template VM</h3> <p>The terraform provider for proxmox can work with cloud-init which is a great vendor-agnostic way of configuring the basics (username, password, IP addressing, DNS, SSH keys) in a virtualized environment. This is achieved by having a virtual disk or virtual cd-rom that mounts inside the VM and provides this information to the guest.</p> <h4 id="vm-image">VM Image</h4> <p>Since software is not always compatible with the latest version of a linux distribution, in this case debian, I keep the last two versions around. The first step is to download the images:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yml" data-lang="yml"><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">get debian 10 cloud image</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">get_url</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l">https://cloud.debian.org/images/cloud/buster/20211011-792/debian-10-generic-amd64-20211011-792.qcow2</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l">/root/debian-10-openstack-amd64.qcow2</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">checksum</span><span class="p">:</span><span class="w"> </span><span class="l">sha512:f3dac13104b4e28eb62c46cbbb1e30fc9c792834500f9101d477c19c258c31ff04850933ee0b3e63236eca38c854447d95a0ab45163c4a3fccf05f9dd95601a5</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;0644&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">owner</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">get debian 11 cloud image</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">get_url</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l">https://cloud.debian.org/images/cloud/bullseye/20220121-894/debian-11-generic-amd64-20220121-894.qcow2</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l">/root/debian-11-openstack-amd64.qcow2</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">checksum</span><span class="p">:</span><span class="w"> </span><span class="l">sha512:0948dc56b4834a7755e4eae7d5532e138b90484a949161ffe9fc6894c7a14b1bd32ebf96fa3f3d03d498fe7ee125f8014f31bfab5825915a93de9330df814f7b</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;0644&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">owner</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h4 id="template-script">Template Script</h4> <p>As mentioned in the beginning I&rsquo;d like to automate this with ansible but this is what I have for now:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="k">if</span> <span class="o">[</span> -z <span class="s2">&#34;</span><span class="nv">$1</span><span class="s2">&#34;</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"> <span class="nv">VMID</span><span class="o">=</span><span class="m">9001</span> </span></span><span class="line"><span class="cl"><span class="k">else</span> </span></span><span class="line"><span class="cl"> <span class="nv">VMID</span><span class="o">=</span><span class="s2">&#34;</span><span class="nv">$1</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">if</span> <span class="o">[</span> -z <span class="s2">&#34;</span><span class="nv">$2</span><span class="s2">&#34;</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"> <span class="nv">VMNAME</span><span class="o">=</span><span class="s2">&#34;debian-tmpl&#34;</span> </span></span><span class="line"><span class="cl"><span class="k">else</span> </span></span><span class="line"><span class="cl"> <span class="nv">VMNAME</span><span class="o">=</span><span class="s2">&#34;</span><span class="nv">$2</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nv">VMEXISTS</span><span class="o">=</span><span class="s2">&#34;</span><span class="k">$(</span>qm list <span class="p">|</span> grep <span class="nv">$VMID</span><span class="k">)</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">if</span> <span class="o">[</span> <span class="s2">&#34;</span><span class="nv">$VMEXISTS</span><span class="s2">&#34;</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"> <span class="nb">echo</span> <span class="s2">&#34;VM with </span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2"> already exists&#34;</span> </span></span><span class="line"><span class="cl"><span class="k">else</span> </span></span><span class="line"><span class="cl"> qm create <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> -name <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMNAME</span><span class="si">}</span><span class="s2">&#34;</span> -memory <span class="m">1024</span> -net0 virtio,bridge<span class="o">=</span>vmbr0 -cores <span class="m">1</span> -sockets <span class="m">1</span> -cpu <span class="nv">cputype</span><span class="o">=</span>kvm64 -description <span class="s2">&#34;debbie image&#34;</span> -kvm <span class="m">1</span> -numa <span class="m">1</span> </span></span><span class="line"><span class="cl"> qm importdisk <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> debian-10-openstack-amd64.qcow2 local-zfs </span></span><span class="line"><span class="cl"> qm <span class="nb">set</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> -scsihw virtio-scsi-pci -virtio0 local-zfs:vm-<span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span>-disk-0 </span></span><span class="line"><span class="cl"> qm <span class="nb">set</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> -serial0 socket </span></span><span class="line"><span class="cl"> qm <span class="nb">set</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> -boot c -bootdisk virtio0 </span></span><span class="line"><span class="cl"><span class="c1"># qm set &#34;${VMID}&#34; -agent 1 #disabled since VM does not initially have qga installed</span> </span></span><span class="line"><span class="cl"> qm <span class="nb">set</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> -hotplug disk,network,usb,memory,cpu </span></span><span class="line"><span class="cl"> qm <span class="nb">set</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> -vcpus <span class="m">1</span> </span></span><span class="line"><span class="cl"> qm <span class="nb">set</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> -vga qxl </span></span><span class="line"><span class="cl"> qm <span class="nb">set</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> -name <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMNAME</span><span class="si">}</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"> qm <span class="nb">set</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> -ide2 local-zfs:cloudinit </span></span><span class="line"><span class="cl"> qm template <span class="s2">&#34;</span><span class="si">${</span><span class="nv">VMID</span><span class="si">}</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span></code></pre></td></tr></table> </div> </div><p>This works well enough for first-time setup and with a few additions could become idempotent. The above script and its debian 11 equivalent are copied over to the proxmox hosts and executed by the following ansible tasks:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yml" data-lang="yml"><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">get debian 10 template vm script</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">copy</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l">setup-debian-10-cloudinit.sh</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l">/root/setup-debian-10-template.sh</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;0755&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">owner</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">run debian 10 template vm script</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">shell</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cmd</span><span class="p">:</span><span class="w"> </span><span class="l">/root/setup-debian-10-template.sh</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">get debian 11 template vm script</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">copy</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">src</span><span class="p">:</span><span class="w"> </span><span class="l">setup-debian-11-cloudinit.sh</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l">/root/setup-debian-11-template.sh</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mode</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;0755&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">owner</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">run debian 11 template vm script</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">shell</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cmd</span><span class="p">:</span><span class="w"> </span><span class="l">/root/setup-debian-11-template.sh</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h2 id="terraform-setup">Terraform Setup</h2> <p>With proxmox ready, let&rsquo;s move on to the terraform setup. If you haven&rsquo;t used it before, terraform is a declarative way of describing our infrastructure. It can manage virtual machines, DNS records, object storage buckets, kubernetes resources and many more things with the appropriate providers.</p> <h3 id="provider">Provider</h3> <p>Providers in terraform are plugins that enable terraform to manage resources that it doesn&rsquo;t support out of the box. In this case, we want to manage proxmox virtual machines and containers but it could be other things like a router running pfsense or vyos. In previous versions, the provider would need to be installed manually but nowadays we only need to create a <code>main.tf</code> with the provider listed and upon running <code>terraform init</code>, the provider will be downloaded automatically.</p> <h3 id="basic-maintf">Basic <code>main.tf</code></h3> <p>Let&rsquo;s create that file then. Open your favorite editor, paste the following and replace the IP as well as the password with the ones applicable to your setup:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-hcl" data-lang="hcl"><span class="line"><span class="cl"><span class="k">terraform</span> { </span></span><span class="line"><span class="cl"> <span class="k">required_providers</span> { </span></span><span class="line"><span class="cl"><span class="n"> proxmox</span> <span class="o">=</span> { </span></span><span class="line"><span class="cl"><span class="n"> source</span> <span class="o">=</span> <span class="s2">&#34;Telmate/proxmox&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> version</span> <span class="o">=</span><span class="n"> &#34;&gt;</span><span class="o">=</span><span class="m">2</span><span class="p">.</span><span class="m">9</span><span class="p">.</span><span class="m">5</span><span class="err">&#34;</span> </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">provider</span> <span class="s2">&#34;proxmox&#34;</span> { </span></span><span class="line"><span class="cl"><span class="n"> alias</span> <span class="o">=</span> <span class="s2">&#34;pve&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> pm_tls_insecure</span> <span class="o">=</span> <span class="kt">true</span> </span></span><span class="line"><span class="cl"><span class="n"> pm_api_url</span> <span class="o">=</span> <span class="s2">&#34;https://192.168.70.1:8006/api2/json&#34;</span><span class="c1"> #Replace IP </span></span></span><span class="line"><span class="cl"><span class="n"> pm_password</span> <span class="o">=</span> <span class="s2">&#34;password123&#34;</span><span class="c1"> #Replace password </span></span></span><span class="line"><span class="cl"><span class="n"> pm_user</span> <span class="o">=</span> <span class="s2">&#34;root@pam&#34;</span> </span></span><span class="line"><span class="cl">} </span></span></code></pre></td></tr></table> </div> </div><p>Save the file and then run <code>terraform init</code>. You should see the following output (the version might be different):</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">Initializing the backend... </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">Initializing provider plugins... </span></span><span class="line"><span class="cl">- Finding telmate/proxmox versions matching &#34;&gt;= 2.9.5&#34;... </span></span><span class="line"><span class="cl">- Installing telmate/proxmox v2.9.10... </span></span><span class="line"><span class="cl">- Installed telmate/proxmox v2.9.10 (self-signed, key ID A9EBBE091B35AFCE) </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">Partner and community providers are signed by their developers. </span></span><span class="line"><span class="cl">If you&#39;d like to know more about provider signing, you can read about it here: </span></span><span class="line"><span class="cl">https://www.terraform.io/docs/cli/plugins/signing.html </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">Terraform has created a lock file .terraform.lock.hcl to record the provider </span></span><span class="line"><span class="cl">selections it made above. Include this file in your version control repository </span></span><span class="line"><span class="cl">so that Terraform can guarantee to make the same selections by default when </span></span><span class="line"><span class="cl">you run &#34;terraform init&#34; in the future. </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">Terraform has been successfully initialized! </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">You may now begin working with Terraform. Try running &#34;terraform plan&#34; to see </span></span><span class="line"><span class="cl">any changes that are required for your infrastructure. All Terraform commands </span></span><span class="line"><span class="cl">should now work. </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">If you ever set or change modules or backend configuration for Terraform, </span></span><span class="line"><span class="cl">rerun this command to reinitialize your working directory. If you forget, other </span></span><span class="line"><span class="cl">commands will detect it and remind you to do so if necessary. </span></span></code></pre></td></tr></table> </div> </div><p>And ta-da! We&rsquo;ve installed the provider and are ready to start creating resources.</p> <h3 id="creating-a-test-vm">Creating a test VM</h3> <p>The above file won&rsquo;t do anything so we&rsquo;ll declare a virtual machine and then tell terraform to create it. The example below is specific to my setup so you probably want to modify it before using but here it is:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span><span class="lnt">40 </span><span class="lnt">41 </span><span class="lnt">42 </span><span class="lnt">43 </span><span class="lnt">44 </span><span class="lnt">45 </span><span class="lnt">46 </span><span class="lnt">47 </span><span class="lnt">48 </span><span class="lnt">49 </span><span class="lnt">50 </span><span class="lnt">51 </span><span class="lnt">52 </span><span class="lnt">53 </span><span class="lnt">54 </span><span class="lnt">55 </span><span class="lnt">56 </span><span class="lnt">57 </span><span class="lnt">58 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-hcl" data-lang="hcl"><span class="line"><span class="cl"><span class="k">terraform</span> { </span></span><span class="line"><span class="cl"> <span class="k">required_providers</span> { </span></span><span class="line"><span class="cl"><span class="n"> proxmox</span> <span class="o">=</span> { </span></span><span class="line"><span class="cl"><span class="n"> source</span> <span class="o">=</span> <span class="s2">&#34;Telmate/proxmox&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> version</span> <span class="o">=</span><span class="n"> &#34;&gt;</span><span class="o">=</span><span class="m">2</span><span class="p">.</span><span class="m">9</span><span class="p">.</span><span class="m">5</span><span class="err">&#34;</span> </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">provider</span> <span class="s2">&#34;proxmox&#34;</span> { </span></span><span class="line"><span class="cl"><span class="n"> alias</span> <span class="o">=</span> <span class="s2">&#34;pve&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> pm_tls_insecure</span> <span class="o">=</span> <span class="kt">true</span> </span></span><span class="line"><span class="cl"><span class="n"> pm_api_url</span> <span class="o">=</span> <span class="s2">&#34;https://192.168.70.1:8006/api2/json&#34;</span><span class="c1"> #Replace IP </span></span></span><span class="line"><span class="cl"><span class="n"> pm_password</span> <span class="o">=</span> <span class="s2">&#34;password123&#34;</span><span class="c1"> #Replace password </span></span></span><span class="line"><span class="cl"><span class="n"> pm_user</span> <span class="o">=</span> <span class="s2">&#34;root@pam&#34;</span> </span></span><span class="line"><span class="cl">} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">resource</span> <span class="s2">&#34;proxmox_vm_qemu&#34; &#34;proxmox_test_vm&#34;</span> { </span></span><span class="line"><span class="cl"><span class="n"> provider</span> <span class="o">=</span> <span class="k">proxmox</span><span class="p">.</span><span class="k">pve</span> </span></span><span class="line"><span class="cl"><span class="n"> name</span> <span class="o">=</span> <span class="s2">&#34;deb-10-test&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> target_node</span> <span class="o">=</span> <span class="s2">&#34;pve&#34;</span><span class="cm"> </span></span></span><span class="line"><span class="cl"><span class="cm"> </span></span></span><span class="line"><span class="cl"><span class="cm"> /* change to debian-templ for 11 */</span> </span></span><span class="line"><span class="cl"><span class="n"> clone</span> <span class="o">=</span> <span class="s2">&#34;debian-tmpl&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> os_type</span> <span class="o">=</span> <span class="s2">&#34;cloud-init&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> cores</span> <span class="o">=</span> <span class="m">2</span> </span></span><span class="line"><span class="cl"><span class="n"> sockets</span> <span class="o">=</span> <span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="n"> cpu</span> <span class="o">=</span> <span class="s2">&#34;host&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> memory</span> <span class="o">=</span> <span class="m">2048</span> </span></span><span class="line"><span class="cl"><span class="n"> scsihw</span> <span class="o">=</span> <span class="s2">&#34;virtio-scsi-pci&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> bootdisk</span> <span class="o">=</span> <span class="s2">&#34;virtio0&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> agent</span> <span class="o">=</span> <span class="m">0</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">disk</span> { </span></span><span class="line"><span class="cl"><span class="n"> size</span> <span class="o">=</span> <span class="s2">&#34;30G&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> type</span> <span class="o">=</span> <span class="s2">&#34;virtio&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> storage</span> <span class="o">=</span> <span class="s2">&#34;local-zfs&#34;</span> </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">network</span> { </span></span><span class="line"><span class="cl"><span class="n"> model</span> <span class="o">=</span> <span class="s2">&#34;virtio&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> bridge</span> <span class="o">=</span> <span class="s2">&#34;vmbr0&#34;</span> </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n"> ipconfig0</span> <span class="o">=</span><span class="n"> &#34;ip</span><span class="o">=</span><span class="n">192.168.50.25/16,gw</span><span class="o">=</span><span class="m">192</span><span class="p">.</span><span class="m">168</span><span class="p">.</span><span class="m">0</span><span class="p">.</span><span class="m">1</span><span class="err">&#34;</span><span class="cm"> </span></span></span><span class="line"><span class="cl"><span class="cm"> </span></span></span><span class="line"><span class="cl"><span class="cm"> /*workstation SSH key*/</span> </span></span><span class="line"><span class="cl"><span class="n"> sshkeys</span> <span class="o">=</span> <span class="s2">&#34;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5jzKi37jm3517bqThbw+7LR/GXm3qC6Az5F+ZUa36vYM7Ygk2K5bWcFIL2YUCrkL5jfSsvoowONjCAxyuoyxtW4MJxnQLyq4u4yDsRC7YvBPAKZUYaHwnbkCfDs5a75dEFOoDxCA0DY2GrhqzBndaTcCfl0fZ4vN+9LcKOb1dSKiHeHvsh35YNtwntbL21meo+hiycUEgGwNe9/4kxKpdGTr7HvbeX2Fjm/UZBZIJKVcGop/3gCHXYnKH+OY5zc8cmt9Jg4CIwEqrSKeOX0bE8LSPRpVRXH4v8OcMaMei/HQejlH8NBwybEdJ4mhl8vHaFEjDbIWoOujmiRQF2263 angle@puddle&#34;</span><span class="cm"> </span></span></span><span class="line"><span class="cl"><span class="cm"> </span></span></span><span class="line"><span class="cl"><span class="cm"> /*required otherwise the state always appears modified*/</span> </span></span><span class="line"><span class="cl"> <span class="k">lifecycle</span> { </span></span><span class="line"><span class="cl"><span class="n"> ignore_changes</span> <span class="o">=</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="k">cipassword</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="k">network</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="k">desc</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="p">]</span> </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} </span></span></code></pre></td></tr></table> </div> </div><p>After saving the file, we can run <code>terraform plan -out create-test-vm.plan</code> to calculate the changes required and save them to a file. Following that, we can run <code>terraform apply create-test-vm.plan</code> to apply the changes to our infrastructure. Some output will appear while the template is cloned, the VM settings are adjusted and the cloud-init configuration is put into the drive. In the end, you should have a brand new VM created by terraform!</p> <h3 id="creating-vms-for-k3s">Creating VMs for k3s</h3> <p>The above example is realistic but what if we need 5 similar VMs that could be used as kubernetes nodes? Conveniently, terraform provides a <code>count</code> variable that we can use to slightly differ settings where needed. Here is the resource that provisions the virtual machines that I run a k3s cluster on:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span><span class="lnt">40 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-hcl" data-lang="hcl"><span class="line"><span class="cl"><span class="k">resource</span> <span class="s2">&#34;proxmox_vm_qemu&#34; &#34;proxmox_vm_k3s&#34;</span> { </span></span><span class="line"><span class="cl"><span class="n"> provider</span> <span class="o">=</span> <span class="k">proxmox</span><span class="p">.</span><span class="k">pve</span> </span></span><span class="line"><span class="cl"><span class="n"> count</span> <span class="o">=</span> <span class="m">5</span> </span></span><span class="line"><span class="cl"><span class="n"> name</span> <span class="o">=</span> <span class="s2">&#34;deb-k3s-${count.index + 1}&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> target_node</span> <span class="o">=</span> <span class="s2">&#34;pve&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n"> clone</span> <span class="o">=</span> <span class="s2">&#34;debian-tmpl&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> os_type</span> <span class="o">=</span> <span class="s2">&#34;cloud-init&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> cores</span> <span class="o">=</span> <span class="m">2</span> </span></span><span class="line"><span class="cl"><span class="n"> sockets</span> <span class="o">=</span> <span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="n"> cpu</span> <span class="o">=</span> <span class="s2">&#34;host&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> memory</span> <span class="o">=</span> <span class="m">3084</span> </span></span><span class="line"><span class="cl"><span class="n"> scsihw</span> <span class="o">=</span> <span class="s2">&#34;virtio-scsi-pci&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> bootdisk</span> <span class="o">=</span> <span class="s2">&#34;virtio0&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> agent</span> <span class="o">=</span> <span class="m">0</span> </span></span><span class="line"><span class="cl"><span class="n"> onboot</span> <span class="o">=</span> <span class="kt">true</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">disk</span> { </span></span><span class="line"><span class="cl"><span class="n"> size</span> <span class="o">=</span> <span class="s2">&#34;30G&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> type</span> <span class="o">=</span> <span class="s2">&#34;virtio&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> storage</span> <span class="o">=</span> <span class="s2">&#34;local-zfs&#34;</span> </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">network</span> { </span></span><span class="line"><span class="cl"><span class="n"> model</span> <span class="o">=</span> <span class="s2">&#34;virtio&#34;</span> </span></span><span class="line"><span class="cl"><span class="n"> bridge</span> <span class="o">=</span> <span class="s2">&#34;vmbr0&#34;</span> </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n"> ipconfig0</span> <span class="o">=</span><span class="n"> &#34;ip</span><span class="o">=</span><span class="n">192.168.15.5${count.index + 1}/16,gw</span><span class="o">=</span><span class="m">192</span><span class="p">.</span><span class="m">168</span><span class="p">.</span><span class="m">0</span><span class="p">.</span><span class="m">1</span><span class="err">&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n"> sshkeys</span> <span class="o">=</span> <span class="s2">&#34;ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5jzKi37jm3517bqThbw+7LR/GXm3qC6Az5F+ZUa36vYM7Ygk2K5bWcFIL2YUCrkL5jfSsvoowONjCAxyuoyxtW4MJxnQLyq4u4yDsRC7YvBPAKZUYaHwnbkCfDs5a75dEFOoDxCA0DY2GrhqzBndaTcCfl0fZ4vN+9LcKOb1dSKiHeHvsh35YNtwntbL21meo+hiycUEgGwNe9/4kxKpdGTr7HvbeX2Fjm/UZBZIJKVcGop/3gCHXYnKH+OY5zc8cmt9Jg4CIwEqrSKeOX0bE8LSPRpVRXH4v8OcMaMei/HQejlH8NBwybEdJ4mhl8vHaFEjDbIWoOujmiRQF2263 angle@puddle&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">lifecycle</span> { </span></span><span class="line"><span class="cl"><span class="n"> ignore_changes</span> <span class="o">=</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="k">cipassword</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="k">network</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="k">desc</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="p">]</span> </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} </span></span></code></pre></td></tr></table> </div> </div><p>There aren&rsquo;t many changes from the previous example, the name and the IP address use the index in order to avoid 5 VMs having the same name and IP address and that&rsquo;s it!</p> <h2 id="conclusion">Conclusion</h2> <p>Hopefully this gives you inspiration for some awesome things you can do to automate your infrastructure and make working in a virtualized environment easier. Thank you for reading.</p> Homelab Current Form https://inherently.xyz/blog/homelab-current-form/ Sun, 07 Feb 2021 14:35:32 +0200 https://inherently.xyz/blog/homelab-current-form/ <p>The first part of the software changes I made was covered <a href="https://inherently.xyz/blog/homelab-evolved/">in the first part</a> where I explained how and why I started going down this path.</p> <h2 id="software-choices">Software choices</h2> <p>This whole journey was about making my home infrastructure better. Part of that was about having a way to more easily create the foundation on which kubernetes would run on, as well as describing my setup as code. Proxmox is a beast in its own right. Features include being able to manage kvm virtual machines and lxc containers, an API that can be used to interact with it programmatically and most importantly being open source. While researching what automation tools could interact with proxmox, I found a community-made terraform provider as well as a set of two ansible community modules (kvm and lxc). After thinking about it a little bit, I wanted to use terraform in a non-cloud environment but also gather some knowledge about it so that’s what I decided to use. I can have my provisioning requirements in a file that terraform understands and store it in git which is exactly what I was going for. Ansible is still in the picture since it is used to set up and configure the debian environment inside the virtual machines. Now that the hypervisor part is covered, let&rsquo;s move on to running services.</p> <h2 id="making-it-store-is-harder-than-making-it-run">Making it store is harder than making it run</h2> <p>As mentioned <a href="https://inherently.xyz/blog/homelab-evolved/">in the first part about software changes</a>, I was learning kubernetes and now I could not only wipe and recreate the cluster itself but also the entire virtual machines that it was running on. Some time after starting to use proxmox with terraform I attempted to use rancher to manage kubernetes but ended up ditching it due to various problems with running even basic stuff on it (very likely that it’s a case of PEBCAK, I don’t think rancher is terrible or anything like that).</p> <h3 id="the-problem">The problem</h3> <p>However the problem of shared storage continued to taunt me for the following months. There was seemingly nothing that a simple fella could do to use a nice and simple NAS running truenas core as storage that is able to be dynamically provisioned for use by kubernetes. Now, I hear you, &ldquo;what about nfs-client-provisioner&rdquo;, someone less familiar with this pile of madness might exclaim. Indeed it does exist and barely work except the helm chart for it is deprecated and it does not work with kubernetes version 1.20 and later since it does not seem to be using CSI drivers.</p> <h3 id="i-really-tried">I really tried</h3> <p>Months of furious and frustrating testing ensued. Not only was I trying to get applications running on kubernetes, I was also fighting with the unexpectedly complex tast of using the storage server I had available.</p> <h4 id="glusterfs">glusterfs</h4> <p>I&rsquo;ve gone through basically any and all commonly suggested options for dynamically provisioned storage. Prette early on I tried glusterfs with heketi by making 3 LXC containers and mounting an nfs share to each one that would serve as the brick in the gluster volume. Suffice it to say that it didn&rsquo;t work and things were getting out of hand.</p> <h4 id="longhorn">longhorn</h4> <p>After a bit more research and I found out that longhorn, another project by the authors of k3s, used iscsi to communicate with kubernetes. That could work I thought, except there was no coherent example of how to use it without using targetd for iscsi. Longhorn was starting to look more appealing, I could just put the virtual drives of the VMs on an nfs share, run longhorn inside the VMs to pool all their storage together and call it good enough. No, I could not give up yet. A sub-optimal solution would do if there was no other way but I was convinced something more was out there. My patience and hope were running out but not empty yet.</p> <h4 id="success">success</h4> <p>That all changed in early January where during my nearly daily search for possible storage solutions I hadn’t tried, I found out about <a href="https://github.com/democratic-csi/democratic-csi">democratic-csi</a>. This was it. Made to be used with freenas, truenas as well as DIY ZFS setups. The silver bullet was here. Just a few minutes of reading about it and writing my configs, a short(read: long) helm command later and&hellip;success! The test pod was using the newly created storageclass that was backed by the nfs share on truenas. After that I rushed to deploy my standard set of gitea, droneci and minecraft to test it out and it was working for real without a hitch.</p> <h2 id="conclusion">Conclusion</h2> <p>This was a long journey and it isn’t coming to a close any time soon. The next step is to continuous deployment but that’s an issue for another time. To conclude as briefly as possible, I’ve no put most of the critical pieces of my homelab in a single git repo that I can use to recreate almost all of it from scratch with minimal manual intervention (there are still a few quirks like not having dynamic inventory for ansible and having to manually copy IPs but I can put that aside for now). Despite the imperfections like not having dynamic inventory for ansible or having secrets stored unencrypted in git, I&rsquo;m very happy with the setup is working. If you missed them, make sure to check out the <a href="https://inherently.xyz/blog/hardware-updates-2020/">hardware updates</a> and <a href="https://inherently.xyz/blog/homelab-evolved/">the first part about software changes</a> for a better of what I&rsquo;ve been up to.</p>