terraform-provider-proxmox icon indicating copy to clipboard operation
terraform-provider-proxmox copied to clipboard

Published 20 hours ago verified publisher icon bpg

Add support for hookscript

Open otopetrik opened this issue 1 year ago • 4 comments

Is your feature request related to a problem? Please describe. There is currently no way to set hookscript property of VM

Describe the solution you'd like Add hookscript argument to proxmox_virtual_environment_vm., and probably to proxmox_virtual_environment_container.

Describe alternatives you've considered None.

Additional context Hookscripts can be used ensure data safety:

  • to reject VM start of data disk only VMs
  • ensure that at most one VM (of a VM pair, both using same disks) is running. E.g. first VM is using gpu-passthrough, second using just SPICE - for use when completely different VM is using gpu-passthrough)

otopetrik avatar Sep 18 '23 01:09 otopetrik

Right now this only works for VMs. Any chance of this getting applied to containers as well?

smacz42 avatar Feb 24 '24 21:02 smacz42

So I put in some code in a fork of the repo, and came across this.

│ Error: error creating container: received an HTTP 403 response - Reason: Permission check failed (changing the hookscript is only allowed for root@pam) │ │ with proxmox_virtual_environment_container.nixos_container[0], │ on main.tf line 133, in resource "proxmox_virtual_environment_container" "nixos_container": │ 133: resource "proxmox_virtual_environment_container" "nixos_container" {

There's a workaround here that is a patch to the PVE code to allow a specific user to execute this: https://forum.proxmox.com/threads/api-limitations-to-root-pam.101896/

There does also look to be a bug report about a lot of other places that this "you must be the root@pam user" issue shows up that has a link to a full suite of patches: https://bugzilla.proxmox.com/show_bug.cgi?id=2582

A lot of the comments I've read infer that they're not gunna get to this patch suite anytime soon. So the series of patches to enable this won't be applied anytime in the near future, I wouldn't think.

Given this info, let me know if you'd be open to a PR to include the hook script capability for containers, or would want to put that off until PVE enables the ability to add it via the API upstream.

smacz42 avatar Mar 02 '24 21:03 smacz42

Hi @smacz42 👋🏼

Thanks for the info! Even with the limitation to root@pam user account, I still think support for container hook scripts would be great to have. If you're up for it, a PR would be greatly appreciated! :)

bpg avatar Mar 05 '24 02:03 bpg

Marking this issue as stale due to inactivity in the past 180 days. This helps us focus on the active issues. If this issue is reproducible with the latest version of the provider, please comment. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

bpg-autobot[bot] avatar Sep 02 '24 00:09 bpg-autobot[bot]