hashicorp
Firewall / http_bind_address forwarding forwarding
I have a question about the web server that is built in into Packer.
The http_bind_address (and friends) can be used for accessing files from proxmox to the build machine e.g. http://{{ .HTTPIP }}:{{ .HTTPPort }}.
In case you are using promox in a datacenter. the build machine might not be available.
My current workaround is:
# forward 127.0.0.1:8000 to the remote proxmox to 127.0.0.1:8000
ssh -N -R 127.0.0.1:8000:127.0.0.1:8000 root@proxmox
And set
http_bind_address = 127.0.0.1
http_port_min = 8000
http_port_max = 8000
This works - however - this now requires ssh to be available. Which might be also not the case.
Question:
- Is there any workaround for this?
- Can we add some
http_forward_from_build_host = trueflag to this plugin?
I think there is really no nice solution here, since the Proxmox API that the packer plugin is using, doesn't allow any code execution.
Maybe using a 3rd computer as a light house is a workaround.
- Proxmox connects (via SSH + port forwarding) to computer L and does 127.0.0.1:8000:127.0.0.1:8000
- Build computer connects (via SSH + port forwarding) to computer L and does 127.0.0.1:8000:127.0.0.1:8000
Now http://{{ .HTTPIP }}:{{ .HTTPPort }} works.
Yes, I have a "bastion" host (a VM) in a seperate network with a firewall port rules for that HTTP port, on that VM is running the gitlab runner / packer and builts. You would need to open a firewall port, either that HTTP port or SSH in your case.
I have a solution:
https://github.com/Pumba98/proxmox-packer-templates?tab=readme-ov-file#packer-webserver-forwarding
It works for both cases.
- You can connect to your proxmox server via SSH.
- You can't connect to your proxmox server via SSH - but the build host and the proxmox host can connect to a lighthouse.
It's sweet and simple.
Should we close this question? Do you think it would make sense to document the ideas in the packer-plugin-proxmox?