Where can I put a .qcow2 image so that non-root users can use it to create a VM?

[joshcorreia]

My end goal is for a non-root user to import a .qcow2 image in order to create a VM as part of a CI/CD pipeline.

I'm currently trying to use the Ansible proxmox_kvm module. Unsurprisingly, I'm hitting the following error due to permissions issues:

$ ansible-playbook -i inventory.yaml create_proxmox_vm.yaml -v

No config file found; using defaults


PLAY [Create a VM in proxmox from a .qcow2 file] ***********************************************************************************************************


TASK [Gathering Facts] *************************************************************************************************************************************

ok: [localhost]


TASK [Create new container with minimal options] ***********************************************************************************************************

fatal: [localhost]: FAILED! => {"changed": false, "msg": "creation of qemu VM ansible-vm-test with vmid 1000 failed with exception=500 Internal Server Error: Only root can pass arbitrary filesystem paths. at /usr/share/perl5/PVE/Storage.pm line 542.", "vmid": 1000}


PLAY RECAP *************************************************************************************************************************************************

localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Here are the contents of `create_proxmox_vm.yaml` with the sensitive data removed:

- name: Create a VM in proxmox from a .qcow2 file
  hosts: localhost
  tasks:
  - name: Create new container with minimal options
    community.general.proxmox_kvm:
      vmid: 1000
      node: test1
      api_host: test1.test.com
      api_user: <api_user_here>
      api_password: <password_here>
      name: ansible-vm-test
      sata:
        sata0: local:0,import-from=/home/josh/myimage.qcow2,format=qcow2
      bootdisk: sata0

The error message "Only root can pass arbitrary filesystem paths" seems to indicate that there is a non-arbitrary filesystem path that I might be able to point this to. Where would that location be? Does such a location exist?

Thank you!

 

[bbgeek17]

The error message "Only root can pass arbitrary filesystem paths" seems to indicate that there is a non-arbitrary filesystem path that I might be able to point this to. Where would that location be? Does such a location exist?

In the code we have the following:

my %import_from_fmt = (
    'import-from' => {
        type => 'string',
        format => 'pve-volume-id-or-absolute-path',
        format_description => 'source volume',
        description => "Create a new disk, importing from this source (volume ID or absolute ".
            "path). When an absolute path is specified, it's up to you to ensure that the source ".
            "is not actively used by another process during the import!",
        optional => 1,
    },
);

So there is no acceptable absolute or relative path that will work for you. Unfortunately, the import-from is not wired to accept PVE storage object as a source. I have not tried it, but perhaps you can create a "golden" image, import your templates there and then specify import-from using that disk/image as source.

Let us know if that works.
Good luck

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[joshcorreia]

I have not tried it, but perhaps you can create a "golden" image, import your templates there and then specify import-from using that disk/image as source.

I'm not very well versed in what this means in terms of Proxmox. What would a golden image file look like on disk? Is that an .iso?

Thank you for your help!

 

[LnxBil]

What would a golden image file look like on disk?

It's just a VM disk. It looks like all the others you have.

 

[joshcorreia]

It's just a VM disk. It looks like all the others you have.

If it's the same as the .qcow that I have then how can I import it? Won't I face the same permissions issue?

 

[bbgeek17]

Step 1 - open a feature enhancement request on https://bugzilla.proxmox.com/ to add support for qcow to be handled in Template/ISO location, or similar.

Step 2 - create a VM with disk imported from a qcow, ie golden image:
qm importdisk 203 $ISO/$OSIMAGE blockbridge-nvme --format raw

Step 3 - create other VMs and reference golden image:
qm set 204 --scsi2 blockbridge-nvme:0,import-from=blockbridge-nvme:vm-203-disk-0

good luck

P.S. I did not test the entire workflow.

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[LnxBil]

If it's the same as the .qcow that I have then how can I import it?

Depending on the used storage technology, just rename the file. Otherwise look in the Wiki, man qemu-img and man qm.

Won't I face the same permissions issue?

Everything runs as root. Users on the WebUI are only for permissions in the WebUI and do (normally) not correspond to users on PVE (and don't have to).

 

[bbgeek17]

One way to avoid any sort of hacks is to use Templates, so your users can just clone the appropriate Template.

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox