[SOLVED] [HELP] API Token for root user has no permissions to allocate space - ansible

javierspn

New Member
Apr 15, 2023
19
2
3
Hi team,

I am trying to set up a container with ansible:
YAML:
---
- name: Create test container
  hosts: proxmox_standalone
  gather_facts: true
  remote_user: confmanager
  become: true

  tasks:
    - name: create_container
      proxmox:
        node: kratos
        api_user: "root@pam"
        api_token_secret: "mytoken"
        api_token_id: 'mytokenid'
        api_host: "proxmox.lan"
        ostemplate: "local:vztmpl/debian-12-standard_12.2-1_amd64.tar.gz"
        storage: "local-lvm"
        disk: 4
        password: "mypassword"
        cores: "2"
        cpus: "1"
        memory: "2048"
        swap: "512"
        netif: '{"net0":"name=eth0,bridge=vmbr0"}'
        state: "present"
        hostname: "mytest"

When I execute it I get the following:
Bash:
"msg": "Pre-creation checks of lxc VM 104 failed with exception: 403 Forbidden: Permission check failed (/storage/local, Datastore.Audit|Datastore.AllocateSpace)",
    "vmid": "104"

I initially tried with another user and failed also, but I though I may not be applying the proper permissions...now if not even the root user can I am buffled.

The storage pool exists and it already has running containers:

1711582412147.png

And the api replies properly:
Bash:
curl -k -d 'username=root@pam&password=mypassword'  https://proxmox.lan:8006/api2/json/access/ticket

JSON:
{"data":{"cap":{"dc":{"Sys.Modify":1,"SDN.Use":1,"SDN.Allocate":1,"Sys.Audit":1,"SDN.Audit":1},"vms":{"VM.Config.Cloudinit":1,"VM.Config.Disk":1,"VM.Config.HWType":1,"VM.Snapshot":1,"VM.Config.Memory":1,"VM.Migrate":1,"VM.Snapshot.Rollback":1,"VM.Audit":1,"VM.Clone":1,"Permissions.Modify":1,"VM.Allocate":1,"VM.Backup":1,"VM.Config.CDROM":1,"VM.Console":1,"VM.PowerMgmt":1,"VM.Config.Options":1,"VM.Config.CPU":1,"VM.Config.Network":1,"VM.Monitor":1},"mapping":{"Mapping.Modify":1,"Mapping.Audit":1,"Permissions.Modify":1,"Mapping.Use":1},"nodes":{"Sys.Syslog":1,"Permissions.Modify":1,"Sys.Audit":1,"Sys.Incoming":1,"Sys.Modify":1,"Sys.AccessNetwork":1,"Sys.Console":1,"Sys.PowerMgmt":1},"storage":{"Permissions.Modify":1,"Datastore.AllocateTemplate":1,"Datastore.AllocateSpace":1,"Datastore.Allocate":1,"Datastore.Audit":1},"access":{"User.Modify":1,"Permissions.Modify":1,"Group.Allocate":1},"sdn":{"SDN.Use":1,"Permissions.Modify":1,"SDN.Allocate":1,"SDN.Audit":1}},"username":"root@pam","ticket":"PVE:root@pam:6604ACF2::1W5+LGYtPWx/XNMKI9Ua/vQ6DivexJ4/vWgjNQVe8c51dowibBAJvablcLUaUDuiqvX7nPklKqiNG5zwq3tbHcSK6Drun3Tmou4nep5YKLY7yNcB+cBgQnOhbpgfyeHCoh5lERfzSDtSAZJzI3s3YiDc701t20aBKrF+QTBWT2/ydjIT9bvjHr00EOzRPNwf9DIi+KYswP+oqMPNFG45Z+WaJWGGQTG1jp3ExNvQRkTR3G2U91i9U/RPyTpTUMpekwi0DPq8k2s/NPkiqDY4LH+DTjLYR7pcYYbXYPqtFP6Ub9E2NNm7CgpXDzgiS0evgpyeH2CuVvg6Dn4Yo/Napw==","CSRFPreventionToken":"6604ACF2:2bZkIdpwrTU7lStiI5ORo38FdxjLzHbTYjawrmSXSm0"}}

Regards.
 
I reply to myself. This is the proper way to do it:
YAML:
---
- name: Create test container
  hosts: proxmox_standalone
  gather_facts: true
  remote_user: confmanager
  become: true
  tasks:
    - name: create_container
      proxmox:
        node: kratos
        api_user: "root@pam"
        api_token_secret: "mytokensecret"
        api_token_id: 'mytokenid'
        api_host: "proxmox.lan"
        ostemplate: "local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst"
        disk: sdd-data:4
        password: "lxccontainerpass"
        cores: "2"
        cpus: "1"
        memory: "2048"
        swap: "512"
        netif: '{"net0":"name=eth0,bridge=vmbr0"}'
        state: "present"
        hostname: "mytest"
 
  • Like
Reactions: leesteken