PVE Tokens, API, and Hookscripts

P

proxdrop

New Member
Aug 16, 2024
16
3
3
I'm trying to use Ansible to manage VMs in Proxmox - specifically attach hookscripts as necessary. The hookscripts are valid and attach just fine via "qm set <vmid> --hookscript..." when run on the local PVE node. The issue is going through the Ansible provider, or rather the API in general I think. Adding hookscripts requires root@pam for some reason that I don't understand. It may be valid but I don't know what it is. My root@pam is set with 2FA, and cannot be called programmatically. I tried with API tokens, hoping a valid token would bypass this, but no luck. The token root@pam!temp_token seems to successfully validate, but returns "500 Internal Server Error only root can set hookscript". Am I misunderstanding the API tokens in general? I made sure root@pam!temp_token has the same rights root@pam does. Is root@pam!temp_token able to configure hookscripts?

https://docs.ansible.com/ansible/la.../proxmox_kvm_module.html#parameter-hookscript

Code: 
- name: Add hookscript to existing VM
  community.general.proxmox_kvm:
    api_user: root@pam
    api_token_id: temp_token
    api_token_secret: <secret>
    api_host: helldorado
    vmid: 999
    node: sabrewulf
    hookscript: local:snippets/hookscript.pl
    update: true

API User + Password output:
Code: 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: proxmoxer.core.AuthenticationError: Couldn't authenticate user: missing Two Factor Authentication (TFA)
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Couldn't authenticate user: missing Two Factor Authentication (TFA)"}

API User + Token ID + Secret
Code: 
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Unable to update vm test-vm with vmid 123=500 Internal Server Error: only root can set 'hookscript' config", "vmid": 123}

API User + Token ID + Invalid Secret (to test token cred)
Code: 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: proxmoxer.core.ResourceException: 401 Unauthorized: invalid token value! - {'errors': b''}
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "401 Unauthorized: invalid token value! - {'errors': b''}"}
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom