vagrant-proxmox issue

slj

New Member
Aug 2, 2017
18
0
1
52
Hi, there.

I am trying to use Vagrant for provisioning VMs in ProxmoxVE 5.0. However, vagrant-proxmox hasn't been updating for a long time, so I tried the newest fork.

But when I try to provisioning by (on MacOS):

$ vagrant up --provider=proxmox

It says:
Unable to communicate with proxmox server:
SSL_connect returned=1 errno=0 state=error: certificate verify failed


What is wrong? What should I do?

By the way, here is what I have done:
$ git clone https://github.com/postageapp/vagrant-proxmox.git
$ cd vagrant-proxmox
$ gem build vagrant-proxmox.gemspec
$ vagrant plugin install vagrant-proxmox-0.1.1.gem
$ vagrant box add dummy dummy_box/dummy.box


Then edit the Vagrantfile:
Vagrant.configure('2') do |config|

config.vm.provider proxmox do |proxmox|
proxmox.endpoint = 'https://10.111.66.153:8006/api2/json'
proxmox.user_name = 'root@pam'
proxmox.password = 'admin'
proxmox.vm_id_range = 900..903
proxmox.vm_name_prefix = 'vagrant_'
proxmox.openvz_os_template = 'local:vztmpl/vagrant-proxmox-ubuntu-12.tar.gz'
proxmox.vm_type = :lxc
proxmox.vm_memory = 256
end

config.vm.define :box, primary: true do |box|
box.vm.box = 'dummy'
box.vm.network public_network, ip: '10.111.66.110'
end

end

Finally,
$ vagrant up --provider=proxmox
 
Last edited:

pabernethy

Proxmox Retired Staff
Retired Staff
Aug 1, 2017
162
14
18
The problem is the self-signed certificate used by the VM. According to this issue it's possible to add
Code:
config.vm.box_download_insecure = true
to the config to skip the certificate verification. Alternatively the
Code:
--insecure
parameter may work for vagrant up.
 
  • Like
Reactions: slj

slj

New Member
Aug 2, 2017
18
0
1
52
Thanks, pabernethy.

So I tried adding "proxmox.box_download_insecure = true" as follows:
Vagrant.configure('2') do |config|

config.vm.provider proxmox do |proxmox|
proxmox.endpoint = 'https://10.111.66.153:8006/api2/json'
proxmox.user_name = 'root@pam'
proxmox.password = 'admin'
proxmox.vm_id_range = 900..903
proxmox.vm_name_prefix = 'vagrant_'
proxmox.openvz_os_template = 'local:vztmpl/vagrant-proxmox-ubuntu-12.tar.gz'
proxmox.vm_type = :lxc
proxmox.vm_memory = 256
proxmox.box_download_insecure = true
end

config.vm.define :box, primary: true do |box|
box.vm.box = 'dummy'
box.vm.network public_network, ip: '10.111.66.110'
end

end

Now when I try provisioning by "vagrant up --provider=proxmox", it says
Unable to communicate with proxmox server:
Connection refused - connect(2) for "10.111.66.153" port 8006

any ideas?
 

pabernethy

Proxmox Retired Staff
Retired Staff
Aug 1, 2017
162
14
18
You might try the --insecure option for vagrant up in addition to box_download_insecure. I can't find any clear statement on whether or not this option exists, but it's not documented in the --help page.
 

slj

New Member
Aug 2, 2017
18
0
1
52
It seems --insecure option is for "vagrant box" command, it does not work for "vagrant up"

Anyway, I am new about vagrant, I need to learn more about how to use vagrant. Thanks, pabernethy!
 

pabernethy

Proxmox Retired Staff
Retired Staff
Aug 1, 2017
162
14
18
It may very well be that the issue can't be solved by vagrant alone. The simplest way to solve the issue might be to just solve the root of the problem, the untrusted, self-signed certificate. You can either replace it by a trusted cert (let's encrypt would be a simple approach) or add the cert to the trusted certs for your machine.
 
  • Like
Reactions: slj

slj

New Member
Aug 2, 2017
18
0
1
52
Alright, I have tried.

In the case of Let's encrypt, it is impossible for my situation since ProxmoxVE is on a LAN, no public domain.

So it seems I have to add the certificate to my machine (macOS). I learned that the ProxmoxVE's pem file is located at
/etc/pve/pve-root-ca.pem

I tried copying pve-root-ca.pem to my macOS, but where should I copy? (or is it correct at all to just copy the pem file to the right directory?)

I kind of found that the following directories contain pem files, so I tried copying pve-root-ca.pem to each of the directories
/opt/vagrant/embedded/lib/ruby/2.2.0/rubygems/ssl_certs/
/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/ssl_certs/
/usr/local/Cellar/ruby/2.4.1_1/lib/ruby/2.4.0/rubygems/ssl_certs/rubygems.org/
/usr/local/lib/ruby/2.4.0/rubygems/ssl_certs/rubygems.org/

except for the second directory, because it says "operation not permitted"

Unfortunately, it still doesn't work, maybe the second directory is the right one I should copy to?
 

slj

New Member
Aug 2, 2017
18
0
1
52
Thanks for the info about Apple Support.

So I double clicked the "pve-root-ca.pem" file, there are three options: "login", "Local Items" and "System". I imported into "login" and "System" ("Local Items" failed), unfortunately, there is no change.

I wonder why there is a problem such as SSL, since vagrant-proxmox has been out for a while, it seems no one has such problem, weird.
 

pabernethy

Proxmox Retired Staff
Retired Staff
Aug 1, 2017
162
14
18
Does it actually prevent the VM from starting? Because if it doesn't you could just ignore it.
 

slj

New Member
Aug 2, 2017
18
0
1
52
(Sorry for my late reply, I had been on 5-day holiday)

There's no VMs created, maybe my Vagrantfile's configuration is wrong?
 

Denny

Active Member
Jul 28, 2016
86
18
28
57
I vaguely recall fighting a similar battle trying to get kvm vms setup with vagrant. I was not successful due to time constraints. I did run across a helpful tip to increase the verbosity of what was being logged on the forums. (sorry I can't find it nor do I remember who provided this) Here is a diff file for it.

Code:
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index a96518a..165d011 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -127,6 +127,8 @@ sub log_request {
 
     my $msg = "$peerip - $userid [$timestr] \"$requestline\" $code $content_length\n";
 
+    $msg .= Dumper($reqstate) if $code != 200;
+
     $self->write_log($msg);
 }

This is getting long in the tooth so I would probably proceed with caution but this was working during the 4.x series.
 
  • Like
Reactions: slj

slj

New Member
Aug 2, 2017
18
0
1
52
Thanks, Denny

I looked /usr/share/perl5/PVE/HTTPServer.pm
It seems the HTTPServer.pm file has changed in ProxmoxVE 5.0?

How do I change the new HTTPServer.pm file?
 

Attachments

  • HTTPServer.txt
    5 KB · Views: 7

tbowerman

New Member
Jan 18, 2017
2
0
1
31
In case anyone stumbles up this solution with the same problem, the solution I found was too add the contents of PVE's pve-root-ca.pem file to /opt/vagrant/embedded/cacert.pem. This allows Vagrant to run its SSL check properly and trusted the self signed cert provided by Proxmox.

Hope this helps!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!