vagrant-proxmox issue

slj

New Member
Aug 2, 2017
18
0
1
53
Hi, there.

I am trying to use Vagrant for provisioning VMs in ProxmoxVE 5.0. However, vagrant-proxmox hasn't been updating for a long time, so I tried the newest fork.

But when I try to provisioning by (on MacOS):

$ vagrant up --provider=proxmox

It says:
Unable to communicate with proxmox server:
SSL_connect returned=1 errno=0 state=error: certificate verify failed


What is wrong? What should I do?

By the way, here is what I have done:
$ git clone https://github.com/postageapp/vagrant-proxmox.git
$ cd vagrant-proxmox
$ gem build vagrant-proxmox.gemspec
$ vagrant plugin install vagrant-proxmox-0.1.1.gem
$ vagrant box add dummy dummy_box/dummy.box


Then edit the Vagrantfile:
Vagrant.configure('2') do |config|

config.vm.provider proxmox do |proxmox|
proxmox.endpoint = 'https://10.111.66.153:8006/api2/json'
proxmox.user_name = 'root@pam'
proxmox.password = 'admin'
proxmox.vm_id_range = 900..903
proxmox.vm_name_prefix = 'vagrant_'
proxmox.openvz_os_template = 'local:vztmpl/vagrant-proxmox-ubuntu-12.tar.gz'
proxmox.vm_type = :lxc
proxmox.vm_memory = 256
end

config.vm.define :box, primary: true do |box|
box.vm.box = 'dummy'
box.vm.network public_network, ip: '10.111.66.110'
end

end

Finally,
$ vagrant up --provider=proxmox
 
Last edited:
The problem is the self-signed certificate used by the VM. According to this issue it's possible to add
Code:
config.vm.box_download_insecure = true
to the config to skip the certificate verification. Alternatively the
Code:
--insecure
parameter may work for vagrant up.
 
  • Like
Reactions: slj
Thanks, pabernethy.

So I tried adding "proxmox.box_download_insecure = true" as follows:
Vagrant.configure('2') do |config|

config.vm.provider proxmox do |proxmox|
proxmox.endpoint = 'https://10.111.66.153:8006/api2/json'
proxmox.user_name = 'root@pam'
proxmox.password = 'admin'
proxmox.vm_id_range = 900..903
proxmox.vm_name_prefix = 'vagrant_'
proxmox.openvz_os_template = 'local:vztmpl/vagrant-proxmox-ubuntu-12.tar.gz'
proxmox.vm_type = :lxc
proxmox.vm_memory = 256
proxmox.box_download_insecure = true
end

config.vm.define :box, primary: true do |box|
box.vm.box = 'dummy'
box.vm.network public_network, ip: '10.111.66.110'
end

end

Now when I try provisioning by "vagrant up --provider=proxmox", it says
Unable to communicate with proxmox server:
Connection refused - connect(2) for "10.111.66.153" port 8006

any ideas?
 
You might try the --insecure option for vagrant up in addition to box_download_insecure. I can't find any clear statement on whether or not this option exists, but it's not documented in the --help page.
 
It seems --insecure option is for "vagrant box" command, it does not work for "vagrant up"

Anyway, I am new about vagrant, I need to learn more about how to use vagrant. Thanks, pabernethy!
 
It may very well be that the issue can't be solved by vagrant alone. The simplest way to solve the issue might be to just solve the root of the problem, the untrusted, self-signed certificate. You can either replace it by a trusted cert (let's encrypt would be a simple approach) or add the cert to the trusted certs for your machine.
 
  • Like
Reactions: slj
Alright, I have tried.

In the case of Let's encrypt, it is impossible for my situation since ProxmoxVE is on a LAN, no public domain.

So it seems I have to add the certificate to my machine (macOS). I learned that the ProxmoxVE's pem file is located at
/etc/pve/pve-root-ca.pem

I tried copying pve-root-ca.pem to my macOS, but where should I copy? (or is it correct at all to just copy the pem file to the right directory?)

I kind of found that the following directories contain pem files, so I tried copying pve-root-ca.pem to each of the directories
/opt/vagrant/embedded/lib/ruby/2.2.0/rubygems/ssl_certs/
/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/ssl_certs/
/usr/local/Cellar/ruby/2.4.1_1/lib/ruby/2.4.0/rubygems/ssl_certs/rubygems.org/
/usr/local/lib/ruby/2.4.0/rubygems/ssl_certs/rubygems.org/

except for the second directory, because it says "operation not permitted"

Unfortunately, it still doesn't work, maybe the second directory is the right one I should copy to?
 
Thanks for the info about Apple Support.

So I double clicked the "pve-root-ca.pem" file, there are three options: "login", "Local Items" and "System". I imported into "login" and "System" ("Local Items" failed), unfortunately, there is no change.

I wonder why there is a problem such as SSL, since vagrant-proxmox has been out for a while, it seems no one has such problem, weird.
 
Does it actually prevent the VM from starting? Because if it doesn't you could just ignore it.
 
(Sorry for my late reply, I had been on 5-day holiday)

There's no VMs created, maybe my Vagrantfile's configuration is wrong?
 
I vaguely recall fighting a similar battle trying to get kvm vms setup with vagrant. I was not successful due to time constraints. I did run across a helpful tip to increase the verbosity of what was being logged on the forums. (sorry I can't find it nor do I remember who provided this) Here is a diff file for it.

Code:
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index a96518a..165d011 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -127,6 +127,8 @@ sub log_request {
 
     my $msg = "$peerip - $userid [$timestr] \"$requestline\" $code $content_length\n";
 
+    $msg .= Dumper($reqstate) if $code != 200;
+
     $self->write_log($msg);
 }

This is getting long in the tooth so I would probably proceed with caution but this was working during the 4.x series.
 
  • Like
Reactions: slj
Thanks, Denny

I looked /usr/share/perl5/PVE/HTTPServer.pm
It seems the HTTPServer.pm file has changed in ProxmoxVE 5.0?

How do I change the new HTTPServer.pm file?
 

Attachments

  • HTTPServer.txt
    5 KB · Views: 7
In case anyone stumbles up this solution with the same problem, the solution I found was too add the contents of PVE's pve-root-ca.pem file to /opt/vagrant/embedded/cacert.pem. This allows Vagrant to run its SSL check properly and trusted the self signed cert provided by Proxmox.

Hope this helps!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!