Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create LXC: 403 Forbidden #1071

Open
nitwhiz opened this issue Aug 8, 2024 · 4 comments
Open

Unable to create LXC: 403 Forbidden #1071

nitwhiz opened this issue Aug 8, 2024 · 4 comments

Comments

@nitwhiz
Copy link

nitwhiz commented Aug 8, 2024

I'm unable to create a new LXC with v3.0.1-rc3. I get a 403 response, even though I'm using a role with every single permission (essentially Administrator - I tried it with the Administrator role, too), with username & password authentication. No OTP.

Output:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.lx-container.proxmox_lxc.lx_containers["test-lxc"] will be created
  + resource "proxmox_lxc" "lx_containers" {
      + arch         = "amd64"
      + cmode        = "tty"
      + console      = true
      + cores        = 4
      + cpulimit     = 0
      + cpuunits     = 512
      + hostname     = "test-lxc"
      + id           = (known after apply)
      + memory       = 8192
      + onboot       = true
      + ostemplate   = "local:vztmpl/docker-debian-bookworm.tar.gz"
      + ostype       = "debian"
      + password     = (sensitive value)
      + protection   = false
      + start        = true
      + swap         = 0
      + tags         = (known after apply)
      + target_node  = "my-pve"
      + tty          = 2
      + unprivileged = true
      + unused       = (known after apply)
      + vmid         = (known after apply)

      + features {
          + fuse    = false
          + keyctl  = true
          + mknod   = false
          + nesting = true
            # (1 unchanged attribute hidden)
        }

      + network {
          + bridge   = "vmbr0"
          + firewall = false
          + gw       = "10.50.10.1"
          + hwaddr   = (known after apply)
          + id       = (known after apply)
          + ip       = "10.50.10.23/24"
          + name     = "eth0"
          + rate     = 0
          + tag      = (known after apply)
          + trunks   = (known after apply)
          + type     = (known after apply)
        }

      + rootfs {
          + size    = "32G"
          + storage = "local"
          + volume  = (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.lx-container.proxmox_lxc.lx_containers["test-lxc"]: Creating...
╷
│ Error: error creating LXC container: 403 Forbidden, error status: {"data":null} (params: {"arch":"amd64","cmode":"tty","console":true,"cores":4,"cpulimit":0,"cpuunits":512,"features":"nesting=1,keyctl=1","hostname":"test-lxc","memory":8192,"net0":"name=eth0,bridge=vmbr0,ip=10.50.10.23/24,gw=10.50.10.1","onboot":true,"ostemplate":"local:vztmpl/docker-debian-bookworm.tar.gz","ostype":"debian","password":"admin","pool":"","protection":false,"rootfs":"local:32","start":true,"storage":"local","swap":0,"tags":"","tty":2,"unprivileged":true,"vmid":110})
│ 
│   with module.lx-container.proxmox_lxc.lx_containers["test-lxc"],
│   on modules/lx-container/main.tf line 33, in resource "proxmox_lxc" "lx_containers":
│   33: resource "proxmox_lxc" "lx_containers" {
│ 
╵

TF Code:

resource "proxmox_lxc" "lx_containers" {
  for_each = var.lx_containers

  target_node = "my-pve"

  hostname = format("%s-lxc", each.key)

  ostemplate = "local:vztmpl/docker-debian-bookworm.tar.gz"
  ostype     = "debian"
  arch       = "amd64"

  password     = "admin"
  unprivileged = true

  cores    = each.value.cores
  cpuunits = lookup(var.cpuunits_by_priority, each.value.priority, 100)
  memory   = each.value.memory
  swap     = 0

  start  = true
  onboot = coalesce(each.value.onboot, true)

  features {
    nesting = true
    keyctl  = true
    fuse = coalesce(each.value.enable_fuse, false)
  }

  rootfs {
    storage = "local"
    size    = each.value.disk_size
  }

  network {
    name     = "eth0"
    bridge   = "vmbr0"
    ip       = format("%s/%s", each.value.ip_addr, "24")
    gw       = "10.50.10.1"
    firewall = false
    rate     = coalesce(each.value.net_rate, 0)
  }

  lifecycle {
    ignore_changes = [
      ostemplate,
    ]
  }
}

with

lx_containers = {
  "test" = {
    cores     = 4
    priority  = "medium"
    memory    = 8192
    disk_size = "32G"
    ip_addr   = "10.50.10.23"
  }
}
@nitwhiz
Copy link
Author

nitwhiz commented Aug 8, 2024

On that note, I'm not really a terraform expert, but can I roll back to v2 without any issues?

@im6h
Copy link

im6h commented Aug 28, 2024

It's not definite, but you might consider using the root username and password instead of an API token.
https://registry.terraform.io/providers/Telmate/proxmox/latest/docs#creating-the-connection-via-username-and-password

@nitwhiz
Copy link
Author

nitwhiz commented Aug 29, 2024
edited
Loading

@im6h I tried that in my desperation, and it did not work for me.

@im6h
Copy link

im6h commented Aug 29, 2024
edited
Loading

I guess you need to comment and try each block code features, network, lifecycle to detail problem. In my case, I encounted this issue with mountpoint block because it is not permitted by apis of the proxmox.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nitwhiz @im6h