Description
Summary
Currently, Proxmox_KVM uses Proxmoxer in API mode. Proxmoxer also supports a SSH and (since Proxmoxer 1.3.0) local mode (the main difference being that local is intended for use when you're already SSH'd into the host, and SSH performs this SSH step itself). Supporting SSH mode is probably not worthwhile since it can't do anything API mode can't, but it would be handy to support 'local' mode of operation in Proxmoxer, since it is potentially fewer places to mess with credentials. Assuming that Ansible can already SSH into the Proxmox host, then using local mode, we don't need to also include / use API credentials in the playbook (either directly or indirectly), since the playbook would already be running on the host.
Notable changes for local mode would be that api_host, api_user, and api_password would be no longer required if using local mode. There would need to be a way to specify using backend='local' to Proxmox_KVM so that it can be passed to ProxmoxAPI() (which is called from plugins/module_utils/proxmox.py rather than directly in plugins/modules/cloud/misc/proxmox_kvm.py itself).
The only downside I'm aware of is that I believe Ansible would be essentially accessing Proxmox as root rather than some other limited user, so there may be cases where it is more desirable to do it the current way, such as providing a clear log within Proxmox that the action came from Ansible rather than the root user. However I would like to at least have the option to trade this reduction in logging clarity for simpler playbooks, since for some of them I need to run actions directly on the Proxmox host anyways (i.e. to run qm importdisk ... to import a cloudinit image to a VM disk, since this can't be done via the API), and it saves having to either store credentials in playbooks or pass them in somehow (via variables or vaults, etc).
I propose adding a backend option to Proxmox_KVM, which defaults to https (for normal API usage), but when set to local causes the api_* options to optional and/or ignored rather than required (api_host and api_user are normally required, the others optional) .
Issue Type
Feature Idea
Component Name
proxmox_kvm
Additional Information
The first example in the docs, except using local mode (assumes that this playbook is being run on one of the nodes in the cluster - doesn't necessarily need to be the node the VM is created on):
---
- name: Create VM using local mode
hosts:
- "{{ VM_HOST }}"
tasks:
- name: Create new VM with minimal options
community.general.proxmox_kvm:
backend: local
name: spynal
node: sabrewulfvs the normal API mode as documented (could also be run on "{{ VM_HOST }}" or some other host, but probably don't want to run on all):
---
- name: Create VM using API
hosts:
- localhost
tasks:
- name: Create new VM with minimal options
community.general.proxmox_kvm:
api_user: root@pam
api_password: secret
api_host: helldorado
name: spynal
node: sabrewulfCode of Conduct
- I agree to follow the Ansible Code of Conduct