The LunaHousehold Proxmox cluster is provisioned as described.

From bare metal the cluster has the provisioning account (luna-household-provisioner) created.

As the VM will be provisioned with cloud-init, modifications are required to allow the provisioning account to ssh into every node of the cluster.

Doing this manually is fucking stupid.

I’ll be using bpg proxmox as my provider, but both bpg and telmate have documentation which helps understand what is required to be done. The telmate provider documentation is a bit clearer.

Cloud-Init FAQ - Proxmox VE

Cloud-Init FAQ - Proxmox VE

User Management - Proxmox VE

bpg-proxmox

telmate

Terraform Registry

1. A role needs to be created. This role requires the following privileges:
   1. x
   2. y
   3. z
2. A user needs to be created. This user needs to be in the pve domain.
3. Attach the role to the user.

pveum role add <ROLE> -privs "Datastore.AllocateSpace Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Migrate VM.Monitor VM.PowerMgmt SDN.Use"
pveum user add <USER>@pve --password <password>
pveum aclmod / -user <USER>@pve -role <ROLE>

Secrets Engine

Cluster Shared Storage

Prox-Mox Cluster UI

Users, Policies, and Permissions

GitGuardian

Architecture

Architecture