REST API for ProxmoxAAS
Arthur Lu
a0109d3546
- split config from user data to config.json, add config.hson.template - moved default user data localdb to root folder - moved pve, localdb, ldap backend handlers to backends sub folder - add dynamic loading of all backends - add dynamic mapping for auth backends to support multiple auth sources - update affected endpoints |
||
---|---|---|
config | ||
service | ||
src | ||
.eslintrc.json | ||
.gitignore | ||
package.json | ||
README.md | ||
start.sh |
ProxmoxAAS API - REST API for ProxmoxAAS Dashboard
ProxmoxAAS API provides functionality for the Dashboard by providing a proxy API for the Proxmox API, and an API for requesting resources within a defined quota.
Prerequisites
- ProxmoxAAS-Dashboard
- Proxmox VE Cluster (v7.0+)
- Reverse proxy server which can proxy the dashboard and API
- FQDN
- Server with NodeJS (v18.0+) and NPM installed
Configuring API Token and Permissions
In Proxmox VE, follow the following steps:
- Add a new user
proxmoxaas-api
to Proxmox VE - Create a new API token for the user
proxmoxaas-api
and copy the secret key to a safe location - Create a new role
proxmoxaas-api
with at least the following permissions:- VM.* except VM.Audit, VM.Backup, VM.Clone, VM.Console, VM.Monitor, VM.PowerMgmt, VM.Snapshot, VM.Snapshot.Rollback
- Datastore.Allocate, Datastore.AllocateSpace, Datastore.Audit
- User.Modify
- Pool.Audit
- Add a new API Token Permission with path:
/
, select the API token created previously, and role:proxmoxaas-api
- Add a new User Permission with path:
/
, select theproxmoxaas-api
user, and role:proxmoxaas-api
Installation - API
- Clone this repo onto
Dashboard Host
- Run
npm install
to initiaze the package requirements - Copy
template.localdb.json
aslocaldb.json
and modify the following values underpveAPIToken
:- pveAPI - the URI to the Proxmox API, ie
<proxmoxhost>:8006/api2/json
or<proxmox URL>/api2/json
if Proxmox VE is behind a reverse proxy. - hostname - the ProxmoxAAS-Dashboard URL, ie
host.domain.tld
- domain - the base domain for the dashboard and proxmox, ie
domain.tld
- listenPort - the port you want the API to listen on, ie
8080
- pveAPIToken - the user(name), authentication realm, token id, and token secrey key (uuid)
- pveAPI - the URI to the Proxmox API, ie
- (Optional) In order to allow users to customize instance pcie devices, the API must use the root credentials for privilege elevation. Modify the following values under
pveroot
in order to use this feature:- username: root user name, typically
root@pam
- password: root user password
- username: root user name, typically
- You may also wish to configure users at this point as well. An example user config is shown in the template.
- Start the service using
node .
, or call the provided shell script, or use the provided systemctl service script
Installation - Reverse Proxy
- Configure nginx or preferred reverse proxy to reverse proxy the dashboard. The configuration should include at least the following:
server {
listen 443 ssl;
server_name paas.<FQDN>;
location / {
return 301 "/dashboard/";
}
location /dashboard/ {
proxy_pass http://proxmoxaas.dmz:8080/;
proxy_redirect default;
}
location /api/ {
proxy_pass http://proxmoxaas.dmz:80/api/;
proxy_redirect default;
}
}
- Start nginx with the new configurations
Result
After these steps, the ProxmoxAAS Dashboard should be available and fully functional at paas.<FQDN>
or paas.<FQDN>/dashboard/
.