REST API for ProxmoxAAS
bb047a3782
auth endpoint now fetches all relevant backend tokens |
||
---|---|---|
config | ||
service | ||
src | ||
.eslintrc.json | ||
.gitignore | ||
package.json | ||
README.md | ||
start.sh |
ProxmoxAAS API - REST API for ProxmoxAAS Dashboard
ProxmoxAAS API provides functionality for the Dashboard by providing a proxy API for the Proxmox API, and an API for requesting resources within a defined quota.
Installation
Prerequisites
- ProxmoxAAS-Dashboard
- Proxmox VE Cluster (v7.0+)
- Reverse proxy server which can proxy the dashboard and API
- FQDN
- Server with NodeJS (v18.0+) and NPM installed
Configuring API Token and Permissions
In Proxmox VE, follow the following steps:
- Add a new user
proxmoxaas-api
to Proxmox VE - Create a new API token for the user
proxmoxaas-api
and copy the secret key to a safe location - Create a new role
proxmoxaas-api
with at least the following permissions:- VM.* except VM.Audit, VM.Backup, VM.Clone, VM.Console, VM.Monitor, VM.PowerMgmt, VM.Snapshot, VM.Snapshot.Rollback
- Datastore.Allocate, Datastore.AllocateSpace, Datastore.Audit
- User.Modify
- Pool.Audit
- Add a new API Token Permission with path:
/
, select the API token created previously, and role:proxmoxaas-api
- Add a new User Permission with path:
/
, select theproxmoxaas-api
user, and role:proxmoxaas-api
Installation - API
- Clone this repo onto
Dashboard Host
- Run
npm install
to initiaze the package requirements - Copy
template.config.json
asconfig.json
and modify the following values:- In
backends/pve/config
:- url: the URI to the Proxmox API, ie
http://<proxmoxhost>:8006/api2/json
orhttp://<proxmox URL>/api2/json
if Proxmox VE is behind a reverse proxy. - token: the user(name), authentication realm (pam), token id, and token secrey key (uuid)
- root (Optional): In order to allow users to customize instance pcie devices, the API must use the root credentials for privilege elevation. Provide the root username, ie.
root@pam
, and root user password
- url: the URI to the Proxmox API, ie
- In
backends/paasldap/config
(Optional):- url: url to a PAAS-LDAP server API ie.
http://<paasldap-host>:8082
- url: url to a PAAS-LDAP server API ie.
- In
handlers/auth
:- Add any authentication handlers to be used by the API. Add the realm name (ie.
pve
) as the key and the handler name as provided inbackends
. For example, a PAAS-LDAP handler could be added as"paas-ldap": "paasldap"
and users in the realmuser@paas-ldap
will use this handler to perform auth actions. Refer to backends
- Add any authentication handlers to be used by the API. Add the realm name (ie.
- In
application
:- hostname - the ProxmoxAAS-Dashboard URL, ie
host.domain.tld
- domain - the base domain for the dashboard and proxmox, ie
domain.tld
- listenPort - the port you want the API to listen on, ie
8081
- hostname - the ProxmoxAAS-Dashboard URL, ie
- In
useriso
:- node: host of storage with user accessible iso files
- storage: name of storage with user accessible iso files
- In
- Start the service using
node .
, or call the provided shell script, or use the provided systemctl service script
Installation - Reverse Proxy
- Configure nginx or preferred reverse proxy to reverse proxy the dashboard. The configuration should include at least the following:
server {
listen 443 ssl;
server_name paas.<FQDN>;
location / {
return 301 "/dashboard/";
}
location /dashboard/ {
proxy_pass http://proxmoxaas.dmz:8080/;
proxy_redirect default;
}
location /api/ {
proxy_pass http://proxmoxaas.dmz:80/api/;
proxy_redirect default;
}
}
- Start nginx with the new configurations
Result
After these steps, the ProxmoxAAS Dashboard should be available and fully functional at paas.<FQDN>
or paas.<FQDN>/dashboard/
.