REST API for ProxmoxAAS
c2ab19b6d6
move getFullInstanceConfig to utils.js, rework resource related utilities to use new quota format |
||
---|---|---|
config | ||
service | ||
src | ||
.eslintrc.json | ||
.gitignore | ||
package.json | ||
README.md | ||
start.sh |
ProxmoxAAS API - REST API for ProxmoxAAS Dashboard
ProxmoxAAS API provides functionality for the Dashboard by providing a proxy API for the Proxmox API, and an API for requesting resources within a defined quota.
Prerequisites
- ProxmoxAAS-Dashboard
- Proxmox VE Cluster (v7.0+)
- Reverse proxy server which can proxy the dashboard and API
- FQDN
- Server with NodeJS (v18.0+) and NPM installed
Configuring API Token and Permissions
In Proxmox VE, follow the following steps:
- Add a new user
proxmoxaas-api
to Proxmox VE - Create a new API token for the user
proxmoxaas-api
and copy the secret key to a safe location - Create a new role
proxmoxaas-api
with at least the following permissions:- VM.* except VM.Audit, VM.Backup, VM.Clone, VM.Console, VM.Monitor, VM.PowerMgmt, VM.Snapshot, VM.Snapshot.Rollback
- Datastore.Allocate, Datastore.AllocateSpace, Datastore.Audit
- User.Modify
- Pool.Audit
- Add a new API Token Permission with path:
/
, select the API token created previously, and role:proxmoxaas-api
- Add a new User Permission with path:
/
, select theproxmoxaas-api
user, and role:proxmoxaas-api
Installation - API
- Clone this repo onto
Dashboard Host
- Run
npm install
to initiaze the package requirements - Copy
template.localdb.json
aslocaldb.json
and modify the following values underpveAPIToken
:- pveAPI - the URI to the Proxmox API, ie
<proxmoxhost>:8006/api2/json
or<proxmox URL>/api2/json
if Proxmox VE is behind a reverse proxy. - hostname - the ProxmoxAAS-Dashboard URL, ie
host.domain.tld
- domain - the base domain for the dashboard and proxmox, ie
domain.tld
- listenPort - the port you want the API to listen on, ie
8080
- pveAPIToken - the user(name), authentication realm, token id, and token secrey key (uuid)
- pveAPI - the URI to the Proxmox API, ie
- (Optional) In order to allow users to customize instance pcie devices, the API must use the root credentials for privilege elevation. Modify the following values under
pveroot
in order to use this feature:- username: root user name, typically
root@pam
- password: root user password
- username: root user name, typically
- You may also wish to configure users at this point as well. An example user config is shown in the template.
- Start the service using
node .
, or call the provided shell script, or use the provided systemctl service script
Installation - Reverse Proxy
- Configure nginx or preferred reverse proxy to reverse proxy the dashboard. The configuration should include at least the following:
server {
listen 443 ssl;
server_name paas.<FQDN>;
location / {
return 301 "/dashboard/";
}
location /dashboard/ {
proxy_pass http://proxmoxaas.dmz:8080/;
proxy_redirect default;
}
location /api/ {
proxy_pass http://proxmoxaas.dmz:80/api/;
proxy_redirect default;
}
}
- Start nginx with the new configurations
Result
After these steps, the ProxmoxAAS Dashboard should be available and fully functional at paas.<FQDN>
or paas.<FQDN>/dashboard/
.