4880a9d6c3
Some checks failed
CD Pipeline / Deploy to Staging (push) Has been cancelled
CD Pipeline / Deploy to Production (push) Has been cancelled
CI Pipeline / Lint and Type Check (push) Has been cancelled
CI Pipeline / Test Backend (push) Has been cancelled
CI Pipeline / Test Frontend (push) Has been cancelled
CI Pipeline / Build (push) Has been cancelled
CI Pipeline / Security Scan (push) Has been cancelled
Deploy to Staging / Deploy to Staging (push) Has been cancelled
Test Suite / frontend-tests (push) Has been cancelled
Test Suite / api-tests (push) Has been cancelled
Test Suite / blockchain-tests (push) Has been cancelled
Type Check / type-check (map[directory:. name:root]) (push) Has been cancelled
Type Check / type-check (map[directory:api name:api]) (push) Has been cancelled
Type Check / type-check (map[directory:portal name:portal]) (push) Has been cancelled
Build Crossplane Provider / build (push) Has been cancelled
Crossplane Provider CI / Go Test (push) Has been cancelled
Crossplane Provider CI / Go Lint (push) Has been cancelled
Crossplane Provider CI / Go Build (push) Has been cancelled
Validate Configuration Files / validate (push) Has been cancelled
- Revised provider-config-template.yaml and provider-config.yaml to reflect updated site names and endpoints for better alignment with VM specifications. - Enhanced documentation regarding authentication methods, emphasizing the use of token-based authentication for production environments. - Updated namespace references to ensure consistency across configuration files.
7.4 KiB
7.4 KiB
Proxmox Base Configuration Review
Date: 2025-01-XX
Status: ⚠️ CONFIGURATION MISMATCH DETECTED
Executive Summary
Review of Proxmox base configurations reveals a critical mismatch between site names used in VM specifications and the provider configuration. This must be fixed before deployment.
Configuration Issues Found
⚠️ Issue 1: Site Name Mismatch
Problem: VM specifications use site-1 and site-2, but provider config uses us-sfvalley.
Current State:
- VM Files: Use
site: "site-1"andsite: "site-2" - Provider Config: Uses
name: us-sfvalley(only site-1 configured) - Impact: VMs referencing
site-2will fail to deploy
Files Affected:
crossplane-provider-proxmox/examples/provider-config.yaml- All VM files in
examples/production/(30 files)
Current Provider Configuration
File: crossplane-provider-proxmox/examples/provider-config.yaml
Current Configuration:
sites:
- name: us-sfvalley
endpoint: "https://192.168.11.10:8006"
node: "ml110-01"
insecureSkipTLSVerify: true
# Site 2 is commented out!
# - name: us-sfvalley-2
# endpoint: "https://192.168.11.11:8006"
# node: "r630-01"
# insecureSkipTLSVerify: true
Issues:
- ❌ Site name
us-sfvalleydoesn't match VM specs (site-1) - ❌ Site 2 is commented out (22 VMs need this!)
- ❌ Site 2 name
us-sfvalley-2doesn't match VM specs (site-2)
Required Configuration
Corrected Provider Configuration
The provider config must define both sites with names matching the VM specifications:
sites:
- name: site-1
endpoint: "https://192.168.11.10:8006"
node: "ml110-01"
insecureSkipTLSVerify: true
- name: site-2
endpoint: "https://192.168.11.11:8006"
node: "r630-01"
insecureSkipTLSVerify: true
Site Configuration Details
Site-1 (ML110-01)
Configuration:
- Name:
site-1(must match VM specs) - Endpoint:
https://192.168.11.10:8006 - Node:
ml110-01 - IP Address: 192.168.11.10
- Hardware: 6 CPU cores, 256 GB RAM
- VMs: 4 production VMs (8 CPU cores total)
VMs on Site-1:
- nginx-proxy-vm
- phoenix-dns-primary
- smom-sentry-01
- smom-sentry-02
Site-2 (R630-01)
Configuration:
- Name:
site-2(must match VM specs) - Endpoint:
https://192.168.11.11:8006 - Node:
r630-01 - IP Address: 192.168.11.11
- Hardware: 52 CPU cores, 768 GB RAM
- VMs: 22 production VMs (54 CPU cores total)
VMs on Site-2:
- cloudflare-tunnel-vm
- All Phoenix Infrastructure VMs (7 VMs)
- All Blockchain Validators (4 VMs)
- Blockchain Sentries (2 VMs)
- Blockchain RPC Nodes (4 VMs)
- Blockchain Services (4 VMs)
Provider Configuration Files
1. Main Provider Config
File: crossplane-provider-proxmox/examples/provider-config.yaml
Status: ⚠️ NEEDS UPDATE
Required Changes:
- Change site name from
us-sfvalleytosite-1 - Uncomment and configure site-2
- Change site-2 name from
us-sfvalley-2tosite-2 - Update namespace to
crossplane-system(recommended)
2. Provider Config Template
File: crossplane-provider-proxmox/examples/provider-config-template.yaml
Status: ⚠️ NEEDS UPDATE
Current State:
- Uses
us-sfvalleyandus-sfvalley-2 - Has more detailed structure with nodes/storage/networks
- Uses different endpoint format (hostnames vs IPs)
Required Changes:
- Update site names to
site-1andsite-2 - Ensure endpoints match actual Proxmox nodes
- Verify node names match (ml110-01, r630-01)
Network Configuration
Proxmox API Endpoints
Site-1 (ML110-01):
- IP: 192.168.11.10
- Port: 8006 (HTTPS)
- Endpoint:
https://192.168.11.10:8006 - Alternative:
https://ml110-01.sankofa.nexus:8006(if DNS configured)
Site-2 (R630-01):
- IP: 192.168.11.11
- Port: 8006 (HTTPS)
- Endpoint:
https://192.168.11.11:8006 - Alternative:
https://r630-01.sankofa.nexus:8006(if DNS configured)
Network Bridge
Both Sites:
- Bridge:
vmbr0 - Network: 192.168.11.0/24
- Gateway: Configured per site
Storage Configuration
Site-1 (ML110-01)
Storage Pools:
- local-lvm: 794.3 GB available
- ceph-fs: 384 GB available
Usage:
- All VMs on ML110-01 use
local-lvm(small disks)
Site-2 (R630-01)
Storage Pools:
- local-lvm: 171.3 GB available
- Ceph OSD: Configured
- ceph-fs: Available (distributed storage)
Usage:
- Small disks (Cloudflare Tunnel):
local-lvm - Large disks (all other VMs):
ceph-fs
Credentials Configuration
Secret Configuration
File: crossplane-provider-proxmox/examples/provider-config.yaml
Current:
apiVersion: v1
kind: Secret
metadata:
name: proxmox-credentials
namespace: default
type: Opaque
stringData:
username: "root@pam"
password: "YOUR_PROXMOX_PASSWORD_HERE"
Recommendations:
- ✅ Use
crossplane-systemnamespace (more secure) - ✅ Use API tokens instead of passwords (recommended)
- ✅ Store credentials securely (not in git)
- ⚠️ Update password before deployment
Token-Based Authentication (Recommended)
stringData:
tokenid: "root@pam!api-token-name"
token: "your-api-token-secret"
TLS Configuration
Current Setting
Both Sites: insecureSkipTLSVerify: true
Security Considerations:
- ⚠️ Development/Testing: Acceptable
- ❌ Production: Should be
falsewith proper certificates - ✅ Recommendation: Use proper TLS certificates in production
Provider Deployment Configuration
File: crossplane-provider-proxmox/config/provider.yaml
Status: ✅ CORRECT
Configuration:
- Namespace:
crossplane-system - ServiceAccount:
crossplane-provider-proxmox - RBAC: Properly configured
- Resource limits: 500m CPU, 512Mi memory
- Health probes: Configured
Action Items
Critical (Must Fix Before Deployment)
-
⚠️ Update Provider Config Site Names
- Change
us-sfvalley→site-1 - Add
site-2configuration - Ensure endpoints are correct
- Change
-
⚠️ Update Provider Config Template
- Align site names with VM specifications
- Verify endpoint formats
-
⚠️ Update Credentials
- Replace placeholder password
- Consider using API tokens
- Move to
crossplane-systemnamespace
Recommended (Before Production)
-
✅ TLS Configuration
- Set
insecureSkipTLSVerify: falsefor production - Configure proper TLS certificates
- Set
-
✅ Documentation
- Document credential management process
- Create deployment checklist
Verification Checklist
Before Deployment
- Provider config has
site-1defined - Provider config has
site-2defined - Site names match VM specifications exactly
- Endpoints are correct (IP addresses or hostnames)
- Node names match (
ml110-01,r630-01) - Credentials are configured (not placeholders)
- Secret namespace is appropriate
- TLS settings are appropriate for environment
Related Documentation
- VM Deployment Plan - Deployment strategy
- VM Configuration Status - VM configuration status
- Provider README - Provider documentation
Last Updated: 2025-01-XX
Status: ⚠️ REQUIRES UPDATES BEFORE DEPLOYMENT