website/integrations: proxmox: cleanup guide (#11894)
* website/integrations: proxmox: clarify location of Providers tab Updates the guide to explicitly state the path to the Providers tab. Signed-off-by: 4d62 <github-user@sdko.org> * website/integrations: proxmox: cleanup instructions Cleans up instructions to make them more readable Signed-off-by: 4d62 <github-user@sdko.org> * website/integrations: proxmox: specify application tab location Specifies the location of the Applications tab in the admin interface Signed-off-by: 4d62 <github-user@sdko.org> * website/integrations: proxmox remove duplicate instructions Some instructions were copied over in my previous commit and were never removed. This commit removes redundant instructions Signed-off-by: 4d62 <github-user@sdko.org> * website/integrations: proxmox: try to adhere to style guide Touch up a few things to try to make it match Signed-off-by: 4d62 <github-user@sdko.org> * website/integrations: proxmox: lint Lint with prettier * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Signed-off-by: 4d62 <github-user@sdko.org> * website/integrations: proxmox: address review comment Address review comment https://github.com/goauthentik/authentik/pull/11894#discussion_r1837106698 - Merge lines 42 and 44 Signed-off-by: 4d62 <github-user@sdko.org> * website/integrations: proxmox: lint run `npx prettier --write website/integrations/services/proxmox-ve/index.md` * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> * Update website/integrations/services/proxmox-ve/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: 4d62 <github-user@sdko.org> --------- Signed-off-by: 4d62 <github-user@sdko.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
4d62
@ -9,12 +9,12 @@ sidebar_label: Proxmox VE
|
||||
|
||||
## What is Proxmox VE
|
||||
|
||||
> Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH.
|
||||
> Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage, and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH.
|
||||
>
|
||||
> -- https://pve.proxmox.com/wiki/Main_Page
|
||||
|
||||
:::caution
|
||||
This requires Proxmox VE 7.0 or newer.
|
||||
Requires Proxmox VE 7.0 or newer.
|
||||
:::
|
||||
|
||||
## Preparation
|
||||
@ -24,36 +24,61 @@ The following placeholders will be used:
|
||||
- `proxmox.company` is the FQDN of the Proxmox VE server.
|
||||
- `authentik.company` is the FQDN of the authentik install.
|
||||
|
||||
### Step 1
|
||||
## authentik configuration
|
||||
|
||||
Under _Providers_, create an OAuth2/OpenID provider with these settings:
|
||||
1. In the Admin interface, navigate to **Applications -> Providers** to create an OAuth2/OpenID provider with these settings:
|
||||
|
||||
- Name: proxmox
|
||||
- Redirect URI: `https://proxmox.company:8006` (Note the absence of the trailing slash, and the inclusion of the webinterface port)
|
||||
- Signing Key: Select any available key
|
||||
- **Name:** proxmox
|
||||
- **Redirect URI:** `https://proxmox.company:8006` (No trailing slash, include the web interface port)
|
||||
- **Signing Key:** Select any available key
|
||||
|
||||
### Step 2
|
||||
2. Create an application using the provider.
|
||||
- Under **Applications** > **Applications** in the Admin interface, create a new application and configure it to use the provider created in the previous step.
|
||||
- Optionally, apply access restrictions to the application.
|
||||
- Set the **Launch URL** to `https://proxmox.company:8006`.
|
||||
|
||||
Create an application which uses this provider. Optionally apply access restrictions to the application.
|
||||
## Proxmox VE configuration (using the web interface)
|
||||
|
||||
Set the Launch URL to `https://proxmox.company:8006`.
|
||||
1. Log in to the Proxmox VE web interface using an administrative account.
|
||||
|
||||
## Proxmox VE Setup
|
||||
2. Navigate to authentication source settings.
|
||||
|
||||
Proxmox VE allows configuration of authentication sources using the web interface (under Datacenter -> Permissions -> Realms).
|
||||
- Go to **Datacenter** > **Permissions** > **Realms**.
|
||||
- Click **Add** and select **Realm** to open the Add Realm dialog.
|
||||
|
||||
|
||||
3. Fill out the OpenID Connect settings.
|
||||
|
||||
Another way is to use the CLI. SSH into any Proxmox cluster node, and issue the following command:
|
||||
- In the dialog that appears, fill in the following details:
|
||||
- **Issuer URL**: Enter the Issuer URL from authentik (found in your provider's overview tab), e.g., `https://authentik.company/application/o/proxmox/`.
|
||||
- **Realm**: Enter a name for this authentication source, such as `authentik`.
|
||||
- **Client ID**: Enter the Client ID found on the provider overview page.
|
||||
- **Client Key**: Enter the Client Secret. (To find this value click **Edit** on the Provider overview page.)
|
||||
- **Username claim**: Set this to `username`.
|
||||
- **Autocreate users**: Check this box if you want Proxmox to automatically create users upon first login. If checked, users will appear in Proxmox with the format `<authentik username>@authentik`.
|
||||
- **Default**: Check this if you want OpenID Connect to be pre-selected as the default on the login screen.
|
||||
|
||||
`pveum realm add authentik --type openid --issuer-url https://authentik.company/application/o/proxmox/ --client-id xxx --client-key xxx --username-claim username --autocreate 1`
|
||||
**Example configuration**:
|
||||
|
||||
You can find the Issuer URL on the Provider Metadata tab in authentik. You can find the Client ID and Key on the Provider Edit dialog in authentik.
|
||||
|
||||
|
||||
After configuring the source in Proxmox, any user that logs in to Proxmox for the first time automatically gets an user named `<authentik username>@<pve realm name>`. In this example,
|
||||
authentik user `bob` will get an user named `bob@authentik` in Proxmox. You can then assign Permissions as normally in Proxmox. You can also pre-create the users in Proxmox if you want
|
||||
the user to be able to perform actions immediately after first login.
|
||||
4. **Save the configuration**.
|
||||
|
||||
There is no way to directly trigger an OpenID Connect login in Proxmox, but if you set the source as 'default', it will be automatically selected on the Proxmox login screen.
|
||||
- Click **Add** to save the settings.
|
||||
|
||||
|
||||
5. **Assign permissions**
|
||||
|
||||
- After setting up the authentication source, go to **Permissions** to assign roles and permissions for each user as needed.
|
||||
|
||||
6. **Logging in**
|
||||
|
||||
- Users can select this authentication method from the Proxmox login screen, or if set as default, it will be automatically selected.
|
||||
|
||||
|
||||
|
||||
## Proxmox VE configuration (using CLI)
|
||||
|
||||
To configure OpenID Connect authentication via the CLI, SSH into any Proxmox cluster node and use the following command:
|
||||
|
||||
```bash
|
||||
pveum realm add authentik --type openid --issuer-url https://authentik.company/application/o/proxmox/ --client-id xxx --client-key xxx --username-claim username --autocreate 1
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user