# Creation d'une VM linux avec opentofu

### Prérequis

- Disposer d'un cluster proxmox valide
- Avoir Opentofu d'installé
- Avoir un serveur linux (Bastion) au seins du cluster avec un e paire de clé SSH de disponible

### Mise en place de la configuration (SSH)

- Transférer la clé SSH publique sur le serveur proxmox 
    - Sur le Serveur (Bastion)  
        ```bash
        > cat .ssh/id_ed25519.pub
        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqLxAZ0VeOyxKeDgxb9Gp7upKGs/w1+NrDRXcVYjLii root@adm-front-01
        ```
    - Sur le Proxmox  
        ```bash
        root@pve-front-01:~# echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqLxAZ0VeOyxKeDgxb9Gp7upKGs/w1+NrDRXcVYjLii root@adm-front-01" >> /root/.ssh/authorized_keys
        ```
    - Test de la connexion depuis le serveur sur le proxmox  
        ```bash
        ssh -q -o BatchMode=yes -o ConnectTimeout=5 root@$PVE_ADDRESS exit
        echo $?
        # Si le retour de la commande est différent de 0 la connexion est en echec
        ```
- Mise en place du fichier provider 
    - créer le fichier provider.tf  
        ```yaml
        terraform {
            required_providers {
            proxmox = {
              source = "bpg/proxmox" # --> https://registry.terraform.io/providers/bpg/proxmox/latest/docs
              version = "0.74.1"
            }
          }
        }
        
        provider "proxmox" {
          endpoint = "https://{PVE_ADDRESS}:8006"
          username = "root@pam"
          password = "{PVE_ROOT_PASSWORD}"
          insecure = true
        
          ssh {
            agent = true
            username = "root"
        
            node {
              name = "pve-front-01"
              address = "{PVE_ADDRESS}"
              port = 2222 # -> PVE SSH PORT
            }
          }
        }
        
        ```
        
        <p class="callout info align-center">Lien vers le fichier [provider.tf](https://book.techoops.fr/attachments/1)</p>
- Initialisation du provider  
    ```bash
    > tofu init
    
    Initializing the backend...
    
    Initializing provider plugins...
    - Reusing previous version of bpg/proxmox from the dependency lock file
    - Using previously-installed bpg/proxmox v0.74.1
    
    OpenTofu has been successfully initialized!
    
    You may now begin working with OpenTofu. Try running "tofu plan" to see
    any changes that are required for your infrastructure. All OpenTofu commands
    should now work.
    
    If you ever set or change modules or backend configuration for OpenTofu,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.
    ```

### Mise en place des fichiers de configuration VMs

- Téléchargement du fichier cloudinit via tofu  
    
    - Créer le fichier file.tf  
        ```yaml
        resource "proxmox_virtual_environment_file" "latest_debian_12" {
          content_type = "vztmpl"
          datastore_id = "local"
          node_name = "pve-front-01"
          source_file {
            path = "http://download.proxmox.com/images/system/debian-12-standard_12.7-1_amd64.tar.zst"
          }
        }
        ```
- Déclaration de la ressource Qemu (VM) 
    - - Créer le fichier test\_qemu.tf  
            ```yaml
            resource "proxmox_virtual_environment_vm" "test-qemu" {
              count = 1
              name      = "test-qemu-0${ count.index + 1 }"
              node_name = "pve-front-01"
            
              initialization {
                datastore_id = "local"
                dns {
                  domain = "kvega.local"
                  servers = ["1.1.1.1", "8.8.8.8"]
                }
                ip_config {
                  ipv4 {
                    address = "192.168.210.1${ count.index + 1 }/26"
                    gateway = "192.168.210.1"
                    # ou encore address = "192.168.1.100/24"
                  }
                }
                user_account {
                  # do not use this in production, configure your own ssh key instead!
                  username = "admin"
                  keys  = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqLxAZ0VeOyxKeDgxb9Gp7upKGs/w1+NrDRXcVYjLii root@adm-front-01",
                    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHXgvmOWJLUrFgmlVa49RdqYqUsyjVAQgAuBq7K7nis kvega@FR-LAP10398",]
                  password = "Strongpassword"
                }
            
              }
            
              memory {
                  dedicated = 4096
              }
            
              cpu {
                  cores = 2
                  type = "host"
              }
            
              network_device {
                  bridge = "ovsbr2"
                  model = "virtio"
              }
            
              lifecycle {
                ignore_changes = [
                  network_device, # on conserve l'adresse MAC pour éviter de régénérer la VM
                ]
              }
            
              operating_system {
                type = "l26"
              }
            
              disk {
                datastore_id = "local"
                file_id      = proxmox_virtual_environment_file.debian_cloud_image.id
                interface    = "virtio0"
                iothread     = true
                discard      = "on"
                size         = 30
              }
            }
            ```

### Application des configurations

Sur un terminal

- Test de configuration 
    - `tofu plan` --&gt; permet de voire ce qui sera fait en quelque sorte un dry-run
    - `tofu apply` --&gt; va appliquer les modification si vous entrez le mot yes à la fin