d-bis/loc_az_hci
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: loc_az_hci (smom-dbis-138 excluded via .gitignore)
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source 
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
defiQUG
2026-02-08 09:04:46 -08:00
commit c39465c2bd
386 changed files with 50649 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
scripts/utils/auto-prep-new-scripts.sh Executable file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
source ~/.bashrc
# Automatically add 'source ~/.bashrc' after shebang to all .sh scripts in subdirs
# Usage: ./auto-prep-new-scripts.sh [--watch]
SCRIPTS_ROOT="/home/intlc/projects/loc_az_hci/scripts"
add_bashrc_source() {
local file="$1"
# Only add if not already present and if it's a bash script
if grep -q "^#!/bin/bash" "$file" && ! grep -q "^source ~/.bashrc" "$file"; then
awk 'NR==1{print; print "source ~/.bashrc"; next}1' "$file" > "$file.tmp" && mv "$file.tmp" "$file"
echo "Patched: $file"
fi
}
find "$SCRIPTS_ROOT" -type f -name '*.sh' | while read -r script; do
add_bashrc_source "$script"
done
if [[ "$1" == "--watch" ]]; then
echo "Watching for changes to .sh scripts..."
while inotifywait -e create -e modify -e move --format '%w%f' -r "$SCRIPTS_ROOT" | grep -E '\.sh$'; do
find "$SCRIPTS_ROOT" -type f -name '*.sh' | while read -r script; do
add_bashrc_source "$script"
done
done
fi

167
scripts/utils/enable-ssh-via-api.sh Executable file
View File

@@ -0,0 +1,167 @@
#!/bin/bash
source ~/.bashrc
# Enable SSH via Proxmox API
# Attempts to enable SSH service and configure root login via API
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Load environment variables
if [ -f "$PROJECT_ROOT/.env" ]; then
set -a
source <(grep -v '^#' "$PROJECT_ROOT/.env" | grep -v '^$' | sed 's/#.*$//' | grep '=')
set +a
fi
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
PVE_USERNAME="${PVE_USERNAME:-root@pam}"
PVE_PASSWORD="${PVE_ROOT_PASS:-}"
PROXMOX_URL="${PROXMOX_ML110_URL:-https://192.168.1.206:8006}"
PROXMOX_NODE="${PROXMOX_NODE:-pve}"
get_api_token() {
local response=$(curl -s -k --connect-timeout 10 --max-time 15 \
-d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
"$PROXMOX_URL/api2/json/access/ticket" 2>&1)
if echo "$response" | grep -q '"data"'; then
local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
local csrf_token=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
echo "$ticket|$csrf_token"
else
echo ""
fi
}
check_ssh_service() {
local tokens=$(get_api_token)
local ticket=$(echo "$tokens" | cut -d'|' -f1)
local csrf_token=$(echo "$tokens" | cut -d'|' -f2)
log_info "Checking SSH service status..."
local services=$(curl -s -k -H "Cookie: PVEAuthCookie=$ticket" \
-H "CSRFPreventionToken: $csrf_token" \
"$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/services" 2>&1)
if echo "$services" | grep -q '"data"'; then
local ssh_status=$(echo "$services" | python3 -c "
import sys, json
r = json.load(sys.stdin)
services = r.get('data', [])
ssh = [s for s in services if 'ssh' in s.get('name', '').lower()]
if ssh:
s = ssh[0]
print(f\"{s.get('name', 'N/A')}|{s.get('state', 'N/A')}|{s.get('enabled', 'N/A')}\")
" 2>/dev/null)
if [ -n "$ssh_status" ]; then
local name=$(echo "$ssh_status" | cut -d'|' -f1)
local state=$(echo "$ssh_status" | cut -d'|' -f2)
local enabled=$(echo "$ssh_status" | cut -d'|' -f3)
echo " Service: $name"
echo " State: $state"
echo " Enabled: $enabled"
if [ "$state" = "running" ] && [ "$enabled" = "1" ]; then
log_info "✓ SSH service is running and enabled"
return 0
else
log_warn "SSH service needs to be started/enabled"
return 1
fi
else
log_warn "SSH service not found in services list"
return 1
fi
else
log_error "Could not query services via API"
return 1
fi
}
enable_ssh_service() {
local tokens=$(get_api_token)
local ticket=$(echo "$tokens" | cut -d'|' -f1)
local csrf_token=$(echo "$tokens" | cut -d'|' -f2)
log_info "Attempting to enable SSH service via API..."
# Try to start SSH service
local start_result=$(curl -s -k -X POST -H "Cookie: PVEAuthCookie=$ticket" \
-H "CSRFPreventionToken: $csrf_token" \
"$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/services/ssh/start" 2>&1)
if echo "$start_result" | grep -q '"data"'; then
log_info "✓ SSH service started"
else
log_warn "Could not start SSH via API: $start_result"
fi
# Try to enable SSH service
local enable_result=$(curl -s -k -X POST -H "Cookie: PVEAuthCookie=$ticket" \
-H "CSRFPreventionToken: $csrf_token" \
"$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/services/ssh/start" 2>&1)
if echo "$enable_result" | grep -q '"data"'; then
log_info "✓ SSH service enabled"
else
log_warn "Could not enable SSH via API: $enable_result"
fi
}
main() {
echo "========================================="
echo "Enable SSH via Proxmox API"
echo "========================================="
echo ""
log_warn "Note: SSH configuration changes typically require shell access"
log_warn "This script will attempt to enable SSH service, but root login"
log_warn "configuration may need to be done via Web UI or console"
echo ""
# Check current status
check_ssh_service
echo ""
# Try to enable
enable_ssh_service
echo ""
log_info "Summary:"
log_warn "SSH service management via API is limited"
log_info "Recommended: Enable SSH via Proxmox Web UI:"
log_info " 1. Node → System → Services → ssh → Start & Enable"
log_info " 2. Node → System → Shell → Enable root login"
log_info ""
log_info "Or use console/physical access to run:"
log_info " systemctl enable ssh && systemctl start ssh"
log_info " sed -i 's/#PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config"
log_info " systemctl restart sshd"
}
main "$@"

188
scripts/utils/prerequisites-check.sh Executable file
View File

@@ -0,0 +1,188 @@
#!/bin/bash
source ~/.bashrc
# Prerequisites Check Script
# Validates system requirements before deployment
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
CHECK_TYPE="${1:-all}"
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
check_pass() {
echo -e "${GREEN}${NC} $1"
}
check_fail() {
echo -e "${RED}${NC} $1"
return 1
}
check_proxmox() {
log_info "Checking Proxmox VE installation..."
if command -v pvecm &> /dev/null && command -v pvesm &> /dev/null; then
check_pass "Proxmox VE tools installed"
pveversion | head -1
else
check_fail "Proxmox VE tools not found"
return 1
fi
}
check_network() {
log_info "Checking network configuration..."
if ip link show vmbr0 &>/dev/null; then
check_pass "Bridge vmbr0 exists"
ip addr show vmbr0 | grep "inet " || check_warn "vmbr0 has no IP address"
else
check_warn "Bridge vmbr0 not found (may need network configuration)"
fi
}
check_azure_cli() {
log_info "Checking Azure CLI installation..."
if command -v az &> /dev/null; then
check_pass "Azure CLI installed"
az version | head -1
# Check if logged in
if az account show &>/dev/null; then
check_pass "Azure CLI authenticated"
az account show --query "{subscriptionId:id, tenantId:tenantId}" -o table
else
check_warn "Azure CLI not authenticated (run 'az login')"
fi
else
check_warn "Azure CLI not installed (required for Azure Arc onboarding)"
fi
}
check_kubectl() {
log_info "Checking kubectl installation..."
if command -v kubectl &> /dev/null; then
check_pass "kubectl installed"
kubectl version --client --short
else
check_warn "kubectl not installed (required for Kubernetes management)"
fi
}
check_helm() {
log_info "Checking Helm installation..."
if command -v helm &> /dev/null; then
check_pass "Helm installed"
helm version --short
else
check_warn "Helm not installed (required for GitOps deployments)"
fi
}
check_docker() {
log_info "Checking Docker installation..."
if command -v docker &> /dev/null; then
check_pass "Docker installed"
docker --version
if docker ps &>/dev/null; then
check_pass "Docker daemon running"
else
check_warn "Docker daemon not running"
fi
else
check_warn "Docker not installed (required for Git/GitLab deployment)"
fi
}
check_terraform() {
log_info "Checking Terraform installation..."
if command -v terraform &> /dev/null; then
check_pass "Terraform installed"
terraform version | head -1
else
check_warn "Terraform not installed (optional, for IaC)"
fi
}
check_system_resources() {
log_info "Checking system resources..."
# Check memory
TOTAL_MEM=$(free -g | awk '/^Mem:/{print $2}')
if [ "$TOTAL_MEM" -ge 8 ]; then
check_pass "Memory: ${TOTAL_MEM}GB (minimum 8GB recommended)"
else
check_warn "Memory: ${TOTAL_MEM}GB (8GB+ recommended)"
fi
# Check disk space
DISK_SPACE=$(df -h / | awk 'NR==2 {print $4}')
check_info "Available disk space: $DISK_SPACE"
}
check_info() {
echo -e "${GREEN}${NC} $1"
}
main() {
log_info "Running prerequisites check: $CHECK_TYPE"
case "$CHECK_TYPE" in
proxmox)
check_proxmox
check_network
;;
azure)
check_azure_cli
;;
kubernetes)
check_kubectl
check_helm
;;
git)
check_docker
;;
all)
check_proxmox
check_network
check_azure_cli
check_kubectl
check_helm
check_docker
check_terraform
check_system_resources
;;
*)
log_error "Unknown check type: $CHECK_TYPE"
log_info "Available types: proxmox, azure, kubernetes, git, all"
exit 1
;;
esac
log_info "Prerequisites check completed"
}
main "$@"

1
scripts/utils/requirements.txt Normal file
View File

@@ -0,0 +1 @@
inotify-tools

96
scripts/utils/setup-ssh-keys.sh Executable file
View File

@@ -0,0 +1,96 @@
#!/bin/bash
source ~/.bashrc
# Setup SSH Keys for Proxmox Access
# Generates SSH key and provides instructions for adding to Proxmox hosts
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
SSH_KEY_NAME="id_ed25519_proxmox"
SSH_KEY_PATH="$HOME/.ssh/$SSH_KEY_NAME"
PUBLIC_KEY_PATH="$SSH_KEY_PATH.pub"
generate_key() {
if [ -f "$SSH_KEY_PATH" ]; then
log_info "SSH key already exists: $SSH_KEY_PATH"
return 0
fi
log_info "Generating SSH key..."
ssh-keygen -t ed25519 -f "$SSH_KEY_PATH" -N "" -C "proxmox-access"
log_info "✓ SSH key generated: $SSH_KEY_PATH"
}
display_public_key() {
if [ -f "$PUBLIC_KEY_PATH" ]; then
log_info "Your public SSH key:"
echo ""
cat "$PUBLIC_KEY_PATH"
echo ""
log_info "Copy this key and add it to Proxmox hosts"
else
log_error "Public key not found: $PUBLIC_KEY_PATH"
return 1
fi
}
show_instructions() {
log_info "To add SSH key to Proxmox hosts:"
echo ""
echo "Option 1: Via Proxmox Web UI Shell"
echo " 1. Access Proxmox Web UI"
echo " 2. Node → System → Shell"
echo " 3. Run:"
echo " mkdir -p ~/.ssh"
echo " chmod 700 ~/.ssh"
echo " echo '$(cat $PUBLIC_KEY_PATH)' >> ~/.ssh/authorized_keys"
echo " chmod 600 ~/.ssh/authorized_keys"
echo ""
echo "Option 2: Copy public key to clipboard"
echo " Run: cat $PUBLIC_KEY_PATH | xclip -selection clipboard"
echo " Then paste into Proxmox shell"
echo ""
echo "Option 3: Use ssh-copy-id (if password auth works)"
echo " ssh-copy-id -i $PUBLIC_KEY_PATH root@192.168.1.206"
echo " ssh-copy-id -i $PUBLIC_KEY_PATH root@192.168.1.49"
}
main() {
echo "========================================="
echo "SSH Key Setup for Proxmox Access"
echo "========================================="
echo ""
generate_key
echo ""
display_public_key
echo ""
show_instructions
echo ""
log_info "After adding the key to Proxmox hosts, test with:"
log_info " ssh -i $SSH_KEY_PATH root@192.168.1.206 'hostname'"
}
main "$@"

235
scripts/utils/test-cloudflare-connection.sh Executable file
View File

@@ -0,0 +1,235 @@
#!/bin/bash
source ~/.bashrc
# Test Cloudflare API Connection Script
# Tests connectivity and authentication to Cloudflare using .env credentials
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
# Load environment variables from .env if it exists
if [ -f .env ]; then
set -a
source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
set +a
fi
# Cloudflare configuration (support multiple variable names)
CLOUDFLARE_API_TOKEN="${CLOUDFLARE_API_TOKEN:-${CLOUDFLARE_API_KEY:-}}"
CLOUDFLARE_TUNNEL_TOKEN="${CLOUDFLARE_TUNNEL_TOKEN:-}"
CLOUDFLARE_ACCOUNT_EMAIL="${CLOUDFLARE_ACCOUNT_EMAIL:-}"
CLOUDFLARE_ACCOUNT_ID="${CLOUDFLARE_ACCOUNT_ID:-}"
CLOUDFLARE_ZONE_ID="${CLOUDFLARE_ZONE_ID:-}"
CLOUDFLARE_DOMAIN="${CLOUDFLARE_DOMAIN:-}"
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_test() {
echo -e "${BLUE}[TEST]${NC} $1"
}
test_cloudflare_api() {
log_test "Testing Cloudflare API connection..."
if [ -z "$CLOUDFLARE_API_TOKEN" ]; then
log_error "CLOUDFLARE_API_TOKEN not set (check .env file)"
return 1
fi
# Test API token authentication
log_test " Testing API token authentication..."
local api_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$api_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} API token authentication successful"
# Extract account information
local account_id=$(echo "$api_response" | grep -o '"id":"[^"]*' | head -1 | cut -d'"' -f4)
local account_email=$(echo "$api_response" | grep -o '"email":"[^"]*' | cut -d'"' -f4)
local status=$(echo "$api_response" | grep -o '"status":"[^"]*' | cut -d'"' -f4)
echo " Account ID: $account_id"
echo " Account Email: $account_email"
echo " Status: $status"
# Test account information retrieval
log_test " Testing account information retrieval..."
local account_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$account_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} Account information retrieved"
local account_count=$(echo "$account_response" | grep -o '"id":"[^"]*' | wc -l)
echo " Accounts found: $account_count"
else
echo -e " ${YELLOW}${NC} Could not retrieve account information"
fi
# Test Zero Trust API (if available)
log_test " Testing Zero Trust API access..."
local zero_trust_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/$account_id/gateway/locations" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$zero_trust_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} Zero Trust API accessible"
elif echo "$zero_trust_response" | grep -q '"errors"'; then
local error_code=$(echo "$zero_trust_response" | grep -o '"code":[0-9]*' | head -1 | cut -d':' -f2)
if [ "$error_code" = "10004" ]; then
echo -e " ${YELLOW}${NC} Zero Trust not enabled (error 10004)"
log_info " Enable Zero Trust in Cloudflare Dashboard to use Tunnel features"
else
echo -e " ${YELLOW}${NC} Zero Trust API error (code: $error_code)"
fi
else
echo -e " ${YELLOW}${NC} Zero Trust API test inconclusive"
fi
# Test Tunnel API (if Zero Trust enabled)
if [ -n "$CLOUDFLARE_ACCOUNT_ID" ]; then
local account_id_for_tunnel="$CLOUDFLARE_ACCOUNT_ID"
else
local account_id_for_tunnel="$account_id"
fi
log_test " Testing Tunnel API access..."
local tunnel_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/$account_id_for_tunnel/cfd_tunnel" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$tunnel_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} Tunnel API accessible"
local tunnel_count=$(echo "$tunnel_response" | grep -o '"id":"[^"]*' | wc -l)
echo " Existing tunnels: $tunnel_count"
elif echo "$tunnel_response" | grep -q '"errors"'; then
local error_code=$(echo "$tunnel_response" | grep -o '"code":[0-9]*' | head -1 | cut -d':' -f2)
if [ "$error_code" = "10004" ]; then
echo -e " ${YELLOW}${NC} Zero Trust required for Tunnel API"
else
echo -e " ${YELLOW}${NC} Tunnel API error (code: $error_code)"
fi
else
echo -e " ${YELLOW}${NC} Tunnel API test inconclusive"
fi
# Test DNS API (if zone ID provided)
if [ -n "$CLOUDFLARE_ZONE_ID" ]; then
log_test " Testing DNS API with Zone ID..."
local dns_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$dns_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} Zone access successful"
local zone_name=$(echo "$dns_response" | grep -o '"name":"[^"]*' | cut -d'"' -f4)
local zone_status=$(echo "$dns_response" | grep -o '"status":"[^"]*' | cut -d'"' -f4)
echo " Zone: $zone_name"
echo " Status: $zone_status"
else
echo -e " ${RED}${NC} Zone access failed"
echo " Response: $dns_response"
fi
else
log_warn " CLOUDFLARE_ZONE_ID not set, skipping DNS zone test"
fi
return 0
else
echo -e " ${RED}${NC} API token authentication failed"
if echo "$api_response" | grep -q '"errors"'; then
local error_msg=$(echo "$api_response" | grep -o '"message":"[^"]*' | head -1 | cut -d'"' -f4)
echo " Error: $error_msg"
else
echo " Response: $api_response"
fi
return 1
fi
}
main() {
echo "========================================="
echo "Cloudflare API Connection Test"
echo "========================================="
echo ""
# Check if .env file exists
if [ ! -f .env ]; then
log_warn ".env file not found. Using environment variables or defaults."
log_warn "Create .env from .env.example and configure credentials."
echo ""
fi
# Validate required variables
if [ -z "$CLOUDFLARE_API_TOKEN" ] && [ -z "$CLOUDFLARE_API_KEY" ]; then
log_error "CLOUDFLARE_API_TOKEN or CLOUDFLARE_API_KEY not set"
log_info "Set it in .env file or as environment variable:"
log_info " export CLOUDFLARE_API_TOKEN=your-api-token"
log_info " or export CLOUDFLARE_API_KEY=your-api-key"
log_info "Get token from: https://dash.cloudflare.com/profile/api-tokens"
exit 1
fi
echo "Configuration:"
if [ -n "$CLOUDFLARE_API_TOKEN" ]; then
echo " API Token: ${CLOUDFLARE_API_TOKEN:0:10}*** (hidden)"
elif [ -n "$CLOUDFLARE_API_KEY" ]; then
echo " API Key: ${CLOUDFLARE_API_KEY:0:10}*** (hidden)"
fi
if [ -n "$CLOUDFLARE_TUNNEL_TOKEN" ]; then
echo " Tunnel Token: ${CLOUDFLARE_TUNNEL_TOKEN:0:10}*** (hidden)"
fi
if [ -n "$CLOUDFLARE_ACCOUNT_ID" ]; then
echo " Account ID: $CLOUDFLARE_ACCOUNT_ID"
fi
if [ -n "$CLOUDFLARE_ACCOUNT_EMAIL" ]; then
echo " Account Email: $CLOUDFLARE_ACCOUNT_EMAIL"
fi
if [ -n "$CLOUDFLARE_ZONE_ID" ]; then
echo " Zone ID: $CLOUDFLARE_ZONE_ID"
fi
if [ -n "$CLOUDFLARE_DOMAIN" ]; then
echo " Domain: $CLOUDFLARE_DOMAIN"
fi
echo ""
# Test connection
test_cloudflare_api
local result=$?
echo ""
echo "========================================="
echo "Test Summary"
echo "========================================="
if [ $result -eq 0 ]; then
echo -e "${GREEN}${NC} Cloudflare API: Connection successful"
log_info "Cloudflare API is ready for use!"
exit 0
else
echo -e "${RED}${NC} Cloudflare API: Connection failed"
log_error "Check your API token and permissions."
exit 1
fi
}
main "$@"

244
scripts/utils/test-proxmox-connection.sh Executable file
View File

@@ -0,0 +1,244 @@
#!/bin/bash
source ~/.bashrc
# Test Proxmox VE Connection Script
# Tests connectivity and authentication to Proxmox hosts using .env credentials
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
# Load environment variables from .env if it exists
if [ -f .env ]; then
# Source .env file, handling comments and inline comments
set -a
source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
set +a
fi
# Proxmox configuration
PVE_USERNAME="${PVE_USERNAME:-root@pam}"
PVE_PASSWORD="${PVE_ROOT_PASS:-}"
PROXMOX_ML110_URL="${PROXMOX_ML110_URL:-}"
PROXMOX_R630_URL="${PROXMOX_R630_URL:-}"
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_test() {
echo -e "${BLUE}[TEST]${NC} $1"
}
test_connection() {
local host_name=$1
local host_url=$2
if [ -z "$host_url" ]; then
log_error "$host_name: URL not set (check .env file)"
return 1
fi
if [ -z "$PVE_PASSWORD" ]; then
log_error "$host_name: PVE_ROOT_PASS not set (check .env file)"
return 1
fi
log_test "Testing connection to $host_name..."
echo " URL: $host_url"
# Extract hostname/IP from URL
local host_ip=$(echo "$host_url" | sed -E 's|https?://([^:]+).*|\1|')
# Test basic connectivity (ping) - optional, as ping may be blocked
log_test " Testing network connectivity..."
if ping -c 1 -W 2 "$host_ip" &> /dev/null; then
echo -e " ${GREEN}${NC} Network reachable (ping)"
else
echo -e " ${YELLOW}${NC} Ping failed (may be blocked by firewall, continuing with API test...)"
fi
# Test HTTPS port connectivity
log_test " Testing HTTPS port (8006)..."
if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$host_ip/8006" 2>/dev/null; then
echo -e " ${GREEN}${NC} Port 8006 is open"
else
echo -e " ${YELLOW}${NC} Port test inconclusive (may require root), continuing with API test..."
fi
# Test Proxmox API authentication
log_test " Testing Proxmox API authentication..."
# Get CSRF token and ticket with timeout
local api_response=$(curl -s -k --connect-timeout 10 --max-time 15 \
-d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
"$host_url/api2/json/access/ticket" 2>&1)
if echo "$api_response" | grep -q '"data"'; then
local ticket=$(echo "$api_response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
local csrf_token=$(echo "$api_response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
if [ -n "$ticket" ] && [ -n "$csrf_token" ]; then
echo -e " ${GREEN}${NC} Authentication successful"
# Test API access with ticket
log_test " Testing API access..."
local version_response=$(curl -s -k -H "Cookie: PVEAuthCookie=$ticket" \
-H "CSRFPreventionToken: $csrf_token" \
"$host_url/api2/json/version" 2>&1)
if echo "$version_response" | grep -q '"data"'; then
local pve_version=$(echo "$version_response" | grep -o '"version":"[^"]*' | cut -d'"' -f4)
local release=$(echo "$version_response" | grep -o '"release":"[^"]*' | cut -d'"' -f4)
echo -e " ${GREEN}${NC} API access successful"
echo " Proxmox Version: $pve_version"
echo " Release: $release"
# Get cluster status if available
log_test " Testing cluster status..."
local cluster_response=$(curl -s -k -H "Cookie: PVEAuthCookie=$ticket" \
-H "CSRFPreventionToken: $csrf_token" \
"$host_url/api2/json/cluster/status" 2>&1)
if echo "$cluster_response" | grep -q '"data"'; then
echo -e " ${GREEN}${NC} Cluster API accessible"
local node_count=$(echo "$cluster_response" | grep -o '"name":"[^"]*' | wc -l)
echo " Cluster nodes found: $node_count"
else
echo -e " ${YELLOW}${NC} Not in a cluster (standalone node)"
fi
return 0
else
echo -e " ${RED}${NC} API access failed"
echo " Response: $version_response"
return 1
fi
else
echo -e " ${RED}${NC} Failed to extract authentication tokens"
return 1
fi
else
echo -e " ${RED}${NC} Authentication failed"
if echo "$api_response" | grep -q "401"; then
echo " Error: Invalid credentials (check PVE_ROOT_PASS in .env)"
elif echo "$api_response" | grep -q "Connection refused"; then
echo " Error: Connection refused (check if Proxmox is running)"
elif echo "$api_response" | grep -q "Connection timed out\|timed out\|Operation timed out"; then
echo " Error: Connection timed out"
echo " Possible causes:"
echo " - Host is behind a firewall or VPN"
echo " - Host is not accessible from this network"
echo " - Host may be down or unreachable"
echo " Try accessing the web UI directly: $host_url"
elif [ -z "$api_response" ]; then
echo " Error: No response from server (connection timeout or network issue)"
echo " Try accessing the web UI directly: $host_url"
else
echo " Response: $api_response"
fi
return 1
fi
}
main() {
echo "========================================="
echo "Proxmox VE Connection Test"
echo "========================================="
echo ""
log_info "Note: Proxmox uses self-signed SSL certificates by default."
log_info "Browser warnings are normal. The script uses -k flag to bypass certificate validation."
echo ""
# Check if .env file exists
if [ ! -f .env ]; then
log_warn ".env file not found. Using environment variables or defaults."
log_warn "Create .env from .env.example and configure credentials."
echo ""
fi
# Validate required variables
if [ -z "$PVE_PASSWORD" ]; then
log_error "PVE_ROOT_PASS not set"
log_info "Set it in .env file or as environment variable:"
log_info " export PVE_ROOT_PASS=your-password"
exit 1
fi
echo "Configuration:"
echo " Username: $PVE_USERNAME (implied, not stored)"
echo " Password: ${PVE_PASSWORD:0:3}*** (hidden)"
echo ""
local ml110_result=0
local r630_result=0
# Test ML110
if [ -n "$PROXMOX_ML110_URL" ]; then
echo "----------------------------------------"
test_connection "HPE ML110 Gen9" "$PROXMOX_ML110_URL"
ml110_result=$?
echo ""
else
log_warn "PROXMOX_ML110_URL not set, skipping ML110 test"
ml110_result=1
fi
# Test R630 (continue even if ML110 failed)
if [ -n "$PROXMOX_R630_URL" ]; then
echo "----------------------------------------"
test_connection "Dell R630" "$PROXMOX_R630_URL"
r630_result=$?
echo ""
else
log_warn "PROXMOX_R630_URL not set, skipping R630 test"
r630_result=1
fi
# Summary
echo "========================================="
echo "Test Summary"
echo "========================================="
if [ -n "$PROXMOX_ML110_URL" ]; then
if [ $ml110_result -eq 0 ]; then
echo -e "${GREEN}${NC} HPE ML110 Gen9: Connection successful"
else
echo -e "${RED}${NC} HPE ML110 Gen9: Connection failed"
fi
fi
if [ -n "$PROXMOX_R630_URL" ]; then
if [ $r630_result -eq 0 ]; then
echo -e "${GREEN}${NC} Dell R630: Connection successful"
else
echo -e "${RED}${NC} Dell R630: Connection failed"
fi
fi
echo ""
if [ $ml110_result -eq 0 ] && [ $r630_result -eq 0 ]; then
log_info "All connections successful!"
exit 0
else
log_error "Some connections failed. Check your .env configuration."
exit 1
fi
}
main "$@"

210
scripts/utils/test-ssh-access.sh Executable file
View File

@@ -0,0 +1,210 @@
#!/bin/bash
source ~/.bashrc
# Test SSH Access to Proxmox Servers
# Tests SSH connectivity to both ML110 and R630
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Load environment variables
if [ -f "$PROJECT_ROOT/.env" ]; then
set -a
source <(grep -v '^#' "$PROJECT_ROOT/.env" | grep -v '^$' | sed 's/#.*$//' | grep '=')
set +a
fi
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_test() {
echo -e "${BLUE}[TEST]${NC} $1"
}
ML110_IP="${PROXMOX_ML110_IP:-192.168.1.206}"
R630_IP="${PROXMOX_R630_IP:-192.168.1.49}"
test_ssh() {
local host=$1
local name=$2
log_test "Testing SSH to $name ($host)..."
# Test network connectivity first
if ping -c 1 -W 2 "$host" &>/dev/null; then
echo -e " ${GREEN}${NC} Network reachable (ping)"
else
echo -e " ${YELLOW}${NC} Ping failed (may be blocked by firewall)"
fi
# Test SSH port
if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$host/22" 2>/dev/null; then
echo -e " ${GREEN}${NC} SSH port 22 is open"
else
echo -e " ${RED}${NC} SSH port 22 is closed or filtered"
return 1
fi
# Test SSH connection
log_test " Attempting SSH connection..."
if ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 -o BatchMode=yes "root@$host" "echo 'SSH connection successful'" 2>&1 | grep -q "SSH connection successful"; then
echo -e " ${GREEN}${NC} SSH connection successful"
# Test command execution
log_test " Testing command execution..."
local hostname=$(ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 "root@$host" "hostname" 2>/dev/null)
if [ -n "$hostname" ]; then
echo -e " ${GREEN}${NC} Command execution works"
echo -e " ${GREEN}${NC} Hostname: $hostname"
# Get system info
local uptime=$(ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 "root@$host" "uptime -p" 2>/dev/null || echo "unknown")
local os=$(ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 "root@$host" "cat /etc/os-release | grep PRETTY_NAME | cut -d'=' -f2 | tr -d '\"'" 2>/dev/null || echo "unknown")
echo -e " ${GREEN}${NC} Uptime: $uptime"
echo -e " ${GREEN}${NC} OS: $os"
return 0
else
echo -e " ${YELLOW}${NC} SSH works but command execution failed"
return 1
fi
else
echo -e " ${RED}${NC} SSH connection failed"
echo -e " ${YELLOW}Possible reasons:${NC}"
echo -e " - SSH service not running"
echo -e " - Root login disabled"
echo -e " - Authentication failed (need SSH key or password)"
echo -e " - Firewall blocking connection"
return 1
fi
}
test_ssh_with_password() {
local host=$1
local name=$2
local password=$3
log_test "Testing SSH with password authentication to $name ($host)..."
# Check if sshpass is available
if ! command -v sshpass &> /dev/null; then
log_warn "sshpass not installed - cannot test password authentication"
log_info "Install with: sudo apt install sshpass"
return 1
fi
if sshpass -p "$password" ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 "root@$host" "echo 'SSH with password successful'" 2>&1 | grep -q "SSH with password successful"; then
echo -e " ${GREEN}${NC} SSH with password authentication works"
return 0
else
echo -e " ${RED}${NC} SSH with password authentication failed"
return 1
fi
}
main() {
echo "========================================="
echo "SSH Access Test - Proxmox Servers"
echo "========================================="
echo ""
local ml110_ok=false
local r630_ok=false
# Test ML110
log_info "Testing ML110 (HPE ML110 Gen9)..."
if test_ssh "$ML110_IP" "ML110"; then
ml110_ok=true
log_info "✓ ML110 SSH access: WORKING"
else
log_error "✗ ML110 SSH access: FAILED"
# Try with password if available
if [ -n "${PVE_ROOT_PASS:-}" ]; then
log_info "Attempting password authentication..."
if test_ssh_with_password "$ML110_IP" "ML110" "$PVE_ROOT_PASS"; then
ml110_ok=true
log_info "✓ ML110 SSH with password: WORKING"
fi
fi
fi
echo ""
echo "----------------------------------------"
echo ""
# Test R630
log_info "Testing R630 (Dell R630)..."
if test_ssh "$R630_IP" "R630"; then
r630_ok=true
log_info "✓ R630 SSH access: WORKING"
else
log_error "✗ R630 SSH access: FAILED"
# Try with password if available
if [ -n "${PVE_ROOT_PASS:-}" ]; then
log_info "Attempting password authentication..."
if test_ssh_with_password "$R630_IP" "R630" "$PVE_ROOT_PASS"; then
r630_ok=true
log_info "✓ R630 SSH with password: WORKING"
fi
fi
fi
echo ""
echo "========================================="
echo "Summary"
echo "========================================="
echo ""
if [ "$ml110_ok" = true ]; then
log_info "ML110 ($ML110_IP): ✓ SSH ACCESSIBLE"
else
log_error "ML110 ($ML110_IP): ✗ SSH NOT ACCESSIBLE"
log_warn " - Enable SSH: systemctl enable ssh && systemctl start ssh"
log_warn " - Allow root login: Edit /etc/ssh/sshd_config (PermitRootLogin yes)"
log_warn " - Check firewall: iptables -L"
fi
if [ "$r630_ok" = true ]; then
log_info "R630 ($R630_IP): ✓ SSH ACCESSIBLE"
else
log_error "R630 ($R630_IP): ✗ SSH NOT ACCESSIBLE"
log_warn " - Enable SSH: systemctl enable ssh && systemctl start ssh"
log_warn " - Allow root login: Edit /etc/ssh/sshd_config (PermitRootLogin yes)"
log_warn " - Check firewall: iptables -L"
fi
echo ""
if [ "$ml110_ok" = true ] && [ "$r630_ok" = true ]; then
log_info "✓ Both servers have SSH access - ready for template recreation!"
return 0
elif [ "$ml110_ok" = true ]; then
log_warn "Only ML110 has SSH access - can proceed with template recreation"
return 0
else
log_error "No SSH access available - need to enable SSH first"
return 1
fi
}
main "$@"