Proxmox VE Management
First-Time Setup
Create a credential file at ~/.proxmox-credentials:
CODEBLOCK0
Alternative: Set PROXMOX_HOST, PROXMOX_TOKEN_ID, and PROXMOX_TOKEN_SECRET as environment variables directly (useful for CI/agent contexts). The helper script checks env vars first, then falls back to sourcing ~/.proxmox-credentials.
Create API token in Proxmox: Datacenter → Permissions → API Tokens → Add. Use least-privilege: only grant the permissions your workflow requires (e.g., PVEAuditor for read-only monitoring, PVEVMAdmin for VM control). Disable Privilege Separation only if your workflow requires full API access.
Auth Header
CODEBLOCK1
Helper Script
INLINECODE7� auto-discovers nodes from VMID — no need to specify the node for most operations.
CODEBLOCK2
Workflow
- 1. Load credentials from �INLINECODE8
- Determine operation type:
-
Read-only (status, list, storage, tasks) → Execute directly
-
Reversible (start, stop, reboot, snapshot) → Execute, note UPID for tracking
-
Destructive (delete VM, resize disk, rollback snapshot) → Confirm with user first
- 3. Query Proxmox API via curl + API token auth
- Parse JSON with jq
- Track async tasks — create/clone/backup operations return UPID
Common Operations
Cluster & Nodes
CODEBLOCK3
List VMs & Containers
CODEBLOCK4
VM/Container Control
CODEBLOCK5
Snapshots
⚠️ vmstate parameter: Do NOT include vmstate=1 unless you specifically need to preserve running process state.
- -
vmstate=1 freezes the VM and causes heavy I/O — can starve other guests on the same node - For pre-change backups, omit vmstate (defaults to disk-only, no I/O spike)
CODEBLOCK6
Disk Resize
CODEBLOCK7
Post-resize inside VM:
- 1. Fix GPT:
parted /dev/sda print → Fix - Resize partition: �INLINECODE12
- If LVM: �INLINECODE13
- Resize filesystem:
resize2fs /dev/mapper/vg-root (ext4) or xfs_growfs / (xfs)
Guest Agent (IP Discovery)
CODEBLOCK8
Always query guest agent for current IP — don't hardcode IPs.
Storage & Backups
CODEBLOCK9
Tasks
CODEBLOCK10
Provisioning
For create VM, create LXC, clone, convert to template, and delete operations:
→ See references/provisioning.md
Security Notes
- - Credential file (
~/.proxmox-credentials) is user-created, not auto-generated by this skill. Must be mode 600 (chmod 600 ~/.proxmox-credentials). Rotate tokens immediately if exposed - TLS verification disabled (
-k / --insecure) — Proxmox VE uses self-signed certificates by default (Proxmox docs). If you deploy a trusted CA cert on your Proxmox node, remove the -k flag from curl commands and pve.sh - Least-privilege tokens — create tokens with only the roles your workflow needs.
PVEAuditor for monitoring, PVEVMAdmin for VM ops. Full-access tokens are not required for most operations - Network scope — all API calls target
PROXMOX_HOST only. No external endpoints. Verify by reviewing scripts/pve.sh (small, readable). In agent contexts, restrict network access to your Proxmox hosts only - API tokens don't need CSRF tokens for POST/PUT/DELETE
- Power and delete operations are destructive — confirm with user first
- Never expose credentials in responses
Notes
- - Replace
{node}, {vmid}, {storage}, {snapname} with actual values - Task operations return UPID for tracking async jobs
- Use
qemu for VMs, lxc for containers in endpoint paths
技能名称: proxmox-ops
详细描述:
Proxmox VE 管理
首次设置
在 ~/.proxmox-credentials 创建凭证文件:
bash
cat > ~/.proxmox-credentials <
PROXMOX_HOST=https://<你的-proxmox-ip>:8006
PROXMOXTOKENID=user@pam!tokenname
PROXMOXTOKENSECRET=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
EOF
chmod 600 ~/.proxmox-credentials
替代方案: 直接将 PROXMOXHOST、PROXMOXTOKENID 和 PROXMOXTOKEN_SECRET 设置为环境变量(适用于 CI/代理环境)。辅助脚本会优先检查环境变量,然后回退到加载 ~/.proxmox-credentials。
在 Proxmox 中创建 API 令牌:数据中心 → 权限 → API 令牌 → 添加。使用最小权限原则:仅授予工作流所需的权限(例如,只读监控使用 PVEAuditor,VM 控制使用 PVEVMAdmin)。仅在工作流需要完全 API 访问时才禁用权限分离。
认证头
bash
source ~/.proxmox-credentials
AUTH=Authorization: PVEAPIToken=$PROXMOXTOKENID=$PROXMOXTOKENSECRET
辅助脚本
scripts/pve.sh 可从 VMID 自动发现节点 — 大多数操作无需指定节点。
bash
pve.sh status # 集群节点概览
pve.sh vms [node] # 列出所有虚拟机(可选按节点过滤)
pve.sh lxc # 列出节点上的 LXC 容器
pve.sh start # 启动 VM/LXC
pve.sh stop # 强制停止 VM/LXC
pve.sh shutdown # 优雅关闭 VM/LXC
pve.sh reboot # 重启 VM/LXC
pve.sh snap [name] # 创建快照(仅磁盘,安全)
pve.sh snapshots # 列出快照
pve.sh tasks # 显示最近任务
pve.sh storage # 显示存储状态
工作流
- 1. 加载凭证 从 ~/.proxmox-credentials
- 确定操作类型:
-
只读(状态、列表、存储、任务)→ 直接执行
-
可逆(启动、停止、重启、快照)→ 执行,记录 UPID 用于跟踪
-
破坏性(删除 VM、调整磁盘大小、回滚快照)→ 先与用户确认
- 3. 通过 curl + API 令牌认证查询 Proxmox API
- 使用 jq 解析 JSON
- 跟踪异步任务 — 创建/克隆/备份操作返回 UPID
常见操作
集群与节点
bash
集群状态
curl -ks -H $AUTH $PROXMOX_HOST/api2/json/cluster/status | jq
列出节点及 CPU/内存信息
curl -ks -H $AUTH $PROXMOX_HOST/api2/json/nodes | jq .data[] | {node, status, cpu, mem: (.mem/.maxmem*100|round)}
列出虚拟机与容器
bash
集群范围(所有 VM + LXC)
curl -ks -H $AUTH $PROXMOX_HOST/api2/json/cluster/resources?type=vm | jq .data[] | {node, vmid, name, type, status}
特定节点上的 VM
curl -ks -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu | jq .data[] | {vmid, name, status}
特定节点上的 LXC
curl -ks -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/lxc | jq .data[] | {vmid, name, status}
VM/容器控制
bash
启动 / 停止 / 关机 / 重启
curl -ks -X POST -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/status/start
curl -ks -X POST -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/status/stop
curl -ks -X POST -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/status/shutdown
curl -ks -X POST -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/status/reboot
对于 LXC:将 /qemu/ 替换为 /lxc/
快照
⚠️ vmstate 参数: 除非你特别需要保留运行中的进程状态,否则不要包含 vmstate=1。
- - vmstate=1 会冻结 VM 并导致大量 I/O — 可能影响同一节点上的其他客户机
- 对于变更前的备份,省略 vmstate(默认为仅磁盘,无 I/O 峰值)
bash
列出快照
curl -ks -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/snapshot | jq
创建快照(仅磁盘,安全)
curl -ks -X POST -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/snapshot \
-d snapname=snap1 -d description=更新前
回滚
curl -ks -X POST -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/snapshot/{snapname}/rollback
删除快照
curl -ks -X DELETE -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/snapshot/{snapname}
磁盘调整大小
bash
获取当前磁盘配置
curl -ks -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/config | jq
调整磁盘大小(使用绝对大小,而非相对大小 — +10G 会导致正则验证失败)
curl -ks -X PUT -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/resize \
-d disk=scsi0 -d size=20G | jq
VM 内部调整大小后:
- 1. 修复 GPT:parted /dev/sda print → Fix
- 调整分区大小:parted /dev/sda resizepart 3 100%
- 如果使用 LVM:pvresize /dev/sda3 && lvextend -l +100%FREE /dev/vg/root
- 调整文件系统大小:resize2fs /dev/mapper/vg-root(ext4)或 xfs_growfs /(xfs)
客户机代理(IP 发现)
bash
获取 VM 网络接口(需要 qemu-guest-agent)
curl -ks -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/qemu/{vmid}/agent/network-get-interfaces | \
jq -r .data.result[] | select(.name != lo) | .[ip-addresses][] | select(.[ip-address-type] == ipv4) | .[ip-address] | head -1
始终查询客户机代理获取当前 IP — 不要硬编码 IP。
存储与备份
bash
列出存储
curl -ks -H $AUTH $PROXMOX
HOST/api2/json/nodes/{node}/storage | jq .data[] | {storage, type, active, usedfraction: (.used/.total*100|round|tostring + %)}
列出备份
curl -ks -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/storage/{storage}/content?content=backup | jq
启动备份
curl -ks -X POST -H $AUTH $PROXMOX_HOST/api2/json/nodes/{node}/vzdump \
-d vmid={vmid} -d storage={storage} -d mode=snapshot
任务
bash
最近
