User Tools

Site Tools


en:informatique:projets:proxmox-group-mapper

Introduction

Proxmox-group-mapper is a little Python script that enables you to map a local group (or managed via LDAP, NIS, etc…) into a Proxmox group.

The idea came from the fact that on my deployed Proxmox servers I already manage user/groups via an LDAP tree so I did not want to have an additional user management layer. The goal of that script is to map users from a local group into a Proxmox one by creating/modifying Proxmox users via the API. That way users will be able to log using their local/ldap accounts into Proxmox having the predefined access rights.

This script uses the local Proxmox API (to avoid needing authentication) so you will have to run it locally on the Proxmox host.

Usage

Usage is pretty simple :

proxmox-group-mapper usage
usage: proxmox-group-mapper.py [-h] --local-group LOCAL_GROUP --pve-group
                               PVE_GROUP --pve-role PVE_ROLE --pve-path
                               PVE_PATH [--debug]
 
optional arguments:
  -h, --help            show this help message and exit
  --local-group LOCAL_GROUP
                        Local group name or id
  --pve-group PVE_GROUP
                        Proxmox group name
  --pve-role PVE_ROLE   Role granted to the group on path
  --pve-path PVE_PATH   Path to apply role for group
  --debug               Show debugging messages (default: False)

Example

Let's give you a good example to illustrate :-)

I have a local 'sysadmins' group containing 3 users. I want a 'PVE-Admins' Proxmox group containing that 3 users with Administrator rights on '/' :

Mapping 'sysadmins' to 'PVE-Admins'
proxmox-group-mapper --local-group sysadmins \
                     --pve-group PVE-Admins \
                     --pve-role Administrator \
                     --pve-path /  

If the 'PVE-Admins' group does not exists on Proxmox it will automatically be created with the users also.

If some users already exsists on Proxmox but are not from the desired group, they will be modified to be added to the selected Proxmox group.

Here is the result of the script execution :

getent group on test machine
root@debian-test:~# getent group
root:x:0:
daemon:x:1:
bin:x:2:
[...]
systemd-journal:x:102:
systemd-timesync:x:103:
systemd-network:x:104:
systemd-resolve:x:105:
systemd-bus-proxy:x:106:
crontab:x:107:
netdev:x:108:sysadmin
messagebus:x:109:
ssh:x:110:
sysadmins:x:1001:admin1,admin2,admin3

Download

Proxmox-group-mapper is distribued as a Debian package in order to ensure dependencies with 'Python' and 'pve-manager' (the Debian package providing the pvesh command).


Discussion

Enter your comment:
G​ N G H N
 
en/informatique/projets/proxmox-group-mapper.txt · Last modified: 2019/05/06 14:48 (external edit)