Unable to create LXC: 403 Forbidden

[nitwhiz]

I'm unable to create a new LXC with v3.0.1-rc3. I get a 403 response, even though I'm using a role with every single permission (essentially Administrator - I tried it with the Administrator role, too), with username & password authentication. No OTP.

Output:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.lx-container.proxmox_lxc.lx_containers["test-lxc"] will be created
  + resource "proxmox_lxc" "lx_containers" {
      + arch         = "amd64"
      + cmode        = "tty"
      + console      = true
      + cores        = 4
      + cpulimit     = 0
      + cpuunits     = 512
      + hostname     = "test-lxc"
      + id           = (known after apply)
      + memory       = 8192
      + onboot       = true
      + ostemplate   = "local:vztmpl/docker-debian-bookworm.tar.gz"
      + ostype       = "debian"
      + password     = (sensitive value)
      + protection   = false
      + start        = true
      + swap         = 0
      + tags         = (known after apply)
      + target_node  = "my-pve"
      + tty          = 2
      + unprivileged = true
      + unused       = (known after apply)
      + vmid         = (known after apply)

      + features {
          + fuse    = false
          + keyctl  = true
          + mknod   = false
          + nesting = true
            # (1 unchanged attribute hidden)
        }

      + network {
          + bridge   = "vmbr0"
          + firewall = false
          + gw       = "10.50.10.1"
          + hwaddr   = (known after apply)
          + id       = (known after apply)
          + ip       = "10.50.10.23/24"
          + name     = "eth0"
          + rate     = 0
          + tag      = (known after apply)
          + trunks   = (known after apply)
          + type     = (known after apply)
        }

      + rootfs {
          + size    = "32G"
          + storage = "local"
          + volume  = (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.lx-container.proxmox_lxc.lx_containers["test-lxc"]: Creating...
╷
│ Error: error creating LXC container: 403 Forbidden, error status: {"data":null} (params: {"arch":"amd64","cmode":"tty","console":true,"cores":4,"cpulimit":0,"cpuunits":512,"features":"nesting=1,keyctl=1","hostname":"test-lxc","memory":8192,"net0":"name=eth0,bridge=vmbr0,ip=10.50.10.23/24,gw=10.50.10.1","onboot":true,"ostemplate":"local:vztmpl/docker-debian-bookworm.tar.gz","ostype":"debian","password":"admin","pool":"","protection":false,"rootfs":"local:32","start":true,"storage":"local","swap":0,"tags":"","tty":2,"unprivileged":true,"vmid":110})
│ 
│   with module.lx-container.proxmox_lxc.lx_containers["test-lxc"],
│   on modules/lx-container/main.tf line 33, in resource "proxmox_lxc" "lx_containers":
│   33: resource "proxmox_lxc" "lx_containers" {
│ 
╵

TF Code:

resource "proxmox_lxc" "lx_containers" {
  for_each = var.lx_containers

  target_node = "my-pve"

  hostname = format("%s-lxc", each.key)

  ostemplate = "local:vztmpl/docker-debian-bookworm.tar.gz"
  ostype     = "debian"
  arch       = "amd64"

  password     = "admin"
  unprivileged = true

  cores    = each.value.cores
  cpuunits = lookup(var.cpuunits_by_priority, each.value.priority, 100)
  memory   = each.value.memory
  swap     = 0

  start  = true
  onboot = coalesce(each.value.onboot, true)

  features {
    nesting = true
    keyctl  = true
    fuse = coalesce(each.value.enable_fuse, false)
  }

  rootfs {
    storage = "local"
    size    = each.value.disk_size
  }

  network {
    name     = "eth0"
    bridge   = "vmbr0"
    ip       = format("%s/%s", each.value.ip_addr, "24")
    gw       = "10.50.10.1"
    firewall = false
    rate     = coalesce(each.value.net_rate, 0)
  }

  lifecycle {
    ignore_changes = [
      ostemplate,
    ]
  }
}

with

lx_containers = {
  "test" = {
    cores     = 4
    priority  = "medium"
    memory    = 8192
    disk_size = "32G"
    ip_addr   = "10.50.10.23"
  }
}

[nitwhiz]

On that note, I'm not really a terraform expert, but can I roll back to v2 without any issues?

[im6h]

It's not definite, but you might consider using the root username and password instead of an API token.
https://registry.terraform.io/providers/Telmate/proxmox/latest/docs#creating-the-connection-via-username-and-password

[nitwhiz]

@im6h I tried that in my desperation, and it did not work for me.

[im6h]

I guess you need to comment and try each block code features, network, lifecycle to detail problem. In my case, I encounted this issue with mountpoint block because it is not permitted by apis of the proxmox.

[github-actions]

This issue is stale because it has been open for 60 days with no activity. Please update the provider to the latest version and, in the issue persist, provide full configuration and debug logs

[github-actions]

This issue was closed because it has been inactive for 5 days since being marked as stale.