PCI device using raw_id throws error

[Cirx08]

Error: error updating VM: 500 only root can set 'hostpci0' config for non-mapped devices

pci {
id = 0
raw_id = "0000:01:00.0"
primary_gpu = false
rombar = true
}

I have tried multiple Ids and using the pcis block throws the same error. Using mapping_id works but raw_id does not.

[Tinyblargon]

@Cirx08 only user root@pam may set the raw_id field.

[Tinyblargon]

I should update this in the documentation.

[Cirx08]

Does this include root API tokens? I am using root@pam!terraform

[maksimsamt]

Does this include root API tokens? I am using root@pam!terraform

What is your token root@pam!terraform - Privilege Separation - Yes or No (true/false)?
It should be No (false) to get working in your case.

[Cirx08]

It is currently "No".

[maksimsamt]

Can you set via Proxmox GUI raw_id field via root@pam user?

[Cirx08]

Yes, my workaround for rc-4 was to set up VMs without PCI and manually attach via the web gui.

[maksimsamt]

So, seems you cannot do it with root token:
#764 (comment)

[jlengelbrecht]

Is it still the case that only root password auth can set raw PCI devices? I have a unique use case where i am using terrform to spin up talos linux VM's. I manage proxmox from a repo using a self hosted action runner. I would ideally like to avoid using root creds in the repo for obvious reasons. The plan was to then integrate corssplane into my setup at somepoint so it can add nodes to the cluster using terraform if needed, but again if this capability relies on allowing root user auth I think I am going to pass on this for now. Unless someone knows of a way to do this without root level authentication?

[Tinyblargon]

@jlengelbrecht the only alternative would be to use mapped pci devices. RC6 has support for them. You would have to create the mappings on each node first as root before you can reference them in Terraform.

[jlengelbrecht]

@jlengelbrecht the only alternative would be to use mapped pci devices. RC6 has support for them. You would have to create the mappings on each node first as root before you can reference them in Terraform.

Thank you i will take a look at doing this. I have never created a mapping like this so ill poke around for some documentation on how to do this. Hopefully this gets me unstuck. Thank you

[jlengelbrecht]

got this working. In case anyone else is looking for a way to do GPU passthrough per VM. Here is a code snippet for a dynamic block I created that I used in my main.tf

# Dynamically add PCI passthrough for GPU workers
  dynamic "pcis" {
    for_each = each.key == "gpu-worker1" ? [1] : []
    content {
      pci0 {
        mapping {
          mapping_id    = "gpu-group-name"
          pcie          = false
          primary_gpu   = false
          rombar        = false
          device_id     = "1b02"  # Device ID for the GPU
          vendor_id     = "10de"  # Vendor ID for NVIDIA
          sub_device_id = "123e"  # Sub-device ID for the GPU
          sub_vendor_id = "10de"  # Sub-vendor ID for NVIDIA
        }
      }
    }
  }
}