Resource: proxmox_virtual_environment_container¶
Manages a container.
Example Usage¶
resource "proxmox_virtual_environment_container" "ubuntu_container" {
description = "Managed by Terraform"
node_name = "first-node"
vm_id = 1234
# newer linux distributions require unprivileged user namespaces
unprivileged = true
features {
nesting = true
}
initialization {
hostname = "terraform-provider-proxmox-ubuntu-container"
ip_config {
ipv4 {
address = "dhcp"
}
}
user_account {
keys = [
trimspace(tls_private_key.ubuntu_container_key.public_key_openssh)
]
password = random_password.ubuntu_container_password.result
}
}
network_interface {
name = "veth0"
}
disk {
datastore_id = "local-lvm"
size = 4
}
operating_system {
template_file_id = proxmox_virtual_environment_download_file.ubuntu_2504_lxc_img.id
# Or you can use a volume ID, as obtained from a "pvesm list <storage>"
# template_file_id = "local:vztmpl/jammy-server-cloudimg-amd64.tar.gz"
type = "ubuntu"
}
mount_point {
# bind mount, *requires* root@pam authentication
volume = "/mnt/bindmounts/shared"
path = "/mnt/shared"
}
mount_point {
# volume mount, a new volume will be created by PVE
volume = "local-lvm"
size = "10G"
path = "/mnt/volume"
}
mount_point {
# volume mount, an existing volume will be mounted
volume = "local-lvm:subvol-108-disk-101"
size = "10G"
path = "/mnt/data"
}
# To reference a mount point volume from another resource, use path_in_datastore:
# mount_point {
# volume = other_container.mount_point[0].path_in_datastore
# size = "10G"
# path = "/mnt/shared"
# }
startup {
order = "3"
up_delay = "60"
down_delay = "60"
}
}
resource "proxmox_virtual_environment_download_file" "ubuntu_2504_lxc_img" {
content_type = "vztmpl"
datastore_id = "local"
node_name = "first-node"
url = "https://mirrors.servercentral.com/ubuntu-cloud-images/releases/25.04/release/ubuntu-25.04-server-cloudimg-amd64-root.tar.xz"
}
resource "random_password" "ubuntu_container_password" {
length = 16
override_special = "_%@"
special = true
}
resource "tls_private_key" "ubuntu_container_key" {
algorithm = "RSA"
rsa_bits = 2048
}
output "ubuntu_container_password" {
value = random_password.ubuntu_container_password.result
sensitive = true
}
output "ubuntu_container_private_key" {
value = tls_private_key.ubuntu_container_key.private_key_pem
sensitive = true
}
output "ubuntu_container_public_key" {
value = tls_private_key.ubuntu_container_key.public_key_openssh
}
Argument Reference¶
clone- (Optional) The cloning configuration.datastore_id- (Optional) The identifier for the target datastore.node_name- (Optional) The name of the source node (leave blank, if equal to thenode_nameargument).vm_id- (Required) The identifier for the source container.
console- (Optional) The console configuration.cpu- (Optional) The CPU configuration.description- (Optional) The description.disk- (Optional) The disk configuration.datastore_id- (Optional) The identifier for the datastore to create the disk in (defaults tolocal).size- (Optional) The size of the root filesystem in gigabytes (defaults to4). When set to 0 a directory or zfs/btrfs subvolume will be created. Requiresdatastore_idto be set.mount_options(Optional) List of extra mount options.path_in_datastore(Computed) The in-datastore path to the disk image. Use this attribute for cross-resource references.
environment_variables- (Optional) A map of runtime environment variables for the container init process.initialization- (Optional) The initialization configuration.dns- (Optional) The DNS configuration.entrypoint- (Optional) Command to run as init, optionally with arguments. It may start with an absolute path, relative path, or a binary in$PATH.hostname- (Optional) The hostname. Must be a valid DNS name.ip_config- (Optional) The IP configuration (one block per network device).user_account- (Optional) The user account configuration.
memory- (Optional) The memory configuration.mount_pointacl(Optional) Explicitly enable or disable ACL support.backup(Optional) Whether to include the mount point in backups (only used for volume mount points, defaults tofalse).mount_options(Optional) List of extra mount options.path(Required) Path to the mount point as seen from inside the container.quota(Optional) Enable user quotas inside the container (not supported with ZFS subvolumes).read_only(Optional) Read-only mount point.replicate(Optional) Will include this volume to a storage replica job.shared(Optional) Mark this non-volume mount point as available on all nodes.size(Optional) Volume size (only for volume mount points). Can be specified with a unit suffix (e.g.10G).volume(Required) Volume, device or directory to mount into the container.path_in_datastore(Computed) The in-datastore path to the mount point volume. Use this attribute for cross-resource references instead ofvolume.
idmap- (Optional) UID/GID mapping for unprivileged containers (multiple blocks supported). These are written aslxc.idmapentries in the container configuration file via SSH, since the Proxmox API does not support writinglxc[n]parameters.type- (Required) Mapping type (uidorgid).container_id- (Required) Starting ID in the container namespace.host_id- (Required) Starting ID in the host namespace.size- (Required) Number of IDs to map (must be at least1).
device_passthrough- (Optional) Device to pass through to the container (multiple blocks supported).deny_write- (Optional) Deny the container to write to the device (defaults tofalse).gid- (Optional) Group ID to be assigned to the device node.mode- (Optional) Access mode to be set on the device node. Must be a 4-digit octal number.path- (Required) Device to pass through to the container (e.g./dev/sda).uid- (Optional) User ID to be assigned to the device node.
network_interface- (Optional) A network interface (multiple blocks supported).bridge- (Optional) The name of the network bridge (defaults tovmbr0).enabled- (Optional) Whether to enable the network device (defaults totrue).firewall- (Optional) Whether this interface's firewall rules should be used (defaults tofalse).mac_address- (Optional) The MAC address.mtu- (Optional) Maximum transfer unit of the interface. Cannot be larger than the bridge's MTU.name- (Required) The network interface name.rate_limit- (Optional) The rate limit in megabytes per second.vlan_id- (Optional) The VLAN identifier.
node_name- (Required) The name of the node to assign the container to.operating_system- (Required) The Operating System configuration.template_file_id- (Required) The identifier for an OS template file. The ID format is<datastore_id>:<content_type>/<file_name>, for examplelocal:iso/jammy-server-cloudimg-amd64.tar.gz. Can be also taken fromproxmox_virtual_environment_download_fileresource, or from the output ofpvesm list <storage>.type- (Optional) The type (defaults tounmanaged).
pool_id- (Optional) The identifier for a pool to assign the container to.protection- (Optional) Whether to set the protection flag of the container (defaults tofalse). This will prevent the container itself and its disk for remove/update operations.started- (Optional) Whether to start the container (defaults totrue).startup- (Optional) Defines startup and shutdown behavior of the container.order- (Required) A non-negative number defining the general startup order.up_delay- (Optional) A non-negative number defining the delay in seconds before the next container is started.down_delay- (Optional) A non-negative number defining the delay in seconds before the next container is shut down.
start_on_boot- (Optional) Automatically start container when the host system boots (defaults totrue).tags- (Optional) A list of tags the container tags. This is only meta information (defaults to[]). Note: Proxmox always sorts the container tags and set them to lowercase. If tag contains capital letters, then Proxmox will always report a difference on the resource. You may use theignore_changeslifecycle meta-argument to ignore changes to this attribute.template- (Optional) Whether to create a template (defaults tofalse).timeout_create- (Optional) Timeout for creating a container in seconds (defaults to 1800).timeout_clone- (Optional) Timeout for cloning a container in seconds (defaults to 1800).timeout_delete- (Optional) Timeout for deleting a container in seconds (defaults to 60).timeout_update- (Optional) Timeout for updating a container in seconds (defaults to 1800).unprivileged- (Optional) Whether the container runs as unprivileged on the host (defaults tofalse).wait_for_ip- (Optional) Configuration for waiting for specific IP address types when the container starts.ipv4- (Optional) Wait for at least one IPv4 address (non-loopback, non-link-local) (defaults tofalse).ipv6- (Optional) Wait for at least one IPv6 address (non-loopback, non-link-local) (defaults tofalse). Whenwait_for_ipis not specified or bothipv4andipv6arefalse, the provider waits for any valid global unicast address (IPv4 or IPv6). In dual-stack networks where DHCPv6 responds faster, this may result in only IPv6 addresses being available. Setipv4 = trueto ensure IPv4 address availability.
vm_id- (Optional) The container identifierfeatures- (Optional) The container feature flags. Changing flags (except nesting) is only allowed forroot@pamauthenticated user.nesting- (Optional) Whether the container is nested (defaults tofalse)fuse- (Optional) Whether the container supports FUSE mounts (defaults tofalse)keyctl- (Optional) Whether the container supportskeyctl()system call (defaults tofalse)mount- (Optional) List of allowed mount types (cifsornfs)
hook_script_file_id- (Optional) The identifier for a file containing a hook script (needs to be executable, e.g. by using theproxmox_virtual_environment_file.file_modeattribute).
Attribute Reference¶
ipv4- The map of IPv4 addresses per network devices. Returns the first address for each network device, if multiple addresses are assigned.ipv6- The map of IPv6 addresses per network device. Returns the first address for each network device, if multiple addresses are assigned.
Import¶
Instances can be imported using the node_name and the vm_id, e.g.,