mirror of https://github.com/andrew-d/proxmox-service-discovery.git synced 2026-04-26 12:55:51 +03:00

A DNS server that automatically discovers VMs and containers (LXCs) in your Proxmox cluster and makes them available via DNS

Find a file

Andrew Dunham 88238fd0a9 README: document --tls-no-verify flag		2025-04-11 12:59:02 -04:00
.github/workflows	ci: use Go version from go.mod	2025-03-31 23:29:10 -04:00
internal	pveapi: allow disabling TLS certificate verification	2025-04-11 12:54:18 -04:00
.gitignore	Initial work on service discovery	2025-03-30 23:34:33 -04:00
debug.go	pveapi: allow disabling TLS certificate verification	2025-04-11 12:54:18 -04:00
filter.go	filter: switch to using an IPSet instead of a slice	2025-04-04 23:01:16 -04:00
filter_test.go	Split filter from filter configuration	2025-04-02 23:27:00 -04:00
go.mod	pveapi: allow disabling TLS certificate verification	2025-04-11 12:54:18 -04:00
go.sum	pveapi: allow disabling TLS certificate verification	2025-04-11 12:54:18 -04:00
helpers.go	Refactor run.Group handlers into an internal package	2025-04-07 01:09:06 -04:00
inventory.go	auth, inventory: include authentication info in cache key	2025-04-06 23:14:58 -04:00
inventory_test.go	Refactor Proxmox API stuff into an internal package	2025-04-07 01:08:58 -04:00
LICENSE	Create LICENSE	2025-03-31 23:16:38 -04:00
main.go	pveapi: allow disabling TLS certificate verification	2025-04-11 12:54:18 -04:00
README.md	README: document --tls-no-verify flag	2025-04-11 12:59:02 -04:00

README.md

Proxmox Service Discovery

A DNS server that automatically discovers VMs and containers (LXCs) in your Proxmox cluster and makes them available via DNS.

Overview

Proxmox Service Discovery creates DNS records for all your Proxmox VMs and containers, allowing you to access them by name instead of IP address. It automatically detects when VMs are started, stopped, or have their IPs changed.

Features

Automatic service discovery - Finds all running VMs and containers in your Proxmox cluster
DNS resolution - Access your VMs and containers by name (e.g., vm-name.lab.local)
IPv4 and IPv6 support - Creates both A and AAAA records
Flexible filtering - Filter services by type, tags, or networks
Web debug interface - View DNS records and configuration in a simple web UI

Installation

Binary Release

Download the latest binary from the releases page.

Building from Source

git clone https://github.com/andrew-d/proxmox-service-discovery.git
cd proxmox-service-discovery
go build

Usage

# Basic usage with password authentication
./proxmox-service-discovery \
  --proxmox-host=https://proxmox.example.com:8006 \
  --proxmox-user=user@pam \
  --proxmox-password=your-password \
  --dns-zone=lab.local

# Using API token (recommended)
./proxmox-service-discovery \
  --proxmox-host=https://proxmox.example.com:8006 \
  --proxmox-user=user@pam \
  --proxmox-token-id=my-token \
  --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
  --dns-zone=lab.local

# With filtering and debug interface
./proxmox-service-discovery \
  --proxmox-host=https://proxmox.example.com:8006 \
  --proxmox-user=root@pam \
  --proxmox-password=your-password \
  --dns-zone=lab.local \
  --filter-include-tags=dns \
  --filter-exclude-cidrs=10.0.0.0/8 \
  --debug-addr=:8080

Required Flags

--proxmox-host: URL of your Proxmox API
--dns-zone: DNS zone to serve records for (e.g., lab.local)
--proxmox-user: Proxmox user (e.g., root@pam)
Authentication (one of):
- --proxmox-password: Password for Proxmox user
- --proxmox-token-id and --proxmox-token-secret: Proxmox API token

Optional Flags

--addr: Address to listen on for DNS (default: :53)
--udp: Enable UDP listener (default: true)
--tcp: Enable TCP listener (default: true)
--debug-addr: Address for HTTP debug interface (e.g., :8080)
--verbose: Enable verbose logging
--cache-path: Path to cache file; if set, the program will save its state to this file and load it on startup if the initial fetch from Proxmox fails.

TLS and Connection Options

--tls-no-verify: Disable TLS certificate verification (⚠️ not recommended! ⚠️)

Filtering Options

--filter-type: Filter by resource type (QEMU or LXC)
--filter-include-tags: Only include resources with these tags
--filter-include-tags-re: Only include resources with tags matching these regexes
--filter-exclude-tags: Exclude resources with these tags
--filter-exclude-tags-re: Exclude resources with tags matching these regexes
--filter-include-cidrs: Only return IP addresses in these CIDRs; useful if you have private networks or VPNs that you wish to exclude
--filter-exclude-cidrs: Exclude IP addresses in these CIDRs.

Setting Up as a Service

Systemd (Linux)

Create a file at /etc/systemd/system/proxmox-service-discovery.service:

[Unit]
Description=Proxmox Service Discovery
After=network.target

[Service]
ExecStart=/usr/local/bin/proxmox-service-discovery \
  --proxmox-host=https://proxmox.example.com:8006 \
  --proxmox-user=root@pam \
  --proxmox-token-id=discovery \
  --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
  --dns-zone=your-domain.local
Restart=on-failure
User=nobody
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl enable proxmox-service-discovery
sudo systemctl start proxmox-service-discovery

Client/DNS Server Setup

TODO: more details here

API Token Creation

For better security, use API tokens instead of your Proxmox password:

Log in to Proxmox web interface
Go to Datacenter → Permissions → API Tokens
Click "Add" and create a token for the user you wish to use
Make sure to grant the token appropriate read permissions on your cluster under Datacenter → Permissions; typically, the PVEAuditor role is sufficient

Troubleshooting

Enable the debug interface to view active DNS records and configuration:

./proxmox-service-discovery --debug-addr=:8080 [other flags]

Then open http://localhost:8080 in your browser.

License

Apache 2.0 - see LICENSE for more information.