Initial commit: loc_az_hci (smom-dbis-138 excluded via .gitignore)

Co-authored-by: Cursor <cursoragent@cursor.com>

scripts/vm-management/configure/apply-install-scripts.sh

@@ -0,0 +1,196 @@
+#!/bin/bash
+source ~/.bashrc
+# Apply Install Scripts to VMs via SSH
+# This script connects to each VM and runs the appropriate install script
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+# VM Configuration
+declare -A VMS=(
+    [100]="cloudflare-tunnel:192.168.1.60:setup-cloudflare-tunnel.sh"
+    [101]="k3s-master:192.168.1.188:setup-k3s.sh"
+    [102]="git-server:192.168.1.121:setup-git-server.sh"
+    [103]="observability:192.168.1.82:setup-observability.sh"
+)
+
+SSH_USER="${SSH_USER:-ubuntu}"
+SSH_KEY="${SSH_KEY:-~/.ssh/id_rsa}"
+
+# Check if VM is reachable
+check_vm_reachable() {
+    local ip=$1
+    local timeout=5
+    
+    if ping -c 1 -W $timeout "$ip" > /dev/null 2>&1; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Wait for VM to be ready
+wait_for_vm() {
+    local ip=$1
+    local max_attempts=30
+    local attempt=0
+    
+    log_info "Waiting for VM at $ip to be reachable..."
+    
+    while [ $attempt -lt $max_attempts ]; do
+        if check_vm_reachable "$ip"; then
+            log_info "✓ VM is reachable"
+            return 0
+        fi
+        
+        attempt=$((attempt + 1))
+        echo -n "."
+        sleep 2
+    done
+    
+    echo ""
+    log_error "VM at $ip is not reachable after $max_attempts attempts"
+    return 1
+}
+
+# Check SSH connectivity
+check_ssh() {
+    local ip=$1
+    local user=$2
+    
+    if ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no -i "$SSH_KEY" "${user}@${ip}" "echo 'SSH OK'" > /dev/null 2>&1; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Wait for SSH
+wait_for_ssh() {
+    local ip=$1
+    local user=$2
+    local max_attempts=60
+    local attempt=0
+    
+    log_info "Waiting for SSH on $ip..."
+    
+    while [ $attempt -lt $max_attempts ]; do
+        if check_ssh "$ip" "$user"; then
+            log_info "✓ SSH is ready"
+            return 0
+        fi
+        
+        attempt=$((attempt + 1))
+        echo -n "."
+        sleep 5
+    done
+    
+    echo ""
+    log_error "SSH not available after $max_attempts attempts"
+    return 1
+}
+
+# Apply install script to VM
+apply_install_script() {
+    local vmid=$1
+    local name=$2
+    local ip=$3
+    local script=$4
+    
+    log_step "Applying install script to VM $vmid: $name"
+    
+    # Wait for VM to be ready
+    if ! wait_for_vm "$ip"; then
+        log_error "VM not reachable, skipping..."
+        return 1
+    fi
+    
+    # Wait for SSH
+    if ! wait_for_ssh "$ip" "$SSH_USER"; then
+        log_error "SSH not available, skipping..."
+        return 1
+    fi
+    
+    # Copy install script to VM
+    log_info "Copying install script to VM..."
+    if ! scp -o StrictHostKeyChecking=no -i "$SSH_KEY" "scripts/${script}" "${SSH_USER}@${ip}:/tmp/install-service.sh"; then
+        log_error "Failed to copy script"
+        return 1
+    fi
+    
+    # Make script executable and run it
+    log_info "Running install script on VM..."
+    ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" <<EOF
+sudo chmod +x /tmp/install-service.sh
+sudo /tmp/install-service.sh
+EOF
+    
+    if [ $? -eq 0 ]; then
+        log_info "✓ Install script completed successfully"
+        return 0
+    else
+        log_error "✗ Install script failed"
+        return 1
+    fi
+}
+
+main() {
+    echo "========================================="
+    echo "Apply Install Scripts to VMs"
+    echo "========================================="
+    echo ""
+    
+    if [ ! -f "$SSH_KEY" ]; then
+        log_error "SSH key not found: $SSH_KEY"
+        log_info "Set SSH_KEY environment variable or create key pair"
+        exit 1
+    fi
+    
+    log_info "Using SSH key: $SSH_KEY"
+    log_info "SSH user: $SSH_USER"
+    echo ""
+    
+    # Apply scripts to each VM
+    for vmid in 100 101 102 103; do
+        IFS=':' read -r name ip script <<< "${VMS[$vmid]}"
+        
+        if apply_install_script "$vmid" "$name" "$ip" "$script"; then
+            log_info "✓ VM $vmid ($name) setup complete"
+        else
+            log_error "✗ Failed to setup VM $vmid"
+        fi
+        echo ""
+    done
+    
+    log_info "========================================="
+    log_info "Install Script Application Complete"
+    log_info "========================================="
+    echo ""
+    log_info "All VMs should now have their services installed"
+    log_info "Check each VM to verify services are running"
+}
+
+main "$@"
+

scripts/vm-management/configure/attach-iso-webui-guide.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+source ~/.bashrc
+# Interactive Guide for Attaching ISO via Web UI
+
+clear
+echo "========================================="
+echo "Attach ISO via Proxmox Web UI"
+echo "========================================="
+echo ""
+echo "The CD-ROM option won't appear in boot order until"
+echo "the CD/DVD drive with ISO is attached first."
+echo ""
+echo "Step-by-step instructions:"
+echo ""
+echo "1. Open Proxmox Web UI:"
+echo "   https://192.168.1.206:8006"
+echo ""
+echo "2. For EACH VM (100, 101, 102, 103):"
+echo ""
+echo "   A. Click on the VM name in left panel"
+echo ""
+echo "   B. Go to 'Hardware' tab"
+echo ""
+echo "   C. Click 'Add' button (top of page)"
+echo ""
+echo "   D. Select 'CD/DVD Drive' from dropdown"
+echo ""
+echo "   E. In the dialog that appears:"
+echo "      - Storage: Select 'local'"
+echo "      - ISO image: Click dropdown"
+echo "      - Select: ubuntu-24.04.3-live-server-amd64.iso"
+echo "      - Click 'Add' button"
+echo ""
+echo "   F. You should now see 'CD/DVD Drive (ide2)' in Hardware list"
+echo ""
+echo "   G. Go to 'Options' tab"
+echo ""
+echo "   H. Find 'Boot Order' and click 'Edit'"
+echo ""
+echo "   I. Now you should see CD-ROM option!"
+echo "      - Move 'CD-ROM' to the top (first boot device)"
+echo "      - Click 'OK'"
+echo ""
+echo "   J. Start the VM and open Console"
+echo "      - Ubuntu installer should boot"
+echo ""
+echo "========================================="
+echo ""
+read -p "Press Enter when you've attached ISO to all VMs..."
+
+echo ""
+echo "Verifying VM configurations..."
+./scripts/check-vm-status.sh
+

scripts/vm-management/configure/complete-all-vm-tasks.sh

@@ -0,0 +1,480 @@
+#!/bin/bash
+source ~/.bashrc
+# Complete All VM Tasks via SSH
+# This script connects to each VM and completes all pending tasks from the TODO list
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_header() {
+    echo -e "${CYAN}========================================${NC}"
+    echo -e "${CYAN}$1${NC}"
+    echo -e "${CYAN}========================================${NC}"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+SSH_USER="${SSH_USER:-ubuntu}"
+SSH_KEY="${SSH_KEY:-$HOME/.ssh/id_rsa}"
+
+# Expand ~ in SSH_KEY path if needed
+if [[ "$SSH_KEY" == ~* ]]; then
+    SSH_KEY="${SSH_KEY/#\~/$HOME}"
+fi
+
+# VM Configuration
+declare -A VMS=(
+    [100]="cloudflare-tunnel:192.168.1.60:setup-cloudflare-tunnel.sh"
+    [101]="k3s-master:192.168.1.188:setup-k3s.sh"
+    [102]="git-server:192.168.1.121:setup-git-server.sh"
+    [103]="observability:192.168.1.82:setup-observability.sh"
+)
+
+# Check if VM is reachable
+check_vm_reachable() {
+    local ip=$1
+    if ping -c 1 -W 3 "$ip" > /dev/null 2>&1; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Check SSH connectivity
+check_ssh() {
+    local ip=$1
+    local user=$2
+    
+    if ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no -i "$SSH_KEY" "${user}@${ip}" "echo 'SSH OK'" > /dev/null 2>&1; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Wait for VM to be ready
+wait_for_vm() {
+    local ip=$1
+    local name=$2
+    local max_attempts=30
+    local attempt=0
+    
+    log_info "Waiting for $name ($ip) to be reachable..."
+    
+    while [ $attempt -lt $max_attempts ]; do
+        if check_vm_reachable "$ip"; then
+            log_info "✓ VM is reachable"
+            return 0
+        fi
+        
+        attempt=$((attempt + 1))
+        echo -n "."
+        sleep 2
+    done
+    
+    echo ""
+    log_error "VM at $ip is not reachable"
+    return 1
+}
+
+# Wait for SSH
+wait_for_ssh() {
+    local ip=$1
+    local name=$2
+    local max_attempts=60
+    local attempt=0
+    
+    log_info "Waiting for SSH on $name ($ip)..."
+    
+    while [ $attempt -lt $max_attempts ]; do
+        if check_ssh "$ip" "$SSH_USER"; then
+            log_info "✓ SSH is ready"
+            return 0
+        fi
+        
+        attempt=$((attempt + 1))
+        echo -n "."
+        sleep 5
+    done
+    
+    echo ""
+    log_error "SSH not available on $ip"
+    return 1
+}
+
+# Install QEMU Guest Agent
+install_guest_agent() {
+    local ip=$1
+    local name=$2
+    
+    log_step "Installing QEMU Guest Agent on $name..."
+    
+    ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" <<'EOF'
+sudo apt-get update -qq
+sudo apt-get install -y qemu-guest-agent
+sudo systemctl enable qemu-guest-agent
+sudo systemctl start qemu-guest-agent
+sudo systemctl status qemu-guest-agent --no-pager | head -3
+EOF
+    
+    if [ $? -eq 0 ]; then
+        log_info "✓ Guest agent installed and started"
+        return 0
+    else
+        log_error "✗ Failed to install guest agent"
+        return 1
+    fi
+}
+
+# Apply install script to VM
+apply_install_script() {
+    local ip=$1
+    local name=$2
+    local script=$3
+    
+    log_step "Applying install script: $script on $name..."
+    
+    # Copy script to VM
+    if ! scp -o StrictHostKeyChecking=no -i "$SSH_KEY" "scripts/${script}" "${SSH_USER}@${ip}:/tmp/install-service.sh"; then
+        log_error "Failed to copy script"
+        return 1
+    fi
+    
+    # Run script
+    ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" <<'EOF'
+sudo chmod +x /tmp/install-service.sh
+sudo /tmp/install-service.sh
+EOF
+    
+    if [ $? -eq 0 ]; then
+        log_info "✓ Install script completed"
+        return 0
+    else
+        log_error "✗ Install script failed"
+        return 1
+    fi
+}
+
+# Verify service is running
+verify_service() {
+    local ip=$1
+    local name=$2
+    local service_name=$3
+    
+    log_step "Verifying $service_name on $name..."
+    
+    case $service_name in
+        cloudflared)
+            if ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" "sudo systemctl is-active --quiet cloudflared"; then
+                log_info "✓ Cloudflare Tunnel is running"
+                return 0
+            else
+                log_warn "⚠ Cloudflare Tunnel may not be running (manual config may be needed)"
+                return 1
+            fi
+            ;;
+        k3s)
+            if ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" "sudo systemctl is-active --quiet k3s && kubectl get nodes" > /dev/null 2>&1; then
+                log_info "✓ K3s is running"
+                ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" "kubectl get nodes"
+                return 0
+            else
+                log_warn "⚠ K3s may not be fully ready"
+                return 1
+            fi
+            ;;
+        gitea)
+            if ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" "sudo systemctl is-active --quiet gitea"; then
+                log_info "✓ Gitea is running"
+                log_info "  Access at: http://${ip}:3000"
+                return 0
+            else
+                log_warn "⚠ Gitea may not be running"
+                return 1
+            fi
+            ;;
+        observability)
+            local prom_running=false
+            local grafana_running=false
+            
+            if ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" "sudo systemctl is-active --quiet prometheus"; then
+                prom_running=true
+            fi
+            
+            if ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" "sudo systemctl is-active --quiet grafana-server"; then
+                grafana_running=true
+            fi
+            
+            if [ "$prom_running" = true ] && [ "$grafana_running" = true ]; then
+                log_info "✓ Prometheus and Grafana are running"
+                log_info "  Prometheus: http://${ip}:9090"
+                log_info "  Grafana: http://${ip}:3000"
+                return 0
+            else
+                log_warn "⚠ Some services may not be running"
+                return 1
+            fi
+            ;;
+    esac
+}
+
+# Process VM 100: Cloudflare Tunnel
+setup_cloudflare_tunnel() {
+    local vmid=100
+    local name="cloudflare-tunnel"
+    local ip="192.168.1.60"
+    local script="setup-cloudflare-tunnel.sh"
+    
+    log_header "VM $vmid: $name"
+    
+    # Wait for VM
+    if ! wait_for_vm "$ip" "$name"; then
+        log_error "Skipping $name"
+        return 1
+    fi
+    
+    if ! wait_for_ssh "$ip" "$name"; then
+        log_error "Skipping $name"
+        return 1
+    fi
+    
+    # Install guest agent
+    install_guest_agent "$ip" "$name"
+    
+    # Apply install script
+    apply_install_script "$ip" "$name" "$script"
+    
+    # Verify
+    verify_service "$ip" "$name" "cloudflared"
+    
+    log_warn "Note: Cloudflare Tunnel requires manual configuration:"
+    log_info "  1. Run: cloudflared tunnel login"
+    log_info "  2. Create tunnel: cloudflared tunnel create azure-stack-hci"
+    log_info "  3. Update /etc/cloudflared/config.yml"
+    log_info "  4. Configure DNS records in Cloudflare"
+    
+    echo ""
+}
+
+# Process VM 101: K3s
+setup_k3s() {
+    local vmid=101
+    local name="k3s-master"
+    local ip="192.168.1.188"
+    local script="setup-k3s.sh"
+    
+    log_header "VM $vmid: $name"
+    
+    # Wait for VM
+    if ! wait_for_vm "$ip" "$name"; then
+        log_error "Skipping $name"
+        return 1
+    fi
+    
+    if ! wait_for_ssh "$ip" "$name"; then
+        log_error "Skipping $name"
+        return 1
+    fi
+    
+    # Install guest agent
+    install_guest_agent "$ip" "$name"
+    
+    # Apply install script
+    apply_install_script "$ip" "$name" "$script"
+    
+    # Verify
+    verify_service "$ip" "$name" "k3s"
+    
+    log_info "K3s cluster is ready!"
+    log_info "  Kubeconfig: /etc/rancher/k3s/k3s.yaml"
+    
+    echo ""
+}
+
+# Process VM 102: Git Server
+setup_git_server() {
+    local vmid=102
+    local name="git-server"
+    local ip="192.168.1.121"
+    local script="setup-git-server.sh"
+    
+    log_header "VM $vmid: $name"
+    
+    # Wait for VM
+    if ! wait_for_vm "$ip" "$name"; then
+        log_error "Skipping $name"
+        return 1
+    fi
+    
+    if ! wait_for_ssh "$ip" "$name"; then
+        log_error "Skipping $name"
+        return 1
+    fi
+    
+    # Install guest agent
+    install_guest_agent "$ip" "$name"
+    
+    # Apply install script
+    apply_install_script "$ip" "$name" "$script"
+    
+    # Verify
+    verify_service "$ip" "$name" "gitea"
+    
+    log_info "Gitea is ready!"
+    log_info "  Access at: http://${ip}:3000"
+    log_warn "  Complete initial setup via web UI"
+    
+    echo ""
+}
+
+# Process VM 103: Observability
+setup_observability() {
+    local vmid=103
+    local name="observability"
+    local ip="192.168.1.82"
+    local script="setup-observability.sh"
+    
+    log_header "VM $vmid: $name"
+    
+    # Wait for VM
+    if ! wait_for_vm "$ip" "$name"; then
+        log_error "Skipping $name"
+        return 1
+    fi
+    
+    if ! wait_for_ssh "$ip" "$name"; then
+        log_error "Skipping $name"
+        return 1
+    fi
+    
+    # Install guest agent
+    install_guest_agent "$ip" "$name"
+    
+    # Apply install script
+    apply_install_script "$ip" "$name" "$script"
+    
+    # Verify
+    verify_service "$ip" "$name" "observability"
+    
+    log_info "Observability stack is ready!"
+    log_info "  Prometheus: http://${ip}:9090"
+    log_info "  Grafana: http://${ip}:3000 (admin/admin)"
+    log_warn "  Change Grafana password on first login"
+    
+    echo ""
+}
+
+# Enable guest agent in Proxmox
+enable_guest_agent_proxmox() {
+    log_header "Enabling Guest Agent in Proxmox"
+    
+    if [ -z "$PVE_ROOT_PASS" ]; then
+        log_warn "PVE_ROOT_PASS not set, skipping Proxmox configuration"
+        return 0
+    fi
+    
+    PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+    PROXMOX_URL="https://192.168.1.206:8006"
+    PROXMOX_NODE="pve"
+    
+    # Get authentication ticket
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_ROOT_PASS" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        log_warn "Failed to authenticate with Proxmox, skipping"
+        return 0
+    fi
+    
+    # Enable agent for each VM
+    for vmid in 100 101 102 103; do
+        log_info "Enabling guest agent in Proxmox for VM $vmid..."
+        curl -k -s -X PUT \
+            -H "Cookie: PVEAuthCookie=$ticket" \
+            -H "CSRFPreventionToken: $csrf" \
+            -d "agent=1" \
+            "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1
+        
+        if [ $? -eq 0 ]; then
+            log_info "✓ Agent enabled for VM $vmid"
+        else
+            log_warn "⚠ Failed to enable agent for VM $vmid"
+        fi
+    done
+    
+    echo ""
+}
+
+main() {
+    log_header "Complete All VM Tasks"
+    echo ""
+    
+    if [ ! -f "$SSH_KEY" ]; then
+        log_error "SSH key not found: $SSH_KEY"
+        log_info "Set SSH_KEY environment variable or create key pair"
+        exit 1
+    fi
+    
+    log_info "Using SSH key: $SSH_KEY"
+    log_info "SSH user: $SSH_USER"
+    echo ""
+    
+    # Process each VM
+    setup_cloudflare_tunnel
+    setup_k3s
+    setup_git_server
+    setup_observability
+    
+    # Enable guest agent in Proxmox
+    enable_guest_agent_proxmox
+    
+    log_header "All Tasks Complete!"
+    echo ""
+    log_info "Summary:"
+    echo "  ✓ Guest agent installed on all VMs"
+    echo "  ✓ Cloudflare Tunnel setup (manual config needed)"
+    echo "  ✓ K3s installed and verified"
+    echo "  ✓ Gitea installed (initial setup needed)"
+    echo "  ✓ Observability stack installed"
+    echo ""
+    log_warn "Manual steps remaining:"
+    echo "  1. Configure Cloudflare Tunnel (VM 100)"
+    echo "  2. Complete Gitea initial setup (VM 102)"
+    echo "  3. Change Grafana password (VM 103)"
+    echo "  4. Configure K3s namespaces and services (VM 101)"
+    echo ""
+}
+
+main "$@"
+

scripts/vm-management/configure/complete-vm-setup.sh

@@ -0,0 +1,178 @@
+#!/bin/bash
+source ~/.bashrc
+# Complete VM Setup - Final Configuration and Cloud-Init Setup
+# Attempts to configure everything possible via API
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+log_header() {
+    echo -e "${CYAN}========================================${NC}"
+    echo -e "${CYAN}$1${NC}"
+    echo -e "${CYAN}========================================${NC}"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+PVE_PASSWORD="${PVE_ROOT_PASS:-}"
+PROXMOX_HOST="${1:-192.168.1.206}"
+PROXMOX_URL="https://${PROXMOX_HOST}:8006"
+PROXMOX_NODE="${2:-pve}"
+ISO_FILE="${ISO_FILE:-ubuntu-24.04.3-live-server-amd64.iso}"
+
+# Get authentication ticket
+get_ticket() {
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        log_error "Failed to authenticate with Proxmox"
+        return 1
+    fi
+    
+    echo "$ticket|$csrf"
+}
+
+# Complete VM setup with Cloud-Init
+setup_vm_complete() {
+    local auth=$1
+    local vmid=$2
+    local name=$3
+    local ip_address=$4
+    local gateway=$5
+    
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    log_step "Complete setup for $name (ID: $vmid)..."
+    
+    # Stop VM
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/stop" > /dev/null 2>&1
+    sleep 2
+    
+    # Enable Cloud-Init
+    log_info "Enabling Cloud-Init..."
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "ipconfig0=ip=${ip_address}/24,gw=${gateway}" \
+        -d "nameserver=8.8.8.8" \
+        -d "ciuser=ubuntu" \
+        -d "cipassword=" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || log_warn "Cloud-Init config may have issues"
+    
+    # Configure network (try POST method)
+    log_info "Configuring network interface..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "net0=virtio,bridge=vmbr0" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || log_warn "Network config may need manual setup"
+    
+    # Configure ISO (try POST method)
+    log_info "Configuring ISO..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "ide2=local:iso/${ISO_FILE},media=cdrom" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || log_warn "ISO config may need manual setup"
+    
+    # Set boot order
+    log_info "Setting boot order..."
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "boot=order=ide2" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1
+    
+    # Start VM
+    log_info "Starting VM..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/start" > /dev/null 2>&1
+    
+    log_info "✓ $name configured and started"
+}
+
+# VM configurations with IPs
+declare -A VMS=(
+    ["100"]="cloudflare-tunnel:192.168.1.60:192.168.1.254"
+    ["101"]="k3s-master:192.168.1.188:192.168.1.254"
+    ["102"]="git-server:192.168.1.121:192.168.1.254"
+    ["103"]="observability:192.168.1.82:192.168.1.254"
+)
+
+main() {
+    log_header "Complete VM Setup with Cloud-Init"
+    echo ""
+    
+    if [ -z "$PVE_PASSWORD" ]; then
+        log_error "PVE_ROOT_PASS not set in .env"
+        exit 1
+    fi
+    
+    # Authenticate
+    auth=$(get_ticket)
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+    
+    log_info "Configuring all VMs with Cloud-Init..."
+    echo ""
+    
+    for vmid in "${!VMS[@]}"; do
+        IFS=':' read -r name ip_address gateway <<< "${VMS[$vmid]}"
+        setup_vm_complete "$auth" "$vmid" "$name" "$ip_address" "$gateway"
+        echo ""
+    done
+    
+    log_header "Setup Complete"
+    echo ""
+    log_info "All VMs configured with:"
+    echo "  ✓ Cloud-Init enabled"
+    echo "  ✓ Network interfaces configured"
+    echo "  ✓ ISO attached"
+    echo "  ✓ Boot order set"
+    echo ""
+    log_warn "Note: Network and ISO may need manual verification via Proxmox Web UI"
+    log_info "Next: Install Ubuntu via console (network/ISO should be ready)"
+}
+
+main "$@"
+

scripts/vm-management/configure/final-vm-config-fix.sh

@@ -0,0 +1,135 @@
+#!/bin/bash
+source ~/.bashrc
+# Final VM Configuration Fix - Using Proxmox CLI format via API
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+PVE_PASSWORD="${PVE_ROOT_PASS:-}"
+PROXMOX_HOST="${1:-192.168.1.206}"
+PROXMOX_URL="https://${PROXMOX_HOST}:8006"
+PROXMOX_NODE="${2:-pve}"
+ISO_FILE="${ISO_FILE:-ubuntu-24.04.3-live-server-amd64.iso}"
+
+# Get authentication ticket
+get_ticket() {
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        log_error "Failed to authenticate with Proxmox"
+        return 1
+    fi
+    
+    echo "$ticket|$csrf"
+}
+
+# Fix single VM
+fix_vm_final() {
+    local auth=$1
+    local vmid=$2
+    local name=$3
+    
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    log_step "Final configuration for $name (ID: $vmid)..."
+    
+    # Stop VM
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/stop" > /dev/null 2>&1
+    sleep 2
+    
+    # Network - try simplest possible format
+    log_info "Configuring network..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "net0=virtio,bridge=vmbr0" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # ISO - try simplest format
+    log_info "Configuring ISO..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "ide2=local:iso/${ISO_FILE},media=cdrom" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # Boot order
+    log_info "Setting boot order..."
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "boot=order=ide2" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # Start VM
+    log_info "Starting VM..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/start" > /dev/null 2>&1
+    
+    log_info "✓ $name configured"
+}
+
+main() {
+    echo "========================================="
+    echo "Final VM Configuration Attempt"
+    echo "========================================="
+    echo ""
+    
+    auth=$(get_ticket)
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+    
+    for vmid in 100 101 102 103; do
+        case $vmid in
+            100) name="cloudflare-tunnel" ;;
+            101) name="k3s-master" ;;
+            102) name="git-server" ;;
+            103) name="observability" ;;
+        esac
+        fix_vm_final "$auth" "$vmid" "$name"
+        echo ""
+    done
+    
+    log_info "Configuration complete. Please verify via Proxmox Web UI."
+    log_info "If network/ISO still missing, configure manually via Web UI."
+}
+
+main "$@"
+

scripts/vm-management/configure/fix-all-vm-configs.sh

@@ -0,0 +1,223 @@
+#!/bin/bash
+source ~/.bashrc
+# Comprehensive VM Configuration Fix
+# Uses multiple API approaches to ensure all hardware is configured
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+PVE_PASSWORD="${PVE_ROOT_PASS:-}"
+PROXMOX_HOST="${1:-192.168.1.206}"
+PROXMOX_URL="https://${PROXMOX_HOST}:8006"
+PROXMOX_NODE="${2:-pve}"
+ISO_FILE="${ISO_FILE:-ubuntu-24.04.3-live-server-amd64.iso}"
+
+# Get authentication ticket
+get_ticket() {
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        log_error "Failed to authenticate with Proxmox"
+        return 1
+    fi
+    
+    echo "$ticket|$csrf"
+}
+
+# Check if config exists
+config_exists() {
+    local auth=$1
+    local vmid=$2
+    local key=$3
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    local response=$(curl -k -s -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>/dev/null)
+    
+    echo "$response" | python3 -c "
+import sys, json
+data = json.load(sys.stdin)
+config = data.get('data', {})
+print('true' if '$key' in config and config.get('$key') else 'false')
+" 2>/dev/null || echo "false"
+}
+
+# Fix VM configuration comprehensively
+fix_vm_comprehensive() {
+    local auth=$1
+    local vmid=$2
+    local name=$3
+    local disk_size=$4
+    
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    log_step "Comprehensive fix for $name (ID: $vmid)..."
+    
+    # Stop VM
+    log_info "Stopping VM..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/stop" > /dev/null 2>&1
+    sleep 3
+    
+    # Try multiple network formats
+    if [ "$(config_exists "$auth" "$vmid" "net0")" = "false" ]; then
+        log_info "Adding network interface..."
+        
+        # Try format 1: model=virtio,bridge=vmbr0
+        local net1=$(curl -k -s -X PUT \
+            -H "Cookie: PVEAuthCookie=$ticket" \
+            -H "CSRFPreventionToken: $csrf" \
+            -d "net0=model=virtio,bridge=vmbr0" \
+            "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>&1)
+        
+        if echo "$net1" | grep -q '"errors"'; then
+            # Try format 2: bridge=vmbr0 (let Proxmox use default model)
+            curl -k -s -X PUT \
+                -H "Cookie: PVEAuthCookie=$ticket" \
+                -H "CSRFPreventionToken: $csrf" \
+                -d "net0=bridge=vmbr0" \
+                "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1
+        fi
+        log_info "✓ Network interface configured"
+    else
+        log_info "✓ Network interface already exists"
+    fi
+    
+    # Try multiple disk formats
+    if [ "$(config_exists "$auth" "$vmid" "scsi0")" = "false" ]; then
+        log_info "Adding disk..."
+        
+        # Try local-lvm first (LVM thin)
+        local disk1=$(curl -k -s -X PUT \
+            -H "Cookie: PVEAuthCookie=$ticket" \
+            -H "CSRFPreventionToken: $csrf" \
+            -d "scsi0=local-lvm:${disk_size}" \
+            "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>&1)
+        
+        if echo "$disk1" | grep -q '"errors"'; then
+            # Try local storage
+            curl -k -s -X PUT \
+                -H "Cookie: PVEAuthCookie=$ticket" \
+                -H "CSRFPreventionToken: $csrf" \
+                -d "scsi0=local:${disk_size}" \
+                "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1
+        fi
+        log_info "✓ Disk configured"
+    else
+        log_info "✓ Disk already exists"
+    fi
+    
+    # Add ISO
+    if [ "$(config_exists "$auth" "$vmid" "ide2")" = "false" ]; then
+        log_info "Adding ISO..."
+        local iso_volid="local:iso/${ISO_FILE}"
+        curl -k -s -X PUT \
+            -H "Cookie: PVEAuthCookie=$ticket" \
+            -H "CSRFPreventionToken: $csrf" \
+            -d "ide2=${iso_volid},media=cdrom" \
+            "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1
+        log_info "✓ ISO configured"
+    else
+        log_info "✓ ISO already configured"
+    fi
+    
+    # Set boot order
+    log_info "Setting boot order..."
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "boot=order=ide2" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1
+    
+    # Start VM
+    log_info "Starting VM..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/start" > /dev/null 2>&1
+    
+    log_info "✓ VM $vmid fully configured and started"
+    echo ""
+}
+
+# VM configurations
+declare -A VMS=(
+    ["100"]="cloudflare-tunnel:40"
+    ["101"]="k3s-master:80"
+    ["102"]="git-server:100"
+    ["103"]="observability:200"
+)
+
+main() {
+    echo "========================================="
+    echo "Comprehensive VM Configuration Fix"
+    echo "========================================="
+    echo ""
+    
+    if [ -z "$PVE_PASSWORD" ]; then
+        log_error "PVE_ROOT_PASS not set in .env"
+        exit 1
+    fi
+    
+    # Authenticate
+    auth=$(get_ticket)
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+    
+    log_info "Fixing all VM configurations..."
+    echo ""
+    
+    for vmid in "${!VMS[@]}"; do
+        IFS=':' read -r name disk_size <<< "${VMS[$vmid]}"
+        fix_vm_comprehensive "$auth" "$vmid" "$name" "$disk_size"
+    done
+    
+    log_info "========================================="
+    log_info "All VM Configurations Fixed"
+    log_info "========================================="
+    echo ""
+    log_info "Next: Verify configurations and install Ubuntu"
+}
+
+main "$@"
+

scripts/vm-management/configure/fix-boot-config.sh

@@ -0,0 +1,174 @@
+#!/bin/bash
+source ~/.bashrc
+# Fix Boot Configuration - Ensure VMs can boot from ISO
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+PVE_PASSWORD="${PVE_ROOT_PASS:-}"
+PROXMOX_HOST="${1:-192.168.1.206}"
+PROXMOX_URL="https://${PROXMOX_HOST}:8006"
+PROXMOX_NODE="${2:-pve}"
+ISO_FILE="${ISO_FILE:-ubuntu-24.04.3-live-server-amd64.iso}"
+
+# Get authentication ticket
+get_ticket() {
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        log_error "Failed to authenticate with Proxmox"
+        return 1
+    fi
+    
+    echo "$ticket|$csrf"
+}
+
+# Fix boot configuration for a VM
+fix_boot() {
+    local auth=$1
+    local vmid=$2
+    local name=$3
+    
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    log_step "Fixing boot configuration for $name (ID: $vmid)..."
+    
+    # Stop VM
+    log_info "Stopping VM..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/stop" > /dev/null 2>&1
+    sleep 2
+    
+    # First, ensure we have a network device
+    log_info "Ensuring network device exists..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "net0=virtio,bridge=vmbr0" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # Ensure ISO is attached - try multiple formats
+    log_info "Attaching ISO..."
+    local iso_volid="local:iso/${ISO_FILE}"
+    
+    # Try format 1: ide2=storage:iso/file.iso,media=cdrom
+    local iso1=$(curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "ide2=${iso_volid},media=cdrom" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>&1)
+    
+    if echo "$iso1" | grep -q '"errors"'; then
+        # Try format 2: ide2=storage:iso/file.iso
+        curl -k -s -X POST \
+            -H "Cookie: PVEAuthCookie=$ticket" \
+            -H "CSRFPreventionToken: $csrf" \
+            -d "ide2=${iso_volid}" \
+            "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    fi
+    
+    # Set boot order - CD-ROM first, then disk
+    log_info "Setting boot order to CD-ROM first..."
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "boot=order=ide2;scsi0" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || \
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "boot=order=ide2" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # Also try setting bootdisk
+    log_info "Setting boot disk..."
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "bootdisk=ide2" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # Start VM
+    log_info "Starting VM..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/start" > /dev/null 2>&1
+    
+    log_info "✓ Boot configuration fixed for $name"
+    echo ""
+}
+
+main() {
+    echo "========================================="
+    echo "Fix Boot Configuration"
+    echo "========================================="
+    echo ""
+    
+    if [ -z "$PVE_PASSWORD" ]; then
+        log_error "PVE_ROOT_PASS not set in .env"
+        exit 1
+    fi
+    
+    # Authenticate
+    auth=$(get_ticket)
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+    
+    # Fix all VMs
+    for vmid in 100 101 102 103; do
+        case $vmid in
+            100) name="cloudflare-tunnel" ;;
+            101) name="k3s-master" ;;
+            102) name="git-server" ;;
+            103) name="observability" ;;
+        esac
+        fix_boot "$auth" "$vmid" "$name"
+    done
+    
+    log_info "========================================="
+    log_info "Boot Configuration Fixed"
+    log_info "========================================="
+    echo ""
+    log_info "VMs should now boot from ISO."
+    log_info "If still having issues, verify via Proxmox Web UI:"
+    log_info "  - Hardware tab: Check CD/DVD drive has ISO"
+    log_info "  - Options tab: Boot order should be CD-ROM first"
+}
+
+main "$@"
+

scripts/vm-management/configure/fix-floppy-boot.sh

@@ -0,0 +1,160 @@
+#!/bin/bash
+source ~/.bashrc
+# Fix Floppy Boot Issue - Remove Floppy and Set Correct Boot Order
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+PVE_PASSWORD="${PVE_ROOT_PASS:-}"
+PROXMOX_URL="https://192.168.1.206:8006"
+PROXMOX_NODE="pve"
+
+# Get authentication ticket
+get_ticket() {
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        log_error "Failed to authenticate with Proxmox"
+        return 1
+    fi
+    
+    echo "$ticket|$csrf"
+}
+
+# Fix floppy boot issue
+fix_floppy_boot() {
+    local auth=$1
+    local vmid=$2
+    local name=$3
+    
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    log_step "Fixing boot order for $name (ID: $vmid)..."
+    
+    # Stop VM
+    log_info "Stopping VM..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/stop" > /dev/null 2>&1
+    sleep 2
+    
+    # Remove floppy drive if it exists
+    log_info "Removing floppy drive (if exists)..."
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "floppy0=none" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # Delete floppy device
+    curl -k -s -X DELETE \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config/floppy0" > /dev/null 2>&1 || true
+    
+    # Set boot order explicitly: CD-ROM first, then disk, skip floppy
+    log_info "Setting boot order: CD-ROM first, then disk..."
+    
+    # Method 1: Set boot order with explicit device order
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "boot=order=ide2;scsi0" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # Method 2: Set bootdisk to CD-ROM
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "bootdisk=ide2" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # Method 3: Disable floppy in BIOS
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "bios=ovmf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1 || true
+    
+    # Start VM
+    log_info "Starting VM..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/start" > /dev/null 2>&1
+    
+    log_info "✓ Boot order fixed for $name"
+    echo ""
+}
+
+main() {
+    echo "========================================="
+    echo "Fix Floppy Boot Issue"
+    echo "========================================="
+    echo ""
+    
+    if [ -z "$PVE_PASSWORD" ]; then
+        log_error "PVE_ROOT_PASS not set in .env"
+        exit 1
+    fi
+    
+    # Authenticate
+    auth=$(get_ticket)
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+    
+    # Fix all VMs
+    for vmid in 100 101 102 103; do
+        case $vmid in
+            100) name="cloudflare-tunnel" ;;
+            101) name="k3s-master" ;;
+            102) name="git-server" ;;
+            103) name="observability" ;;
+        esac
+        fix_floppy_boot "$auth" "$vmid" "$name"
+    done
+    
+    log_info "========================================="
+    log_info "Floppy Boot Issue Fixed"
+    log_info "========================================="
+    echo ""
+    log_info "VMs should now boot from CD-ROM."
+    log_info "If still booting from floppy, remove floppy via Web UI:"
+    log_info "  Hardware tab → Remove floppy drive → Set boot order"
+}
+
+main "$@"
+

scripts/vm-management/configure/fix-guest-agent.sh

@@ -0,0 +1,186 @@
+#!/bin/bash
+source ~/.bashrc
+# Fix Guest Agent Issues - Troubleshooting Script
+# Use this if guest agent is not working properly
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+PVE_PASSWORD="${PVE_ROOT_PASS:-}"
+PROXMOX_URL="https://192.168.1.206:8006"
+PROXMOX_NODE="pve"
+
+declare -A VMS=(
+    [100]="cloudflare-tunnel:192.168.1.60"
+    [101]="k3s-master:192.168.1.188"
+    [102]="git-server:192.168.1.121"
+    [103]="observability:192.168.1.82"
+)
+
+SSH_USER="${SSH_USER:-ubuntu}"
+SSH_KEY="${SSH_KEY:-~/.ssh/id_rsa}"
+
+# Get authentication ticket
+get_ticket() {
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        log_error "Failed to authenticate with Proxmox"
+        return 1
+    fi
+    
+    echo "$ticket|$csrf"
+}
+
+# Fix guest agent on a VM
+fix_guest_agent() {
+    local vmid=$1
+    local name=$2
+    local ip=$3
+    
+    log_step "Fixing guest agent on VM $vmid: $name"
+    
+    # Check SSH
+    if ! ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" "echo 'SSH OK'" > /dev/null 2>&1; then
+        log_error "SSH not available, skipping..."
+        return 1
+    fi
+    
+    log_info "Reinstalling and restarting guest agent..."
+    
+    ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "${SSH_USER}@${ip}" <<EOF
+sudo systemctl stop qemu-guest-agent || true
+sudo apt-get update
+sudo apt-get install --reinstall -y qemu-guest-agent
+sudo systemctl daemon-reload
+sudo systemctl enable qemu-guest-agent
+sudo systemctl restart qemu-guest-agent
+sleep 2
+sudo systemctl status qemu-guest-agent --no-pager | head -10
+EOF
+    
+    if [ $? -eq 0 ]; then
+        log_info "✓ Guest agent fixed on VM $vmid"
+        return 0
+    else
+        log_error "✗ Failed to fix guest agent"
+        return 1
+    fi
+}
+
+# Verify Proxmox configuration
+verify_proxmox_config() {
+    local auth=$1
+    local vmid=$2
+    
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    log_step "Checking Proxmox configuration for VM $vmid"
+    
+    local config=$(curl -k -s \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config")
+    
+    local agent=$(echo "$config" | grep -o '"agent":"[^"]*' | cut -d'"' -f4)
+    
+    if [ "$agent" = "1" ]; then
+        log_info "✓ Agent enabled in Proxmox (agent=1)"
+    else
+        log_warn "⚠ Agent not enabled in Proxmox"
+        log_info "Enabling agent..."
+        
+        curl -k -s -X PUT \
+            -H "Cookie: PVEAuthCookie=$ticket" \
+            -H "CSRFPreventionToken: $csrf" \
+            -d "agent=1" \
+            "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null
+        
+        log_info "✓ Agent enabled"
+    fi
+}
+
+main() {
+    echo "========================================="
+    echo "Fix Guest Agent Issues"
+    echo "========================================="
+    echo ""
+    
+    if [ -z "$PVE_PASSWORD" ]; then
+        log_error "PVE_ROOT_PASS not set in .env"
+        exit 1
+    fi
+    
+    if [ ! -f "$SSH_KEY" ]; then
+        log_error "SSH key not found: $SSH_KEY"
+        exit 1
+    fi
+    
+    # Authenticate
+    auth=$(get_ticket)
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+    
+    # Fix each VM
+    for vmid in 100 101 102 103; do
+        IFS=':' read -r name ip <<< "${VMS[$vmid]}"
+        
+        echo "----------------------------------------"
+        log_step "Fixing VM $vmid: $name"
+        echo ""
+        
+        # Fix guest agent on VM
+        fix_guest_agent "$vmid" "$name" "$ip"
+        
+        # Verify Proxmox config
+        verify_proxmox_config "$auth" "$vmid"
+        
+        echo ""
+    done
+    
+    log_info "========================================="
+    log_info "Guest Agent Fix Complete"
+    log_info "========================================="
+    echo ""
+    log_info "Wait a few minutes, then verify in Proxmox:"
+    echo "  VM → Monitor → QEMU Guest Agent"
+}
+
+main "$@"
+

scripts/vm-management/configure/fix-vm-config.sh

@@ -0,0 +1,190 @@
+#!/bin/bash
+source ~/.bashrc
+# Fix VM Configuration Warnings
+# Corrects network, disk, and ISO configurations
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+PVE_PASSWORD="${PVE_ROOT_PASS:-}"
+PROXMOX_HOST="${1:-192.168.1.206}"
+PROXMOX_URL="https://${PROXMOX_HOST}:8006"
+PROXMOX_NODE="${2:-pve}"
+ISO_FILE="${ISO_FILE:-ubuntu-24.04.3-live-server-amd64.iso}"
+
+# Get authentication ticket
+get_ticket() {
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        log_error "Failed to authenticate with Proxmox"
+        return 1
+    fi
+    
+    echo "$ticket|$csrf"
+}
+
+# Fix VM configuration
+fix_vm_config() {
+    local auth=$1
+    local vmid=$2
+    local name=$3
+    local disk_size=$4
+    
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    log_step "Fixing configuration for $name (ID: $vmid)..."
+    
+    # Stop VM if running
+    log_info "Stopping VM $vmid..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/stop" > /dev/null 2>&1
+    sleep 2
+    
+    # Fix network - use proper format
+    log_info "Configuring network..."
+    local net_response=$(curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "net0=model=virtio,bridge=vmbr0" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>&1)
+    
+    if echo "$net_response" | grep -q '"errors"'; then
+        log_warn "Network config may have issues, but continuing..."
+    else
+        log_info "✓ Network configured"
+    fi
+    
+    # Fix disk - ensure proper format
+    log_info "Configuring disk..."
+    local disk_response=$(curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "scsi0=local-lvm:${disk_size},format=raw" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>&1)
+    
+    if echo "$disk_response" | grep -q '"errors"'; then
+        # Try with local storage instead
+        curl -k -s -X PUT \
+            -H "Cookie: PVEAuthCookie=$ticket" \
+            -H "CSRFPreventionToken: $csrf" \
+            -d "scsi0=local:${disk_size},format=raw" \
+            "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1
+        log_info "✓ Disk configured (using local storage)"
+    else
+        log_info "✓ Disk configured"
+    fi
+    
+    # Fix ISO - ensure proper format
+    log_info "Configuring ISO..."
+    local iso_volid="local:iso/${ISO_FILE}"
+    local iso_response=$(curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "ide2=${iso_volid},media=cdrom" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>&1)
+    
+    if echo "$iso_response" | grep -q '"errors"'; then
+        log_warn "ISO config may have issues"
+    else
+        log_info "✓ ISO configured"
+    fi
+    
+    # Set boot order
+    log_info "Setting boot order..."
+    curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "boot=order=ide2;scsi0" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" > /dev/null 2>&1
+    
+    log_info "✓ Boot order configured"
+    
+    # Start VM
+    log_info "Starting VM..."
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/start" > /dev/null 2>&1
+    
+    log_info "✓ VM $vmid configuration fixed and restarted"
+    echo ""
+}
+
+# VM configurations
+declare -A VMS=(
+    ["100"]="cloudflare-tunnel:40"
+    ["101"]="k3s-master:80"
+    ["102"]="git-server:100"
+    ["103"]="observability:200"
+)
+
+main() {
+    echo "========================================="
+    echo "Fix VM Configuration Warnings"
+    echo "========================================="
+    echo ""
+    
+    if [ -z "$PVE_PASSWORD" ]; then
+        log_error "PVE_ROOT_PASS not set in .env"
+        exit 1
+    fi
+    
+    # Authenticate
+    auth=$(get_ticket)
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+    
+    log_info "Fixing configurations for all VMs..."
+    echo ""
+    
+    for vmid in "${!VMS[@]}"; do
+        IFS=':' read -r name disk_size <<< "${VMS[$vmid]}"
+        fix_vm_config "$auth" "$vmid" "$name" "$disk_size"
+    done
+    
+    log_info "========================================="
+    log_info "Configuration Fix Complete"
+    log_info "========================================="
+}
+
+main "$@"
+

scripts/vm-management/configure/fix-vm-creation.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+source ~/.bashrc
+# Fix VM Creation - Delete failed VMs and recreate them properly
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+PVE_PASSWORD="${PVE_ROOT_PASS:-}"
+PROXMOX_HOST="${1:-192.168.1.206}"
+PROXMOX_URL="https://${PROXMOX_HOST}:8006"
+PROXMOX_NODE="${2:-pve}"
+
+# Get authentication ticket
+get_ticket() {
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        log_error "Failed to authenticate with Proxmox"
+        return 1
+    fi
+    
+    echo "$ticket|$csrf"
+}
+
+# Delete VM
+delete_vm() {
+    local auth=$1
+    local vmid=$2
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    log_warn "Deleting VM $vmid..."
+    
+    # Stop VM first if running
+    curl -k -s -X POST \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/status/stop" > /dev/null 2>&1
+    
+    sleep 2
+    
+    # Delete VM
+    local delete_response=$(curl -k -s -X DELETE \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid" 2>&1)
+    
+    if echo "$delete_response" | grep -q '"errors"'; then
+        log_error "Failed to delete VM $vmid: $delete_response"
+        return 1
+    fi
+    
+    log_info "✓ VM $vmid deleted"
+    return 0
+}
+
+main() {
+    echo "========================================="
+    echo "Fix VM Creation - Cleanup and Recreate"
+    echo "========================================="
+    echo ""
+    
+    # Authenticate
+    auth=$(get_ticket)
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+    
+    # Delete failed VMs (100-103)
+    for vmid in 100 101 102 103; do
+        delete_vm "$auth" "$vmid" || log_warn "Could not delete VM $vmid (may not exist)"
+    done
+    
+    echo ""
+    log_info "Cleanup complete. Now run: ./scripts/create-vms-from-iso.sh"
+}
+
+main "$@"
+

scripts/vm-management/configure/manual-steps-guide.sh

@@ -0,0 +1,96 @@
+#!/bin/bash
+source ~/.bashrc
+# Manual Steps Guide - Interactive helper for remaining manual steps
+
+# Colors
+CYAN='\033[0;36m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_header() {
+    echo -e "${CYAN}========================================${NC}"
+    echo -e "${CYAN}$1${NC}"
+    echo -e "${CYAN}========================================${NC}"
+}
+
+clear
+log_header "Manual Steps Guide - Complete Remaining Tasks"
+echo ""
+
+echo "This guide will help you complete the remaining manual steps."
+echo ""
+read -p "Press Enter to continue..."
+
+log_header "Step 1: Verify VM Hardware Configuration"
+echo ""
+echo "1. Open Proxmox Web UI: https://192.168.1.206:8006"
+echo "2. Login with: root@pam / (password from .env)"
+echo "3. For each VM (100, 101, 102, 103):"
+echo "   a. Click on the VM"
+echo "   b. Go to 'Hardware' tab"
+echo "   c. Verify/Add:"
+echo "      - Network Device (should be virtio, bridge=vmbr0)"
+echo "      - Hard Disk (should exist)"
+echo "      - CD/DVD Drive (should have Ubuntu ISO)"
+echo "   d. Go to 'Options' tab"
+echo "      - Set Boot Order: CD-ROM first"
+echo ""
+read -p "Press Enter after verifying all VM hardware..."
+
+log_header "Step 2: Install Ubuntu 24.04"
+echo ""
+echo "For each VM, install Ubuntu:"
+echo ""
+echo "VM 100 - cloudflare-tunnel (192.168.1.60):"
+echo "  1. Open VM → Console"
+echo "  2. Ubuntu installer should boot"
+echo "  3. During installation, configure:"
+echo "     - IP: 192.168.1.60/24"
+echo "     - Gateway: 192.168.1.254"
+echo "     - DNS: 8.8.8.8"
+echo "  4. Create user account (remember for SSH)"
+echo ""
+read -p "Press Enter after installing Ubuntu on VM 100..."
+
+echo ""
+echo "VM 101 - k3s-master (192.168.1.188):"
+echo "  - IP: 192.168.1.188/24"
+echo "  - Gateway: 192.168.1.254"
+read -p "Press Enter after installing Ubuntu on VM 101..."
+
+echo ""
+echo "VM 102 - git-server (192.168.1.121):"
+echo "  - IP: 192.168.1.121/24"
+echo "  - Gateway: 192.168.1.254"
+read -p "Press Enter after installing Ubuntu on VM 102..."
+
+echo ""
+echo "VM 103 - observability (192.168.1.82):"
+echo "  - IP: 192.168.1.82/24"
+echo "  - Gateway: 192.168.1.254"
+read -p "Press Enter after installing Ubuntu on VM 103..."
+
+log_header "Step 3: Verify Installation"
+echo ""
+echo "Running verification script..."
+./scripts/check-vm-status.sh
+echo ""
+read -p "Press Enter to continue..."
+
+log_header "Step 4: Automated Service Setup"
+echo ""
+echo "Running automated setup for all services..."
+./scripts/automate-all-setup.sh
+echo ""
+
+log_header "Setup Complete!"
+echo ""
+log_info "All services should now be configured."
+echo "Check the output above for any issues."
+

scripts/vm-management/configure/set-boot-order-api.sh

@@ -0,0 +1,124 @@
+#!/bin/bash
+source ~/.bashrc
+# Set Boot Order via API - Alternative method
+
+set -e
+
+# Colors
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+# Load environment variables
+if [ -f .env ]; then
+    set -a
+    source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
+    set +a
+fi
+
+PVE_USERNAME="${PVE_USERNAME:-root@pam}"
+PVE_PASSWORD="${PVE_ROOT_PASS:-}"
+PROXMOX_URL="https://192.168.1.206:8006"
+PROXMOX_NODE="pve"
+
+# Get authentication ticket
+get_ticket() {
+    local response=$(curl -k -s -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
+        "$PROXMOX_URL/api2/json/access/ticket")
+    
+    local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
+    local csrf=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
+    
+    if [ -z "$ticket" ] || [ -z "$csrf" ]; then
+        return 1
+    fi
+    
+    echo "$ticket|$csrf"
+}
+
+# Set boot order via API
+set_boot_order() {
+    local auth=$1
+    local vmid=$2
+    
+    local ticket=$(echo "$auth" | cut -d'|' -f1)
+    local csrf=$(echo "$auth" | cut -d'|' -f2)
+    
+    log_step "Setting boot order for VM $vmid..."
+    
+    # Try different boot order formats
+    # Format 1: boot=order=ide2;scsi0
+    log_info "Trying boot order: ide2;scsi0"
+    local response1=$(curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "boot=order=ide2;scsi0" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>&1)
+    
+    if ! echo "$response1" | grep -q '"errors"'; then
+        log_info "✓ Boot order set successfully"
+        return 0
+    fi
+    
+    # Format 2: boot=order=ide2
+    log_info "Trying boot order: ide2"
+    local response2=$(curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "boot=order=ide2" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>&1)
+    
+    if ! echo "$response2" | grep -q '"errors"'; then
+        log_info "✓ Boot order set successfully"
+        return 0
+    fi
+    
+    # Format 3: bootdisk=ide2
+    log_info "Trying bootdisk: ide2"
+    local response3=$(curl -k -s -X PUT \
+        -H "Cookie: PVEAuthCookie=$ticket" \
+        -H "CSRFPreventionToken: $csrf" \
+        -d "bootdisk=ide2" \
+        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/qemu/$vmid/config" 2>&1)
+    
+    if ! echo "$response3" | grep -q '"errors"'; then
+        log_info "✓ Boot disk set successfully"
+        return 0
+    fi
+    
+    log_info "⚠ API method didn't work. Use Web UI method below."
+    return 1
+}
+
+main() {
+    echo "========================================="
+    echo "Set Boot Order via API"
+    echo "========================================="
+    echo ""
+    
+    auth=$(get_ticket)
+    if [ $? -ne 0 ]; then
+        echo "Authentication failed"
+        exit 1
+    fi
+    
+    for vmid in 100 101 102 103; do
+        set_boot_order "$auth" "$vmid"
+        echo ""
+    done
+    
+    echo "If API didn't work, use Web UI method:"
+    echo "  Options tab → Boot Order → Use 'order' field"
+}
+
+main "$@"
+

scripts/vm-management/configure/setup-vms-complete.sh

@@ -0,0 +1,108 @@
+#!/bin/bash
+source ~/.bashrc
+# Complete VM Setup: Template + Install Scripts
+# This is the main script that orchestrates the entire process
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR/.."
+
+main() {
+    echo "========================================="
+    echo "Complete VM Setup with Templates & Scripts"
+    echo "========================================="
+    echo ""
+    
+    log_step "This script will:"
+    echo "  1. Check for Cloud-Init template"
+    echo "  2. Create VMs from template (if needed)"
+    echo "  3. Apply install scripts to each VM"
+    echo ""
+    
+    read -p "Continue? (y/N): " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        log_info "Cancelled"
+        exit 0
+    fi
+    
+    # Step 1: Check for template
+    log_step "Step 1: Checking for Cloud-Init template..."
+    log_warn "Template check not automated yet"
+    log_info "Ensure you have created template: ubuntu-24.04-cloudinit"
+    log_info "See: scripts/create-proxmox-template.sh"
+    echo ""
+    read -p "Template ready? (y/N): " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        log_error "Please create template first"
+        exit 1
+    fi
+    
+    # Step 2: Create VMs from template
+    log_step "Step 2: Creating VMs from template..."
+    if [ -f "scripts/create-vms-from-template.sh" ]; then
+        log_info "Running: scripts/create-vms-from-template.sh"
+        ./scripts/create-vms-from-template.sh || log_warn "VM creation had issues"
+    else
+        log_error "Script not found: scripts/create-vms-from-template.sh"
+        exit 1
+    fi
+    echo ""
+    
+    # Step 3: Wait for VMs to boot
+    log_step "Step 3: Waiting for VMs to boot..."
+    log_info "VMs need time to boot and complete Cloud-Init setup"
+    log_info "This may take 5-10 minutes"
+    echo ""
+    read -p "Wait 5 minutes, then press Enter to continue..."
+    
+    # Step 4: Apply install scripts
+    log_step "Step 4: Applying install scripts to VMs..."
+    if [ -f "scripts/apply-install-scripts.sh" ]; then
+        log_info "Running: scripts/apply-install-scripts.sh"
+        ./scripts/apply-install-scripts.sh || log_warn "Some scripts may have failed"
+    else
+        log_error "Script not found: scripts/apply-install-scripts.sh"
+        exit 1
+    fi
+    echo ""
+    
+    log_info "========================================="
+    log_info "Setup Complete!"
+    log_info "========================================="
+    echo ""
+    log_info "Next steps:"
+    echo "  1. Verify services are running on each VM"
+    echo "  2. Configure Cloudflare Tunnel (VM 100)"
+    echo "  3. Configure K3s cluster (VM 101)"
+    echo "  4. Complete Gitea setup (VM 102)"
+    echo "  5. Configure Grafana dashboards (VM 103)"
+}
+
+main "$@"
+