Proxmox VM Decommissioning Pipeline

Plex Server

Proxmox VM Decommissioning Pipeline with Jenkins (Safe Infrastructure Teardown)

I built an automated, safety-first VM decommissioning pipeline for Proxmox VE using Jenkins CI/CD and the Proxmox REST API. This project focuses on responsibly automating destructive infrastructure actions while enforcing guardrails, dependency cleanup, and audit-friendly workflows.

The pipeline demonstrates how infrastructure teardown should be treated as a controlled, intentional process — not an ad-hoc manual task.

All hosts, IPs, paths, and credentials are redacted for safe public sharing.

Tech Stack

  • Jenkins - Declarative CI/CD pipeline for controlled execution
  • Proxmox VE REST API - API-driven VM lifecycle management
  • Bash and Python - Validation logic and API orchestration
  • Prometheus with Docker Compose - Monitoring dependency cleanup
  • SSH = Remote configuration management
  • jq -Safe JSON parsing and validation

Pipeline Flow Overview

Jenkins Job (Manual Execution)

  • Pipeline must be manually triggered
  • Designed to prevent accidental execution

Input Validation and Guardrails

  • VMID must be numeric
  • VMID checked against protected ranges
  • CONFIRM=DELETE parameter required to proceed
  • Pipeline aborts immediately on validation failure

Prometheus Dependency Cleanup

  • SSH into monitoring host
  • Remove VM’s Node Exporter IP from a clearly defined managed block in prometheus.yml
  • Preserve all unmanaged configuration
  • Restart Prometheus safely to apply changes

Proxmox API Shutdown

  • Issue graceful shutdown request
  • Wait with timeout enforcement
  • Force stop only if required

Proxmox API Deletion

  • Delete VM via API
  • Purge attached disks
  • Ensure no orphaned resources remain

Prometheus Target Management

Before VM deletion, the pipeline removes the VM’s monitoring target from Prometheus to ensure observability remains accurate and clean.

This prevents:

  • Stale scrape targets
  • False alerts and alert fatigue
  • Configuration drift
  • Accidental Prometheus config corruption

Only explicitly managed entries are modified; all other Prometheus configuration remains untouched.

Security and Safety Model

  • Manual pipeline execution required
  • Explicit confirmation flag for destructive actions
  • Protected VMID ranges enforced
  • API-driven actions with no CLI scraping
  • Secrets injected via Jenkins Credentials
  • No credentials committed to Git
  • Clear separation of code, config, and secrets

What This Project Demonstrates

  • Safe automation of destructive infrastructure tasks
  • Dependency-aware decommissioning workflows
  • CI/CD-controlled “kill paths”
  • API-first infrastructure lifecycle management
  • Enterprise-grade guardrails for production environments

This pipeline reflects real-world expectations for regulated, defense, or high-availability environments where automation must be both powerful and safe.

Use Case

Portfolio-grade example suitable for:

  • DevOps Engineer roles
  • Infrastructure / Platform Engineering
  • Systems Administration
  • Regulated or defense-sector environments
  • CI/CD pipeline design and safety reviews

Repository

GitHub: https://github.com/mikecozier/proxmox-terraform-ansible-jenkins-delete-vm