Ansible Role: proxmox

deployuser.yml

---
- name: Install python-pip
  become: true
  apt:
    name: python-pip
    state: installed

- name: Install PIP packages for API use
  become: true
  pip:
    name: proxmoxer, requests
    state: present

- name: Create vmdeploy group
  become: true
  group:
    name: vmdeploy
    state: present

- name: Add PVE deploy user
  become: true
  user:
    name: pveautodeploy
    shell: /bin/bash
    groups: vmdeploy
    password: "<<HASHED PASSWORD>>"
  register: create_user

- name: "Add Proxmox User account (1/4)"
  become: true
  command: "pveum useradd pveautodeploy@pam -comment 'API user for VM autodeploy'"
  ignore_errors: True
  when: create_user.changed

- name: "Add Proxmox User account (2/4)" 
  become: true
  command: "pveum groupadd vmdeploy -comment 'VM Auto Deploy'"
  ignore_errors: True
  when: create_user.changed

- name: "Add Proxmox User account (3/4)"
  become: true
  command: "pveum aclmod / -group vmdeploy -role Administrator"
  ignore_errors: True
  when: create_user.changed

- name: "Add Proxmox User account (4/4)"
  become: true
  command: "pveum usermod pveautodeploy@pam -group vmdeploy"
  ignore_errors: True
  when: create_user.changed

handlers.yml

# handlers file for proxmox
- name: reboot
  become: true
  shell: shutdown -r
  ignore_errors: yes
  async: 0
  poll: 0
  notify: Wait for server to reboot

- name: Wait for server to reboot
  wait_for_connection:
    delay: 75
    timeout: 300

- name: update_grub
  become: true
  command: update-grub
  changed_when: true
  notify: reboot

proxmox.yml

- name: Add Proxmox VE repo key 
  become: true
  apt_key: 
    url: "http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg"
    state: present

- name: Add Proxmox no-subscription repo
  become: true
  apt_repository:
    repo: "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription"
    state: present
    filename: "pve-install-repo"
  register: repos

- name: "Update Cache and Upgrade APT packages (dist-upgrade)"
  become: true
  apt:
     update_cache: yes
     upgrade: dist
  when: repos.changed

- name: install Proxmox VE packages
  become: true
  apt:
    name: "{{item}}"
    state: installed
  with_items:
    - qemu-server
    - proxmox-ve 
    - open-iscsi
    - postfix
  notify: reboot

- name: Remove enterpise APT sources
  become: true
  file:
    path: "/etc/apt/sources.list.d/pve-enterprise.list"
    state: absent

- meta: flush_handlers

ssh-keys.yml

---
- name: Generate SSH keys
  become: true
  shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
  args:
    creates: /root/.ssh/id_rsa

- name: "Get SSH public keys from all nodes"
  become: true
  slurp:
    src: /root/.ssh/id_rsa.pub
  register: pub_keys
  delegate_to: "{{item}}"
  run_once: True
  with_items: "{{groups['proxmox']}}"

- name: "Copy SSH public keys to all nodes"
  become: true
  authorized_key:
    user: root
    key: "{{ item['content'] | b64decode }}"
    state: present
  with_items: "{{pub_keys.results}}"
  loop_control:
    label: "{{ item.item }}"
  ignore_errors: true

- name: get SSH hostkeys for all nodes
  become: true
  shell: "ssh-keyscan -t ecdsa {{item}} {{hostvars[item]['ansible_default_ipv4']['address']}} {{item}}\\ \\({{hostvars[item]['ansible_default_ipv4']['address']}}\\) 2>&1 | grep ecdsa | sort"
  run_once: True
  with_items: "{{groups['proxmox']}}"
  register: all_hostkeys
  changed_when: False

- name: Create known_hosts file
  become: true
  copy:
    content: ""
    dest: /root/.ssh/known_hosts
    force: no

- name: Set permissions on known_hosts file
  become: true
  file:
    path: /root/.ssh/known_hosts
    state: file
    mode: 0600

- name: copy SSH hostkeys to all nodes
  become: true
  blockinfile:
    dest: "/root/.ssh/known_hosts"
    state: present
    block: "{{item.stdout}}"
    marker: "# {mark} ANSIBLE KEY BLOCK FOR {{item.item}}"

  with_items: "{{all_hostkeys.results}}"
  loop_control:
    label: "{{ item.item }}"