Skip to content

Instantly share code, notes, and snippets.

@rogerfachini
Last active May 24, 2024 22:52
Show Gist options
  • Save rogerfachini/67bc96ccb9489fb49737500bd0bc0ee3 to your computer and use it in GitHub Desktop.
Save rogerfachini/67bc96ccb9489fb49737500bd0bc0ee3 to your computer and use it in GitHub Desktop.
Ansible Role: proxmox
---
- name: Install python-pip
become: true
apt:
name: python-pip
state: installed
- name: Install PIP packages for API use
become: true
pip:
name: proxmoxer, requests
state: present
- name: Create vmdeploy group
become: true
group:
name: vmdeploy
state: present
- name: Add PVE deploy user
become: true
user:
name: pveautodeploy
shell: /bin/bash
groups: vmdeploy
password: "<<HASHED PASSWORD>>"
register: create_user
- name: "Add Proxmox User account (1/4)"
become: true
command: "pveum useradd pveautodeploy@pam -comment 'API user for VM autodeploy'"
ignore_errors: True
when: create_user.changed
- name: "Add Proxmox User account (2/4)"
become: true
command: "pveum groupadd vmdeploy -comment 'VM Auto Deploy'"
ignore_errors: True
when: create_user.changed
- name: "Add Proxmox User account (3/4)"
become: true
command: "pveum aclmod / -group vmdeploy -role Administrator"
ignore_errors: True
when: create_user.changed
- name: "Add Proxmox User account (4/4)"
become: true
command: "pveum usermod pveautodeploy@pam -group vmdeploy"
ignore_errors: True
when: create_user.changed
# handlers file for proxmox
- name: reboot
become: true
shell: shutdown -r
ignore_errors: yes
async: 0
poll: 0
notify: Wait for server to reboot
- name: Wait for server to reboot
wait_for_connection:
delay: 75
timeout: 300
- name: update_grub
become: true
command: update-grub
changed_when: true
notify: reboot
- name: Add Proxmox VE repo key
become: true
apt_key:
url: "http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg"
state: present
- name: Add Proxmox no-subscription repo
become: true
apt_repository:
repo: "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription"
state: present
filename: "pve-install-repo"
register: repos
- name: "Update Cache and Upgrade APT packages (dist-upgrade)"
become: true
apt:
update_cache: yes
upgrade: dist
when: repos.changed
- name: install Proxmox VE packages
become: true
apt:
name: "{{item}}"
state: installed
with_items:
- qemu-server
- proxmox-ve
- open-iscsi
- postfix
notify: reboot
- name: Remove enterpise APT sources
become: true
file:
path: "/etc/apt/sources.list.d/pve-enterprise.list"
state: absent
- meta: flush_handlers
---
- name: Generate SSH keys
become: true
shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
args:
creates: /root/.ssh/id_rsa
- name: "Get SSH public keys from all nodes"
become: true
slurp:
src: /root/.ssh/id_rsa.pub
register: pub_keys
delegate_to: "{{item}}"
run_once: True
with_items: "{{groups['proxmox']}}"
- name: "Copy SSH public keys to all nodes"
become: true
authorized_key:
user: root
key: "{{ item['content'] | b64decode }}"
state: present
with_items: "{{pub_keys.results}}"
loop_control:
label: "{{ item.item }}"
ignore_errors: true
- name: get SSH hostkeys for all nodes
become: true
shell: "ssh-keyscan -t ecdsa {{item}} {{hostvars[item]['ansible_default_ipv4']['address']}} {{item}}\\ \\({{hostvars[item]['ansible_default_ipv4']['address']}}\\) 2>&1 | grep ecdsa | sort"
run_once: True
with_items: "{{groups['proxmox']}}"
register: all_hostkeys
changed_when: False
- name: Create known_hosts file
become: true
copy:
content: ""
dest: /root/.ssh/known_hosts
force: no
- name: Set permissions on known_hosts file
become: true
file:
path: /root/.ssh/known_hosts
state: file
mode: 0600
- name: copy SSH hostkeys to all nodes
become: true
blockinfile:
dest: "/root/.ssh/known_hosts"
state: present
block: "{{item.stdout}}"
marker: "# {mark} ANSIBLE KEY BLOCK FOR {{item.item}}"
with_items: "{{all_hostkeys.results}}"
loop_control:
label: "{{ item.item }}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment