Last active
May 24, 2024 22:52
-
-
Save rogerfachini/67bc96ccb9489fb49737500bd0bc0ee3 to your computer and use it in GitHub Desktop.
Ansible Role: proxmox
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Install python-pip | |
become: true | |
apt: | |
name: python-pip | |
state: installed | |
- name: Install PIP packages for API use | |
become: true | |
pip: | |
name: proxmoxer, requests | |
state: present | |
- name: Create vmdeploy group | |
become: true | |
group: | |
name: vmdeploy | |
state: present | |
- name: Add PVE deploy user | |
become: true | |
user: | |
name: pveautodeploy | |
shell: /bin/bash | |
groups: vmdeploy | |
password: "<<HASHED PASSWORD>>" | |
register: create_user | |
- name: "Add Proxmox User account (1/4)" | |
become: true | |
command: "pveum useradd pveautodeploy@pam -comment 'API user for VM autodeploy'" | |
ignore_errors: True | |
when: create_user.changed | |
- name: "Add Proxmox User account (2/4)" | |
become: true | |
command: "pveum groupadd vmdeploy -comment 'VM Auto Deploy'" | |
ignore_errors: True | |
when: create_user.changed | |
- name: "Add Proxmox User account (3/4)" | |
become: true | |
command: "pveum aclmod / -group vmdeploy -role Administrator" | |
ignore_errors: True | |
when: create_user.changed | |
- name: "Add Proxmox User account (4/4)" | |
become: true | |
command: "pveum usermod pveautodeploy@pam -group vmdeploy" | |
ignore_errors: True | |
when: create_user.changed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# handlers file for proxmox | |
- name: reboot | |
become: true | |
shell: shutdown -r | |
ignore_errors: yes | |
async: 0 | |
poll: 0 | |
notify: Wait for server to reboot | |
- name: Wait for server to reboot | |
wait_for_connection: | |
delay: 75 | |
timeout: 300 | |
- name: update_grub | |
become: true | |
command: update-grub | |
changed_when: true | |
notify: reboot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: Add Proxmox VE repo key | |
become: true | |
apt_key: | |
url: "http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg" | |
state: present | |
- name: Add Proxmox no-subscription repo | |
become: true | |
apt_repository: | |
repo: "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" | |
state: present | |
filename: "pve-install-repo" | |
register: repos | |
- name: "Update Cache and Upgrade APT packages (dist-upgrade)" | |
become: true | |
apt: | |
update_cache: yes | |
upgrade: dist | |
when: repos.changed | |
- name: install Proxmox VE packages | |
become: true | |
apt: | |
name: "{{item}}" | |
state: installed | |
with_items: | |
- qemu-server | |
- proxmox-ve | |
- open-iscsi | |
- postfix | |
notify: reboot | |
- name: Remove enterpise APT sources | |
become: true | |
file: | |
path: "/etc/apt/sources.list.d/pve-enterprise.list" | |
state: absent | |
- meta: flush_handlers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Generate SSH keys | |
become: true | |
shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" | |
args: | |
creates: /root/.ssh/id_rsa | |
- name: "Get SSH public keys from all nodes" | |
become: true | |
slurp: | |
src: /root/.ssh/id_rsa.pub | |
register: pub_keys | |
delegate_to: "{{item}}" | |
run_once: True | |
with_items: "{{groups['proxmox']}}" | |
- name: "Copy SSH public keys to all nodes" | |
become: true | |
authorized_key: | |
user: root | |
key: "{{ item['content'] | b64decode }}" | |
state: present | |
with_items: "{{pub_keys.results}}" | |
loop_control: | |
label: "{{ item.item }}" | |
ignore_errors: true | |
- name: get SSH hostkeys for all nodes | |
become: true | |
shell: "ssh-keyscan -t ecdsa {{item}} {{hostvars[item]['ansible_default_ipv4']['address']}} {{item}}\\ \\({{hostvars[item]['ansible_default_ipv4']['address']}}\\) 2>&1 | grep ecdsa | sort" | |
run_once: True | |
with_items: "{{groups['proxmox']}}" | |
register: all_hostkeys | |
changed_when: False | |
- name: Create known_hosts file | |
become: true | |
copy: | |
content: "" | |
dest: /root/.ssh/known_hosts | |
force: no | |
- name: Set permissions on known_hosts file | |
become: true | |
file: | |
path: /root/.ssh/known_hosts | |
state: file | |
mode: 0600 | |
- name: copy SSH hostkeys to all nodes | |
become: true | |
blockinfile: | |
dest: "/root/.ssh/known_hosts" | |
state: present | |
block: "{{item.stdout}}" | |
marker: "# {mark} ANSIBLE KEY BLOCK FOR {{item.item}}" | |
with_items: "{{all_hostkeys.results}}" | |
loop_control: | |
label: "{{ item.item }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment