initial checkin
This commit is contained in:
commit
1ac0b31f08
|
@ -0,0 +1,21 @@
|
|||
# pve-deploy playbook
|
||||
|
||||
## Introduction
|
||||
|
||||
Playbook to deploy a new guest to a proxmox host.
|
||||
|
||||
This playbook will first use a proxmox ansible module to deploy either
|
||||
a container (community.general.proxmox) or a VM (community.general.proxmox_kvm).
|
||||
|
||||
It will then use the setup-host.yml playbook to run through a number of
|
||||
roles to do package and user configuration, before finishing up with custom
|
||||
configurations for the specific target host, based on the contents of the
|
||||
host_config variable in the inventory file.
|
||||
|
||||
This playbook can be run using the following command line;
|
||||
|
||||
ansible-playbook -l <guest-host> -i <inventory> pve-deploy.yml
|
||||
|
||||
ie,
|
||||
ansible-playbook -l tnode1 -i inventory/devel.yml pve-deploy.yml
|
||||
|
|
@ -0,0 +1,135 @@
|
|||
---
|
||||
#####################################################################
|
||||
#
|
||||
# Playbook to deploy a new guest to a proxmox host
|
||||
#
|
||||
# pve-deploy.yml
|
||||
#
|
||||
# ansible-playbook -l <guest-host> -i <inventory> pve-deploy.yml
|
||||
#
|
||||
# This playbook will first use a proxmox ansible module to deploy either
|
||||
# a container (community.general.proxmox) or a VM (community.general.proxmox_kvm).
|
||||
#
|
||||
# It will then use the setup-host.yml playbook to run through a number of
|
||||
# roles to do package and user configuration, before finishing up with custom
|
||||
# configurations for the specific target host, based on the contents of the
|
||||
# host_config variable in the inventory file.
|
||||
#
|
||||
#####################################################################
|
||||
|
||||
- hosts: all
|
||||
gather_facts: false
|
||||
user: root
|
||||
|
||||
vars:
|
||||
guest_name: "{{ hostvars[inventory_hostname].inventory_hostname }}"
|
||||
guest_ip: "{{ hostvars[inventory_hostname].ansible_host }}/{{ hostvars[inventory_hostname].ip_cidr }}"
|
||||
guest_gw: "{{ hostvars[inventory_hostname].ip_gw }}"
|
||||
cpu_num: "{{ hostvars[inventory_hostname].cpu }}"
|
||||
mem_size: "{{ hostvars[inventory_hostname].mem * 1024 }}"
|
||||
root_size: "{{ hostvars[inventory_hostname].root }}"
|
||||
ctid: "{{ hostvars[inventory_hostname].vmid }}"
|
||||
node: "{{ hostvars[inventory_hostname].pve_node }}"
|
||||
api_user: "{{ hostvars[inventory_hostname].api_user }}"
|
||||
api_password: "{{ hostvars[inventory_hostname].api_password }}"
|
||||
api_host: "{{ hostvars[inventory_hostname].api_host }}"
|
||||
ctswap: "{{ hostvars[inventory_hostname].swap }}"
|
||||
ctpassword: "{{ hostvars[inventory_hostname].root_pw }}"
|
||||
searchdomain: "{{ hostvars[inventory_hostname].domain }}"
|
||||
ctnameserver: "{{ hostvars[inventory_hostname].ip_ns1 }}"
|
||||
ctstorage: "{{ hostvars[inventory_hostname].storage }}"
|
||||
ctbridge: "{{ hostvars[inventory_hostname].bridge }}"
|
||||
OS_Template: "{{ hostvars[inventory_hostname].ct_template }}"
|
||||
host_type: "{{ hostvars[inventory_hostname].host_type }}"
|
||||
|
||||
tasks:
|
||||
- name: Download OS Template
|
||||
get_url:
|
||||
url: "http://download.proxmox.com/images/system/{{ OS_Template }}"
|
||||
dest: "/var/lib/vz/template/cache/{{ OS_Template }}"
|
||||
when: host_type == "Container"
|
||||
delegate_to: reddwarf
|
||||
|
||||
- name: Create CT
|
||||
community.general.proxmox:
|
||||
vmid: "{{ ctid }}"
|
||||
node: "{{ node }}"
|
||||
api_user: "{{ api_user }}"
|
||||
api_password: "{{ api_password }}"
|
||||
api_host: "{{ api_host }}"
|
||||
hostname: "{{ guest_name }}"
|
||||
password: "{{ ctpassword }}"
|
||||
#searchdomain: "{{ searchdomain }}"
|
||||
#nameserver: "{{ ctnameserver }}"
|
||||
cores: "{{ cpu_num }}"
|
||||
swap: "{{ ctswap }}"
|
||||
memory: "{{ mem_size }}"
|
||||
disk: "{{ root_size }}"
|
||||
storage: "{{ ctstorage }}"
|
||||
netif: '{"net0":"name=eth0,ip={{ guest_ip }},gw={{ guest_gw }},bridge={{ ctbridge }},type=veth,firewall=1"}'
|
||||
ostemplate: 'local:vztmpl/{{ OS_Template }}'
|
||||
features:
|
||||
- nesting=1
|
||||
unprivileged: true
|
||||
onboot: true
|
||||
state: present
|
||||
when: host_type == "Container"
|
||||
delegate_to: reddwarf
|
||||
|
||||
- name: Start CT
|
||||
community.general.proxmox:
|
||||
vmid: "{{ ctid }}"
|
||||
node: "{{ node }}"
|
||||
api_user: "{{ api_user }}"
|
||||
api_password: "{{ api_password }}"
|
||||
api_host: "{{ api_host }}"
|
||||
state: started
|
||||
timeout: 90
|
||||
when: host_type == "Container"
|
||||
delegate_to: reddwarf
|
||||
|
||||
- debug: msg="waiting 15 seconds for guest to start"
|
||||
|
||||
- name: waited 15 seconds for guest to start
|
||||
wait_for:
|
||||
timeout: 15
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Configure sshd to allow root ssh key access
|
||||
shell:
|
||||
cmd: pct exec {{ ctid }} -- bash -c "echo 'PermitRootLogin prohibit-password' >>/etc/ssh/sshd_config"
|
||||
when: host_type == "Container"
|
||||
delegate_to: reddwarf
|
||||
|
||||
- name: Add ssh keys to root authorized_keys
|
||||
shell:
|
||||
cmd: pct exec {{ ctid }} -- bash -c "echo '{{ item }}' >>/root/.ssh/authorized_keys"
|
||||
with_items:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMry9AQFLxX2QqqZLS/PDH/xRmK9CgGu3wDA/1+0lhLmqij/a125kHFwC16sdiwBfik1Tzj4yetZwzQ6xeNRZPevxhuB4FGVU/QHeDstCB9ASS0bM90DHEb205VrkVFz04VHN+7q9SvK23+xo5OvhOAwDuPJKNA62CJlgc46cvLaWup5an4xmir3lqUtI5N+oGwIBm36F/qZtvNwOhRkWbap50yrp60Ce3vdiugfQBliLzDMRKup4kjuCfYgwm0PHgRb796ttYmOXFKt+rnnD/MLaX5yRXAhbYZ/5jO+bAUu+kBWGt5hdeSk5m0Uu8mo9z4Xw5yNg6+DX9m+QL5HNwnz51PVMqCufGMz20430uL82fSjW1kGDe8I+5UyYjDfUUhwwAkxNdb8kGvU1OUYJxG7Kr/qN11W/kfsaJw/loK25Jwu5jg8ooJm6/9RiJEUmvP/0h4QDDWRZ9vORwIiRlLXZW8WAxP1KEuBxOuKp5Wt/fRTcdPU820Hp2v0IOX4E= rmorrow@delans
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgNeo2NotlS/WPoB/YTiSovxzR/puknjqsVBc16zS0xwBUD1fFQEVNypUtzSlWKy36wxX6YJsT7fBNkLq6QoY0FPbWa7l5KlUvHYASeMmZAH81pYPcMwhQverwmNjPoABYyzTe0658Qz6qbB8CTD+r4xKYCqELlk8VkLPSgA1jJsNaurHZS6iN0EgdqyZ57h1/sZi8laVBKcU9yH0UOro2o7Phxo3/vT7w7px2pyExXwYGwhKxuOaitdq9Gv8qDIwt46Gj5Wm5CqU2zzT1VBgTpnv5RcCKTA6HZgBLekFhZj42yMntDF+tTP6te85u1u6f6CbalyXBng+eUsN4qvM3fW1sIXiVLnOxSdQgTDPbTCh52QXuF36rEU1aSNd4DRtUmpwItBJpIwREJQ64gor88fpTiGpkQL0r15bdFlIjf2XjFexpj258eGUSKDluQq1cX/qi3Okvby32HW9L18HcC1FNee6V2+lyxt3DKg8Zbfk2TAaEtqJf3KpCsFMpGVE= rmorrow@kryten
|
||||
when: host_type == "Container"
|
||||
delegate_to: reddwarf
|
||||
|
||||
- name: Fix perms on root authorized_keys
|
||||
shell:
|
||||
cmd: pct exec {{ ctid }} -- bash -c "chmod 600 /root/.ssh/authorized_keys"
|
||||
when: host_type == "Container"
|
||||
delegate_to: reddwarf
|
||||
|
||||
- name: Restart sshd
|
||||
shell:
|
||||
cmd: pct exec {{ ctid }} -- bash -c "systemctl restart ssh"
|
||||
when: host_type == "Container"
|
||||
delegate_to: reddwarf
|
||||
|
||||
- debug: msg="waiting 60 seconds for sshd to start"
|
||||
|
||||
- name: waited 60 seconds for sshd to start
|
||||
wait_for:
|
||||
timeout: 60
|
||||
delegate_to: localhost
|
||||
|
||||
- name: include the setup-host.yml playbook
|
||||
import_playbook: setup-host.yml
|
||||
|
||||
# EOF
|
Loading…
Reference in New Issue