initial checkin

2023-12-17 10:14:24 -05:00 · 2023-12-17 10:14:24 -05:00 · 1ac0b31f08
commit 1ac0b31f08
2 changed files with 156 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,21 @@
+# pve-deploy playbook
+
+## Introduction
+
+Playbook to deploy a new guest to a proxmox host.
+
+This playbook will first use a proxmox ansible module to deploy either                                                                                                                                                                 
+a container (community.general.proxmox) or a VM (community.general.proxmox_kvm).                                                                                                                                                       
+                                                                                                                                                                                                                                       
+It will then use the setup-host.yml playbook to run through a number of                                                                                                                                                                
+roles to do package and user configuration, before finishing up with custom                                                                                                                                                            
+configurations for the specific target host, based on the contents of the                                                                                                                                                              
+host_config variable in the inventory file.      
+
+This playbook can be run using the following command line;
+
+    ansible-playbook -l <guest-host> -i <inventory> pve-deploy.yml
+
+    ie,
+    ansible-playbook -l tnode1 -i inventory/devel.yml pve-deploy.yml
+
--- a/pve-deploy.yml
+++ b/pve-deploy.yml
@ -0,0 +1,135 @@
+---
+#####################################################################
+#
+# Playbook to deploy a new guest to a proxmox host
+#
+# pve-deploy.yml
+# 
+# ansible-playbook -l <guest-host> -i <inventory> pve-deploy.yml
+#
+# This playbook will first use a proxmox ansible module to deploy either
+# a container (community.general.proxmox) or a VM (community.general.proxmox_kvm).
+# 
+# It will then use the setup-host.yml playbook to run through a number of
+# roles to do package and user configuration, before finishing up with custom 
+# configurations for the specific target host, based on the contents of the 
+# host_config variable in the inventory file.
+#
+#####################################################################
+
+- hosts: all
+  gather_facts: false
+  user: root
+
+  vars:
+    guest_name: "{{ hostvars[inventory_hostname].inventory_hostname }}"
+    guest_ip: "{{ hostvars[inventory_hostname].ansible_host }}/{{ hostvars[inventory_hostname].ip_cidr }}"
+    guest_gw: "{{ hostvars[inventory_hostname].ip_gw }}"
+    cpu_num: "{{ hostvars[inventory_hostname].cpu }}"
+    mem_size: "{{ hostvars[inventory_hostname].mem * 1024 }}"
+    root_size: "{{ hostvars[inventory_hostname].root }}"
+    ctid: "{{ hostvars[inventory_hostname].vmid }}"
+    node: "{{ hostvars[inventory_hostname].pve_node }}"
+    api_user: "{{ hostvars[inventory_hostname].api_user }}"
+    api_password: "{{ hostvars[inventory_hostname].api_password }}"
+    api_host: "{{ hostvars[inventory_hostname].api_host }}"
+    ctswap: "{{ hostvars[inventory_hostname].swap }}"
+    ctpassword: "{{ hostvars[inventory_hostname].root_pw }}"
+    searchdomain: "{{ hostvars[inventory_hostname].domain }}"
+    ctnameserver: "{{ hostvars[inventory_hostname].ip_ns1 }}"
+    ctstorage: "{{ hostvars[inventory_hostname].storage }}"
+    ctbridge: "{{ hostvars[inventory_hostname].bridge }}"
+    OS_Template: "{{ hostvars[inventory_hostname].ct_template }}"
+    host_type: "{{ hostvars[inventory_hostname].host_type }}"
+
+  tasks:
+    - name: Download OS Template
+      get_url:
+        url: "http://download.proxmox.com/images/system/{{ OS_Template }}"
+        dest: "/var/lib/vz/template/cache/{{ OS_Template }}"
+      when: host_type == "Container"
+      delegate_to: reddwarf
+
+    - name: Create CT
+      community.general.proxmox:
+        vmid: "{{ ctid }}"
+        node: "{{ node }}"
+        api_user: "{{ api_user }}"
+        api_password: "{{ api_password }}"
+        api_host: "{{ api_host }}"
+        hostname: "{{ guest_name }}"
+        password: "{{ ctpassword }}"
+        #searchdomain: "{{ searchdomain }}"
+        #nameserver: "{{ ctnameserver }}"
+        cores: "{{ cpu_num }}"
+        swap: "{{ ctswap }}"
+        memory: "{{ mem_size }}"
+        disk: "{{ root_size }}"
+        storage: "{{ ctstorage }}"
+        netif: '{"net0":"name=eth0,ip={{ guest_ip }},gw={{ guest_gw }},bridge={{ ctbridge }},type=veth,firewall=1"}'
+        ostemplate: 'local:vztmpl/{{ OS_Template }}'
+        features: 
+          - nesting=1
+        unprivileged: true
+        onboot: true
+        state: present
+      when: host_type == "Container"
+      delegate_to: reddwarf
+      
+    - name: Start CT
+      community.general.proxmox:
+        vmid: "{{ ctid }}"
+        node: "{{ node }}"
+        api_user: "{{ api_user }}"
+        api_password: "{{ api_password }}"
+        api_host: "{{ api_host }}"
+        state: started
+        timeout: 90
+      when: host_type == "Container"
+      delegate_to: reddwarf
+
+    - debug: msg="waiting 15 seconds for guest to start"
+
+    - name: waited 15 seconds for guest to start
+      wait_for:
+        timeout: 15
+      delegate_to: localhost
+
+    - name: Configure sshd to allow root ssh key access
+      shell:
+        cmd: pct exec {{ ctid }} -- bash -c "echo 'PermitRootLogin prohibit-password' >>/etc/ssh/sshd_config"
+      when: host_type == "Container"
+      delegate_to: reddwarf
+
+    - name: Add ssh keys to root authorized_keys
+      shell:
+        cmd: pct exec {{ ctid }} -- bash -c "echo '{{ item }}' >>/root/.ssh/authorized_keys"
+      with_items:
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMry9AQFLxX2QqqZLS/PDH/xRmK9CgGu3wDA/1+0lhLmqij/a125kHFwC16sdiwBfik1Tzj4yetZwzQ6xeNRZPevxhuB4FGVU/QHeDstCB9ASS0bM90DHEb205VrkVFz04VHN+7q9SvK23+xo5OvhOAwDuPJKNA62CJlgc46cvLaWup5an4xmir3lqUtI5N+oGwIBm36F/qZtvNwOhRkWbap50yrp60Ce3vdiugfQBliLzDMRKup4kjuCfYgwm0PHgRb796ttYmOXFKt+rnnD/MLaX5yRXAhbYZ/5jO+bAUu+kBWGt5hdeSk5m0Uu8mo9z4Xw5yNg6+DX9m+QL5HNwnz51PVMqCufGMz20430uL82fSjW1kGDe8I+5UyYjDfUUhwwAkxNdb8kGvU1OUYJxG7Kr/qN11W/kfsaJw/loK25Jwu5jg8ooJm6/9RiJEUmvP/0h4QDDWRZ9vORwIiRlLXZW8WAxP1KEuBxOuKp5Wt/fRTcdPU820Hp2v0IOX4E= rmorrow@delans
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgNeo2NotlS/WPoB/YTiSovxzR/puknjqsVBc16zS0xwBUD1fFQEVNypUtzSlWKy36wxX6YJsT7fBNkLq6QoY0FPbWa7l5KlUvHYASeMmZAH81pYPcMwhQverwmNjPoABYyzTe0658Qz6qbB8CTD+r4xKYCqELlk8VkLPSgA1jJsNaurHZS6iN0EgdqyZ57h1/sZi8laVBKcU9yH0UOro2o7Phxo3/vT7w7px2pyExXwYGwhKxuOaitdq9Gv8qDIwt46Gj5Wm5CqU2zzT1VBgTpnv5RcCKTA6HZgBLekFhZj42yMntDF+tTP6te85u1u6f6CbalyXBng+eUsN4qvM3fW1sIXiVLnOxSdQgTDPbTCh52QXuF36rEU1aSNd4DRtUmpwItBJpIwREJQ64gor88fpTiGpkQL0r15bdFlIjf2XjFexpj258eGUSKDluQq1cX/qi3Okvby32HW9L18HcC1FNee6V2+lyxt3DKg8Zbfk2TAaEtqJf3KpCsFMpGVE= rmorrow@kryten
+      when: host_type == "Container"
+      delegate_to: reddwarf
+
+    - name: Fix perms on root authorized_keys
+      shell:
+        cmd: pct exec {{ ctid }} -- bash -c "chmod 600 /root/.ssh/authorized_keys"
+      when: host_type == "Container"
+      delegate_to: reddwarf
+
+    - name: Restart sshd
+      shell:
+        cmd: pct exec {{ ctid }} -- bash -c "systemctl restart ssh"
+      when: host_type == "Container"
+      delegate_to: reddwarf
+
+    - debug: msg="waiting 60 seconds for sshd to start"
+
+    - name: waited 60 seconds for sshd to start
+      wait_for:
+        timeout: 60
+      delegate_to: localhost
+
+- name: include the setup-host.yml playbook
+  import_playbook: setup-host.yml
+
+# EOF