aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore4
-rw-r--r--files/pve-no-subscription.list9
-rw-r--r--files/pveproxy1
-rw-r--r--inventory.yaml.example13
-rw-r--r--main.yaml8
-rw-r--r--tasks/configure_pve.yaml55
-rw-r--r--tasks/install_proxmox_on_debian12.yaml110
-rw-r--r--templates/hosts.j27
-rw-r--r--templates/interfaces.j223
-rw-r--r--templates/rules.v4.j213
-rw-r--r--vars/main.yaml14
11 files changed, 257 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5b3407f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+inventory.yaml
+*.pub
+*rsa*
+*ed25519*
diff --git a/files/pve-no-subscription.list b/files/pve-no-subscription.list
new file mode 100644
index 0000000..9635109
--- /dev/null
+++ b/files/pve-no-subscription.list
@@ -0,0 +1,9 @@
+deb http://ftp.debian.org/debian bookworm main contrib
+deb http://ftp.debian.org/debian bookworm-updates main contrib
+
+# Proxmox VE pve-no-subscription repository provided by proxmox.com,
+# NOT recommended for production use
+deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+
+# security updates
+deb http://security.debian.org/debian-security bookworm-security main contrib
diff --git a/files/pveproxy b/files/pveproxy
new file mode 100644
index 0000000..98dea93
--- /dev/null
+++ b/files/pveproxy
@@ -0,0 +1 @@
+LISTEN_IP="127.0.0.1"
diff --git a/inventory.yaml.example b/inventory.yaml.example
new file mode 100644
index 0000000..6f27497
--- /dev/null
+++ b/inventory.yaml.example
@@ -0,0 +1,13 @@
+all:
+ hosts:
+ server01:
+ ansible_host: 10.11.12.13
+ ansible_user: root
+ ansible_ssh_private_key_file: id_rsa
+ hostname: proxmox-ve-test
+ nat_subnet: 10.10.10.0/24
+ nat_bridge_ip: 10.10.10.1
+ children:
+ servers:
+ hosts:
+ server01: {}
diff --git a/main.yaml b/main.yaml
new file mode 100644
index 0000000..7c449f9
--- /dev/null
+++ b/main.yaml
@@ -0,0 +1,8 @@
+- name: setup server01
+ hosts: server01
+ gather_facts: true
+ vars_files:
+ - vars/main.yaml
+ tasks:
+ - import_tasks: tasks/install_proxmox_on_debian12.yaml
+ - import_tasks: tasks/configure_pve.yaml
diff --git a/tasks/configure_pve.yaml b/tasks/configure_pve.yaml
new file mode 100644
index 0000000..73ef36f
--- /dev/null
+++ b/tasks/configure_pve.yaml
@@ -0,0 +1,55 @@
+- name: detect default public interface
+ set_fact:
+ public_interface: "{{ ansible_default_ipv4.interface }}"
+
+- name: get gateway info from ip route
+ shell: ip route get 1.1.1.1 | grep -oP 'via \K[\d.]+' | head -n1
+ register: detected_gateway
+ changed_when: false
+
+- name: set public gateway fact
+ set_fact:
+ public_gateway: "{{ detected_gateway.stdout }}"
+
+- name: deploy /etc/network/interfaces
+ template:
+ src: interfaces.j2
+ dest: /etc/network/interfaces
+ owner: root
+ group: root
+ mode: '0644'
+
+- name: set pveproxy config
+ copy:
+ src: files/pveproxy
+ dest: /etc/default/pveproxy
+ mode: '0644'
+
+- name: deploy /etc/iptables/rules.v4
+ template:
+ src: rules.v4.j2
+ dest: /etc/iptables/rules.v4
+ owner: root
+ group: root
+ mode: '0644'
+
+- name: enable ipv4 forwarding
+ sysctl:
+ name: net.ipv4.ip_forward
+ value: '1'
+ state: present
+ reload: yes
+
+- name: restart pveproxy
+ systemd:
+ name: pveproxy
+ state: restarted
+ enabled: true
+ when: ansible_service_mgr == 'systemd'
+
+- name: restart networking
+ systemd:
+ name: networking
+ state: restarted
+ enabled: true
+ when: ansible_service_mgr == 'systemd'
diff --git a/tasks/install_proxmox_on_debian12.yaml b/tasks/install_proxmox_on_debian12.yaml
new file mode 100644
index 0000000..1a92aa5
--- /dev/null
+++ b/tasks/install_proxmox_on_debian12.yaml
@@ -0,0 +1,110 @@
+- name: ensure script is run as root
+ ansible.builtin.assert:
+ that:
+ - ansible_effective_user_id == 0
+ fail_msg: "this playbook must be run as root"
+
+- name: check if system is debian-based
+ ansible.builtin.command: dpkg -l
+ register: dpkg_check
+ changed_when: false
+ failed_when: false
+
+- name: fail if not debian-based
+ ansible.builtin.fail:
+ msg: "distribution not Debian-based"
+ when: dpkg_check.rc != 0
+
+- name: generate /etc/hosts from template
+ template:
+ src: templates/hosts.j2
+ dest: /etc/hosts
+ owner: root
+ group: root
+ mode: '0644'
+
+- name: create /etc/apt/sources.list.d directory
+ ansible.builtin.file:
+ path: /etc/apt/sources.list.d
+ state: directory
+ mode: '0755'
+
+- name: deploy proxmox apt sources list
+ copy:
+ src: files/pve-no-subscription.list
+ dest: /etc/apt/sources.list.d/pve-no-subscription.list
+ mode: '0644'
+
+- name: create /etc/apt/trusted.gpg.d directory
+ file:
+ path: /etc/apt/trusted.gpg.d
+ state: directory
+ mode: '0755'
+
+- name: download proxmox gpg key
+ get_url:
+ url: https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg
+ dest: /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+ mode: '0644'
+
+- name: verify proxmox gpg key hash
+ shell: echo "{{ gpg_key_hash }} /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg" | sha512sum -c
+ vars:
+ gpg_key_hash: "7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87"
+ register: gpg_hash_check
+ failed_when: gpg_hash_check.rc != 0
+ changed_when: false
+
+- name: update apt packages
+ apt:
+ update_cache: true
+
+- name: upgrade apt packages
+ apt:
+ upgrade: dist
+
+- name: install apt packages
+ apt:
+ name: "{{ apt_packages }}"
+ state: present
+ update_cache: true
+
+- name: reboot to activate proxmox ve kernel
+ reboot:
+ msg: "rebooting to activate proxmox ve kernel"
+ connect_timeout: 10
+ reboot_timeout: 600
+ pre_reboot_delay: 5
+ post_reboot_delay: 10
+
+- name: install pve packages
+ apt:
+ name: "{{ pve_packages }}"
+ state: present
+ update_cache: true
+
+- name: get current running kernel version
+ command: uname -r
+ register: current_kernel
+ changed_when: false
+
+- name: list installed debian kernel images
+ shell: dpkg -l | awk '/linux-image-[0-9]/{ print $2 }' | grep -v "{{ current_kernel.stdout }}"
+ register: kernels_to_remove
+ changed_when: false
+
+- name: remove debian default kernels (excluding current)
+ apt:
+ name: "{{ kernels_to_remove.stdout_lines }}"
+ state: absent
+ when: kernels_to_remove.stdout_lines | length > 0
+
+- name: update grub bootloader
+ command: update-grub
+ register: grub_update
+ changed_when: "'Generating grub configuration file' in grub_update.stdout"
+
+- name: remove problematic apt packages for pve
+ apt:
+ name: "{{ apt_packages_to_remove }}"
+ state: absent
diff --git a/templates/hosts.j2 b/templates/hosts.j2
new file mode 100644
index 0000000..3d811dc
--- /dev/null
+++ b/templates/hosts.j2
@@ -0,0 +1,7 @@
+127.0.0.1 localhost
+{{ ansible_host }} {{ hostname }} {{ hostname }}
+
+# The following lines are desirable for IPv6 capable hosts
+::1 localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/templates/interfaces.j2 b/templates/interfaces.j2
new file mode 100644
index 0000000..7813093
--- /dev/null
+++ b/templates/interfaces.j2
@@ -0,0 +1,23 @@
+auto lo
+iface lo inet loopback
+
+auto {{ public_interface }}
+iface {{ public_interface }} inet manual
+
+auto vmbr0
+iface vmbr0 inet static
+ address {{ ansible_host }}
+ netmask 255.255.255.0
+ gateway {{ public_gateway }}
+ bridge_ports {{ public_interface }}
+ bridge_stp off
+ bridge_fd 0
+
+auto vmbr1
+iface vmbr1 inet static
+ address {{ nat_bridge_ip }}
+ netmask 255.255.255.0
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+
diff --git a/templates/rules.v4.j2 b/templates/rules.v4.j2
new file mode 100644
index 0000000..6a0e54f
--- /dev/null
+++ b/templates/rules.v4.j2
@@ -0,0 +1,13 @@
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+-A POSTROUTING -s {{ nat_subnet }} -o {{ public_interface }} -j MASQUERADE
+COMMIT
diff --git a/vars/main.yaml b/vars/main.yaml
new file mode 100644
index 0000000..da2b829
--- /dev/null
+++ b/vars/main.yaml
@@ -0,0 +1,14 @@
+apt_packages:
+ - curl
+ - ca-certificates
+ - iptables-persistent
+ - proxmox-default-kernel
+
+pve_packages:
+ - proxmox-ve
+ - postfix
+ - open-iscsi
+ - chrony
+
+apt_packages_to_remove:
+ - os-prober
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-12 17:26:44 +0000