tasks/pve_configure.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

- name: detect default public interface
  set_fact:
    public_interface: "{{ ansible_default_ipv4.interface }}"

- name: get gateway info from ip route
  shell: ip route get 1.1.1.1 | grep -oP 'via \K[\d.]+' | head -n1
  register: detected_gateway
  changed_when: false

- name: set public gateway fact
  set_fact:
    public_gateway: "{{ detected_gateway.stdout }}"

- name: deploy /etc/network/interfaces
  template:
    src: interfaces.j2
    dest: /etc/network/interfaces
    owner: root
    group: root
    mode: '0644'

- name: set pveproxy config
  copy:
    src: files/pveproxy
    dest: /etc/default/pveproxy
    mode: '0644'

- name: deploy /etc/iptables/rules.v4
  template:
    src: rules.v4.j2
    dest: /etc/iptables/rules.v4
    owner: root
    group: root
    mode: '0644'

- name: enable ipv4 forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present
    reload: yes

- name: restart pveproxy
  systemd:
    name: pveproxy
    state: restarted
    enabled: true
  when: ansible_service_mgr == 'systemd'

- name: restart networking
  systemd:
    name: networking
    state: restarted
    enabled: true
  when: ansible_service_mgr == 'systemd'

- name: generate secure 32-character password
  set_fact:
    pve_admin_user: "pveadmin@pve"
    pve_admin_group: "admin"
    pve_admin_group_comment: "System Administrators"
    pve_admin_password_file: "/root/pve_admin_password.txt"
    pve_admin_password: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}"

- name: save password to file
  copy:
    content: "{{ pve_admin_password }}"
    dest: "{{ pve_admin_password_file }}"
    owner: root
    group: root
    mode: '0600'

- name: create proxmox user
  command: pveum useradd {{ pve_admin_user }} --password {{ pve_admin_password | quote }}
  register: create_user
  failed_when: create_user.rc != 0

- name: create proxmox admin group
  command: pveum groupadd {{ pve_admin_group }} -comment "{{ pve_admin_group_comment }}"
  register: create_group
  failed_when: create_group.rc != 0

- name: assign administrator role to group
  command: pveum aclmod / -group {{ pve_admin_group }} -role Administrator
  register: assign_role

- name: add user to admin group
  command: pveum usermod {{ pve_admin_user }} -group {{ pve_admin_group }}
  register: add_to_group