aboutsummaryrefslogtreecommitdiffstats
path: root/roles/proxmox_hypervisor/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/proxmox_hypervisor/tasks')
-rw-r--r--roles/proxmox_hypervisor/tasks/chrony.yml11
-rw-r--r--roles/proxmox_hypervisor/tasks/main.yml31
-rw-r--r--roles/proxmox_hypervisor/tasks/nagios.yml68
-rw-r--r--roles/proxmox_hypervisor/tasks/postfix.yml18
-rw-r--r--roles/proxmox_hypervisor/tasks/pve.yml58
-rw-r--r--roles/proxmox_hypervisor/tasks/pve_api_user.yml21
-rw-r--r--roles/proxmox_hypervisor/tasks/pve_kvm_template.yml32
-rw-r--r--roles/proxmox_hypervisor/tasks/rsyslog.yml16
-rw-r--r--roles/proxmox_hypervisor/tasks/sudo.yml5
-rw-r--r--roles/proxmox_hypervisor/tasks/unattended_upgrades.yml11
-rw-r--r--roles/proxmox_hypervisor/tasks/zfs.yml34
11 files changed, 305 insertions, 0 deletions
diff --git a/roles/proxmox_hypervisor/tasks/chrony.yml b/roles/proxmox_hypervisor/tasks/chrony.yml
new file mode 100644
index 0000000..ed9b0ce
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/chrony.yml
@@ -0,0 +1,11 @@
+- name: generate chrony.conf
+ template:
+ src: etc/chrony/chrony.conf.j2
+ dest: /etc/chrony/chrony.conf
+ notify: restart chrony
+
+- name: start chrony
+ systemd:
+ name: chronyd
+ enabled: yes
+ state: started
diff --git a/roles/proxmox_hypervisor/tasks/main.yml b/roles/proxmox_hypervisor/tasks/main.yml
new file mode 100644
index 0000000..6495e74
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: configure NTP
+ import_tasks: chrony.yml
+ tags: ntp,chrony
+
+- name: configure postfix
+ import_tasks: postfix.yml
+ tags: mail,postfix
+
+- name: configure rsyslog
+ import_tasks: rsyslog.yml
+ tags: syslog,rsyslog
+
+- name: configure sudo
+ import_tasks: sudo.yml
+ tags: sudo,sudoers
+
+- name: configure unattended upgrades
+ import_tasks: unattended_upgrades.yml
+ tags: apt,packages
+
+- name: configure ZFS
+ import_tasks: zfs.yml
+ tags: zfs
+
+- name: configure proxmox VE
+ import_tasks: pve.yml
+ tags: pve
+
+- name: configure nagios plugins
+ import_tasks: nagios.yml
+ tags: nagios
diff --git a/roles/proxmox_hypervisor/tasks/nagios.yml b/roles/proxmox_hypervisor/tasks/nagios.yml
new file mode 100644
index 0000000..b42317d
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/nagios.yml
@@ -0,0 +1,68 @@
+- name: install packages
+ apt:
+ name: '{{ proxmox_nagios_packages }}'
+ state: present
+
+- name: create nagios user
+ user:
+ name: nagios
+ comment: Nagios Pseudo-User
+ system: yes
+ shell: /bin/bash
+ home: '{{ proxmox_nagios_home }}'
+ create_home: yes
+ state: present
+
+- name: add nagios ssh key
+ authorized_key:
+ user: nagios
+ key: '{{ proxmox_nagios_ssh_pubkey }}'
+ state: present
+
+- name: copy custom nagios scripts
+ copy:
+ src: '{{ item.src }}'
+ dest: '{{ proxmox_nagios_plugin_dir }}/{{ item.path }}'
+ mode: 0555
+ loop: "{{ lookup('filetree', proxmox_nagios_plugin_dir[1:], wantlist=True) }}"
+ when: item.state == 'file'
+
+- name: generate sudo rules
+ template:
+ src: etc/sudoers.d/nagios.j2
+ dest: /etc/sudoers.d/nagios
+ mode: 0400
+
+- name: set PATH for nagios user
+ copy:
+ content: export PATH=/sbin:/bin:/usr/sbin:/usr/bin:{{ proxmox_nagios_plugin_dir }}
+ dest: '{{ proxmox_nagios_home }}/.bashrc'
+ owner: '{{ proxmox_nagios_user }}'
+ group: '{{ proxmox_nagios_user }}'
+ mode: 0644
+
+- name: stop snmpd
+ systemd:
+ name: snmpd
+ state: stopped
+
+- name: generate snmpd.conf
+ template:
+ src: etc/snmp/snmpd.conf.j2
+ dest: /etc/snmp/snmpd.conf
+ mode: 0600
+
+- name: add snmpv3 users
+ lineinfile:
+ path: /var/lib/snmp/snmpd.conf
+ line: 'createUser {{ item.name }} SHA "{{ item.auth_pass }}" AES "{{ item.priv_pass }}"'
+ insertafter: EOF
+ loop: '{{ snmp_v3_users }}'
+ loop_control:
+ label: '{{ item.name }}'
+
+- name: enable and start snmpd
+ systemd:
+ name: snmpd
+ enabled: yes
+ state: started
diff --git a/roles/proxmox_hypervisor/tasks/postfix.yml b/roles/proxmox_hypervisor/tasks/postfix.yml
new file mode 100644
index 0000000..2cb3fb2
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/postfix.yml
@@ -0,0 +1,18 @@
+- name: install postfix
+ apt:
+ name:
+ - postfix
+ - bsd-mailx
+ state: present
+
+- name: generate postifx configuration
+ template:
+ src: etc/postfix/main.cf.j2
+ dest: /etc/postfix/main.cf
+ notify: restart postfix
+
+- name: enable postfix
+ systemd:
+ name: postfix
+ enabled: yes
+ state: started
diff --git a/roles/proxmox_hypervisor/tasks/pve.yml b/roles/proxmox_hypervisor/tasks/pve.yml
new file mode 100644
index 0000000..e780bf6
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/pve.yml
@@ -0,0 +1,58 @@
+- name: disable proxmox enterprise repositiory
+ apt_repository:
+ filename: pve-enterprise
+ repo: 'deb {{ proxmox_repo_url }} {{ ansible_distribution_release }} pve-enterprise'
+ state: absent
+ update_cache: no
+
+- name: enable proxmox community repository
+ apt_repository:
+ filename: pve-no-subscription
+ repo: 'deb {{ proxmox_repo_url }} {{ ansible_distribution_release }} pve-no-subscription'
+ state: present
+ update_cache: yes
+
+- name: enable snippets on local storage
+ lineinfile:
+ path: /etc/pve/storage.cfg
+ line: ' content iso,backup,snippets,vztmpl'
+ regexp: '^\s+content\s'
+ insertafter: '^dir: local$'
+ firstmatch: yes
+
+- name: create snippets directory
+ file:
+ path: '{{ proxmox_snippets_dir }}'
+ state: directory
+
+- name: generate custom snippets
+ template:
+ src: '{{ item.src }}'
+ dest: '{{ proxmox_snippets_dir }}/{{ item.path | splitext | first }}'
+ loop: "{{ lookup('filetree', '../templates/{{ proxmox_snippets_dir[1:] }}', wantlist=True) }}"
+ when: item.state == 'file'
+
+- name: add ansible API user
+ import_tasks: pve_api_user.yml
+
+- name: create kvm image directory
+ file:
+ path: '{{ proxmox_kvm_image_dir }}'
+ state: directory
+
+- name: get current VMIDs
+ shell: qm list | awk '{print $1}'
+ register: vmids
+ changed_when: false
+
+- name: install proxmoxer
+ apt:
+ name: python3-proxmoxer
+ state: present
+
+- name: create KVM templates
+ include_tasks: pve_kvm_template.yml
+ when: (image.vmid | string) not in vmids.stdout_lines
+ loop: '{{ proxmox_kvm_images }}'
+ loop_control:
+ loop_var: image
diff --git a/roles/proxmox_hypervisor/tasks/pve_api_user.yml b/roles/proxmox_hypervisor/tasks/pve_api_user.yml
new file mode 100644
index 0000000..f620a90
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/pve_api_user.yml
@@ -0,0 +1,21 @@
+- name: create unix account
+ user:
+ name: "{{ proxmox_api_user | replace('@pam', '') }}"
+ shell: /sbin/nologin
+ password: '{{ proxmox_api_password | password_hash("sha512", proxmox_password_salt | default("")) }}'
+ state: present
+
+- name: check if user has PVE account
+ shell: pveum user list --noheader --noborder | cut -d ' ' -f1
+ changed_when: False
+ register: pve_users
+
+- name: create PVE account
+ block:
+ - name: create PVE user
+ command: pveum user add {{ proxmox_api_user }}
+
+ - name: set user ACLs
+ command: pveum acl modify / -user {{ proxmox_api_user }} -role PVEAdmin -propagate 1
+
+ when: proxmox_api_user not in pve_users.stdout_lines
diff --git a/roles/proxmox_hypervisor/tasks/pve_kvm_template.yml b/roles/proxmox_hypervisor/tasks/pve_kvm_template.yml
new file mode 100644
index 0000000..6f0dfac
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/pve_kvm_template.yml
@@ -0,0 +1,32 @@
+- name: download the disk image
+ get_url:
+ url: '{{ image.url }}'
+ checksum: 'sha256:{{ image.sha256 }}'
+ dest: '{{ proxmox_kvm_image_dir }}/{{ image.name }}.{{ image.type | default("qcow2") }}'
+
+- name: create a new VM
+ command: >
+ qm create {{ image.vmid }}
+ --name {{ image.name }}
+ --ostype {{ image.ostype | default('l26') }}
+ --scsihw virtio-scsi-pci
+ --memory 2048
+ --net0 virtio,bridge={{ proxmox_bridge }}
+ --serial0 socket
+ --vga serial0
+ --scsi1 {{ proxmox_storage }}:cloudinit
+
+- name: import the disk image
+ command: >
+ qm importdisk {{ image.vmid }}
+ {{ proxmox_kvm_image_dir }}/{{ image.name }}.{{ image.type | default("qcow2") }}
+ {{ proxmox_storage }}
+
+- name: attach disk to VM
+ command: qm set {{ image.vmid }} --scsi0 {{ proxmox_storage }}:vm-{{ image.vmid }}-disk-0
+
+- name: set boot order
+ command: qm set {{ image.vmid }} --boot order=scsi0
+
+- name: convert VM to template
+ command: qm template {{ image.vmid }}
diff --git a/roles/proxmox_hypervisor/tasks/rsyslog.yml b/roles/proxmox_hypervisor/tasks/rsyslog.yml
new file mode 100644
index 0000000..bbd981c
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/rsyslog.yml
@@ -0,0 +1,16 @@
+- name: install rsyslog
+ apt:
+ name: rsyslog
+ state: present
+
+- name: generate rsyslog configuration
+ template:
+ src: etc/rsyslog.d/forward.conf.j2
+ dest: /etc/rsyslog.d/forward.conf
+ notify: restart rsyslog
+
+- name: enable rsyslog
+ systemd:
+ name: rsyslog
+ enabled: yes
+ state: started
diff --git a/roles/proxmox_hypervisor/tasks/sudo.yml b/roles/proxmox_hypervisor/tasks/sudo.yml
new file mode 100644
index 0000000..7419bf0
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/sudo.yml
@@ -0,0 +1,5 @@
+- name: generate sudoers file
+ template:
+ src: etc/sudoers.j2
+ dest: /etc/sudoers
+ mode: 0440
diff --git a/roles/proxmox_hypervisor/tasks/unattended_upgrades.yml b/roles/proxmox_hypervisor/tasks/unattended_upgrades.yml
new file mode 100644
index 0000000..9ce7e89
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/unattended_upgrades.yml
@@ -0,0 +1,11 @@
+- name: install unattended-upgrades
+ apt:
+ name: unattended-upgrades
+
+- name: copy unattended-upgrades configuration
+ copy:
+ src: etc/apt/apt.conf.d/{{ item }}
+ dest: /etc/apt/apt.conf.d/{{ item }}
+ loop:
+ - 20auto-upgrades
+ - 50unattended-upgrades
diff --git a/roles/proxmox_hypervisor/tasks/zfs.yml b/roles/proxmox_hypervisor/tasks/zfs.yml
new file mode 100644
index 0000000..5a1587e
--- /dev/null
+++ b/roles/proxmox_hypervisor/tasks/zfs.yml
@@ -0,0 +1,34 @@
+- name: generate zed.rc
+ template:
+ src: etc/zfs/zed.d/zed.rc.j2
+ dest: /etc/zfs/zed.d/zed.rc
+ notify: restart zfs-zed
+
+- name: enable zfs event daemon
+ systemd:
+ name: zfs-zed
+ enabled: yes
+ state: started
+
+- name: create zfs systemd units
+ template:
+ src: etc/systemd/system/zfs-{{ item[0] }}@.{{ item[1] }}.j2
+ dest: /etc/systemd/system/zfs-{{ item[0] }}@.{{ item[1] }}
+ loop: "{{ ['scrub', 'trim'] | product(['service', 'timer']) }}"
+ register: zfs_units
+
+- name: reload systemd units
+ systemd:
+ daemon-reload: yes
+ when: zfs_units.changed
+
+- name: enable periodic trim and scrub for zpool
+ systemd:
+ name: zfs-{{ item }}@rpool.timer
+ state: started
+ enabled: yes
+ loop:
+ - trim
+ - scrub
+ loop_control:
+ label: zfs-{{ item }}@rpool.timer
generated by cgit (git 2.34.1) at 2024-09-19 18:08:12 -0400