roles/proxmox_hypervisor/tasks/pve_api_user.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

- name: create unix account
  user:
    name: '{{ proxmox_api_user }}'
    shell: /sbin/nologin
    password: '{{ proxmox_api_password | password_hash("sha512", proxmox_password_salt | default("")) }}'
    state: present

- name: check if user has PVE account
  shell: pveum user list --noheader --noborder | cut -d ' ' -f1
  changed_when: False
  register: pve_users

- name: create PVE account
  block:
    - name: create PVE user
      command: pveum user add {{ proxmox_api_user }}@pam

    - name: set user ACLs
      command: pveum acl modify / -user {{ proxmox_api_user }}@pam -role PVEAdmin -propagate 1

  when: proxmox_api_user~'@pam' not in pve_users.stdout_lines