From 02168225b1a95876cacae91a53f5aef82b16d79f Mon Sep 17 00:00:00 2001
From: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
Date: Sat, 7 Jun 2025 00:16:54 +0200
Subject: [PATCH] wip

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
---
 .ansible-lint                               | 31 ++++++++++++++
 .editorconfig                               | 17 ++++++++
 group_vars/proxmox/secrets_vm.yml           | 35 ++++++++--------
 group_vars/proxmox/vms.yml                  | 15 ++++++-
 production.ini                              | 12 +++---
 roles/docker_host/handlers/main.yml         |  2 +
 roles/docker_host/tasks/10_setup.yml        | 45 +++++++++++++++++++++
 roles/docker_host/tasks/main.yml            |  1 -
 roles/docker_host/vars/main.yml             |  7 ++++
 roles/proxmox/tasks/42_download_isos.yml    | 16 ++++++++
 roles/proxmox/tasks/56_provision_new_vm.yml | 31 ++++++++++++++
 11 files changed, 187 insertions(+), 25 deletions(-)
 create mode 100644 .ansible-lint
 create mode 100644 .editorconfig

diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..973e200
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,31 @@
+---
+# .ansible-lint
+
+# Specify exclude paths to prevent linting vendor roles, etc.
+exclude_paths:
+  - ./.git/
+  - ./.venv/
+  - ./galaxy_roles/
+
+# A list of rules to skip. This is a more modern and readable alternative to 'skip_list'.
+skip_list:
+  - experimental
+  - fqcn-builtins
+  - no-handler
+  - var-naming
+
+# Enforce certain rules that are not enabled by default.
+enable_list:
+  - no-free-form
+  - var-spacing
+  - no-log-password
+  - no-relative-path
+  - command-instead-of-module
+  - fqcn[deep]
+  - no-changed-when
+
+# Offline mode disables any features that require internet access.
+offline: true
+
+# Set the desired verbosity level.
+verbosity: 1
diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..b19abc0
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,17 @@
+root = true
+
+[*]
+indent_style = space
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{yml,yaml}]
+indent_size = 2
+
+[*.py]
+indent_size = 4
+
+[*.md]
+trim_trailing_whitespace = false
diff --git a/group_vars/proxmox/secrets_vm.yml b/group_vars/proxmox/secrets_vm.yml
index 1474fe2..6c617c8 100644
--- a/group_vars/proxmox/secrets_vm.yml
+++ b/group_vars/proxmox/secrets_vm.yml
@@ -1,17 +1,20 @@
 $ANSIBLE_VAULT;1.1;AES256
-66386330343432366236303530313838613830376162613265346533336232393838323136306433
-6631643363643761313164376132386433623137386539360a333263393236616432616439613733
-33653832333534333563623164616164663034303331373135633665636230333035373262656338
-3038383463366466640a666264653332616637616661376666303331353333383833323538633666
-30656266353439366461636162336266356433336438393134326166343934353933633131343163
-61643233616166316236636333633136353830626265343834333937353361363962656463656538
-32336435643531613936343136663632386564373764306333323262306432626237323434336333
-35323365326432616563663936623630386436336364323530613137636434653138383539623166
-32326436643861366536393937343863653032336334333739653434346263393364666565316563
-63353634313033316265666235366339653366363031343230313035336535643361616233646535
-65396162326230656162313535646539663830646637623939613365363534663434343532653465
-31613066353565626137363232386263666134613335656333616565643339386231646664343134
-36333765366632386133313835306332646565353238633233613237343330316564343437313963
-61636662353936323237393831326138363263306130633461323437616430323234646666313935
-32643466323064623630363962316438386232333238633839613035643933633263663161316563
-63616638313534643632
+34363461373039313430373835363633343139303333353934393762383338396664616636653331
+6534613666613761663665323033383838663363376561620a636533303235393139653161643130
+66316231383734343837656364643533633863613761633262653264663565303361323730613937
+3935386538643939660a386134643831386261323363326439663263376439353966346632333366
+33653736343263663961333033336563656265303166383032326338343038653961383862363339
+35343362306237656130653039366464643565663439636432316362316238613730313366303964
+30666536373634613236353634363333316534626234386666633861663065343063666236386631
+36366238353635333339643163336166353262386234376435313136643937663961373663303565
+34306637656537666231373931363963646238343664323633306361336661303830396465663231
+33663531613437333730653765666361623462666237396531313833336461373439373264613266
+62633132343036386131646539386266313162653263663137303866363432626135383865343565
+66393838663038353263633437653563346331356539333563396465663664623065623735626630
+35333630623830623530663266343235643136623735643335373932303262323761626537643266
+36383132303366633238356161616539343335656665356430656236633031383938616263633866
+39306461626363336162396634616133306566353835343035356338616636346538303933626365
+62363035613931353837313762383230313337326639616263393965386639666164666531343064
+66653536626439366430356266393761646135646534616139633733663830643534333832663764
+34623837323864613935626639613961343965323664326661336135653634346239346261343935
+616232353632663332373138313962616433
diff --git a/group_vars/proxmox/vms.yml b/group_vars/proxmox/vms.yml
index e8f104f..2cddbe9 100644
--- a/group_vars/proxmox/vms.yml
+++ b/group_vars/proxmox/vms.yml
@@ -6,7 +6,7 @@ vms:
     memory: 4096 # in MiB
     net:
       net0: "virtio,bridge=vmbr0,firewall=1"
-    boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}"
+    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
     ciuser: "{{ user }}"
     sshkeys: "{{ pubkey }}"
     disk_size: 128 # in Gb
@@ -21,13 +21,24 @@ vms:
     ciuser: "{{ user }}"
     sshkeys: "{{ pubkey }}"
     disk_size: 128 # in Gb
+  - name: "docker-host13"
+    node: "lulu"
+    vmid: 413
+    cores: 2
+    memory: 4096 # in MiB
+    net:
+      net0: "virtio,bridge=vmbr0,firewall=1"
+    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
+    ciuser: "{{ user }}"
+    sshkeys: "{{ pubkey }}"
+    disk_size: 128 # in Gb
     hostpci:
       hostpci0: "0000:00:02.0"
   - name: "docker-host12"
     node: "naruto01"
     vmid: 412
     cores: 2
-    memory: 4096 # in MiB
+    memory: 4096
     net:
       net0: "virtio,bridge=vmbr0,firewall=1"
     boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}"
diff --git a/production.ini b/production.ini
index aafe4ac..71c1e98 100644
--- a/production.ini
+++ b/production.ini
@@ -23,7 +23,7 @@ k3s-loadbalancer
 k3s-agent[00:02]
 k3s-server[00:02]
 k3s-longhorn[00:02]
-docker-host[00:01]
+# docker-host[00:01]
 
 [k3s_nodes]
 k3s-server[00:02]
@@ -31,9 +31,9 @@ k3s-agent[00:02]
 k3s-longhorn[00:02]
 
 [docker]
-docker-host[00:01]
-docker-host[10:12]
-docker-lb
+# docker-host[00:01]
+docker-host14
+# docker-lb
 
 [vps]
 mii
@@ -54,8 +54,8 @@ k3s-postgres
 k3s-loadbalancer
 
 [docker_host]
-docker-host[00:01]
-docker-host[10:12]
+# docker-host[00:01]
+docker-host14
 
 [docker_lb]
 docker-lb
diff --git a/roles/docker_host/handlers/main.yml b/roles/docker_host/handlers/main.yml
index 026bae3..6d680b7 100644
--- a/roles/docker_host/handlers/main.yml
+++ b/roles/docker_host/handlers/main.yml
@@ -11,9 +11,11 @@
     state: present
   retries: 3
   delay: 5
+  become: true
 
 - name: Restart host
   ansible.builtin.reboot:
     connect_timeout: 5
     reboot_timeout: 600
     test_command: whoami
+  become: true
diff --git a/roles/docker_host/tasks/10_setup.yml b/roles/docker_host/tasks/10_setup.yml
index 5a26220..9716fc4 100644
--- a/roles/docker_host/tasks/10_setup.yml
+++ b/roles/docker_host/tasks/10_setup.yml
@@ -1,4 +1,25 @@
 ---
+- name: Check if debian.sources file exists
+  ansible.builtin.stat:
+    path: /etc/apt/sources.list.d/debian.sources
+  register: debian_sources_stat
+
+- name: Replace Components line to include non-free and non-free-firmware
+  ansible.builtin.replace:
+    path: /etc/apt/sources.list.d/debian.sources
+    regexp: "^Components:.*$"
+    replace: "Components: main non-free non-free-firmware"
+  when: debian_sources_stat.stat.exists
+  become: true
+
+- name: "Wait for apt/dpkg locks to be released"
+  ansible.builtin.wait_for:
+    path: "{{ item }}"
+    state: absent
+    timeout: 300
+    delay: 5
+  loop: "{{ apt_lock_files }}"
+
 - name: Setup VM Packages
   ansible.builtin.apt:
     name: "{{ item }}"
@@ -6,3 +27,27 @@
     update_cache: true
   loop: "{{ docker_host_package_common_dependencies }}"
   become: true
+
+- name: Gather installed package facts
+  ansible.builtin.package_facts:
+    manager: auto
+
+- name: Filter for specific cloud kernel packages
+  ansible.builtin.set_fact:
+    cloud_kernel_packages: >-
+      {{
+        ansible_facts.packages.keys()
+        | select('search', 'linux-image')
+        | select('search', 'cloud')
+        | list
+      }}
+
+- name: Use the list to remove the found packages
+  ansible.builtin.apt:
+    name: "{{ cloud_kernel_packages }}"
+    state: absent
+    autoremove: true
+  when: cloud_kernel_packages | length > 0
+  notify:
+    - Restart host
+  become: true
diff --git a/roles/docker_host/tasks/main.yml b/roles/docker_host/tasks/main.yml
index d50cb1a..c6a499d 100644
--- a/roles/docker_host/tasks/main.yml
+++ b/roles/docker_host/tasks/main.yml
@@ -1,7 +1,6 @@
 ---
 - name: Setup VM
   ansible.builtin.include_tasks: 10_setup.yml
-
 - name: Install docker
   ansible.builtin.include_tasks: 20_installation.yml
 
diff --git a/roles/docker_host/vars/main.yml b/roles/docker_host/vars/main.yml
index 259b6c6..1670b18 100644
--- a/roles/docker_host/vars/main.yml
+++ b/roles/docker_host/vars/main.yml
@@ -1,2 +1,9 @@
 docker_host_package_common_dependencies:
   - nfs-common
+  - firmware-misc-nonfree
+  - linux-image-amd64
+
+apt_lock_files:
+  - /var/lib/dpkg/lock
+  - /var/lib/dpkg/lock-frontend
+  - /var/cache/apt/archives/lock
diff --git a/roles/proxmox/tasks/42_download_isos.yml b/roles/proxmox/tasks/42_download_isos.yml
index 428f63d..38189ce 100644
--- a/roles/proxmox/tasks/42_download_isos.yml
+++ b/roles/proxmox/tasks/42_download_isos.yml
@@ -10,3 +10,19 @@
     dest: "{{ proxmox_dirs.isos }}/{{ distro.name }}"
     mode: "0644"
   when: not image_stat.stat.exists
+
+- name: Set raw image file name fact
+  ansible.builtin.set_fact:
+    raw_image_name: "{{ distro.name | splitext | first }}.img"
+
+- name: Check if raw image already exists
+  ansible.builtin.stat:
+    path: "{{ proxmox_dirs.isos }}/{{ raw_image_name }}"
+  register: raw_image_stat
+
+- name: Convert image to raw format
+  ansible.builtin.command:
+    cmd: "qemu-img convert -O raw {{ proxmox_dirs.isos }}/{{ distro.name }} {{ proxmox_dirs.isos }}/{{ raw_image_name }}"
+  when:
+    - download_result is changed or not raw_image_stat.stat.exists
+    - image_stat.stat.exists
diff --git a/roles/proxmox/tasks/56_provision_new_vm.yml b/roles/proxmox/tasks/56_provision_new_vm.yml
index d20f81e..7587584 100644
--- a/roles/proxmox/tasks/56_provision_new_vm.yml
+++ b/roles/proxmox/tasks/56_provision_new_vm.yml
@@ -32,6 +32,37 @@
     vmid: "{{ vm.vmid }}"
     state: started
 
+- name: Stop VM
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+    state: stopped
+    force: true
+
+- name: Wait until VM is fully stopped
+  community.general.proxmox_vm_info:
+    api_user: "root@pam"
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+  register: vm_status_check
+  until: vm_status_check.proxmox_vms[0].status == "stopped"
+  retries: 24
+  delay: 5
+
+- name: Start VM
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+    state: started
+
 - name: Wait for VM to appear on network
   ansible.builtin.shell: |
     nmap -sn -n -PR 192.168.20.0/24 | grep -B2 "{{ mac_address }}" | grep "Nmap scan report for"