wip

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

roles/docker_host/handlers/main.yml

@@ -11,9 +11,11 @@
     state: present
   retries: 3
   delay: 5
+  become: true
 
 - name: Restart host
   ansible.builtin.reboot:
     connect_timeout: 5
     reboot_timeout: 600
     test_command: whoami
+  become: true

roles/docker_host/tasks/10_setup.yml

@@ -1,4 +1,25 @@
 ---
+- name: Check if debian.sources file exists
+  ansible.builtin.stat:
+    path: /etc/apt/sources.list.d/debian.sources
+  register: debian_sources_stat
+
+- name: Replace Components line to include non-free and non-free-firmware
+  ansible.builtin.replace:
+    path: /etc/apt/sources.list.d/debian.sources
+    regexp: "^Components:.*$"
+    replace: "Components: main non-free non-free-firmware"
+  when: debian_sources_stat.stat.exists
+  become: true
+
+- name: "Wait for apt/dpkg locks to be released"
+  ansible.builtin.wait_for:
+    path: "{{ item }}"
+    state: absent
+    timeout: 300
+    delay: 5
+  loop: "{{ apt_lock_files }}"
+
 - name: Setup VM Packages
   ansible.builtin.apt:
     name: "{{ item }}"
@@ -6,3 +27,27 @@
     update_cache: true
   loop: "{{ docker_host_package_common_dependencies }}"
   become: true
+
+- name: Gather installed package facts
+  ansible.builtin.package_facts:
+    manager: auto
+
+- name: Filter for specific cloud kernel packages
+  ansible.builtin.set_fact:
+    cloud_kernel_packages: >-
+      {{
+        ansible_facts.packages.keys()
+        | select('search', 'linux-image')
+        | select('search', 'cloud')
+        | list
+      }}
+
+- name: Use the list to remove the found packages
+  ansible.builtin.apt:
+    name: "{{ cloud_kernel_packages }}"
+    state: absent
+    autoremove: true
+  when: cloud_kernel_packages | length > 0
+  notify:
+    - Restart host
+  become: true

roles/docker_host/tasks/main.yml

@@ -1,7 +1,6 @@
 ---
 - name: Setup VM
   ansible.builtin.include_tasks: 10_setup.yml
-
 - name: Install docker
   ansible.builtin.include_tasks: 20_installation.yml
 

roles/docker_host/vars/main.yml

@@ -1,2 +1,9 @@
 docker_host_package_common_dependencies:
   - nfs-common
+  - firmware-misc-nonfree
+  - linux-image-amd64
+
+apt_lock_files:
+  - /var/lib/dpkg/lock
+  - /var/lib/dpkg/lock-frontend
+  - /var/cache/apt/archives/lock

roles/proxmox/tasks/42_download_isos.yml

@@ -10,3 +10,19 @@
     dest: "{{ proxmox_dirs.isos }}/{{ distro.name }}"
     mode: "0644"
   when: not image_stat.stat.exists
+
+- name: Set raw image file name fact
+  ansible.builtin.set_fact:
+    raw_image_name: "{{ distro.name | splitext | first }}.img"
+
+- name: Check if raw image already exists
+  ansible.builtin.stat:
+    path: "{{ proxmox_dirs.isos }}/{{ raw_image_name }}"
+  register: raw_image_stat
+
+- name: Convert image to raw format
+  ansible.builtin.command:
+    cmd: "qemu-img convert -O raw {{ proxmox_dirs.isos }}/{{ distro.name }} {{ proxmox_dirs.isos }}/{{ raw_image_name }}"
+  when:
+    - download_result is changed or not raw_image_stat.stat.exists
+    - image_stat.stat.exists

roles/proxmox/tasks/56_provision_new_vm.yml

@@ -32,6 +32,37 @@
     vmid: "{{ vm.vmid }}"
     state: started
 
+- name: Stop VM
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+    state: stopped
+    force: true
+
+- name: Wait until VM is fully stopped
+  community.general.proxmox_vm_info:
+    api_user: "root@pam"
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+  register: vm_status_check
+  until: vm_status_check.proxmox_vms[0].status == "stopped"
+  retries: 24
+  delay: 5
+
+- name: Start VM
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+    state: started
+
 - name: Wait for VM to appear on network
   ansible.builtin.shell: |
     nmap -sn -n -PR 192.168.20.0/24 | grep -B2 "{{ mac_address }}" | grep "Nmap scan report for"