Added proxmox-vm and static tagging of docker images

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

roles/docker_host/handlers/main.yml

@@ -8,4 +8,8 @@
 - name: Restart compose
   community.docker.docker_compose_v2:
     project_src: "{{ docker.directories.compose }}"
-    state: restarted
+    state: present
+  retries: 3
+  delay: 5
+  register: result
+  until: result.rc == 0

roles/proxmox/files/check_proxmox_vm.sh

@@ -0,0 +1,83 @@
+#!/bin/bash
+
+# Configuration
+VM_ID=303
+TARGET_IP="192.168.20.36" # Replace with the IP of your VM
+PORT=22
+CHECK_INTERVAL=300 # 5 minutes in seconds
+LOG_FILE="/var/log/vm_monitor.log"
+
+# Function to log messages
+log_message() {
+	echo "$(date): $1" | tee -a $LOG_FILE
+}
+
+# Check if running on a Proxmox host
+if ! command -v qm &>/dev/null; then
+	log_message "qm command not found. This script must run on a Proxmox host."
+	exit 1
+fi
+
+# Function to check port
+check_port() {
+	# Try nc first if available
+	if command -v nc &>/dev/null; then
+		if nc -z -w 5 $TARGET_IP $PORT 2>/dev/null; then
+			return 0 # Port is open
+		else
+			return 1 # Port is closed
+		fi
+	# Fall back to nmap if nc is not available
+	elif command -v nmap &>/dev/null; then
+		if nmap -p $PORT $TARGET_IP | grep -q "$PORT/tcp.*open"; then
+			return 0 # Port is open
+		else
+			return 1 # Port is closed
+		fi
+	else
+		log_message "Neither nc nor nmap found. Please install one of them."
+		exit 1
+	fi
+}
+
+# Function to restart the VM
+restart_vm() {
+	log_message "Port $PORT is not reachable. Restarting VM $VM_ID..."
+
+	# Stop the VM
+	qm stop $VM_ID
+	if [ $? -ne 0 ]; then
+		log_message "Failed to stop VM $VM_ID. Trying force stop..."
+		qm stop $VM_ID --force
+	fi
+
+	# Wait for VM to fully stop
+	log_message "Waiting for VM to stop..."
+	sleep 10
+
+	# Start the VM
+	qm start $VM_ID
+	if [ $? -ne 0 ]; then
+		log_message "Failed to start VM $VM_ID. Manual intervention required."
+		exit 1
+	fi
+
+	log_message "VM $VM_ID has been restarted."
+}
+
+# Main loop
+log_message "Starting monitoring of VM $VM_ID on port $PORT..."
+log_message "Press Ctrl+C to exit."
+
+while true; do
+	# Check if port 22 is open
+	if ! check_port; then
+		restart_vm
+	else
+		log_message "Port $PORT is reachable. VM is running normally."
+	fi
+
+	# Wait for the next check
+	log_message "Sleeping for $CHECK_INTERVAL seconds..."
+	sleep $CHECK_INTERVAL
+done

roles/proxmox/tasks/10_create_secrets.yml

@@ -0,0 +1,33 @@
+---
+- name: Ensure Vault file exists
+  ansible.builtin.file:
+    path: "{{ proxmox_vault_file }}"
+    state: touch
+    mode: "0600"
+
+- name: Decrypt vm vault file
+  ansible.builtin.shell: cd ../; ansible-vault decrypt "./playbooks/{{ proxmox_vault_file }}"
+  ignore_errors: true
+  no_log: true
+
+- name: Load existing vault content
+  ansible.builtin.slurp:
+    src: "{{ proxmox_vault_file }}"
+  register: vault_content
+  no_log: true
+
+- name: Parse vault content as YAML
+  ansible.builtin.set_fact:
+    vault_data: "{{ (vault_content['content'] | b64decode | from_yaml) if (vault_content['content'] | length > 0) else {} }}"
+  no_log: true
+
+- name: Update Vault data
+  ansible.builtin.include_tasks: 15_create_secret.yml
+  loop: "{{ proxmox_vms | map(attribute='name') }}"
+  loop_control:
+    loop_var: "vm_name"
+
+- name: Encrypt vm vault file
+  ansible.builtin.shell: cd ../; ansible-vault encrypt "./playbooks/{{ proxmox_vault_file }}"
+  ignore_errors: true
+  no_log: true

roles/proxmox/tasks/15_create_secret.yml

@@ -0,0 +1,26 @@
+---
+- name: Setup secret name
+  ansible.builtin.set_fact:
+    vm_name_secret: "{{ proxmox_secrets_prefix }}_{{ vm_name | replace('-','_') }}"
+
+- name: Check if variable is in vault
+  ansible.builtin.set_fact:
+    variable_exists: "{{ vm_name_secret in vault_data }}"
+
+- name: Set new secret
+  ansible.builtin.set_fact:
+    cipassword: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}"
+  when: not variable_exists
+
+- name: Set new secret
+  ansible.builtin.set_fact:
+    new_vault_data: "{{ vault_data | combine({ vm_name_secret: cipassword }) }}"
+  when: not variable_exists
+
+- name: Write updated Vault content to file (temporary plaintext)
+  ansible.builtin.copy:
+    content: "{{ new_vault_data | to_nice_yaml }}"
+    dest: "{{ proxmox_vault_file }}"
+    mode: "0600"
+  when: not variable_exists
+  no_log: true

roles/proxmox/tasks/50_create_vms.yml

@@ -0,0 +1,11 @@
+---
+- name: Load vault variables
+  ansible.builtin.include_vars:
+    file: "{{ proxmox_vault_file }}"
+    name: vm_secrets
+
+- name: Create vms
+  ansible.builtin.include_tasks: 55_create_vm.yml
+  loop: "{{ proxmox_vms }}"
+  loop_control:
+    loop_var: "vm"

roles/proxmox/tasks/55_create_vm.yml

@@ -0,0 +1,34 @@
+- name: Create VM
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    name: "{{ vm.name }}"
+    vmid: "{{ vm.vmid }}"
+    node: "{{ vm.node }}"
+    cpu: "{{ vm.cpu }}"
+    cores: "{{ vm.cores }}"
+    memory: "{{ vm.memory }}"
+    net: "{{ vm.net }}"
+    scsi: "{{ vm.scsi }}"
+    scsihw: "{{ vm.scsihw }}"
+    ostype: "{{ vm.ostype }}"
+    sshkeys: "{{ vm.sshkeys }}"
+    tags: "{{ proxmox_tags }}"
+    ciuser: "{{ vm.ciuser }}"
+    cipassword: "{{ vm_secrets[proxmox_secrets_prefix + '_' + vm.name.replace('-', '_')] }}"
+    ide:
+      ide2: "proxmox:cloudinit,format=qcow2"
+  register: temp
+
+- name: Debug temp
+  ansible.builtin.debug:
+    msg: "{{ temp }}"
+
+- name: Set mac
+  ansible.builtin.set_fact:
+    mac: "{{ temp.mac }}"
+
+- name: debug mac
+  ansible.builtin.debug:
+    msg: "{{ mac }}"

roles/proxmox/tasks/60_create_container.yml

@@ -0,0 +1,11 @@
+---
+- name: Load vault variables
+  ansible.builtin.include_vars:
+    file: "{{ proxmox_vault_file }}"
+    name: vm_secrets
+
+- name: Create vms
+  ansible.builtin.include_tasks: 65_create_container.yml
+  loop: "{{ proxmox_lxcs }}"
+  loop_control:
+    loop_var: "container"

roles/proxmox/tasks/65_create_containers.yml

@@ -0,0 +1,4 @@
+---
+- name: Create Container
+  ansible.builtin.debug:
+    msg: "{{ container.name }}"

roles/proxmox/tasks/90-download-image.yml

@@ -0,0 +1,6 @@
+---
+- name: Download Debian Image
+  ansible.builtin.get_url:
+    url: "{{ proxmox_debian_image_url }}"
+    dest: "{{ proxmox_image_path }}"
+    mode: "0644"

roles/proxmox/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Setup user
+  ansible.builtin.include_tasks: 01_setup_user.yml
+
+- name: Create VM vault
+  ansible.builtin.include_tasks: 10_create_secrets.yml
+
+- name: Create VMs
+  ansible.builtin.include_tasks: 50_create_vms.yml
+
+- name: Create LXC containers
+  ansible.builtin.include_tasks: 60_create_containers.yml

roles/proxmox/vars/main.yml

@@ -0,0 +1,10 @@
+author: tuan-dat.tran@tudattr.dev
+creator: ansible
+
+proxmox_vault_file: ../group_vars/proxmox/secrets_vm.yml
+proxmox_secrets_prefix: secrets_vm
+proxmox_debian_image_url: https://cdimage.debian.org/images/cloud/bookworm/20250316-2053/debian-12-genericcloud-amd64-20250316-2053.qcow2
+proxmox_image_path: /opt/template/iso/
+
+proxmox_tags:
+  - "{{ creator }}"

roles/proxmox_vm/tasks/create_vm.yml

@@ -1,7 +0,0 @@
----
-# - name: Create VM
-#   community.general.proxmox:
-#     api_host: "{{ api_host }}"
-#     api_user: "{{ api_user }}"
-#     api_password: "{{ vault.proxmox.api_password }}"
-#     node: "{{  }}"

roles/proxmox_vm/tasks/get_info.yml

@@ -1,11 +0,0 @@
----
-- name: List existing nodes
-  community.general.proxmox_node_info:
-    api_host: "{{ proxmox_api_host }}"
-    api_user: "{{ proxmox_api_user }}@pam"
-    api_password: "{{ proxmox_api_password }}"
-  register: proxmox_nodes
-
-- name: Print info
-  ansible.builtin.debug:
-    msg: "{{ proxmox_nodes }}"

roles/proxmox_vm/tasks/main.yml

@@ -1,5 +0,0 @@
----
-- name: Get info
-  ansible.builtin.include_tasks: get_info.yml
-# - name: Create vm
-#   ansible.builtin.include_tasks: create_vm.yml