Added proxmox-vm and static tagging of docker images

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-04-06 18:04:33 +02:00
parent 56f058c254
commit 27621aac03
20 changed files with 377 additions and 126 deletions
--- a/roles/proxmox/tasks/01_setup_user.yml
+++ b/roles/proxmox/tasks/01_setup_user.yml
--- a/roles/proxmox/tasks/10_create_secrets.yml
+++ b/roles/proxmox/tasks/10_create_secrets.yml
@@ -0,0 +1,33 @@
+---
+- name: Ensure Vault file exists
+  ansible.builtin.file:
+    path: "{{ proxmox_vault_file }}"
+    state: touch
+    mode: "0600"
+
+- name: Decrypt vm vault file
+  ansible.builtin.shell: cd ../; ansible-vault decrypt "./playbooks/{{ proxmox_vault_file }}"
+  ignore_errors: true
+  no_log: true
+
+- name: Load existing vault content
+  ansible.builtin.slurp:
+    src: "{{ proxmox_vault_file }}"
+  register: vault_content
+  no_log: true
+
+- name: Parse vault content as YAML
+  ansible.builtin.set_fact:
+    vault_data: "{{ (vault_content['content'] | b64decode | from_yaml) if (vault_content['content'] | length > 0) else {} }}"
+  no_log: true
+
+- name: Update Vault data
+  ansible.builtin.include_tasks: 15_create_secret.yml
+  loop: "{{ proxmox_vms | map(attribute='name') }}"
+  loop_control:
+    loop_var: "vm_name"
+
+- name: Encrypt vm vault file
+  ansible.builtin.shell: cd ../; ansible-vault encrypt "./playbooks/{{ proxmox_vault_file }}"
+  ignore_errors: true
+  no_log: true
--- a/roles/proxmox/tasks/15_create_secret.yml
+++ b/roles/proxmox/tasks/15_create_secret.yml
@@ -0,0 +1,26 @@
+---
+- name: Setup secret name
+  ansible.builtin.set_fact:
+    vm_name_secret: "{{ proxmox_secrets_prefix }}_{{ vm_name | replace('-','_') }}"
+
+- name: Check if variable is in vault
+  ansible.builtin.set_fact:
+    variable_exists: "{{ vm_name_secret in vault_data }}"
+
+- name: Set new secret
+  ansible.builtin.set_fact:
+    cipassword: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}"
+  when: not variable_exists
+
+- name: Set new secret
+  ansible.builtin.set_fact:
+    new_vault_data: "{{ vault_data | combine({ vm_name_secret: cipassword }) }}"
+  when: not variable_exists
+
+- name: Write updated Vault content to file (temporary plaintext)
+  ansible.builtin.copy:
+    content: "{{ new_vault_data | to_nice_yaml }}"
+    dest: "{{ proxmox_vault_file }}"
+    mode: "0600"
+  when: not variable_exists
+  no_log: true
--- a/roles/proxmox/tasks/50_create_vms.yml
+++ b/roles/proxmox/tasks/50_create_vms.yml
@@ -0,0 +1,11 @@
+---
+- name: Load vault variables
+  ansible.builtin.include_vars:
+    file: "{{ proxmox_vault_file }}"
+    name: vm_secrets
+
+- name: Create vms
+  ansible.builtin.include_tasks: 55_create_vm.yml
+  loop: "{{ proxmox_vms }}"
+  loop_control:
+    loop_var: "vm"
--- a/roles/proxmox/tasks/55_create_vm.yml
+++ b/roles/proxmox/tasks/55_create_vm.yml
@@ -0,0 +1,34 @@
+- name: Create VM
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    name: "{{ vm.name }}"
+    vmid: "{{ vm.vmid }}"
+    node: "{{ vm.node }}"
+    cpu: "{{ vm.cpu }}"
+    cores: "{{ vm.cores }}"
+    memory: "{{ vm.memory }}"
+    net: "{{ vm.net }}"
+    scsi: "{{ vm.scsi }}"
+    scsihw: "{{ vm.scsihw }}"
+    ostype: "{{ vm.ostype }}"
+    sshkeys: "{{ vm.sshkeys }}"
+    tags: "{{ proxmox_tags }}"
+    ciuser: "{{ vm.ciuser }}"
+    cipassword: "{{ vm_secrets[proxmox_secrets_prefix + '_' + vm.name.replace('-', '_')] }}"
+    ide:
+      ide2: "proxmox:cloudinit,format=qcow2"
+  register: temp
+
+- name: Debug temp
+  ansible.builtin.debug:
+    msg: "{{ temp }}"
+
+- name: Set mac
+  ansible.builtin.set_fact:
+    mac: "{{ temp.mac }}"
+
+- name: debug mac
+  ansible.builtin.debug:
+    msg: "{{ mac }}"
--- a/roles/proxmox/tasks/60_create_container.yml
+++ b/roles/proxmox/tasks/60_create_container.yml
@@ -0,0 +1,11 @@
+---
+- name: Load vault variables
+  ansible.builtin.include_vars:
+    file: "{{ proxmox_vault_file }}"
+    name: vm_secrets
+
+- name: Create vms
+  ansible.builtin.include_tasks: 65_create_container.yml
+  loop: "{{ proxmox_lxcs }}"
+  loop_control:
+    loop_var: "container"
--- a/roles/proxmox/tasks/65_create_containers.yml
+++ b/roles/proxmox/tasks/65_create_containers.yml
@@ -0,0 +1,4 @@
+---
+- name: Create Container
+  ansible.builtin.debug:
+    msg: "{{ container.name }}"
--- a/roles/proxmox/tasks/90-download-image.yml
+++ b/roles/proxmox/tasks/90-download-image.yml
@@ -0,0 +1,6 @@
+---
+- name: Download Debian Image
+  ansible.builtin.get_url:
+    url: "{{ proxmox_debian_image_url }}"
+    dest: "{{ proxmox_image_path }}"
+    mode: "0644"
--- a/roles/proxmox/tasks/main.yml
+++ b/roles/proxmox/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Setup user
+  ansible.builtin.include_tasks: 01_setup_user.yml
+
+- name: Create VM vault
+  ansible.builtin.include_tasks: 10_create_secrets.yml
+
+- name: Create VMs
+  ansible.builtin.include_tasks: 50_create_vms.yml
+
+- name: Create LXC containers
+  ansible.builtin.include_tasks: 60_create_containers.yml