feat(proxmox): refactor vm provisioning and add pci passthrough config

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-04-26 23:34:42 +02:00
parent f2ea03bc01
commit 591342f580
11 changed files with 119 additions and 82 deletions
--- a/roles/docker_host/tasks/setup.yml
+++ b/roles/docker_host/tasks/setup.yml
@@ -1,9 +1,8 @@
 ---
- name: Enable HW accelerate for VM
+- name: Setup VM Packages
  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
-  loop:
-    - firmware-misc-nonfree
-    - nfs-common
+    update_cache: true
+  loop: "{{ docker_host_package_common_dependencies }}"
  become: true
--- a/roles/docker_host/vars/main.yml
+++ b/roles/docker_host/vars/main.yml
@@ -0,0 +1,2 @@
+docker_host_package_common_dependencies:
+  - nfs-common
--- a/roles/proxmox/handlers/node.yml
+++ b/roles/proxmox/handlers/node.yml
@@ -0,0 +1,6 @@
+---
+- name: Reboot Node
+  ansible.builtin.reboot:
+    connect_timeout: 5
+    reboot_timeout: 600
+    test_command: whoami
--- a/roles/proxmox/tasks/06_hardware_acceleration.yml
+++ b/roles/proxmox/tasks/06_hardware_acceleration.yml
@@ -0,0 +1,25 @@
+---
+- name: Set GRUB_CMDLINE_LINUX_DEFAULT for PCI passthrough
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
+    line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1 modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"'
+    backup: true
+  # notify:
+  #   - Reboot Node
+
+- name: Ensure VFIO modules are listed in /etc/modules
+  ansible.builtin.blockinfile:
+    path: /etc/modules
+    marker: "# {mark} VFIO Modules"
+    block: |
+      vfio
+      vfio_iommu_type1
+      vfio_pci
+      vfio_virqfd
+    create: true
+
+- name: Update initramfs
+  ansible.builtin.command: update-initramfs -u -k all
+  args:
+    warn: false
--- a/roles/proxmox/tasks/55_create_vm.yml
+++ b/roles/proxmox/tasks/55_create_vm.yml
@@ -24,71 +24,6 @@
    sshkeys: "{{ vm.sshkeys }}"
  register: proxmox_deploy_info

- name: Get MAC Address of new machine
-  ansible.builtin.set_fact:
-    mac_address: "{{ proxmox_deploy_info.mac.net0 }}"
-
- name: Import disk
-  ansible.builtin.shell: |
-    qm importdisk {{ vm.vmid }} {{ proxmox_dirs.isos }}/{{ vm.boot_image }} {{ proxmox_storage }}
-  delegate_to: "{{ vm.node }}"
-
- name: Attach disk and cloud-init
-  ansible.builtin.shell: |
-    qm set {{ vm.vmid }} --scsi0 {{ proxmox_storage }}:{{ vm.vmid }}/vm-{{ vm.vmid }}-disk-0.raw --ide2 {{ proxmox_storage }}:cloudinit --boot order=scsi0
-  delegate_to: "{{ vm.node }}"
-
- name: Resize scsi0 disk if needed
-  ansible.builtin.shell: |
-    qm resize {{ vm.vmid }} scsi0 {{ vm.disk_size }}G
-  delegate_to: "{{ vm.node }}"
-
- name: Start VM
-  community.general.proxmox_kvm:
-    api_user: root@pam
-    api_password: "{{ vault.pve.aya01.root.sudo }}"
-    api_host: "192.168.20.12"
-    node: "{{ vm.node }}"
-    vmid: "{{ vm.vmid }}"
-    state: started
-
- name: Wait for VM to appear on network
-  ansible.builtin.shell: |
-    nmap -sn -n -PR 192.168.20.0/24 | grep -B2 "{{ mac_address }}" | grep "Nmap scan report for"
-  register: vm_nmap_scan
-  retries: 30
-  delay: 5
-  until: vm_nmap_scan.stdout != ""
-  delegate_to: "{{ vm.node }}"
-
- name: Extract the IP address from Nmap output
-  ansible.builtin.set_fact:
-    vm_found_ip: "{{ vm_nmap_scan.stdout | regex_search('Nmap scan report for ([0-9\\.]+)', '\\1') | first }}"
-
- name: Debug IP address
-  ansible.builtin.debug:
-    msg: "Found VM IP address: {{ vm_found_ip }}"
-
- name: Define SSH config block
-  ansible.builtin.set_fact:
-    ssh_entry: |
-      Host {{ vm.name }}
-          HostName {{ vm_found_ip }}
-          Port 22
-          User tudattr
-          IdentityFile /media/veracrypt1/genesis
-          ProxyJump {{ vm.node }}
-
- name: Append new VM to SSH config
-  ansible.builtin.blockinfile:
-    path: "{{ ansible_env.HOME }}/.ssh/config_homelab"
-    marker: "# {mark} HOMELAB VMS BLOCK"
-    block: |
-      {{ ssh_entry }}
-
- name: Add the new VM to the proxmox_nodes group in production.ini
-  ansible.builtin.lineinfile:
-    path: "../inventory.ini"
-    line: "{{ proxmox_inventory_entry }}"
-    insertafter: "[proxmox_nodes]"
-    state: present
+- name: Provision created VM
+  ansible.builtin.include_tasks: 56_provision_new_vm.yml
+  when: proxmox_deploy_info.changed
--- a/roles/proxmox/tasks/56_provision_new_vm.yml
+++ b/roles/proxmox/tasks/56_provision_new_vm.yml
@@ -0,0 +1,72 @@
+---
+- name: Debug proxmox_deploy_info
+  ansible.builtin.debug:
+    msg: "{{ proxmox_deploy_info }}"
+
+- name: Get MAC Address of new machine
+  ansible.builtin.set_fact:
+    mac_address: "{{ proxmox_deploy_info.mac.net0 }}"
+
+- name: Import disk
+  ansible.builtin.shell: |
+    qm importdisk {{ vm.vmid }} {{ proxmox_dirs.isos }}/{{ vm.boot_image }} {{ proxmox_storage }}
+  delegate_to: "{{ vm.node }}"
+  when: proxmox_deploy_info.changed
+
+- name: Attach disk and cloud-init
+  ansible.builtin.shell: |
+    qm set {{ vm.vmid }} --scsi0 {{ proxmox_storage }}:{{ vm.vmid }}/vm-{{ vm.vmid }}-disk-0.raw --ide2 {{ proxmox_storage }}:cloudinit --boot order=scsi0
+  delegate_to: "{{ vm.node }}"
+
+- name: Resize scsi0 disk if needed
+  ansible.builtin.shell: |
+    qm resize {{ vm.vmid }} scsi0 {{ vm.disk_size }}G
+  delegate_to: "{{ vm.node }}"
+
+- name: Start VM
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_host: "192.168.20.12"
+    node: "{{ vm.node }}"
+    vmid: "{{ vm.vmid }}"
+    state: started
+
+- name: Wait for VM to appear on network
+  ansible.builtin.shell: |
+    nmap -sn -n -PR 192.168.20.0/24 | grep -B2 "{{ mac_address }}" | grep "Nmap scan report for"
+  register: vm_nmap_scan
+  retries: 30
+  delay: 5
+  until: vm_nmap_scan.stdout != ""
+  delegate_to: "{{ vm.node }}"
+
+- name: Extract the IP address from Nmap output
+  ansible.builtin.set_fact:
+    vm_found_ip: "{{ vm_nmap_scan.stdout | regex_search('Nmap scan report for ([0-9\\.]+)', '\\1') | first }}"
+
+- name: Define SSH config block
+  ansible.builtin.set_fact:
+    ssh_entry: |
+      Host {{ vm.name }}
+          HostName {{ vm_found_ip }}
+          Port 22
+          User tudattr
+          IdentityFile /media/veracrypt1/genesis
+          ProxyJump {{ vm.node }}
+
+- name: Append new VM to SSH config
+  ansible.builtin.blockinfile:
+    path: "{{ ansible_env.HOME }}/.ssh/config_homelab"
+    marker: "# {mark} HOMELAB VMS BLOCK"
+    block: |
+      {{ ssh_entry }}
+
+- name: Add VM to homelab_vms group in production.ini
+  ansible.builtin.lineinfile:
+    path: "{{ inventory_file }}"
+    line: "{{ vm.name }}"
+    insertafter: '^\[vms\]'
+    create: true
+    state: present
+  delegate_to: localhost
--- a/roles/proxmox/tasks/60_create_containers.yml
+++ b/roles/proxmox/tasks/60_create_containers.yml
--- a/roles/proxmox/tasks/65_create_containers.yml
+++ b/roles/proxmox/tasks/65_create_containers.yml
--- a/roles/proxmox/vars/main.yml
+++ b/roles/proxmox/vars/main.yml
@@ -21,5 +21,6 @@ proxmox_tags:
 proxmox_node_dependencies:
  - libguestfs-tools
  - nmap
+  - firmware-misc-nonfree

 proxmox_localhost_dependencies: []