diff --git a/roles/debian/files/sshd@mgmt.service b/files/sshd@mgmt.service similarity index 100% rename from roles/debian/files/sshd@mgmt.service rename to files/sshd@mgmt.service diff --git a/roles/debian/files/sshd_config.mgmt b/files/sshd_config.mgmt similarity index 100% rename from roles/debian/files/sshd_config.mgmt rename to files/sshd_config.mgmt diff --git a/roles/proxmox/handlers/main.yml b/roles/proxmox/handlers/main.yml index 5b1e504..330874b 100644 --- a/roles/proxmox/handlers/main.yml +++ b/roles/proxmox/handlers/main.yml @@ -1,3 +1,12 @@ +- name: reboot + reboot: + when: "'handler' not in ansible_skip_tags" + - name: reload interfaces command: ifreload -a when: "'handler' not in ansible_skip_tags" + +- name: update package cache + package: + update_cache: yes + when: "'handler' not in ansible_skip_tags" diff --git a/roles/proxmox/tasks/main.yml b/roles/proxmox/tasks/main.yml index 637a5ec..84fe500 100644 --- a/roles/proxmox/tasks/main.yml +++ b/roles/proxmox/tasks/main.yml @@ -1,41 +1,55 @@ # choose a node for tasks that should only run on (any) one node, e.g. when writing to /etc/pve - name: Select the primary node set_fact: - is_primary: '{{ inventory_hostname == (nodes | map(attribute="inventory_hostname") | sort | first) }}' + is_primary: '{{ nodes is defined and inventory_hostname == (nodes | map(attribute="inventory_hostname") | sort | first) }}' + +- name: Set hostname + hostname: + name: '{{ inventory_hostname }}' + +- name: Set up hosts file + template: + dest: /etc/hosts + src: hosts.j2 + +- name: Set up resolv.conf + template: + dest: /etc/resolv.conf + src: resolv.conf.j2 + mode: 0644 + +- include_tasks: network.yml - name: Disable enterprise repositories apt_repository: repo: '{{ item }}' state: absent - update_cache: '{{ ansible_loop.last }}' + update_cache: no loop: - 'deb https://enterprise.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-enterprise' - 'deb https://enterprise.proxmox.com/debian/ceph-quincy {{ ansible_distribution_release }} enterprise' - loop_control: - extended: true + notify: update package cache - name: Enable no-subscription repository apt_repository: repo: 'deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription' + update_cache: no + notify: update package cache + +- meta: flush_handlers + +- name: Install essential packages + package: + name: + - git + - vim + - tmux - name: Set up sysctls copy: dest: /etc/sysctl.d/local.conf src: sysctl.conf -- name: Set VXLAN local tunnel IP - template: - dest: /etc/network/interfaces.d/loopback.intf - src: loopback.intf.j2 - notify: reload interfaces - -- name: Set up bridges - template: - dest: /etc/network/interfaces - src: interfaces.j2 - mode: 0644 - notify: reload interfaces - - include_tasks: firewall.yml - include_tasks: user.yml diff --git a/roles/proxmox/tasks/network.yml b/roles/proxmox/tasks/network.yml new file mode 100644 index 0000000..0a1c2ac --- /dev/null +++ b/roles/proxmox/tasks/network.yml @@ -0,0 +1,51 @@ +- name: Add rules to rename network interfaces + template: + dest: /etc/udev/rules.d/10-network.rules + src: 10-network.rules.j2 + mode: 0644 + notify: reboot + +- name: Set up bridges + template: + dest: /etc/network/interfaces + src: interfaces.j2 + mode: 0644 + notify: reload interfaces + +- name: Set VXLAN local tunnel IP + template: + dest: /etc/network/interfaces.d/loopback.intf + src: loopback.intf.j2 + notify: reload interfaces + +- name: Set up physical interfaces + template: + dest: /etc/network/interfaces.d/ansible.intf + src: ansible.intf.j2 + mode: 0644 + notify: reload interfaces + +- name: Run SSH instance in management VRF + when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt') + block: + - name: Configure SSH instance in management VRF + copy: + dest: /etc/ssh/ + src: sshd_config.mgmt + mode: 0644 + notify: reboot + + - name: Set up a SSH instance in management VRF + copy: + dest: /etc/systemd/system/ + src: sshd@mgmt.service + mode: 0644 + notify: reboot + + - name: Enable management SSH + service: + name: sshd@mgmt + enabled: yes + notify: reboot + +- meta: flush_handlers diff --git a/roles/proxmox/templates/hosts.j2 b/roles/proxmox/templates/hosts.j2 new file mode 100644 index 0000000..a4ac92f --- /dev/null +++ b/roles/proxmox/templates/hosts.j2 @@ -0,0 +1,12 @@ +127.0.0.1 localhost.localdomain localhost + +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts + +{% for address in interfaces | selectattr('name', '==', 'lo') | map(attribute='ip_addresses') | first %} +{{ address.address | ipaddr('address') }} {{ address.dns_name }} {{ inventory_hostname }} +{% endfor %} diff --git a/setup.yml b/setup.yml index 5b0516f..32609fe 100644 --- a/setup.yml +++ b/setup.yml @@ -23,9 +23,8 @@ - hosts: pve-rc-*, pve-lab-* roles: - - debian - - frr - proxmox + - frr - hosts: doku roles: diff --git a/roles/debian/templates/10-network.rules.j2 b/templates/10-network.rules.j2 similarity index 100% rename from roles/debian/templates/10-network.rules.j2 rename to templates/10-network.rules.j2 diff --git a/roles/debian/templates/ansible.intf.j2 b/templates/ansible.intf.j2 similarity index 100% rename from roles/debian/templates/ansible.intf.j2 rename to templates/ansible.intf.j2 diff --git a/roles/debian/templates/resolv.conf.j2 b/templates/resolv.conf.j2 similarity index 100% rename from roles/debian/templates/resolv.conf.j2 rename to templates/resolv.conf.j2