proxmox: only install firewall rules on one node

And let the cluster take care of distribution.
This commit is contained in:
Timotej Lazar 2024-05-14 12:40:33 +02:00
parent 3f53c84865
commit be915dcf69
4 changed files with 9 additions and 8 deletions

View file

@ -1,7 +1,3 @@
- name: Retrieve service list
set_fact:
services: '{{ query("netbox.netbox.nb_lookup", "clusters", raw_data=true, api_filter="name="+cluster) | map(attribute="custom_fields.services") | flatten }}'
- name: Set up firewall
template:
dest: /etc/pve/firewall/cluster.fw
@ -9,4 +5,4 @@
mode: 0640
owner: root
group: www-data
when: inventory_hostname == primary

View file

@ -2,6 +2,11 @@
set_fact:
nodes: "{{ groups['cluster_'+cluster] | map('extract', hostvars) }}"
# choose a node for tasks that should only run on (any) one node, e.g. when writing to /etc/pve
- name: Select primary node
set_fact:
primary: '{{ nodes | map(attribute="inventory_hostname") | sort | first }}'
- name: Disable enterprise repositories
apt_repository:
repo: '{{ item }}'

View file

@ -1,7 +1,5 @@
# synchronize user and group data from LDAP when sync-ldap context key is set to a realm
- block:
- set_fact:
primary: '{{ nodes | map(attribute="inventory_hostname") | sort | first }}'
- name: Install LDAP sync script
template:
dest: /usr/local/bin/sync-ldap.py

View file

@ -1,3 +1,5 @@
{% set services = query('netbox.netbox.nb_lookup', 'clusters', raw_data=true, api_filter='name='+cluster)
| map(attribute='custom_fields.services') | flatten -%}
[OPTIONS]
enable: 1