Deconsolidate network setup for proxmox and debian roles
They are just different enough to be annoying.
This commit is contained in:
parent
c3d1a6c4b1
commit
cf288dde95
|
@ -1,3 +1,12 @@
|
||||||
|
- name: reboot
|
||||||
|
reboot:
|
||||||
|
when: "'handler' not in ansible_skip_tags"
|
||||||
|
|
||||||
- name: reload interfaces
|
- name: reload interfaces
|
||||||
command: ifreload -a
|
command: ifreload -a
|
||||||
when: "'handler' not in ansible_skip_tags"
|
when: "'handler' not in ansible_skip_tags"
|
||||||
|
|
||||||
|
- name: update package cache
|
||||||
|
package:
|
||||||
|
update_cache: yes
|
||||||
|
when: "'handler' not in ansible_skip_tags"
|
||||||
|
|
|
@ -1,41 +1,55 @@
|
||||||
# choose a node for tasks that should only run on (any) one node, e.g. when writing to /etc/pve
|
# choose a node for tasks that should only run on (any) one node, e.g. when writing to /etc/pve
|
||||||
- name: Select the primary node
|
- name: Select the primary node
|
||||||
set_fact:
|
set_fact:
|
||||||
is_primary: '{{ inventory_hostname == (nodes | map(attribute="inventory_hostname") | sort | first) }}'
|
is_primary: '{{ nodes is defined and inventory_hostname == (nodes | map(attribute="inventory_hostname") | sort | first) }}'
|
||||||
|
|
||||||
|
- name: Set hostname
|
||||||
|
hostname:
|
||||||
|
name: '{{ inventory_hostname }}'
|
||||||
|
|
||||||
|
- name: Set up hosts file
|
||||||
|
template:
|
||||||
|
dest: /etc/hosts
|
||||||
|
src: hosts.j2
|
||||||
|
|
||||||
|
- name: Set up resolv.conf
|
||||||
|
template:
|
||||||
|
dest: /etc/resolv.conf
|
||||||
|
src: resolv.conf.j2
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- include_tasks: network.yml
|
||||||
|
|
||||||
- name: Disable enterprise repositories
|
- name: Disable enterprise repositories
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: '{{ item }}'
|
repo: '{{ item }}'
|
||||||
state: absent
|
state: absent
|
||||||
update_cache: '{{ ansible_loop.last }}'
|
update_cache: no
|
||||||
loop:
|
loop:
|
||||||
- 'deb https://enterprise.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-enterprise'
|
- 'deb https://enterprise.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-enterprise'
|
||||||
- 'deb https://enterprise.proxmox.com/debian/ceph-quincy {{ ansible_distribution_release }} enterprise'
|
- 'deb https://enterprise.proxmox.com/debian/ceph-quincy {{ ansible_distribution_release }} enterprise'
|
||||||
loop_control:
|
notify: update package cache
|
||||||
extended: true
|
|
||||||
|
|
||||||
- name: Enable no-subscription repository
|
- name: Enable no-subscription repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: 'deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription'
|
repo: 'deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription'
|
||||||
|
update_cache: no
|
||||||
|
notify: update package cache
|
||||||
|
|
||||||
|
- meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Install essential packages
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- git
|
||||||
|
- vim
|
||||||
|
- tmux
|
||||||
|
|
||||||
- name: Set up sysctls
|
- name: Set up sysctls
|
||||||
copy:
|
copy:
|
||||||
dest: /etc/sysctl.d/local.conf
|
dest: /etc/sysctl.d/local.conf
|
||||||
src: sysctl.conf
|
src: sysctl.conf
|
||||||
|
|
||||||
- name: Set VXLAN local tunnel IP
|
|
||||||
template:
|
|
||||||
dest: /etc/network/interfaces.d/loopback.intf
|
|
||||||
src: loopback.intf.j2
|
|
||||||
notify: reload interfaces
|
|
||||||
|
|
||||||
- name: Set up bridges
|
|
||||||
template:
|
|
||||||
dest: /etc/network/interfaces
|
|
||||||
src: interfaces.j2
|
|
||||||
mode: 0644
|
|
||||||
notify: reload interfaces
|
|
||||||
|
|
||||||
- include_tasks: firewall.yml
|
- include_tasks: firewall.yml
|
||||||
|
|
||||||
- include_tasks: user.yml
|
- include_tasks: user.yml
|
||||||
|
|
51
roles/proxmox/tasks/network.yml
Normal file
51
roles/proxmox/tasks/network.yml
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
- name: Add rules to rename network interfaces
|
||||||
|
template:
|
||||||
|
dest: /etc/udev/rules.d/10-network.rules
|
||||||
|
src: 10-network.rules.j2
|
||||||
|
mode: 0644
|
||||||
|
notify: reboot
|
||||||
|
|
||||||
|
- name: Set up bridges
|
||||||
|
template:
|
||||||
|
dest: /etc/network/interfaces
|
||||||
|
src: interfaces.j2
|
||||||
|
mode: 0644
|
||||||
|
notify: reload interfaces
|
||||||
|
|
||||||
|
- name: Set VXLAN local tunnel IP
|
||||||
|
template:
|
||||||
|
dest: /etc/network/interfaces.d/loopback.intf
|
||||||
|
src: loopback.intf.j2
|
||||||
|
notify: reload interfaces
|
||||||
|
|
||||||
|
- name: Set up physical interfaces
|
||||||
|
template:
|
||||||
|
dest: /etc/network/interfaces.d/ansible.intf
|
||||||
|
src: ansible.intf.j2
|
||||||
|
mode: 0644
|
||||||
|
notify: reload interfaces
|
||||||
|
|
||||||
|
- name: Run SSH instance in management VRF
|
||||||
|
when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt')
|
||||||
|
block:
|
||||||
|
- name: Configure SSH instance in management VRF
|
||||||
|
copy:
|
||||||
|
dest: /etc/ssh/
|
||||||
|
src: sshd_config.mgmt
|
||||||
|
mode: 0644
|
||||||
|
notify: reboot
|
||||||
|
|
||||||
|
- name: Set up a SSH instance in management VRF
|
||||||
|
copy:
|
||||||
|
dest: /etc/systemd/system/
|
||||||
|
src: sshd@mgmt.service
|
||||||
|
mode: 0644
|
||||||
|
notify: reboot
|
||||||
|
|
||||||
|
- name: Enable management SSH
|
||||||
|
service:
|
||||||
|
name: sshd@mgmt
|
||||||
|
enabled: yes
|
||||||
|
notify: reboot
|
||||||
|
|
||||||
|
- meta: flush_handlers
|
12
roles/proxmox/templates/hosts.j2
Normal file
12
roles/proxmox/templates/hosts.j2
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
127.0.0.1 localhost.localdomain localhost
|
||||||
|
|
||||||
|
::1 ip6-localhost ip6-loopback
|
||||||
|
fe00::0 ip6-localnet
|
||||||
|
ff00::0 ip6-mcastprefix
|
||||||
|
ff02::1 ip6-allnodes
|
||||||
|
ff02::2 ip6-allrouters
|
||||||
|
ff02::3 ip6-allhosts
|
||||||
|
|
||||||
|
{% for address in interfaces | selectattr('name', '==', 'lo') | map(attribute='ip_addresses') | first %}
|
||||||
|
{{ address.address | ipaddr('address') }} {{ address.dns_name }} {{ inventory_hostname }}
|
||||||
|
{% endfor %}
|
Loading…
Reference in a new issue