Role: proxmox pre-cluster config stages completed, tested. Code clean…

…up. Role: auth auth__users_all improved for merging. Role: ansible improved main vars.
aybarsm · Sep 2, 2024 · 70368b0 · 70368b0
1 parent 7f5370b
commit 70368b0
Show file tree

Hide file tree

Showing 12 changed files with 164 additions and 257 deletions.
diff --git a/roles/ansible/vars/main.yml b/roles/ansible/vars/main.yml
@@ -2,6 +2,12 @@ __ansible__config:
   modules:
     ansible:
       builtin:
+        user:
+          required: ['name']
+          uniques: ['name']
+          aliases:
+            create_home: ['createhome']
+            name: ['user']
         systemd_service:
           required: ['name']
           uniques: ['name']

diff --git a/roles/auth/vars/main.yml b/roles/auth/vars/main.yml
@@ -61,25 +61,31 @@ auth__groups_all: "{{ auth__all |
   aybarsm.helper.unique_recursive(__ansible__config.modules.ansible_builtin_group.uniques) |
   default([]) }}"
 
-auth__users_all: "{{ auth__all |
-  aybarsm.helper.selectattr(__auth__config.users.selectattr) |
-  aybarsm.helper.replace_aliases(__ansible__config.modules.ansible_builtin_user.aliases) |
-  aybarsm.helper.unique_recursive(__ansible__config.modules.ansible_builtin_user.uniques) |
-  default([]) }}"
+# Use lists_mergeby to combine all sections and sort by name for better output readability
+auth__users_all: "{{ [auth__default, auth__group, auth__host] |
+  map('selectattr', 'type', 'defined') | map('selectattr', 'type', 'equalto', 'user') |
+  map('aybarsm.helper.replace_aliases', __ansible__config.modules.ansible.builtin.user.aliases) |
+  map('selectattr', 'name', 'defined') |
+  community.general.lists_mergeby('name', recursive=false, list_merge='prepend') |
+  sort(attribute='name') | default([]) }}"
 
 auth__authorized_keys_all: "{{ auth__all |
   aybarsm.helper.selectattr(__auth__config.authorized_keys.selectattr) |
   aybarsm.helper.unique_combinations([['user', 'key']]) |
   default([]) }}"
 
+# Sort name and value to avoid unneccessary changes
 auth__sshd_config_all: "{{ auth__all |
   aybarsm.helper.selectattr(__auth__config.sshd_config.selectattr) |
   aybarsm.helper.unique_combinations([['name', 'value']]) |
+  sort(attribute='value', reverse=true) | sort(attribute='name', reverse=false) |
   default([]) }}"
 
+# Sort name and value to avoid unneccessary changes
 auth__ssh_config_all: "{{ auth__all |
   aybarsm.helper.selectattr(__auth__config.ssh_config.selectattr) |
   aybarsm.helper.unique_combinations([['name', 'value']]) |
+  sort(attribute='value', reverse=true) | sort(attribute='name', reverse=false) |
   default([]) }}"
 
 auth__ssh_config_module_all: "{{ auth__all |

diff --git a/roles/network/vars/main.yml b/roles/network/vars/main.yml
@@ -76,6 +76,7 @@ network__hosts_all: "{{ (network__host + network__group + network__default + __n
   aybarsm.helper.replace_aliases({'fqdn': ['hostname']}) |
   aybarsm.helper.unique_recursive(attributes=['ip', 'hostname', 'fqdn']) }}"
 
-network__hosts_all_ipv4: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv4') }}"
-network__hosts_all_ipv6: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv6') }}"
+# Sort hosts by hostname to avoid unneccessary changes
+network__hosts_all_ipv4: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv4') | sort(attribute='hostname') }}"
+network__hosts_all_ipv6: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv6') | sort(attribute='hostname') }}"
 ##### END: network hosts vars
diff --git a/roles/proxmox/defaults/main.yml b/roles/proxmox/defaults/main.yml
@@ -1,23 +1,25 @@
 proxmox__role_enabled: false
 
-# TODO: Implement managing the purpose package setup for repos and package versioning.
 proxmox__manage_repo_keys: false
 proxmox__manage_repos: false
 proxmox__manage_packages: false
 proxmox__manage_grub: false
 proxmox__manage_hostname: false
 proxmox__manage_hosts: false
+# This option force root user to generate ssh key and distribute to all hosts within the cluster
+proxmox__manage_root_access: false
 proxmox__manage_sshd_config: false
 proxmox__manage_ssh_config: false
 proxmox__manage_cluster: false
 
-# Hostname configuration
+# Hostname and FQDN configuration
 proxmox__hostname: "{{ inventory_hostname_short }}"
 proxmox__domain: local
 
 # Cluster configuration
 # For target inventory specs, consult https://docs.ansible.com/ansible/latest/inventory_guide/intro_patterns.html for more information
 # If init node not provided, the init node will be designated as the first node regarding ascending sorted of inventory_hostname
+# proxmox__clusters variables has been designed to be managed from a single source of truth, i.e. group_vars/all.yml However, it can be overwritten from the host vars.
 # proxmox__clusters:
 #   - name: 'pve-london01'
 #     target: 'proxmox:&london'
@@ -26,9 +28,9 @@ proxmox__domain: local
 #     init: 'pve01-atlanta01'
 proxmox__clusters: []
 # Ip addresses for the cluster links for the host
+# i.e. proxmox__cluster_links: ['10.0.0.2', 'fd00::2']
+# If more than one ip provided, the first link ip will be used as the cluster ip for the hosts file
 proxmox__cluster_links: []
-# If set as a dict, with integer keys, keys will be used as link priority. Consult: https://pve.proxmox.com/pve-docs/pvecm.1.html
-# i.e. proxmox__cluster_links: {'10': '10.0.0.2', '20': 'fd00::2'}
 
 proxmox__ssh_port: 22
 
@@ -53,9 +55,6 @@ proxmox__purpose_packages:
   ceph_reef: ['ceph', 'ceph-common', 'ceph-mds', 'ceph-fuse']
   zfs: ['zfsutils-linux', 'zfs-initramfs', 'zfs-zed']
 
-# If enabled, the role will manage the purpose package setup for repos and package versioning.
-proxmox__manage_purpose_package_setup: true
-
 proxmox__default: {}
 proxmox__group: {}
 proxmox__host: {}
@@ -81,4 +80,6 @@ proxmox__host: {}
 #       version: 3.2.4-1
 #     pmg:
 #       type: no-subscription
-#       version: 8.1.0
+#       version: 8.1.0
+#     zfs:
+#       version: 2.2.4-pve1
diff --git a/roles/proxmox/tasks/debug.yml b/roles/proxmox/tasks/debug.yml
diff --git a/roles/proxmox/tasks/main.yml b/roles/proxmox/tasks/main.yml
@@ -7,92 +7,49 @@
   ansible.builtin.include_tasks:
     file: set_facts.yml
 
-# - name: Import aybarsm package_manager role
-#   ansible.builtin.import_role:
-#     name: aybarsm.linux.package_manager
-#   when:
-#     - proxmox__role_enabled
-#     - proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages
-
-# - name: Import aybarsm grub role
-#   ansible.builtin.import_role:
-#     name: aybarsm.linux.grub
-#   when:
-#     - proxmox__role_enabled
-#     - proxmox__manage_grub
-
-# - name: Include package manager tasks
-#   ansible.builtin.include_tasks:
-#     file: package_manager.yml
-#   when:
-#     - proxmox__role_enabled
-#     - proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages
-
-# - name: Import aybarsm package_manager role
-#   ansible.builtin.import_role:
-#     name: aybarsm.linux.package_manager
-#   vars:
-#     package_manager__role_enabled: false
-#     package_manager__default: "{{ __proxmox__purpose_packages }}"
-
-# - name: Include package manager tasks
-#   ansible.builtin.include_tasks:
-#     file: package_manager.yml
-#   vars:
-#     node_repo_keys: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo_key') if proxmox__manage_repo_keys else [] }}"
-#     node_repos: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo') if proxmox__manage_repos else [] }}"
-#     node_packages: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'package') if proxmox__manage_packages else [] }}"
-#     use_package_manager: "{{ proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages }}"
-#     package_manager__role_enabled: "{{ use_package_manager if use_package_manager else omit }}"
-#     package_manager__manage_repo_keys: "{{ proxmox__manage_repo_keys }}"
-#     package_manager__manage_repos: "{{ proxmox__manage_repos }}"
-#     package_manager__manage_packages: "{{ proxmox__manage_packages }}"
-#     package_manager__host: "{{ node_repo_keys + node_repos + node_packages + (package_manager__host | default([])) if use_package_manager else omit }}"
-
-# - name: Import aybarsm package_manager role
-#   ansible.builtin.import_role:
-#     name: aybarsm.linux.package_manager
-#   when:
-#     - proxmox__role_enabled
-#     - proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages
-
-
-
-# - name: Import aybarsm network role
-#   ansible.builtin.import_role:
-#     name: aybarsm.linux.network
-#   when: proxmox__role_enabled
-
-# - name: Reboot node and wait if upgraded, grub or network-systemd changed
-#   ansible.builtin.reboot:
-#     test_command: "uptime"
-#   vars:
-#     is_upgraded: "{{ package_manager__upgrade_deb is defined and package_manager__upgrade_deb is changed }}"
-#     is_grub: "{{ grub__deploy is defined and grub__deploy is changed }}"
-#     is_systemd: "{{ network__systemd_deploy is defined and network__systemd_deploy is changed }}"
-#   when: is_upgraded or is_grub or is_systemd
-
-# - name: Proxmox Query
-#   become: true
-#   proxmox_query:
-#     query: storage
-#   register: proxmox__query_storage
-# - name: Debug
-#   ansible.builtin.debug:
-#     msg:
-#       proxmox__query_storage: "{{ proxmox__query_storage }}"
-#       # role_path: "{{ role_path }}"
-#       # purpose_package_setup: "{{ lookup('template', proxmox__purpose_package_setup_template) }}"
-#   delegate_to: localhost
-# - name: Import aybarsm linux ansible role
-#   ansible.builtin.import_role:
-#     name: aybarsm.linux.ansible
-
-# - name: Include Debug Tasks
-#   ansible.builtin.import_tasks:
-#     file: debug.yml
-
-# - name: Import aybarsm linux ansible role - settle local fact tasks
-#   ansible.builtin.import_role:
-#     name: aybarsm.linux.ansible
-#     tasks_from: settle_local_facts.yml
+- name: Inform when host not cluster eligible
+  ansible.builtin.debug:
+    msg: 'Host is not cluster eligible.'
+  when: not __proxmox__cluster_eligible
+  delegate_to: localhost
+
+- name: Import aybarsm package_manager role
+  ansible.builtin.import_role:
+    name: aybarsm.linux.package_manager
+  when:
+    - proxmox__role_enabled
+    - proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages
+
+- name: Import aybarsm grub role
+  ansible.builtin.import_role:
+    name: aybarsm.linux.grub
+  when:
+    - proxmox__role_enabled
+    - proxmox__manage_grub
+
+- name: Import aybarsm network role
+  ansible.builtin.import_role:
+    name: aybarsm.linux.network
+  when:
+    - proxmox__role_enabled
+    - proxmox__manage_hostname or proxmox__manage_hosts
+
+- name: Reboot node and wait if upgraded, grub or network-hostname,systemd,interfaces changed
+  ansible.builtin.reboot:
+    test_command: "uptime"
+  vars:
+    chk_upgrade: "{{ package_manager__upgrade_deb is defined and package_manager__upgrade_deb is changed }}"
+    chk_grub: "{{ grub__deploy is defined and grub__deploy is changed }}"
+    chk_hostname: "{{ network__hostname_deploy is defined and network__hostname_deploy is changed }}"
+    chk_systemd: "{{ network__systemd_deploy is defined and network__systemd_deploy is changed }}"
+    chk_interfaces: "{{ network__interfaces_deploy is defined and network__interfaces_deploy is changed }}"
+  register: proxmox__primary_reboot
+  when: chk_upgrade or chk_grub or chk_hostname or chk_systemd or chk_interfaces
+
+- name: Import aybarsm auth role
+  ansible.builtin.import_role:
+    name: aybarsm.linux.auth
+  when:
+    - proxmox__role_enabled
+    - __proxmox__cluster_eligible
+    - proxmox__manage_root_access or proxmox__manage_sshd_config or proxmox__manage_ssh_config
diff --git a/roles/proxmox/tasks/network.yml b/roles/proxmox/tasks/network.yml
diff --git a/roles/proxmox/tasks/package_manager.yml b/roles/proxmox/tasks/package_manager.yml