diff --git a/roles/ansible/vars/main.yml b/roles/ansible/vars/main.yml index 7f0b17d..e884c5c 100644 --- a/roles/ansible/vars/main.yml +++ b/roles/ansible/vars/main.yml @@ -2,6 +2,12 @@ __ansible__config: modules: ansible: builtin: + user: + required: ['name'] + uniques: ['name'] + aliases: + create_home: ['createhome'] + name: ['user'] systemd_service: required: ['name'] uniques: ['name'] diff --git a/roles/auth/vars/main.yml b/roles/auth/vars/main.yml index 53bb0e0..802f043 100644 --- a/roles/auth/vars/main.yml +++ b/roles/auth/vars/main.yml @@ -61,25 +61,31 @@ auth__groups_all: "{{ auth__all | aybarsm.helper.unique_recursive(__ansible__config.modules.ansible_builtin_group.uniques) | default([]) }}" -auth__users_all: "{{ auth__all | - aybarsm.helper.selectattr(__auth__config.users.selectattr) | - aybarsm.helper.replace_aliases(__ansible__config.modules.ansible_builtin_user.aliases) | - aybarsm.helper.unique_recursive(__ansible__config.modules.ansible_builtin_user.uniques) | - default([]) }}" +# Use lists_mergeby to combine all sections and sort by name for better output readability +auth__users_all: "{{ [auth__default, auth__group, auth__host] | + map('selectattr', 'type', 'defined') | map('selectattr', 'type', 'equalto', 'user') | + map('aybarsm.helper.replace_aliases', __ansible__config.modules.ansible.builtin.user.aliases) | + map('selectattr', 'name', 'defined') | + community.general.lists_mergeby('name', recursive=false, list_merge='prepend') | + sort(attribute='name') | default([]) }}" auth__authorized_keys_all: "{{ auth__all | aybarsm.helper.selectattr(__auth__config.authorized_keys.selectattr) | aybarsm.helper.unique_combinations([['user', 'key']]) | default([]) }}" +# Sort name and value to avoid unneccessary changes auth__sshd_config_all: "{{ auth__all | aybarsm.helper.selectattr(__auth__config.sshd_config.selectattr) | aybarsm.helper.unique_combinations([['name', 'value']]) | + sort(attribute='value', reverse=true) | sort(attribute='name', reverse=false) | default([]) }}" +# Sort name and value to avoid unneccessary changes auth__ssh_config_all: "{{ auth__all | aybarsm.helper.selectattr(__auth__config.ssh_config.selectattr) | aybarsm.helper.unique_combinations([['name', 'value']]) | + sort(attribute='value', reverse=true) | sort(attribute='name', reverse=false) | default([]) }}" auth__ssh_config_module_all: "{{ auth__all | diff --git a/roles/network/vars/main.yml b/roles/network/vars/main.yml index ebf0de7..96cc4f8 100644 --- a/roles/network/vars/main.yml +++ b/roles/network/vars/main.yml @@ -76,6 +76,7 @@ network__hosts_all: "{{ (network__host + network__group + network__default + __n aybarsm.helper.replace_aliases({'fqdn': ['hostname']}) | aybarsm.helper.unique_recursive(attributes=['ip', 'hostname', 'fqdn']) }}" -network__hosts_all_ipv4: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv4') }}" -network__hosts_all_ipv6: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv6') }}" +# Sort hosts by hostname to avoid unneccessary changes +network__hosts_all_ipv4: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv4') | sort(attribute='hostname') }}" +network__hosts_all_ipv6: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv6') | sort(attribute='hostname') }}" ##### END: network hosts vars \ No newline at end of file diff --git a/roles/proxmox/defaults/main.yml b/roles/proxmox/defaults/main.yml index 9f0d3c9..b84469d 100644 --- a/roles/proxmox/defaults/main.yml +++ b/roles/proxmox/defaults/main.yml @@ -1,23 +1,25 @@ proxmox__role_enabled: false -# TODO: Implement managing the purpose package setup for repos and package versioning. proxmox__manage_repo_keys: false proxmox__manage_repos: false proxmox__manage_packages: false proxmox__manage_grub: false proxmox__manage_hostname: false proxmox__manage_hosts: false +# This option force root user to generate ssh key and distribute to all hosts within the cluster +proxmox__manage_root_access: false proxmox__manage_sshd_config: false proxmox__manage_ssh_config: false proxmox__manage_cluster: false -# Hostname configuration +# Hostname and FQDN configuration proxmox__hostname: "{{ inventory_hostname_short }}" proxmox__domain: local # Cluster configuration # For target inventory specs, consult https://docs.ansible.com/ansible/latest/inventory_guide/intro_patterns.html for more information # If init node not provided, the init node will be designated as the first node regarding ascending sorted of inventory_hostname +# proxmox__clusters variables has been designed to be managed from a single source of truth, i.e. group_vars/all.yml However, it can be overwritten from the host vars. # proxmox__clusters: # - name: 'pve-london01' # target: 'proxmox:&london' @@ -26,9 +28,9 @@ proxmox__domain: local # init: 'pve01-atlanta01' proxmox__clusters: [] # Ip addresses for the cluster links for the host +# i.e. proxmox__cluster_links: ['10.0.0.2', 'fd00::2'] +# If more than one ip provided, the first link ip will be used as the cluster ip for the hosts file proxmox__cluster_links: [] -# If set as a dict, with integer keys, keys will be used as link priority. Consult: https://pve.proxmox.com/pve-docs/pvecm.1.html -# i.e. proxmox__cluster_links: {'10': '10.0.0.2', '20': 'fd00::2'} proxmox__ssh_port: 22 @@ -53,9 +55,6 @@ proxmox__purpose_packages: ceph_reef: ['ceph', 'ceph-common', 'ceph-mds', 'ceph-fuse'] zfs: ['zfsutils-linux', 'zfs-initramfs', 'zfs-zed'] -# If enabled, the role will manage the purpose package setup for repos and package versioning. -proxmox__manage_purpose_package_setup: true - proxmox__default: {} proxmox__group: {} proxmox__host: {} @@ -81,4 +80,6 @@ proxmox__host: {} # version: 3.2.4-1 # pmg: # type: no-subscription -# version: 8.1.0 \ No newline at end of file +# version: 8.1.0 +# zfs: +# version: 2.2.4-pve1 \ No newline at end of file diff --git a/roles/proxmox/tasks/debug.yml b/roles/proxmox/tasks/debug.yml deleted file mode 100644 index 5b85091..0000000 --- a/roles/proxmox/tasks/debug.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Debug - ansible.builtin.debug: - msg: - proxmox__purpose_repos: "{{ proxmox__purpose_repos }}" - proxmox__all: "{{ proxmox__all }}" - delegate_to: localhost diff --git a/roles/proxmox/tasks/main.yml b/roles/proxmox/tasks/main.yml index 8df68f9..c2844ea 100644 --- a/roles/proxmox/tasks/main.yml +++ b/roles/proxmox/tasks/main.yml @@ -7,92 +7,49 @@ ansible.builtin.include_tasks: file: set_facts.yml -# - name: Import aybarsm package_manager role -# ansible.builtin.import_role: -# name: aybarsm.linux.package_manager -# when: -# - proxmox__role_enabled -# - proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages - -# - name: Import aybarsm grub role -# ansible.builtin.import_role: -# name: aybarsm.linux.grub -# when: -# - proxmox__role_enabled -# - proxmox__manage_grub - -# - name: Include package manager tasks -# ansible.builtin.include_tasks: -# file: package_manager.yml -# when: -# - proxmox__role_enabled -# - proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages - -# - name: Import aybarsm package_manager role -# ansible.builtin.import_role: -# name: aybarsm.linux.package_manager -# vars: -# package_manager__role_enabled: false -# package_manager__default: "{{ __proxmox__purpose_packages }}" - -# - name: Include package manager tasks -# ansible.builtin.include_tasks: -# file: package_manager.yml -# vars: -# node_repo_keys: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo_key') if proxmox__manage_repo_keys else [] }}" -# node_repos: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo') if proxmox__manage_repos else [] }}" -# node_packages: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'package') if proxmox__manage_packages else [] }}" -# use_package_manager: "{{ proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages }}" -# package_manager__role_enabled: "{{ use_package_manager if use_package_manager else omit }}" -# package_manager__manage_repo_keys: "{{ proxmox__manage_repo_keys }}" -# package_manager__manage_repos: "{{ proxmox__manage_repos }}" -# package_manager__manage_packages: "{{ proxmox__manage_packages }}" -# package_manager__host: "{{ node_repo_keys + node_repos + node_packages + (package_manager__host | default([])) if use_package_manager else omit }}" - -# - name: Import aybarsm package_manager role -# ansible.builtin.import_role: -# name: aybarsm.linux.package_manager -# when: -# - proxmox__role_enabled -# - proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages - - - -# - name: Import aybarsm network role -# ansible.builtin.import_role: -# name: aybarsm.linux.network -# when: proxmox__role_enabled - -# - name: Reboot node and wait if upgraded, grub or network-systemd changed -# ansible.builtin.reboot: -# test_command: "uptime" -# vars: -# is_upgraded: "{{ package_manager__upgrade_deb is defined and package_manager__upgrade_deb is changed }}" -# is_grub: "{{ grub__deploy is defined and grub__deploy is changed }}" -# is_systemd: "{{ network__systemd_deploy is defined and network__systemd_deploy is changed }}" -# when: is_upgraded or is_grub or is_systemd - -# - name: Proxmox Query -# become: true -# proxmox_query: -# query: storage -# register: proxmox__query_storage -# - name: Debug -# ansible.builtin.debug: -# msg: -# proxmox__query_storage: "{{ proxmox__query_storage }}" -# # role_path: "{{ role_path }}" -# # purpose_package_setup: "{{ lookup('template', proxmox__purpose_package_setup_template) }}" -# delegate_to: localhost -# - name: Import aybarsm linux ansible role -# ansible.builtin.import_role: -# name: aybarsm.linux.ansible - -# - name: Include Debug Tasks -# ansible.builtin.import_tasks: -# file: debug.yml - -# - name: Import aybarsm linux ansible role - settle local fact tasks -# ansible.builtin.import_role: -# name: aybarsm.linux.ansible -# tasks_from: settle_local_facts.yml +- name: Inform when host not cluster eligible + ansible.builtin.debug: + msg: 'Host is not cluster eligible.' + when: not __proxmox__cluster_eligible + delegate_to: localhost + +- name: Import aybarsm package_manager role + ansible.builtin.import_role: + name: aybarsm.linux.package_manager + when: + - proxmox__role_enabled + - proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages + +- name: Import aybarsm grub role + ansible.builtin.import_role: + name: aybarsm.linux.grub + when: + - proxmox__role_enabled + - proxmox__manage_grub + +- name: Import aybarsm network role + ansible.builtin.import_role: + name: aybarsm.linux.network + when: + - proxmox__role_enabled + - proxmox__manage_hostname or proxmox__manage_hosts + +- name: Reboot node and wait if upgraded, grub or network-hostname,systemd,interfaces changed + ansible.builtin.reboot: + test_command: "uptime" + vars: + chk_upgrade: "{{ package_manager__upgrade_deb is defined and package_manager__upgrade_deb is changed }}" + chk_grub: "{{ grub__deploy is defined and grub__deploy is changed }}" + chk_hostname: "{{ network__hostname_deploy is defined and network__hostname_deploy is changed }}" + chk_systemd: "{{ network__systemd_deploy is defined and network__systemd_deploy is changed }}" + chk_interfaces: "{{ network__interfaces_deploy is defined and network__interfaces_deploy is changed }}" + register: proxmox__primary_reboot + when: chk_upgrade or chk_grub or chk_hostname or chk_systemd or chk_interfaces + +- name: Import aybarsm auth role + ansible.builtin.import_role: + name: aybarsm.linux.auth + when: + - proxmox__role_enabled + - __proxmox__cluster_eligible + - proxmox__manage_root_access or proxmox__manage_sshd_config or proxmox__manage_ssh_config \ No newline at end of file diff --git a/roles/proxmox/tasks/network.yml b/roles/proxmox/tasks/network.yml deleted file mode 100644 index 7caf0a1..0000000 --- a/roles/proxmox/tasks/network.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Import aybarsm package_manager role - ansible.builtin.include_role: - name: aybarsm.linux.package_manager - vars: - package_manager__role_enabled: true - package_manager__manage_repo_keys: "{{ proxmox__manage_repo_keys }}" - package_manager__manage_repos: "{{ proxmox__manage_repos }}" - package_manager__manage_packages: "{{ proxmox__manage_packages }}" - node_repo_keys: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo_key') if proxmox__manage_repo_keys else [] }}" - node_repos: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo') if proxmox__manage_repos else [] }}" - node_packages: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'package') if proxmox__manage_packages else [] }}" - package_manager__host: "{{ node_repo_keys + node_repos + node_packages + (package_manager__host | default([])) }}" - - when: proxmox__role_enabled \ No newline at end of file diff --git a/roles/proxmox/tasks/package_manager.yml b/roles/proxmox/tasks/package_manager.yml deleted file mode 100644 index a6e0d56..0000000 --- a/roles/proxmox/tasks/package_manager.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Include aybarsm package_manager role - ansible.builtin.include_role: - name: aybarsm.linux.package_manager - vars: - package_manager__role_enabled: "{{ proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages }}" - package_manager__manage_repo_keys: "{{ proxmox__manage_repo_keys }}" - package_manager__manage_repos: "{{ proxmox__manage_repos }}" - package_manager__manage_packages: "{{ proxmox__manage_packages }}" - package_manager__all: "{{ __proxmox__purpose_packages }}" \ No newline at end of file diff --git a/roles/proxmox/tasks/set_facts.yml b/roles/proxmox/tasks/set_facts.yml index 71efc37..b97101b 100644 --- a/roles/proxmox/tasks/set_facts.yml +++ b/roles/proxmox/tasks/set_facts.yml @@ -4,7 +4,6 @@ __proxmox__cluster_configs: "{{ (__proxmox__cluster_configs | default([]) + cluster_config) | sort(attribute='name,host') }}" vars: cluster_inventory: "{{ lookup('ansible.builtin.inventory_hostnames', item.target) }}" - # cluster_query: "{{ __proxmox__cluster_query | replace('__MEMBERS__', ('[`' + (cluster_inventory | join('`,`')) + '`]')) }}" cluster_query: "{{ __proxmox__cluster_query | replace('__MEMBERS__', ('[`' + (cluster_inventory | replace(',', '`,`')) + '`]')) }}" cluster_node_config: "{{ dict(hostvars) | community.general.json_query(cluster_query) | sort(attribute='host') }}" cluster_default_init: "{{ cluster_node_config | map(attribute='host') | first }}" @@ -17,58 +16,73 @@ - proxmox__clusters | length > 0 - __proxmox__cluster_query is defined -# - name: Set facts for proxmox cluster configuration -# ansible.builtin.set_fact: -# __proxmox__cluster: "{{ {'members': cluster_members} | combine(cluster_play) if cluster_play else None }}" -# __proxmox__cluster_eligible: "{{ cluster_eligible }}" +- name: Set facts for proxmox cluster configuration + ansible.builtin.set_fact: + __proxmox__cluster: "{{ {'members': cluster_members} | combine(cluster_play) if cluster_eligible else None }}" + __proxmox__cluster_eligible: "{{ cluster_eligible }}" + + package_manager__role_enabled: "{{ use_package_manager if use_package_manager else omit }}" + package_manager__manage_repo_keys: "{{ proxmox__manage_repo_keys if proxmox__manage_repo_keys else omit }}" + package_manager__manage_repos: "{{ proxmox__manage_repos if proxmox__manage_repos else omit }}" + package_manager__manage_packages: "{{ proxmox__manage_packages if proxmox__manage_packages else omit }}" + package_manager__host: "{{ node_repo_keys + node_repos + node_packages + (package_manager__host | default([])) if use_package_manager else omit }}" + + grub__role_enabled: "{{ proxmox__manage_grub if proxmox__manage_grub else omit }}" + grub__change_strategy: "{{ __proxmox__grub_change_strategy if proxmox__manage_grub else omit }}" + + network__role_enabled: "{{ use_network if use_network else omit }}" + network__manage_hostname: "{{ proxmox__manage_hostname if proxmox__manage_hostname else omit }}" + network__manage_hosts: "{{ proxmox__manage_hosts if proxmox__manage_hosts else omit }}" + network__hosts_auto_discovery: "{{ False if proxmox__manage_hosts else omit }}" + network__hostname: "{{ proxmox__hostname + '.' + proxmox__domain if proxmox__manage_hostname else omit }}" + network__host: "{{ node_hosts + (network__host | default([])) if cluster_eligible and proxmox__manage_hosts else omit }}" -# package_manager__role_enabled: "{{ use_package_manager if use_package_manager else omit }}" -# package_manager__manage_repo_keys: "{{ proxmox__manage_repo_keys }}" -# package_manager__manage_repos: "{{ proxmox__manage_repos }}" -# package_manager__manage_packages: "{{ proxmox__manage_packages }}" -# package_manager__host: "{{ node_repo_keys + node_repos + node_packages + (package_manager__host | default([])) if use_package_manager else omit }}" + auth__role_enabled: "{{ use_auth if use_auth else omit }}" + auth__manage_users: "{{ proxmox__manage_root_access if cluster_eligible and proxmox__manage_root_access else omit }}" + auth__manage_authorized_keys: "{{ proxmox__manage_root_access if cluster_eligible and proxmox__manage_root_access else omit }}" + auth__manage_sshd_config: "{{ proxmox__manage_sshd_config if cluster_eligible and proxmox__manage_sshd_config else omit }}" + auth__manage_ssh_config: "{{ proxmox__manage_ssh_config if cluster_eligible and proxmox__manage_ssh_config else omit }}" + auth__host: "{{ node_auth + (auth__host | default([])) if cluster_eligible and use_auth else omit }}" + vars: + cluster_play: "{{ __proxmox__cluster_configs | selectattr('host', 'eq', inventory_hostname) | first | default(None) }}" + cluster_members: "{{ __proxmox__cluster_configs | + selectattr('name', 'eq', cluster_play.name) | + rejectattr('host', 'eq', inventory_hostname) | + aybarsm.helper.only_with(['host', 'fqdn', 'hostname', 'links']) if cluster_play else None }}" + cluster_required: "{{ [inventory_hostname] + (cluster_members | map(attribute='host') | list) if cluster_play else None }}" + cluster_eligible: "{{ (ansible_play_batch | intersect(cluster_required) | length) == (cluster_required | length) if cluster_play else False }}" + + use_package_manager: "{{ proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages }}" + use_network: "{{ proxmox__manage_hostname or proxmox__manage_hosts }}" + use_auth: "{{ proxmox__manage_root_access or proxmox__manage_sshd_config or proxmox__manage_ssh_config }}" -# grub__role_enabled: "{{ proxmox__manage_grub if proxmox__manage_grub else omit }}" -# grub__change_strategy: "{{ __proxmox__grub_change_strategy if proxmox__manage_grub else omit }}" + node_repo_keys: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo_key') if proxmox__manage_repo_keys else [] }}" + node_repos: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo') if proxmox__manage_repos else [] }}" + node_packages: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'package') if proxmox__manage_packages else [] }}" -# network__role_enabled: "{{ use_network if use_network else omit }}" -# network__manage_hostname: "{{ proxmox__manage_hostname }}" -# network__manage_hosts: "{{ proxmox__manage_hosts if proxmox__manage_hosts else omit }}" -# network__hosts_auto_discovery: "{{ False if proxmox__manage_hosts else omit }}" -# network__hostname: "{{ cluster_play.fqdn | default(cluster_play.hostname) if network__hostname is undefined and proxmox__manage_hostname else omit }}" -# network__host: "{{ node_hosts + (network__host | default([])) if cluster_play and proxmox__manage_hosts else omit }}" + cluster_hosts: "{{ [cluster_play | aybarsm.helper.only_with(['hostname', 'fqdn', 'links'])] + cluster_members if cluster_eligible else None }}" + node_hosts: "{{ { + 'ip': (cluster_hosts | map(attribute='links') | map('first')), + 'hostname': (cluster_hosts | map(attribute='hostname')), + 'fqdn': (cluster_hosts | map(attribute='fqdn')) + } | aybarsm.helper.to_list_of_dicts({'type': 'host'}) if cluster_eligible and proxmox__manage_hosts else [] }}" -# auth__host: "{{ [(node_auth_default | combine(node_auth))] + (auth__host | default([])) if cluster_eligible else (auth__host | default([])) }}" -# vars: -# cluster_play: "{{ __proxmox__cluster_configs | -# selectattr('host', 'eq', inventory_hostname) | first | default(None) }}" -# cluster_members: "{{ __proxmox__cluster_configs | -# selectattr('name', 'eq', cluster_play.name) | -# rejectattr('host', 'eq', inventory_hostname) | -# aybarsm.helper.only_with(['host', 'fqdn', 'hostname', 'links']) if cluster_play else None }}" -# cluster_required: "{{ [inventory_hostname] + (cluster_members | map(attribute='host') | list) if cluster_play else None }}" -# cluster_eligible: "{{ ansible_play_batch | intersect(cluster_required) | length == cluster_required | length if cluster_play else False }}" + node_auth_all: "{{ (auth__host | default([])) + (auth__group | default([])) + (auth__default | default([])) if cluster_eligible else [] }}" -# use_package_manager: "{{ proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages }}" -# use_network: "{{ proxmox__manage_hostname or proxmox__manage_hosts }}" + node_root_default: "{{ node_auth_all | aybarsm.helper.selectattr(__proxmox__root_user_selector) | first | default({}) if cluster_eligible else {} }}" + node_root_modification: + ssh_key_comment: "{{ node_root_default.ssh_key_comment | default('root@' + (cluster_play.hostname if cluster_eligible else inventory_hostname_short)) }}" + distribute_ssh_key: "{{ cluster_required | difference([inventory_hostname]) if cluster_eligible else [] }}" + node_root_user: "{{ node_root_default | combine(__proxmox__root_user, node_root_modification) }}" -# node_repo_keys: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo_key') if proxmox__manage_repo_keys else [] }}" -# node_repos: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo') if proxmox__manage_repos else [] }}" -# node_packages: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'package') if proxmox__manage_packages else [] }}" + node_ssh_hosts: "{{ cluster_members | map(attribute='links') | map('join', ' ') | join(' ') if cluster_eligible else '' }}" + node_ssh_config: "{{ __proxmox__ssh_config | combine({'value': node_ssh_hosts}) if cluster_eligible else [] }}" -# cluster_hosts: "{{ [cluster_play | aybarsm.helper.only_with(['hostname', 'fqdn', 'links'])] + cluster_members if cluster_play else None }}" -# node_hosts: "{{ { -# 'ip': (cluster_hosts | map(attribute='links') | map('first')), -# 'hostname': (cluster_hosts | map(attribute='hostname')), -# 'fqdn': (cluster_hosts | map(attribute='fqdn')) -# } | aybarsm.helper.to_list_of_dicts({'type': 'host'}) if cluster_play and proxmox__manage_hosts else [] }}" -# node_auth_all: "{{ (auth__host | default([])) + (auth__group | default([])) + (auth__default | default([])) }}" -# node_auth_default: "{{ node_auth_all | aybarsm.helper.selectattr(__proxmox__auth_selectattr) | first if cluster_play else {} }}" -# node_auth: -# type: user -# name: root -# generate_ssh_key: true -# ssh_key_comment: "{{ node_auth_default.ssh_key_comment | default('root@' + inventory_hostname_short) }}" -# distribute_ssh_key: "{{ cluster_required | difference([inventory_hostname]) if cluster_play else [] }}" -# when: -# - __proxmox__cluster_configs | length > 0 + node_sshd_matches: "{{ cluster_members | map(attribute='links') | map('join', ',') | join(',') if cluster_eligible else '' }}" + node_sshd_config: "{{ __proxmox__sshd_config | combine({'value': node_sshd_matches}) if cluster_eligible else [] }}" + + node_auth: "{{ ([node_root_user] if cluster_eligible and proxmox__manage_root_access else []) + + ([node_ssh_config] if cluster_eligible and proxmox__manage_ssh_config else []) + + ([node_sshd_config] if cluster_eligible and proxmox__manage_sshd_config else []) }}" + when: + - __proxmox__cluster_configs | length > 0 diff --git a/roles/proxmox/tasks/set_role_facts.yml b/roles/proxmox/tasks/set_role_facts.yml deleted file mode 100644 index 2304366..0000000 --- a/roles/proxmox/tasks/set_role_facts.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Set facts for proxmox dependent roles - ansible.builtin.set_fact: - package_manager__role_enabled: "{{ use_package_manager if use_package_manager else omit }}" - package_manager__manage_repo_keys: "{{ proxmox__manage_repo_keys }}" - package_manager__manage_repos: "{{ proxmox__manage_repos }}" - package_manager__manage_packages: "{{ proxmox__manage_packages }}" - package_manager__package_strategy: specific - package_manager__host: "{{ node_repo_keys + node_repos + node_packages + (package_manager__host | default([])) if use_package_manager else omit }}" - - grub__role_enabled: "{{ proxmox__manage_grub if proxmox__manage_grub else omit }}" - grub__change_strategy: "{{ __proxmox__grub_change_strategy if proxmox__manage_grub else omit }}" - - network__role_enabled: "{{ use_network if use_network else omit }}" - network__manage_hostname: "{{ proxmox__manage_hostname if proxmox__manage_hostname else omit }}" - network__manage_hosts: "{{ proxmox__manage_hosts if proxmox__manage_hosts else omit }}" - network__hosts_auto_discovery: "{{ proxmox__manage_hosts if proxmox__manage_hosts else omit }}" - network__hostname: "{{ cluster_play.fqdn | default(cluster_play.hostname) if network__hostname is undefined and proxmox__manage_hostname else omit }}" - network__host: "{{ node_hosts + (network__host | default([])) if cluster_play and proxmox__manage_hosts else omit }}" - - auth__host: "{{ [(node_auth_default | combine(node_auth))] + (auth__host | default([])) if cluster_eligible else (auth__host | default([])) }}" - vars: - cluster_play: "{{ __proxmox__cluster_configs | - selectattr('host', 'eq', inventory_hostname) | first | default(None) }}" - cluster_members: "{{ __proxmox__cluster_configs | - selectattr('name', 'eq', cluster_play.name) | - rejectattr('host', 'eq', inventory_hostname) | - aybarsm.helper.only_with(['host', 'fqdn', 'hostname', 'links']) if cluster_play else None }}" - cluster_required: "{{ [inventory_hostname] + (cluster_members | map(attribute='host') | list) if cluster_play else None }}" - cluster_eligible: "{{ ansible_play_batch | intersect(cluster_required) | length == cluster_required | length if cluster_play else False }}" - - use_package_manager: "{{ proxmox__manage_repo_keys or proxmox__manage_repos or proxmox__manage_packages }}" - use_network: "{{ proxmox__manage_hostname or proxmox__manage_hosts }}" - - node_repo_keys: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo_key') if proxmox__manage_repo_keys else [] }}" - node_repos: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'repo') if proxmox__manage_repos else [] }}" - node_packages: "{{ __proxmox__purpose_packages | selectattr('type', 'eq', 'package') if proxmox__manage_packages else [] }}" - - cluster_hosts: "{{ [cluster_play | aybarsm.helper.only_with(['hostname', 'fqdn', 'links'])] + cluster_members if cluster_play else None }}" - node_hosts: "{{ { - 'ip': (cluster_hosts | map(attribute='links') | map('first')), - 'hostname': (cluster_hosts | map(attribute='hostname')), - 'fqdn': (cluster_hosts | map(attribute='fqdn')) - } | aybarsm.helper.to_list_of_dicts({'type': 'host'}) if cluster_play and proxmox__manage_hosts else [] }}" - node_auth_all: "{{ (auth__host | default([])) + (auth__group | default([])) + (auth__default | default([])) }}" - node_auth_default: "{{ node_auth_all | aybarsm.helper.selectattr(__proxmox__auth_selectattr) | first if cluster_play else {} }}" - node_auth: - type: user - name: root - generate_ssh_key: true - ssh_key_comment: "{{ node_auth_default.ssh_key_comment | default('root@' + inventory_hostname_short) }}" - distribute_ssh_key: "{{ cluster_required | difference([inventory_hostname]) if cluster_play else [] }}" - when: - - __proxmox__cluster_configs | length > 0 diff --git a/roles/proxmox/tasks/ssh_config.yml b/roles/proxmox/tasks/ssh_config.yml deleted file mode 100644 index 4a67df0..0000000 --- a/roles/proxmox/tasks/ssh_config.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Create SSH directory for root - ansible.builtin.file: - path: /root/.ssh/ - state: directory - mode: 0700 diff --git a/roles/proxmox/vars/main.yml b/roles/proxmox/vars/main.yml index 1399a29..7473f96 100644 --- a/roles/proxmox/vars/main.yml +++ b/roles/proxmox/vars/main.yml @@ -7,7 +7,7 @@ __proxmox__purpose_packages: >- {%- set proxmox_repos = [] -%} {%- set proxmox_packages = [] -%} {%- set purpose_packages_done = [] -%} - {%- if proxmox__manage_purpose_package_setup is defined and proxmox__manage_purpose_package_setup and proxmox__all.purposes is defined -%} + {%- if proxmox__all.purposes is defined -%} {%- for purpose in proxmox__purpose_names -%} {%- for purpose_type in proxmox__purpose_types -%} {%- set host_config = proxmox__all.purposes[purpose] if purpose in proxmox__all.purposes else none -%} @@ -50,20 +50,11 @@ __proxmox__purpose_packages: >- {%- endif -%} {{ proxmox_repo_keys + proxmox_repos + proxmox_packages }} -TODO: Remove this block after testing -# __proxmox_cluster_links: >- -# {%- set proxmox_links = [] -%} -# {%- if proxmox__manage_purpose_package_setup is defined and proxmox__manage_purpose_package_setup and proxmox__all.purposes is defined -%} -# {%- endif -%} - __proxmox__grub_change_strategy: module: command cmd: 'proxmox-boot-tool refresh' immediate: true -# __proxmox__cluster_query: '*.{host: inventory_hostname, fqdn: ansible_facts.fqdn, hostname: ansible_facts.hostname, links: proxmox__cluster_links} | -# [?not_null(links) && contains(__MEMBERS__, host)]' - __proxmox__cluster_query: '*.{ host: inventory_hostname, hostname: proxmox__hostname, @@ -72,9 +63,32 @@ __proxmox__cluster_query: '*.{ links: proxmox__cluster_links} | [?not_null(hostname) && not_null(domain) && not_null(links) && contains(__MEMBERS__, host)]' -__proxmox__auth_selectattr: +__proxmox__root_user_selector: - when: - ['type', 'defined'] - ['type', 'equalto', 'user'] - ['name', 'defined'] - - ['name', 'equalto', 'root'] \ No newline at end of file + - ['name', 'equalto', 'root'] + +__proxmox__root_user: + type: user + name: root + generate_ssh_key: true + +__proxmox__ssh_config: + type: ssh_config + name: Host + value: '' + children: + - name: IdentityFile + value: /root/.ssh/id_rsa + - name: Port + value: "{{ proxmox__ssh_port | default(22) }}" + +__proxmox__sshd_config: + type: sshd_config + name: 'Match Address' + value: '' + children: + - name: PermitRootLogin + value: prohibit-password \ No newline at end of file