From 3c8ea9c15d41e7811d3d007237016baef0edd36e Mon Sep 17 00:00:00 2001 From: Johanna Dorothea Reichmann Date: Sat, 29 Oct 2022 16:23:57 +0200 Subject: [PATCH] feat(debian-proxmox): add role for installing Proxmox VE on debian --- roles/debian-proxmox/README.md | 20 ++++++++ roles/debian-proxmox/defaults/main.yml | 43 +++++++++++++++++ roles/debian-proxmox/tasks/main.yml | 67 ++++++++++++++++++++++++++ roles/debian-proxmox/vars/main.yml | 4 ++ 4 files changed, 134 insertions(+) create mode 100644 roles/debian-proxmox/README.md create mode 100644 roles/debian-proxmox/defaults/main.yml create mode 100644 roles/debian-proxmox/tasks/main.yml create mode 100644 roles/debian-proxmox/vars/main.yml diff --git a/roles/debian-proxmox/README.md b/roles/debian-proxmox/README.md new file mode 100644 index 0000000..7624485 --- /dev/null +++ b/roles/debian-proxmox/README.md @@ -0,0 +1,20 @@ +# `debian-proxmox` ansible role + +This ansible role can be used to convert a (running and reachable) debian to a proxmox instance. + +It automates the instructions from https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_11_Bullseye. + +## Usage + +This role will attempt to ensure that the `/etc/hosts` are configured correctly for PVE. +The public IP of the server should be given in `debian_proxmox_public_ip` and defaults to +`ansible_facts['eno1'].ipv4.address`. + +The hostname and fqdn should be correctly set in `debian_proxmox_hostname` and `debian_proxmox_fqdn`, +and default to `ansible_hostname` and `ansible_fqdn` respectively. + +## Packages + +It is recommended to remove the packages for the `os-prober` (which would attempt to add VMs as bootable entries +in the bootloader) and the default linux kernel `linux-image-amd64` / `linux-image-5.10*` (and use the proxmox-provided +kernel instead). This role will remove those packages without asking, so be aware. \ No newline at end of file diff --git a/roles/debian-proxmox/defaults/main.yml b/roles/debian-proxmox/defaults/main.yml new file mode 100644 index 0000000..3aa8a55 --- /dev/null +++ b/roles/debian-proxmox/defaults/main.yml @@ -0,0 +1,43 @@ +--- + +debian_proxmox_role_required_packages: + - python3-apt + - gpg + +debian_proxmox_apt_repo_fingerprint: "28139A2F830BD68478A1A01FDD4BA3917E23BF59" +debian_proxmox_apt_repo_key_url: "https://enterprise.proxmox.com/debian/proxmox-release-{{ ansible_distribution_release }}.gpg" + +debian_proxmox_apt_repo_url: "http://download.proxmox.com/debian/pve" +debian_proxmox_apt_repo: "deb [arch=amd64] {{ debian_proxmox_apt_repo_url }} {{ ansible_distribution_release }} pve-no-subscription" + +debian_proxmox_apt_packages: + - "proxmox-ve" + - "postfix" + - "open-iscsi" + +debian_proxmox_apt_packages_to_remove: + - "linux-image-amd64" + - "linux-image-{{ (ansible_facts['kernel'] | split('-') | first | split('.'))[:2] | join('.') }}*" + - "os-prober" + +debian_proxmox_max_reboot_timeout_seconds: 900 + +debian_proxmox_public_ip: "{{ ansible_facts['eno1'].ipv4.address }}" +debian_proxmox_loopback_ipv4: "{{ ansible_facts['lo'].ipv4.address }}" + +debian_proxmox_hostname: "{{ ansible_hostname }}" +debian_proxmox_fqdn: "{{ ansible_fqdn }}" + +debian_proxmox_hosts_file: + - ip: "{{ debian_proxmox_loopback_ipv4 }}" + fqdn: localhost.localdomain + aliases: + - localhost + - ip: "{[ debian_proxmox_public_ip }}" + fqdn: "{{ debian_proxmox_fqdn }}" + aliases: + - "{{ debian_proxmox_hostname }}" + - pvelocalhost + - ip: 127.0.1.1 + fqdn: "{{ debian_proxmox_hostname }}" + state: absent \ No newline at end of file diff --git a/roles/debian-proxmox/tasks/main.yml b/roles/debian-proxmox/tasks/main.yml new file mode 100644 index 0000000..ca0db92 --- /dev/null +++ b/roles/debian-proxmox/tasks/main.yml @@ -0,0 +1,67 @@ +--- + +- name: Ensure python3-apt and gpg is available + apt: + package: "{{ debian_proxmox_role_required_packages }}" + state: present + +- name: Check if target is debian before attempting to convert to proxmox + fail: + msg: "Target is {{ ansible_distribution }} which is not Debian" + when: ansible_distribution != 'Debian' + +- name: Check if debian version is supported by role + fail: + msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} is not supported by the role" + when: ansible_distribution_version not in debian_proxmox_supported_debian_versions + +- name: Ensure /etc/hosts entries are safe for use with proxmox + lineinfile: + dest: /etc/hosts + line: "{{ item.ip }}\t{{ item.fqdn | default('') }}\t{{ item.aliases | default([]) | join('\t') }}" + regex: "{{ item.ip }}.+" + state: "{{ item.state | default('present') }}" + loop: "{{ debian_proxmox_hosts_file }}" + +- name: Ensure Proxmox VE apt repository keys are added + apt_key: + id: "{{ debian_proxmox_apt_repo_fingerprint }}" + url: "{{ debian_proxmox_apt_repo_key_url }}" + state: present + +- name: Ensure Proxmox VE apt repository is added + apt_repository: + filename: pve-install-repo + repo: "{{ debian_proxmox_apt_repo }}" + state: present + register: proxmox_ve_apt_repo + +- name: Ensure APT cache is up to date + apt: + update_cache: yes + when: proxmox_ve_apt_repo.changed + +- name: Ensure system is upgraded + apt: + upgrade: full + +- name: Ensure Proxmox VE packages are installed + apt: + package: "{{ debian_proxmox_apt_packages }}" + state: present + register: proxmox_ve_installed + +- name: Ensure system is rebooted after install of PVE packages + reboot: + reboot_timeout: "{{ debian_proxmox_max_reboot_timeout_seconds | int }}" + when: proxmox_ve_installed.changed + +- name: Ensure packages are removed that will conflict with proxmox operation + apt: + package: "{{ debian_proxmox_apt_packages_to_remove }}" + state: absent + register: proxmox_apt_packages_removed + +- name: Ensure grub was updated after the kernel was removed + command: update-grub + when: proxmox_apt_packages_removed.changed diff --git a/roles/debian-proxmox/vars/main.yml b/roles/debian-proxmox/vars/main.yml new file mode 100644 index 0000000..d0c28e9 --- /dev/null +++ b/roles/debian-proxmox/vars/main.yml @@ -0,0 +1,4 @@ +--- + +debian_proxmox_supported_debian_versions: + - 11 \ No newline at end of file -- 2.45.2