Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'refactor ♻️: Refactor legacy and minified proxmoxlib.js patching logic to use handlers' (#2) from dev into main
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 11s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details

Browse Source 
Reviewed-on: #2
This commit was merged in pull request #2.
This commit is contained in:
Jose
2026-02-08 08:06:27 +01:00
parent 85ce6e0044 410f87bb2c
commit c5cbedf314
4 changed files with 85 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -115,6 +115,8 @@ See the [LICENSE](LICENSE) file for details.
## TODO ## TODO
⏳ Make the nag patch checksum-based (auto-repatch after upgrades) ⏳ Make the nag patch checksum-based (auto-repatch after upgrades)
⏳ add molecule tests to prove idempotency
⏳ make the patch handler trigger on pve-manager upgrades
❌ Add kernel power-saving tunables ? ❌ Add kernel power-saving tunables ?
🔄 Split into VE versionaware tags ? 🔄 Split into VE versionaware tags ?
🕒 refactor 🕒 refactor

59
handlers/main.yml
View File

@@ -14,3 +14,62 @@
- name: Reload systemd - name: Reload systemd
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
daemon_reexec: true daemon_reexec: true
- name: Patch legacy proxmoxlib.js
block:
- name: Patch legacy proxmoxlib.js
ansible.builtin.replace:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
regexp: "if \\(data.status !== 'Active'\\)"
replace: "if (false)"
register: patch_legacy
failed_when: patch_legacy.matched == 0
notify: Restart pveproxy
- name: Re-stat proxmoxlib.js
ansible.builtin.stat:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
checksum_algorithm: sha256
register: proxmoxlib_js_after
- name: Store patched checksum (legacy)
ansible.builtin.copy:
dest: /var/lib/proxmox-nag-patch/proxmoxlib.js.sha256
owner: root
group: root
mode: "0644"
content: "{{ proxmoxlib_js_after.stat.checksum }}\n"
- name: Restart pveproxy
ansible.builtin.systemd:
name: pveproxy
state: restarted
- name: Patch minified proxmoxlib.js
block:
- name: Patch minified proxmoxlib.min.js
ansible.builtin.replace:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js
regexp: "data.status!=='Active'"
replace: "false"
register: patch_minified
failed_when: patch_minified.matched == 0
- name: Re-stat proxmoxlib.min.js
ansible.builtin.stat:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js
checksum_algorithm: sha256
register: proxmoxlib_min_after
- name: Store patched checksum (minified)
ansible.builtin.copy:
dest: /var/lib/proxmox-nag-patch/proxmoxlib.min.js.sha256
owner: root
group: root
mode: "0644"
content: "{{ proxmoxlib_min_after.stat.checksum }}\n"
- name: Restart pveproxy
ansible.builtin.systemd:
name: pveproxy
state: restarted

14
tasks/repos.yml
View File

@@ -1,11 +1,11 @@
--- ---
- name: repos | Remove enterprise repo files (all known locations) - name: Comment out Proxmox enterprise repo lines
ansible.builtin.file: ansible.builtin.replace:
path: "{{ item }}" path: /etc/apt/sources.list.d/pve-enterprise.list
state: absent regexp: '^(deb\s+)'
loop: replace: '# \1'
- /etc/apt/sources.list.d/pve-enterprise.list when: ansible.builtin.stat(path='/etc/apt/sources.list.d/pve-enterprise.list').stat.exists
- /etc/apt/sources.list.d/ceph.list notify: apt update
- name: repos | Enable Proxmox no-subscription repo - name: repos | Enable Proxmox no-subscription repo
ansible.builtin.copy: ansible.builtin.copy:

69
tasks/subscription.yml
View File

@@ -10,12 +10,6 @@
############################ ############################
# Legacy proxmoxlib.js # Legacy proxmoxlib.js
############################ ############################
- name: subscription | Read stored checksum (legacy)
ansible.builtin.slurp:
src: /var/lib/proxmox-nag-patch/proxmoxlib.js.sha256
register: proxmoxlib_js_checksum_stored
when: proxmoxlib_js.stat.exists
failed_when: false
- name: subscription | Check for legacy proxmoxlib.js - name: subscription | Check for legacy proxmoxlib.js
ansible.builtin.stat: ansible.builtin.stat:
@@ -23,32 +17,21 @@
checksum_algorithm: sha256 checksum_algorithm: sha256
register: proxmoxlib_js register: proxmoxlib_js
- name: subscription | Remove subscription nag (legacy proxmoxlib.js) - name: subscription | Read stored checksum (legacy)
ansible.builtin.replace: ansible.builtin.slurp:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js src: /var/lib/proxmox-nag-patch/proxmoxlib.js.sha256
regexp: "if \\(data.status !== 'Active'\\)" register: proxmoxlib_js_checksum_stored
replace: "if (false)" when: proxmoxlib_js.stat.exists
failed_when: false
- name: subscription | Trigger legacy nag patch if needed
ansible.builtin.meta: flush_handlers
when: when:
- proxmoxlib_js.stat.exists - proxmoxlib_js.stat.exists
- proxmoxlib_js_checksum_stored.content is not defined - proxmoxlib_js_checksum_stored.content is not defined
or (proxmoxlib_js.stat.checksum or proxmoxlib_js.stat.checksum
!= (proxmoxlib_js_checksum_stored.content | b64decode | trim)) != (proxmoxlib_js_checksum_stored.content | b64decode | trim)
register: patch_legacy notify: Ppatch legacy proxmoxlib.js
failed_when:
- proxmoxlib_js.stat.exists
- patch_legacy.matched == 0
notify: restart pveproxy
- name: subscription | Store patched checksum (legacy)
ansible.builtin.copy:
dest: /var/lib/proxmox-nag-patch/proxmoxlib.js.sha256
owner: root
group: root
mode: "0644"
content: "{{ proxmoxlib_js.stat.checksum }}\n"
when:
- proxmoxlib_js.stat.exists
- patch_legacy is changed
############################ ############################
# Minified proxmoxlib.min.js (VE 8/9) # Minified proxmoxlib.min.js (VE 8/9)
@@ -67,29 +50,11 @@
when: proxmoxlib_min_js.stat.exists when: proxmoxlib_min_js.stat.exists
failed_when: false failed_when: false
- name: subscription | Remove subscription nag (minified bundle for VE 8/9) - name: subscription | Trigger minified nag patch if needed
ansible.builtin.replace: ansible.builtin.meta: flush_handlers
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js
regexp: "data.status!=='Active'"
replace: "false"
when: when:
- proxmoxlib_min_js.stat.exists - proxmoxlib_min_js.stat.exists
- proxmoxlib_min_checksum_stored.content is not defined - proxmoxlib_min_checksum_stored.content is not defined
or (proxmoxlib_min_js.stat.checksum or proxmoxlib_min_js.stat.checksum
!= (proxmoxlib_min_checksum_stored.content | b64decode | trim)) != (proxmoxlib_min_checksum_stored.content | b64decode | trim)
register: patch_minified notify: Patch minified proxmoxlib.js
failed_when:
- proxmoxlib_min_js.stat.exists
- patch_minified.matched == 0
notify: restart pveproxy
- name: subscription | Store patched checksum (minified)
ansible.builtin.copy:
dest: /var/lib/proxmox-nag-patch/proxmoxlib.min.js.sha256
owner: root
group: root
mode: "0644"
content: "{{ proxmoxlib_min_js.stat.checksum }}\n"
when:
- proxmoxlib_min_js.stat.exists
- patch_minified is changed