Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs 📝: Add 'API Utilities' section and update directory structure #10

Merged
Jose merged 4 commits from dev into main 2026-02-12 21:29:37 +01:00
Conversation 3 Commits 4 Files Changed 6 +96 -113
5 changed files with 96 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a684702d7f - Show all commits

15
defaults/main.yml
View File

@@ -12,5 +12,16 @@ proxmox_min_ram_mb_for_no_swap: 16384
proxmox_enable_powertop: true
# Logrotate
proxmox_logrotate_maxsize: "100M"
proxmox_logrotate_rotate: 7
proxmox_logrotate_enabled: true
proxmox_logrotate_rotate: 4
proxmox_logrotate_maxsize: 100M
proxmox_logrotate_frequency: daily
proxmox_logrotate_compress: true
proxmox_logrotate_delaycompress: true
proxmox_logrotate_missingok: true
proxmox_logrotate_notifempty: true
# Destination override file
proxmox_logrotate_file: /etc/logrotate.d/99-proxmox-custom
gitea-actions commented 2026-02-12 21:24:58 +01:00
Outdated
Review
Copy Link

[Lines 15-27] [Score: 3] Adding a newline at the end of the file is important for readability and consistency in YAML files. It can potentially cause errors if the configuration tool doesn't handle missing newlines correctly.

[Lines 15-27] [Score: 3] Adding a newline at the end of the file is important for readability and consistency in YAML files. It can potentially cause errors if the configuration tool doesn't handle missing newlines correctly.
gitea-actions commented 2026-02-12 21:26:06 +01:00
Review
Copy Link

[Lines 12-27] [Score: 2] The addition of new logrotate configuration options for Proxmox. This could potentially improve the management and storage of log files, but ensure there are no unintended consequences for services that may need to write to these logs frequently.

[Lines 12-27] [Score: 2] The addition of new logrotate configuration options for Proxmox. This could potentially improve the management and storage of log files, but ensure there are no unintended consequences for services that may need to write to these logs frequently.
gitea-actions commented 2026-02-12 21:28:45 +01:00
Review
Copy Link

[Lines 12-27] [Score: 3] This change adds log rotation configuration for Proxmox, which is generally a good practice for managing logs. However, it might be worth considering setting proxmox_logrotate_compress to delaycompress initially and then test its performance impact before making it permanent. Also, you may want to consider setting the proxmox_logrotate_maxage parameter to reflect your organization's log retention policy.

[Lines 12-27] [Score: 3] This change adds log rotation configuration for Proxmox, which is generally a good practice for managing logs. However, it might be worth considering setting `proxmox_logrotate_compress` to `delaycompress` initially and then test its performance impact before making it permanent. Also, you may want to consider setting the `proxmox_logrotate_maxage` parameter to reflect your organization's log retention policy.

8
handlers/main.yml
View File

@@ -15,6 +15,8 @@
ansible.builtin.systemd_service:
daemon_reexec: true
- name: Logrotate reload
ansible.builtin.command: logrotate /etc/logrotate.conf
changed_when: false
- name: Restart logrotate
ansible.builtin.service:
name: logrotate
state: restarted
become: true

135
tasks/logrotate.yml
View File

@@ -1,111 +1,30 @@
---
gitea-actions commented 2026-02-12 21:28:45 +01:00
Review
Copy Link

[Score: 3] Removing the YAML document declaration is discouraged as it enables consistency across files and can help with understanding the structure of the playbook. Although not a critical issue, it is recommended to keep it for maintainability purposes.

[Score: 3] Removing the YAML document declaration is discouraged as it enables consistency across files and can help with understanding the structure of the playbook. Although not a critical issue, it is recommended to keep it for maintainability purposes.
- name: logrotate | Configure all main Proxmox logs
vars:
proxmox_logrotate_files:
- /etc/logrotate.conf
- /etc/logrotate.d/pve
- /etc/logrotate.d/pve-firewall
loop: "{{ proxmox_logrotate_files }}"
loop_control:
loop_var: item
block:
- name: logrotate | Check if exists {{ item }}
ansible.builtin.stat:
path: "{{ item }}"
register: logrotate_file
- name: logrotate | Configure {{ item }}
when: logrotate_file.stat.exists
block:
- name: logrotate | Backup once {{ item }}
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ item }}.original"
owner: root
group: root
mode: "0644"
remote_src: true
args:
creates: "{{ item }}.original"
- name: logrotate | Ensure daily rotation
ansible.builtin.replace:
path: "{{ item }}"
regexp: '^\s*weekly'
replace: 'daily'
notify: Logrotate reload
- name: logrotate | Set rotate (number of retained logs)
ansible.builtin.lineinfile:
path: "{{ item }}"
regexp: '^(\s*rotate\s+).*'
line: ' rotate {{ proxmox_logrotate_rotate }}'
state: present
insertafter: '^\s*daily'
notify: Logrotate reload
- name: logrotate | Ensure maxsize is set
ansible.builtin.lineinfile:
path: "{{ item }}"
regexp: '^(\s*maxsize\s+).*'
line: ' maxsize {{ proxmox_logrotate_maxsize }}'
state: present
insertafter: '^\s*rotate'
notify: Logrotate reload
- name: logrotate | Ensure Compress
ansible.builtin.lineinfile:
path: "{{ item }}"
regexp: '^\s*compress\b'
line: ' compress'
state: present
insertafter: '^\s*maxsize'
notify: Logrotate reload
- name: logrotate | Ensure delaycompress
ansible.builtin.lineinfile:
path: "{{ item }}"
regexp: '^\s*delaycompress\b'
line: ' delaycompress'
state: present
insertafter: '^\s*compress'
notify: Logrotate reload
# only for logrotate.conf
- name: logrotate | Uncomment dateext if commented
ansible.builtin.replace:
path: /etc/logrotate.conf
regexp: '^\s*#\s*(dateext)\b'
replace: '\1'
notify: Logrotate reload
- name: logrotate | Uncomment compress if commented
ansible.builtin.replace:
path: /etc/logrotate.conf
regexp: '^\s*#\s*(compress)\b'
replace: '\1'
notify: Logrotate reload
- name: logrotate | Ensure missingok is present
ansible.builtin.lineinfile:
path: /etc/logrotate.conf
regexp: '^\s*missingok\b'
line: 'missingok'
- name: "Proxmox | Ensure logrotate is installed"
ansible.builtin.apt:
name: logrotate
state: present
insertafter: EOF
notify: Logrotate reload
update_cache: yes
become: true
gitea-actions commented 2026-02-12 21:24:58 +01:00
Review
Copy Link

[Lines 2-7] [Score: 2] The addition of a new task to ensure that the logrotate package is present on the system is a good practice for proper log management. However, it may not be necessary if the system already has logrotate installed by default or if an alternative solution for managing logs is in place.

[Lines 2-7] [Score: 2] The addition of a new task to ensure that the logrotate package is present on the system is a good practice for proper log management. However, it may not be necessary if the system already has logrotate installed by default or if an alternative solution for managing logs is in place.
when: proxmox_logrotate_enabled
- name: logrotate | Ensure notifempty is present
ansible.builtin.lineinfile:
path: /etc/logrotate.conf
regexp: '^\s*notifempty\b'
line: 'notifempty'
state: present
insertafter: EOF
notify: Logrotate reload
- name: logrotate | pve logrotate policy
ansible.builtin.template:
src: pve-logrotate.j2
dest: "/etc/logrotate.d/99-pve-custom"
owner: root
group: root
mode: "0644"
become: true
when: proxmox_logrotate_enabled
notify: Restart logrotate
- name: logrotate | pve-firewall logrotate policy
ansible.builtin.template:
src: pve-firewall-logrotate.j2
dest: "/etc/logrotate.d/99-pve-firewall-custom"
owner: root
group: root
mode: "0644"
become: true
when: proxmox_logrotate_enabled
notify: Restart logrotate

25
templates/pve-firewall-logrotate.j2 Normal file
View File

@@ -0,0 +1,25 @@
# Managed by Ansible - Proxmox Logrotate Policy
# Do not edit manually
/var/log/pve-firewall.log { {
rotate {{ proxmox_logrotate_rotate }}
{{ proxmox_logrotate_frequency }}
maxsize {{ proxmox_logrotate_maxsize }}
{% if proxmox_logrotate_compress %}
compress
{% endif %}
{% if proxmox_logrotate_delaycompress %}
delaycompress
{% endif %}
{% if proxmox_logrotate_missingok %}
missingok
{% endif %}
{% if proxmox_logrotate_notifempty %}
notifempty
{% endif %}
sharedscripts
create 640 root adm
postrotate
invoke-rc.d pvefw-logger restart 2>/dev/null >/dev/null || true
endscript
}

26
templates/pve-logrotate.j2 Normal file
View File

@@ -0,0 +1,26 @@
# Managed by Ansible - Proxmox Logrotate Policy
# Do not edit manually
/var/log/pveproxy/access.log {
rotate {{ proxmox_logrotate_rotate }}
{{ proxmox_logrotate_frequency }}
maxsize {{ proxmox_logrotate_maxsize }}
{% if proxmox_logrotate_compress %}
compress
{% endif %}
{% if proxmox_logrotate_delaycompress %}
delaycompress
{% endif %}
{% if proxmox_logrotate_missingok %}
missingok
{% endif %}
{% if proxmox_logrotate_notifempty %}
notifempty
{% endif %}
create 640 www-data www-data
sharedscripts
postrotate
/bin/systemctl try-reload-or-restart pveproxy.service
/bin/systemctl try-reload-or-restart spiceproxy.service
endscript
}
gitea-actions commented 2026-02-12 21:28:45 +01:00
Review
Copy Link

[Lines 1-26] [Score: 3] Template hard-codes the log file path to /var/log/pveproxy/access.log. Consider using a variable or dynamic approach for better maintainability and reusability of this template.

[Lines 1-26] [Score: 3] Template hard-codes the log file path to `/var/log/pveproxy/access.log`. Consider using a variable or dynamic approach for better maintainability and reusability of this template.