--- - name: Create and provision LXC container on Proxmox hosts: node0 gather_facts: no become: yes become_user: root vars: node_ip: "{{ hostvars['node0']['ansible_host'] }}" mac_address: "8E:90:31:DE:31:36" container_id: 200 container_template: "/var/lib/vz/template/cache/debian-13-standard_13.1-1_amd64.tar.zst" container_ostype: debian container_hostname: "{{ addc_hostname }}" container_password: 123456 container_storage: local-lvm container_rootfs_size: 8G container_memory: 1024 container_swap: 256 container_cores: 2 container_net: name=eth0,bridge=vmbr0,ip={{ addc_ansible_host }}/24,gw={{ location_gateway }},hwaddr={{ mac_address }} container_features: "keyctl=1,nesting=1,mount=cifs" container_description: default lxc container_onboot: 1 container_protection: 0 container_unprivileged: 1 container_pubkey: "{{ ssh_public_keys[0] }}" container_tags: - ansible_managed - test tasks: - name: Combine SSH public keys into one file ansible.builtin.copy: dest: "{{ ssh_keys_file }}" content: | {% for key in ssh_public_keys %} {{ key }} {% endfor %} mode: '0644' - name: Create LXC container {{ container_hostname }} with id {{ container_id }} using pct command on shell ansible.builtin.shell: | pct create {{ container_id }} {{ container_template }} \ -ostype {{ container_ostype }} \ -hostname {{ container_hostname }} \ -password {{ container_password }} \ -ssh-public-keys {{ ssh_keys_file }} \ -cores {{ container_cores }} \ -memory {{ container_memory }} \ -swap {{ container_swap }} \ -net0 {{container_net}} \ -storage {{ container_storage }} \ -description "{{ container_description }}" \ -onboot {{ container_onboot }} \ -protection {{ container_protection }} \ -unprivileged {{ container_unprivileged }} \ -tags "{{ container_tags | join(',') }}" \ -features {{ container_features }} args: creates: "/etc/pve/lxc/{{ container_id }}.conf" no_log: true # -rootfs {{ container_storage }}:{{ container_id }}/vm-{{ container_id }}-disk-0.raw,size=7G \ # -timezone: {{ localization_timezone }} \ - name: Check if LXC container {{ container_hostname }} is running ansible.builtin.command: cmd: pct status {{ container_id }} register: pct_status changed_when: false - name: Start the LXC container {{ container_hostname }} if stopped ansible.builtin.command: cmd: pct start {{ container_id }} when: "'status: stopped' in pct_status.stdout" register: start_result changed_when: "'status: stopped' in pct_status.stdout" - name: Wait until container has an IP address ansible.builtin.shell: "pct exec {{ container_id }} -- hostname -I | awk '{print $1}'" register: lxc_ip until: lxc_ip.stdout != "" retries: 10 delay: 5 changed_when: false failed_when: lxc_ip.stdout == "" - name: Wait for SSH to become available ansible.builtin.wait_for: host: "{{ lxc_ip.stdout }}" port: 22 delay: 5 timeout: 60 retries: 10 delay: 5 changed_when: false # --- DC‑1 Provisioning Play -------------------------------------------- - name: Provision dc1 LXC hosts: dc1 gather_facts: false become: true tasks: # - name: Ensure SSH authorized keys are present # ansible.posix.authorized_key: # user: root # key: "{{ item }}" # state: present # loop: "{{ ssh_public_keys }}" - name: Install useful packages ansible.builtin.package: name: - nano - tzdata # - openssh-server state: present - name: Update all packages, autoclean, and autoremove ansible.builtin.apt: name: "*" state: latest autoclean: yes autoremove: yes purge: true - name: Set timezone to {{ localization_timezone }} community.general.timezone: name: "{{ localization_timezone }}" notify: Restart sshd tags: [timezone] # --- Global Handlers ---------------------------------------------- handlers: - name: Restart sshd ansible.builtin.service: name: ssh state: restarted when: localization_timezone | bool