--- # - name: Install pexpect on Ansible controller # hosts: localhost # gather_facts: false # tasks: # - name: Install pexpect via pip # ansible.builtin.pip: # name: pexpect # executable: pip3 # - name: Install py3-pexpect # ansible.builtin.apk: # name: py3-pexpect # state: present # - name: Ensure pexpect is installed via apk # ansible.builtin.apk: # name: py3-pexpect # state: present - name: Create and provision LXC container on Proxmox hosts: node0 gather_facts: no become: yes become_user: root vars: node_ip: "{{ hostvars['node0']['ansible_host'] }}" mac_address: '8E:90:31:DE:31:36' container_id: 200 # container_template: '/var/lib/vz/template/cache/ubuntu-25.04-standard_25.04-1.1_amd64.tar.zst' container_template: '/var/lib/vz/template/cache/debian-13-standard_13.1-1_amd64.tar.zst' # container_template: '/var/lib/vz/template/cache/debian-12-standard_12.12-1_amd64.tar.zst' # container_ostype: ubuntu container_ostype: debian container_hostname: '{{ addc_hostname }}' container_password: '{{ addc_admin_password }}' container_storage: local-lvm container_rootfs_size: 8G container_memory: 1024 container_swap: 256 container_cores: 2 container_net: name=eth0,bridge=vmbr0,ip={{ addc_ansible_host }}/24,gw={{ location_gateway }},hwaddr={{ mac_address }} container_features: 'keyctl=1,nesting=1,mount=cifs' container_description: default lxc container_onboot: 1 container_protection: 0 container_unprivileged: 0 container_pubkey: '{{ ssh_public_keys[0] }}' container_tags: - ansible_managed - test tasks: - name: Combine SSH public keys into one file ansible.builtin.copy: dest: '{{ ssh_keys_file }}' content: | {% for key in ssh_public_keys %} {{ key }} {% endfor %} mode: '0644' - name: debug # Comment ansible.builtin.debug: msg: 'Hello world! {{ container_password }}' verbosity: 0 - name: Create LXC container {{ container_hostname }} with id {{ container_id }} using pct command on shell ansible.builtin.shell: | set -e pct create {{ container_id }} {{ container_template }} \ -ostype {{ container_ostype }} \ -hostname {{ container_hostname }} \ -password '{{ container_password }}' \ -ssh-public-keys '{{ ssh_keys_file }}' \ -cores {{ container_cores }} \ -memory {{ container_memory }} \ -swap {{ container_swap }} \ -net0 '{{container_net}}' \ -storage {{ container_storage }} \ -description '{{ container_description }}' \ -onboot {{ container_onboot }} \ -protection {{ container_protection }} \ -unprivileged {{ container_unprivileged }} \ -tags '{{ container_tags | join(',') }}' \ -features '{{ container_features }}' args: creates: '/etc/pve/lxc/{{ container_id }}.conf' no_log: false # -password {{ container_password }} \ # -rootfs {{ container_storage }}:{{ container_id }}/vm-{{ container_id }}-disk-0.raw,size=7G \ # -timezone: {{ localization_timezone }} \ - name: Check if LXC container {{ container_hostname }} is running ansible.builtin.command: cmd: pct status {{ container_id }} register: pct_status changed_when: false - name: Start the LXC container {{ container_hostname }} if stopped ansible.builtin.command: cmd: pct start {{ container_id }} when: "'status: stopped' in pct_status.stdout" register: start_result changed_when: "'status: stopped' in pct_status.stdout" - name: Wait until container has an IP address ansible.builtin.shell: "pct exec {{ container_id }} -- hostname -I | awk '{print $1}'" register: lxc_ip until: lxc_ip.stdout != '' retries: 10 delay: 5 changed_when: false failed_when: lxc_ip.stdout == '' - name: Wait for SSH to become available ansible.builtin.wait_for: host: '{{ lxc_ip.stdout }}' port: 22 delay: 5 timeout: 60 retries: 10 delay: 5 changed_when: false # --- DC‑1 Provisioning Play -------------------------------------------- - name: Provision dc1 LXC hosts: dc1 gather_facts: true become: true # vars: # addc_admin_password: '{{ addc_adminpass }}' tasks: # - name: Ensure SSH authorized keys are present # ansible.posix.authorized_key: # user: root # key: '{{ item }}' # state: present # loop: '{{ ssh_public_keys }}' - name: Update apt cache ansible.builtin.apt: update_cache: true - name: Install all available updates ansible.builtin.apt: upgrade: dist autoremove: true - name: Reboot if a new kernel was installed ansible.builtin.reboot: msg: "Rebooting after full upgrade" connect_timeout: 5 reboot_timeout: 600 when: ansible_facts.packages is not defined or ansible_facts.packages['linux-image-generic'] is defined # - name: Ensure update-manager-core is installed # ansible.builtin.apt: # name: update-manager-core # state: present # - name: Perform Ubuntu release upgrade non-interactively # ansible.builtin.command: # cmd: do-release-upgrade -f DistUpgradeViewNonInteractive # register: upgrade_output # changed_when: "'No new release found' not in upgrade_output.stdout" # - name: Reboot if kernel updated # ansible.builtin.reboot: # msg: "Rebooting after Ubuntu upgrade" # connect_timeout: 5 # reboot_timeout: 600 # when: upgrade_output is changed - name: Install useful packages ansible.builtin.package: name: - nano - tzdata # - openssh-server state: present - name: Update all packages, autoclean, and autoremove ansible.builtin.apt: name: '*' state: latest autoclean: yes autoremove: yes purge: true - name: Set timezone to {{ localization_timezone }} # community.general.timezone: timezone: name: '{{ localization_timezone }}' notify: Restart sshd tags: [timezone] - name: Deploy the Samba AD DC role ansible.builtin.include_role: name: ansible_samba_ad_dc # --- Global Handlers ---------------------------------------------- handlers: - name: Restart sshd ansible.builtin.service: name: ssh state: restarted when: localization_timezone | bool