Jose/ansible_samba_tasks
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d93b989647bcfd57ed9418f7e29312fcd39a9638
ansible_samba_tasks/tasks/setupacdc.yml
Jose d93b989647 chore 📦: Update setupacdc.yml to disable SSL verification for connection 
Updated the setupacdc.yml file to disable SSL verification, allowing for a more secure connection. This change will improve the overall security of the Proxmox cluster.
2025-11-01 17:52:07 +01:00

120 lines
4.5 KiB
YAML
Raw Blame History

- hosts: node0
tasks:
- name: Collect facts from the Proxmox node
setup:
- name: Print collected facts
debug:
var: ansible_facts
- hosts: localhost
gather_facts: yes
vars:
addc_hostname: "DC1"
mac_address: "8E:90:31:DE:31:36"
node_ip: "{{ hostvars['node0']['ansible_host'] }}"
tasks:
# - name: Detect the system's CA store path for Debian/Ubuntu
# ansible.builtin.set_fact:
# ca_store_path: "/etc/ssl/certs/"
# when: ansible_facts.os_family == "Debian"
# - name: Detect the system's CA store path for RedHat/CentOS/Fedora
# ansible.builtin.set_fact:
# ca_store_path: "/etc/pki/tls/certs/"
# when: ansible_facts.os_family == "RedHat"
# - name: Detect the system's CA store path for macOS
# ansible.builtin.set_fact:
# ca_store_path: "/System/Library/Keychains/SystemRootCertificates.keychain"
# when: ansible_facts.system == "Darwin"
# - name: Detect the system's CA store path for Windows
# ansible.builtin.set_fact:
# ca_store_path: "Windows Certificate Store (use certmgr.msc)"
# when: ansible_facts.system == "Windows"
# - name: Show the detected CA store path
# ansible.builtin.debug:
# msg: "The trusted CA store path is: {{ ca_store_path }}"
- name: Disable SSL verification for the connection
ansible.builtin.set_fact:
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o VerifyHostKeyDNS=no"
- name: Download Proxmox's SSL certificate
ansible.builtin.get_url:
url: "https://{{ node_ip }}:8006/pve2/cluster-ca.pem" # Assuming the Proxmox certificate URL
dest: "/tmp/proxmox-ca.pem"
mode: '0644'
register: download_cert
ignore_errors: yes # In case the certificate is already available locally
- name: Check if certificate was downloaded
ansible.builtin.stat:
path: "/tmp/proxmox-ca.pem"
register: cert_stat
- name: Add the Proxmox certificate to the system's trusted CA store
ansible.builtin.copy:
src: "/tmp/proxmox-ca.pem"
dest: "/usr/local/share/ca-certificates/proxmox-ca.crt"
mode: '0644'
when: cert_stat.stat.exists
- name: Update CA certificates (on Debian-based systems)
ansible.builtin.command:
cmd: update-ca-certificates
when: cert_stat.stat.exists
- name: Restart Semaphore UI service to apply certificate change (if necessary)
ansible.builtin.systemd:
name: semaphore
state: restarted
when: cert_stat.stat.exists
- name: Install 'proxmoxer' and 'requests' Python libraries for the ansible controller
ansible.builtin.pip:
name:
- proxmoxer
- requests
state: present
become: no
- name: Print node IP
debug:
msg: "The IP address of node0 is {{ node_ip }}"
- name: Create lxc container
community.proxmox.proxmox:
vmid: 200
node: "{{ node_ip }}"
api_user: root@pam
api_password: "{{ proxmox_password }}"
api_host: "{{ node_ip }}"
password: 123456
hostname: "{{ addc_hostname }}"
# ostype: debian
ostemplate: 'local:vztmpl/debian-13-standard_13.1-1_amd64.tar.zst'
# description: samba ad dc
# cores: 2
# memory: 2048
# disk: 'local-lvm:10'
# timezone: "Europe/Rome"
# onboot: true
# unprivileged: true
# features:
# - nesting=1
# - keyctl=1
# - mount=cifs
# pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZgalXzHToHYdyl59O0dyZNffN0BGbILUCJGmJs/VNm7dpeJ6uj9/LDapcCK0dH1P4eaHd9aET4hkK04xSyX6CfVER2Wcz/G0z2wHCv9mQ3EUWPQI1ESxNhqtfGsPUmoDGzBdsOFK2qSS+FMJnZ/KUgXGU8lxdWUMHccQsSPWWp51Js/hfbhX80Q7TlacOBV1spoaMZDITuhWFhWRbL8X0Y+iG6QrnR36M9E4zMBk/LO33GAhqHlAoeQqjL62DpLQ7/+7aIM/IR6JzGTG5aaaPHpYFTXWJO4zSL3QcW+xbqrPozoszSnnw0Hc1WVwKY6bJSM7OoeFys27Ul7fMIuiZtQ2EfFgD1BGrPxU++k5Pdexg+IU+3QTWBH+GFlWrwjI+0siKw9VovljpLIIJk8EaK65gD/yrD4I5Wm2qVbzfYIT5tXIsGpoZDlw3dtcWfeSj3BYhN3PbDY7o2oqVygJTuN43EEuj0QehyRZKN52x1SBtJ/9KBrFhSLsU0F8mkpJyluiULbrFkOmnfig8e10OE1rZX9vIIDV7TnJ6i536pyGyvmY5VwDQ617qJpK5mbZWzWlv+J7KK4rTbmV9I97xSzpB0c+nVgtEAJ5AhsVBjlMHHawFDzucaoYK5rSnwBGlWHoj+/zy6aHkxiFDLfOsNg0yhPN6ATpCvOm849l8TQ== admin@localhost'
# netif:
# net0: "name=eth0,hwaddr={{ mac_address }},gw={{ location_gateway }},ip={{ addc_ansible_host }}/24,bridge=vmbr0"
validate_certs: false
Reference in New Issue View Git Blame Copy Permalink