Jose/ansible_samba_tasks
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
f6c9c70fcd94a3028e882437a65be5484c5abb46
ansible_samba_tasks/tasks/setupacdc.yml
Jose 2928061772 refactor ♻️: Simplified container configuration and added LXC ID to template 
Refactored the setupacdc.yml file to use LXC IDs instead of container IDs, simplifying the configuration process. Also updated the create_lxc_container task to use the new LXC ID format.
2025-11-09 08:35:17 +01:00

224 lines
6.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
# - name: Install pexpect on Ansible controller
# hosts: localhost
# gather_facts: false
# tasks:
# - name: Install pexpect via pip
# ansible.builtin.pip:
# name: pexpect
# executable: pip3
# - name: Install py3-pexpect
# ansible.builtin.apk:
# name: py3-pexpect
# state: present
# - name: Ensure pexpect is installed via apk
# ansible.builtin.apk:
# name: py3-pexpect
# state: present
- name: Create and provision LXC container on Proxmox
hosts: node0
gather_facts: no
become: yes
become_user: root
vars:
node_ip: "{{ hostvars['node0']['ansible_host'] }}"
mac_address: '8E:90:31:DE:31:36'
lxc_id: 200
# lxc_template: '/var/lib/vz/template/cache/ubuntu-25.04-standard_25.04-1.1_amd64.tar.zst'
lxc_template: '/var/lib/vz/template/cache/debian-13-standard_13.1-1_amd64.tar.zst'
# lxc_template: '/var/lib/vz/template/cache/debian-12-standard_12.12-1_amd64.tar.zst'
# lxc_ostype: ubuntu
lxc_ostype: debian
lxc_hostname: '{{ addc_hostname }}'
lxc_password: '{{ addc_admin_password }}'
lxc_storage: local-lvm
lxc_rootfs_size: 8G
lxc_memory: 1024
lxc_swap: 256
lxc_cores: 2
lxc_net: name=eth0,bridge=vmbr0,ip={{ addc_ansible_host }}/24,gw={{ location_gateway }},hwaddr={{ mac_address }}
lxc_features: 'keyctl=1,nesting=1,mount=cifs'
lxc_description: default lxc
lxc_onboot: 1
lxc_protection: 0
lxc_unprivileged: 0
lxc_pubkey: '{{ ssh_public_keys[0] }}'
lxc_tags:
- ansible_managed
- test
tasks:
- name: Combine SSH public keys into one file
ansible.builtin.copy:
dest: '{{ ssh_keys_file }}'
content: |
{% for key in ssh_public_keys %}
{{ key }}
{% endfor %}
mode: '0644'
- name: debug
# Comment
ansible.builtin.debug:
msg: 'Hello world! {{ lxc_password }}'
verbosity: 0
- name: Create LXC container {{ lxc_hostname }} with id {{ lxc_id }} using pct command on shell
ansible.builtin.shell: |
set -e
pct create {{ lxc_id }} {{ lxc_template }} \
-ostype {{ lxc_ostype }} \
-hostname {{ lxc_hostname }} \
-password '{{ lxc_password }}' \
-ssh-public-keys '{{ ssh_keys_file }}' \
-cores {{ lxc_cores }} \
-memory {{ lxc_memory }} \
-swap {{ lxc_swap }} \
-net0 '{{lxc_net}}' \
-storage {{ lxc_storage }} \
-description '{{ lxc_description }}' \
-onboot {{ lxc_onboot }} \
-protection {{ lxc_protection }} \
-unprivileged {{ lxc_unprivileged }} \
-tags '{{ lxc_tags | join(',') }}' \
-features '{{ lxc_features }}'
args:
creates: '/etc/pve/lxc/{{ lxc_id }}.conf'
no_log: false
# -password {{ lxc_password }} \
# -rootfs {{ lxc_storage }}:{{ lxc_id }}/vm-{{ lxc_id }}-disk-0.raw,size=7G \
# -timezone: {{ localization_timezone }} \
- name: Check if LXC container {{ lxc_hostname }} is running
ansible.builtin.command:
cmd: pct status {{ lxc_id }}
register: pct_status
changed_when: false
- name: Start the LXC container {{ lxc_hostname }} if stopped
ansible.builtin.command:
cmd: pct start {{ lxc_id }}
when: "'status: stopped' in pct_status.stdout"
register: start_result
changed_when: "'status: stopped' in pct_status.stdout"
- name: Wait until container has an IP address
ansible.builtin.shell: "pct exec {{ lxc_id }} -- hostname -I | awk '{print $1}'"
register: lxc_ip
until: lxc_ip.stdout != ''
retries: 10
delay: 5
changed_when: false
failed_when: lxc_ip.stdout == ''
- name: Wait for SSH to become available
ansible.builtin.wait_for:
host: '{{ lxc_ip.stdout }}'
port: 22
delay: 5
timeout: 60
retries: 10
delay: 5
changed_when: false
# --- DC1 Provisioning Play --------------------------------------------
- name: Provision dc1 LXC
hosts: dc1
gather_facts: true
become: true
# vars:
# addc_admin_password: '{{ addc_adminpass }}'
tasks:
# - name: Ensure SSH authorized keys are present
# ansible.posix.authorized_key:
# user: root
# key: '{{ item }}'
# state: present
# loop: '{{ ssh_public_keys }}'
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
- name: Install all available updates
ansible.builtin.apt:
upgrade: dist
autoremove: true
- name: Reboot if a new kernel was installed
ansible.builtin.reboot:
msg: "Rebooting after full upgrade"
connect_timeout: 5
reboot_timeout: 600
when: ansible_facts.packages is not defined or
ansible_facts.packages['linux-image-generic'] is defined
# - name: Ensure update-manager-core is installed
# ansible.builtin.apt:
# name: update-manager-core
# state: present
# - name: Perform Ubuntu release upgrade non-interactively
# ansible.builtin.command:
# cmd: do-release-upgrade -f DistUpgradeViewNonInteractive
# register: upgrade_output
# changed_when: "'No new release found' not in upgrade_output.stdout"
# - name: Reboot if kernel updated
# ansible.builtin.reboot:
# msg: "Rebooting after Ubuntu upgrade"
# connect_timeout: 5
# reboot_timeout: 600
# when: upgrade_output is changed
- name: Install useful packages
ansible.builtin.package:
name:
- nano
- tzdata
# - openssh-server
state: present
- name: Update all packages, autoclean, and autoremove
ansible.builtin.apt:
name: '*'
state: latest
autoclean: yes
autoremove: yes
purge: true
- name: Set timezone to {{ localization_timezone }}
# community.general.timezone:
timezone:
name: '{{ localization_timezone }}'
notify: Restart sshd
tags: [timezone]
- name: Deploy the Samba AD DC role
ansible.builtin.include_role:
name: ansible_samba_ad_dc
# --- Global Handlers ----------------------------------------------
handlers:
- name: Restart sshd
ansible.builtin.service:
name: ssh
state: restarted
when: localization_timezone | bool
Reference in New Issue View Git Blame Copy Permalink