├── README.md
├── tasks
    └── main.yml
└── vars
    └── main.yml


/README.md:
--------------------------------------------------------------------------------
 1 | A playbook that creates an LXC container and joins it to a FreeIPA domain.
 2 | 
 3 | Typical usage:
 4 | 
 5 | ```
 6 | ---
 7 | - hosts: <proxmox_host>
 8 |   tasks:
 9 |     - include_role:
10 |         name: create-proxmox-host
11 |       vars:
12 |         hostname: <hostname>
13 |         vmid: "{{ hostvars['<hostname>']['proxmox_vmid'] }}"
14 |         ipa_domain: "{{ ipa_domain_name }}"
15 |         ipa_username: admin
16 |         ipa_password: "{{ ipa_admin_password }}"
17 |         root_password: "{{ hostvars['<hostname>']['root_password'] }}"
18 |         flavor: ubuntu_20_04
19 | ```
20 | 
21 | I keep IPA data on group_vars/all/(vars|vault) and proxmox_vmid on host_vars/<hostname>/(vars|vault).
22 | 
23 | I only need a single line in the inventory for each host's hostname, and I put:
24 | 
25 | ```
26 | ansible_become: True
27 | ansible_user: <my ipa username>
28 | ```
29 | 
30 | in the host's variables to connect.
31 | 
32 | Parameters:
33 | 
34 | * flavor: only ubuntu_20_04 is supported now
35 | * vmid
36 | * hostname
37 | * memory: default 512, in megabytes
38 | * swap: default 512, in megabytes
39 | * disk: default 4, in gigabytes
40 | * root_password
41 | * extra_opts: to pass on to `pct create`
42 | * ipa_idrange_start, ipa_idrange_start, ipa_idrange_size
43 | * ipa_domain, ipa_password, ipa_username
44 | 
45 | # Docker setup
46 | 
47 | Use the following to create a zvol to hold `/var/lib/docker` and get Docker working when using ZFS:
48 | 
49 | ```
50 | ---
51 | - hosts: <proxmox_host>
52 |   tasks:
53 |     - name: Create Docker zvol
54 |       zfs:
55 |         name: rpool/user/<hostname>-docker
56 |         state: present
57 |         extra_zfs_properties:
58 |           volsize: 32G
59 |     - name: Format Docker zvol
60 |       shell: "test -f /etc/ansible/mkfs-<hostname>-docker || mkfs.ext4 /dev/zvol/rpool/user/<hostname>-docker && touch /etc/ansible/mkfs-<hostname>-docker"
61 |     - name: Mount Docker zvol
62 |       mount:
63 |         path: /mnt/<hostname>-docker
64 |         src: /dev/zvol/rpool/user/<hostname>-docker
65 |         fstype: ext4
66 |         state: mounted
67 |     - name: fix perms Docker zvol
68 |       file:
69 |         path: /mnt/<hostname>-docker
70 |         mode: 0711
71 |         owner: "100000"
72 |         group: "100000"
73 |     - include_role:
74 |         name: create-proxmox-host
75 |       vars:
76 | ...
77 |         extra_opts: -features nesting=1,keyctl=1 -mp0 /mnt/dokku-docker,mp=/var/lib/docker
78 | ```
79 | 
80 | Note: as this does not follow the disk naming conventions that Proxmox uses, Proxmox features like snapshots and migration might cease to work.
81 | See #1 for hints about following the disk naming conventions to solve this problem.
82 | 


--------------------------------------------------------------------------------
/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: download template {{ flavors[flavor].template }}
 3 |   command: "pveam download local {{ flavors[flavor].template }}"
 4 |   args:
 5 |     creates: "/var/lib/vz/template/cache/{{ flavors[flavor].template }}"
 6 | - name: create host {{ hostname }}
 7 |   command: >
 8 |     pct create {{ vmid }} /var/lib/vz/template/cache/{{ flavors[flavor].template }}
 9 |         -storage local-zfs
10 |         -hostname {{ hostname }}
11 |         -net0 name=eth0,bridge=vmbr0,ip=dhcp
12 |         -onboot 1
13 |         -memory {{ memory|default(512) }}
14 |         -swap {{ swap|default(512) }}
15 |         -rootfs local-zfs:{{ disk|default(4) }}
16 |         --unprivileged
17 |         --ostype {{ flavors[flavor].ostype }}
18 |         --password {{ root_password }}
19 |         {{ extra_opts|default() }}
20 |   args:
21 |     creates: "/etc/pve/lxc/{{ vmid }}.conf"
22 | - name: set id mappings {{ hostname }} copy out
23 |   copy:
24 |     remote_src: yes
25 |     src: "/etc/pve/lxc/{{ vmid }}.conf"
26 |     dest: /tmp/cpci
27 | - name: set id mappings {{ hostname }}
28 |   blockinfile:
29 |     path: /tmp/cpci
30 |     block: |
31 |       lxc.idmap = u 0 100000 65536
32 |       lxc.idmap = g 0 100000 65536
33 |       lxc.idmap = u {{ ipa_idrange_start }} {{ ipa_idrange_start }} {{ ipa_idrange_size }}
34 |       lxc.idmap = g {{ ipa_idrange_start }} {{ ipa_idrange_start }} {{ ipa_idrange_size }}
35 | - name: set id mappings {{ hostname }} copy in
36 |   command: "cp /tmp/cpci /etc/pve/lxc/{{ vmid }}.conf"
37 | - name: start container
38 |   shell: "{ pct status {{ vmid }} | grep running ; } || pct start {{ vmid }}"
39 | - name: update apt
40 |   command: "pct exec {{ vmid }} -- apt update"
41 | - name: install freeipa-client
42 |   command: "pct exec {{ vmid }} -- sh -c 'DEBIAN_FRONTEND=noninteractive apt install -y freeipa-client'"
43 | - name: join freeipa
44 |   command: "pct exec {{ vmid }} -- sh -c 'getent passwd admin || ipa-client-install -U --domain={{ ipa_domain }} --mkhomedir -w {{ ipa_password }} -p {{ ipa_username }} --no-ntp --force-join'"
45 | 


--------------------------------------------------------------------------------
/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | flavors:
3 |   ubuntu_20_04:
4 |     template: ubuntu-20.04-standard_20.04-1_amd64.tar.gz
5 |     ostype: ubuntu
6 | 


--------------------------------------------------------------------------------