feat: Add Proxmox LXC container provisioning playbook, related secrets, and documentation.

2026-01-04 11:06:56 +01:00
parent 703d326c22
commit 6801835b75
5 changed files with 163 additions and 2 deletions
--- a/playbooks/create_lxc.yml
+++ b/playbooks/create_lxc.yml
@@ -0,0 +1,69 @@
+---
+- name: Create and Configure New LXC Container
+  hosts: localhost
+  gather_facts: no
+  vars_files:
+    - "../secrets.yml"
+  vars_prompt:
+    - name: container_name
+      prompt: "Enter the new container name (e.g., my-service)"
+      private: no
+    - name: container_ip
+      prompt: "Enter the IP address (CIDR format preferred, or I will append /24) e.g., 10.0.0.123"
+      private: no
+
+  tasks:
+    - name: Normalize IP address (append /24 if missing)
+      set_fact:
+        container_ip_cidr: "{{ container_ip if '/' in container_ip else container_ip + '/24' }}"
+      
+    - name: Create LXC container on Proxmox
+      community.general.proxmox:
+        api_host: "{{ proxmox_host | default('10.0.0.1') }}"
+        api_user: "{{ proxmox_api_user }}"
+        api_token_id: "{{ proxmox_api_token_id }}"
+        api_token_secret: "{{ proxmox_api_token_secret }}"
+        node: "{{ proxmox_node }}"
+        storage: "{{ proxmox_storage }}"
+        ostemplate: '{{ proxmox_storage }}:vztmpl/ubuntu-24.04-standard_24.04-2_amd64.tar.zst'
+        hostname: "{{ container_name }}"
+        password: "TempPassword123!" # Temporary password, will be disabled by lxc_setup
+        netif:
+          net0: "name=eth0,gw=10.0.0.1,ip={{ container_ip_cidr }},bridge=vmbr0"
+        cores: 2
+        memory: 1024
+        swap: 512
+        state: started
+        unprivileged: yes
+        features:
+          - nesting=1
+      register: proxmox_creation
+
+    - name: Wait for container to be reachable
+      wait_for:
+        host: "{{ container_ip_cidr | split('/') | first }}"
+        port: 22
+        search_regex: OpenSSH
+        delay: 10
+        timeout: 300
+
+    - name: Add new host to in-memory inventory (group 'new')
+      add_host:
+        name: "{{ container_name }}"
+        groups: new
+        ansible_host: "{{ container_ip_cidr | split('/') | first }}"
+        ansible_user: root
+        ansible_ssh_pass: "TempPassword123!"
+        # We need to ignore host key checking for the fresh container to avoid interactive prompt
+        ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
+
+    - name: Add new host to local hosts.ini file (persistency)
+      ansible.builtin.blockinfile:
+        path: "{{ inventory_dir }}/hosts.ini"
+        block: |
+          {{ container_name }} ansible_host={{ container_ip_cidr | split('/') | first }} ansible_user=root
+        insertafter: "^\\[new\\]"
+        marker: "# {mark} ANSIBLE MANAGED BLOCK FOR NEW HOST {{ container_name }}"
+
+- name: Run Standard Setup on New Host
+  import_playbook: lxc_setup_ubuntu.yml