better fedora setup
This commit is contained in:
72
roles/proxmox-lxc-fedora/tasks/main.yml
Normal file
72
roles/proxmox-lxc-fedora/tasks/main.yml
Normal file
@@ -0,0 +1,72 @@
|
||||
- name: Add fedora LXC container
|
||||
proxmox:
|
||||
vmid: "{{ lxc_id }}"
|
||||
hostname: "{{ name }}"
|
||||
state: present
|
||||
node: "{{ proxmox_node }}"
|
||||
ostemplate: local:vztmpl/fedora-39-default_20231118_amd64.tar.xz
|
||||
ostype: fedora
|
||||
memory: 9216 # 9GB
|
||||
swap: 0
|
||||
cores: 5
|
||||
netif: '{"net0":"name=eth0,gw={{ lxc_gateway }},ip={{ lxc_ip }}/24,bridge=vmbr0"}'
|
||||
onboot: 1
|
||||
pubkey: "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}"
|
||||
unprivileged: false
|
||||
disk: local-lvm:20
|
||||
|
||||
api_user: "{{ proxmox_user }}"
|
||||
api_host: "{{ proxmox_node }}"
|
||||
api_token_secret: "{{ proxmox_token }}"
|
||||
api_token_id: "{{ proxmox_token_id }}"
|
||||
timeout: 30
|
||||
|
||||
|
||||
- name: Add k3s specific config to LXC config file
|
||||
lineinfile:
|
||||
state: present
|
||||
path: "/etc/pve/lxc/{{ lxc_id }}.conf"
|
||||
line: |
|
||||
lxc.apparmor.profile: unconfined
|
||||
lxc.cgroup.devices.allow: a
|
||||
lxc.cap.drop:
|
||||
lxc.mount.auto: proc:rw sys:rw
|
||||
lxc.autodev: 1
|
||||
lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
|
||||
lxc.mount.entry: /lib/modules /lib/modules none bind,optional,create=dir
|
||||
|
||||
|
||||
- name: Add host to group 'lxc_fedora' with variable
|
||||
ansible.builtin.add_host:
|
||||
groups: lxc_fedora
|
||||
name: "{{ name }}"
|
||||
ansible_host: "{{ lxc_ip }}"
|
||||
ansible_user: root
|
||||
|
||||
|
||||
- name: Start LXC container
|
||||
proxmox:
|
||||
vmid: "{{ lxc_id }}"
|
||||
state: started
|
||||
node: "{{ proxmox_node }}"
|
||||
api_user: "{{ proxmox_user }}"
|
||||
api_host: "{{ proxmox_node }}"
|
||||
api_token_secret: "{{ proxmox_token }}"
|
||||
api_token_id: "{{ proxmox_token_id }}"
|
||||
timeout: 30
|
||||
|
||||
|
||||
# Note: at this point the LXC container is running but cannot be accessed via ssh
|
||||
- name: Use lxc to install openssh-server
|
||||
ansible.builtin.command: |
|
||||
lxc-attach -n {{ lxc_id }} -- dnf install -y openssh-server
|
||||
|
||||
|
||||
- name: Push boot config to LXC container
|
||||
ansible.builtin.command: |
|
||||
pct push {{ lxc_id }} /boot/config-{{ ansible_kernel }} /boot/config-{{ ansible_kernel }}
|
||||
|
||||
|
||||
- name: Use lxc to enable openssh-server
|
||||
ansible.builtin.command: |
|
||||
lxc-attach -n {{ lxc_id }} -- systemctl enable --now sshd
|
||||
Reference in New Issue
Block a user