Properly handle LXC in join_ipa

diff --git a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
index 0610dba49be7fe8015061d5502c42c3f0806946d..b057d7cbf7a543fa020b8386483dcaaea07d35de 100644 (file)
--- a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
+++ b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
@@ -1,31 +1,32 @@
 ---
 - name: join
-  # TODO:
-  # -N: no NTP (LXC doesn't need NTP)
-  shell: getent passwd admin || ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password|trim }} --mkhomedir -p {{ freeipa.join_user }}
+  shell: getent passwd admin || ipa-client-install -U {% if 'lxc' in group_names %} -N {% endif %} --domain={{ freeipa.domain }} -w {{ freeipa.join_password|trim }} --mkhomedir -p {{ freeipa.join_user }}
 # proxmox reorders the configuration file and misbehaves quite a bit :(
-- name: set id mappings copy out
-  copy:
-    remote_src: yes
-    src: /etc/pve/lxc/{{ proxmox.id }}.conf
-    dest: /tmp/{{ proxmox.id }}.conf
-  delegate_to: "{{ proxmox.host }}"
-- name: read conf
-  slurp:
-    src: /tmp/{{ proxmox.id }}.conf
-  register: proxmox_conf
-  delegate_to: "{{ proxmox.host }}"
-- name: set id mappings
-  blockinfile:
-    path: /tmp/{{ proxmox.id }}.conf
-    block: |
-      lxc.idmap = u 0 100000 65536
-      lxc.idmap = g 0 100000 65536
-      lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
-      lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
-  when: not proxmox_conf['content']|b64decode is search('lxc.idmap')
-  notify: restart_container
-  delegate_to: "{{ proxmox.host }}"
-- name: set id mappings copy in
-  command: cp /tmp/{{ proxmox.id }}.conf /etc/pve/lxc/{{ proxmox.id }}.conf
-  delegate_to: "{{ proxmox.host }}"
+- name: proxmox idmaps
+  when: "'lxc' in group_names"
+  block:
+    - name: set id mappings copy out
+      copy:
+        remote_src: yes
+        src: /etc/pve/lxc/{{ proxmox.id }}.conf
+        dest: /tmp/{{ proxmox.id }}.conf
+      delegate_to: "{{ proxmox.host }}"
+    - name: read conf
+      slurp:
+        src: /tmp/{{ proxmox.id }}.conf
+      register: proxmox_conf
+      delegate_to: "{{ proxmox.host }}"
+    - name: set id mappings
+      blockinfile:
+        path: /tmp/{{ proxmox.id }}.conf
+        block: |
+          lxc.idmap = u 0 100000 65536
+          lxc.idmap = g 0 100000 65536
+          lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+          lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+      when: not proxmox_conf['content']|b64decode is search('lxc.idmap')
+      notify: restart_container
+      delegate_to: "{{ proxmox.host }}"
+    - name: set id mappings copy in
+      command: cp /tmp/{{ proxmox.id }}.conf /etc/pve/lxc/{{ proxmox.id }}.conf
+      delegate_to: "{{ proxmox.host }}"