Update id mappings properly :(

diff --git a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
index eea24430475f07e6eabb076b0bdd596d554b6d3a..0610dba49be7fe8015061d5502c42c3f0806946d 100644 (file)
--- a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
+++ b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
@@ -3,13 +3,29 @@
   # TODO:
   # -N: no NTP (LXC doesn't need NTP)
   shell: getent passwd admin || ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password|trim }} --mkhomedir -p {{ freeipa.join_user }}
-- name: set idmappings
+# proxmox reorders the configuration file and misbehaves quite a bit :(
+- name: set id mappings copy out
+  copy:
+    remote_src: yes
+    src: /etc/pve/lxc/{{ proxmox.id }}.conf
+    dest: /tmp/{{ proxmox.id }}.conf
+  delegate_to: "{{ proxmox.host }}"
+- name: read conf
+  slurp:
+    src: /tmp/{{ proxmox.id }}.conf
+  register: proxmox_conf
+  delegate_to: "{{ proxmox.host }}"
+- name: set id mappings
   blockinfile:
-    path: /etc/pve/lxc/{{ proxmox.id }}.conf
+    path: /tmp/{{ proxmox.id }}.conf
     block: |
       lxc.idmap = u 0 100000 65536
       lxc.idmap = g 0 100000 65536
       lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
       lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
-  delegate_to: "{{ proxmox.host }}"
+  when: not proxmox_conf['content']|b64decode is search('lxc.idmap')
   notify: restart_container
+  delegate_to: "{{ proxmox.host }}"
+- name: set id mappings copy in
+  command: cp /tmp/{{ proxmox.id }}.conf /etc/pve/lxc/{{ proxmox.id }}.conf
+  delegate_to: "{{ proxmox.host }}"