Add support for privileged containers and extra LXC conf

author alex <alex@pdp7.net>

Sat, 1 Apr 2023 13:57:47 +0000 (15:57 +0200)

committer alex <alex@pdp7.net>

Sat, 1 Apr 2023 13:57:47 +0000 (15:57 +0200)
author alex <alex@pdp7.net>
Sat, 1 Apr 2023 13:57:47 +0000 (15:57 +0200)
committer alex <alex@pdp7.net>
Sat, 1 Apr 2023 13:57:47 +0000 (15:57 +0200)
diff --git a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml

index b057d7cbf7a543fa020b8386483dcaaea07d35de..0fd8f5d0a3e7f0cb3a5ae1b3dd65712e193564e9 100644 (file)
--- a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
+++ b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
@@ -24,7 +24,7 @@
            lxc.idmap = g 0 100000 65536
            lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
            lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
-      when: not proxmox_conf['content']|b64decode is search('lxc.idmap')
+      when: not proxmox_conf['content']|b64decode is search('lxc.idmap') and not proxmox.privileged|default(False)
        notify: restart_container
        delegate_to: "{{ proxmox.host }}"
      - name: set id mappings copy in
diff --git a/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml b/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml

index 014fa28c2561b5bede621843036502ce809aee05..ecb600aa5b6d171121594ebc9fb83adcd5657f27 100644 (file)
--- a/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml
+++ b/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml
@@ -11,13 +11,37 @@
        --storage local-zfs
        -net0 name=eth0,bridge=vmbr0,ip=dhcp
        -onboot 1
-      --unprivileged
+      {% if not proxmox.privileged|default(false) %} -unprivileged {% endif %}
+      {% if proxmox.features|default(None) %} -features {{ proxmox.features }} {% endif %}
        --password {{ ansible_password|trim }}
        --nameserver {{ hostvars[proxmox.host].network.self_internal_ip }}
        --ostype {{ flavors[proxmox.flavor].pct_ostype }}
    args:
      creates: "/etc/pve/lxc/{{ proxmox.id }}.conf"
    delegate_to: "{{ proxmox.host }}"
+- name: proxmox extra
+  when: proxmox.extra|default(None)
+  block:
+    - name: set proxmox extra copy out
+      copy:
+        remote_src: yes
+        src: /etc/pve/lxc/{{ proxmox.id }}.conf
+        dest: /tmp/{{ proxmox.id }}.conf
+      delegate_to: "{{ proxmox.host }}"
+    - name: read conf
+      slurp:
+        src: /tmp/{{ proxmox.id }}.conf
+      register: proxmox_conf
+      delegate_to: "{{ proxmox.host }}"
+    - name: set proxmox extra
+      lineinfile:
+        path: /tmp/{{ proxmox.id }}.conf
+        line: "{{ item }}"
+      loop: "{{ proxmox.extra }}"
+      delegate_to: "{{ proxmox.host }}"
+    - name: set proxmox extra copy in
+      command: cp /tmp/{{ proxmox.id }}.conf /etc/pve/lxc/{{ proxmox.id }}.conf
+      delegate_to: "{{ proxmox.host }}"
  # https://bugzilla.proxmox.com/show_bug.cgi?id=4515
  - name: set hosts
    copy:
author	alex <alex@pdp7.net>
	Sat, 1 Apr 2023 13:57:47 +0000 (15:57 +0200)
committer	alex <alex@pdp7.net>
	Sat, 1 Apr 2023 13:57:47 +0000 (15:57 +0200)
personal_infra/playbooks/roles/join_ipa/tasks/main.yml		patch \| blob \| history
personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml		patch \| blob \| history