From 08bc4b6aac8bf7fb4327fd003c961e356e32f7db Mon Sep 17 00:00:00 2001 From: alex Date: Sun, 29 Jan 2023 12:24:59 +0100 Subject: [PATCH] Properly handle LXC in join_ipa --- .../playbooks/roles/join_ipa/tasks/main.yml | 57 ++++++++++--------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml index 0610dba..b057d7c 100644 --- a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml +++ b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml @@ -1,31 +1,32 @@ --- - name: join - # TODO: - # -N: no NTP (LXC doesn't need NTP) - shell: getent passwd admin || ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password|trim }} --mkhomedir -p {{ freeipa.join_user }} + shell: getent passwd admin || ipa-client-install -U {% if 'lxc' in group_names %} -N {% endif %} --domain={{ freeipa.domain }} -w {{ freeipa.join_password|trim }} --mkhomedir -p {{ freeipa.join_user }} # proxmox reorders the configuration file and misbehaves quite a bit :( -- name: set id mappings copy out - copy: - remote_src: yes - src: /etc/pve/lxc/{{ proxmox.id }}.conf - dest: /tmp/{{ proxmox.id }}.conf - delegate_to: "{{ proxmox.host }}" -- name: read conf - slurp: - src: /tmp/{{ proxmox.id }}.conf - register: proxmox_conf - delegate_to: "{{ proxmox.host }}" -- name: set id mappings - blockinfile: - path: /tmp/{{ proxmox.id }}.conf - block: | - lxc.idmap = u 0 100000 65536 - lxc.idmap = g 0 100000 65536 - lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }} - lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }} - when: not proxmox_conf['content']|b64decode is search('lxc.idmap') - notify: restart_container - delegate_to: "{{ proxmox.host }}" -- name: set id mappings copy in - command: cp /tmp/{{ proxmox.id }}.conf /etc/pve/lxc/{{ proxmox.id }}.conf - delegate_to: "{{ proxmox.host }}" +- name: proxmox idmaps + when: "'lxc' in group_names" + block: + - name: set id mappings copy out + copy: + remote_src: yes + src: /etc/pve/lxc/{{ proxmox.id }}.conf + dest: /tmp/{{ proxmox.id }}.conf + delegate_to: "{{ proxmox.host }}" + - name: read conf + slurp: + src: /tmp/{{ proxmox.id }}.conf + register: proxmox_conf + delegate_to: "{{ proxmox.host }}" + - name: set id mappings + blockinfile: + path: /tmp/{{ proxmox.id }}.conf + block: | + lxc.idmap = u 0 100000 65536 + lxc.idmap = g 0 100000 65536 + lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }} + lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }} + when: not proxmox_conf['content']|b64decode is search('lxc.idmap') + notify: restart_container + delegate_to: "{{ proxmox.host }}" + - name: set id mappings copy in + command: cp /tmp/{{ proxmox.id }}.conf /etc/pve/lxc/{{ proxmox.id }}.conf + delegate_to: "{{ proxmox.host }}" -- 2.47.3