proxmox ansible bootstrapping
This commit is contained in:
parent
2d1a363a50
commit
bdf3bc6b02
20 changed files with 481 additions and 4 deletions
82
README.md
82
README.md
|
|
@ -1,2 +1,82 @@
|
|||
# proxmox
|
||||
# Proxmox Home Server Ansible Bootstrapping
|
||||
|
||||
This repository contains Ansible playbooks and roles for bootstrapping a fresh Proxmox VE installation.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
* Ansible installed on your control machine.
|
||||
* Your Proxmox VE server has an initial root password set.
|
||||
* Network connectivity from your Ansible control machine to the Proxmox server.
|
||||
|
||||
## Setup
|
||||
|
||||
1. **Clone this repository:**
|
||||
```bash
|
||||
git clone https://gitprocopius.com/plasmagoat/proxmox.git
|
||||
cd proxmox
|
||||
```
|
||||
|
||||
2. **Configure `inventory.ini`:**
|
||||
Update `proxmox_host` and `ansible_host` with your Proxmox server's details.
|
||||
|
||||
```ini
|
||||
# inventory.ini
|
||||
[proxmox]
|
||||
proxmox_01 ansible_host=192.168.1.200 ansible_user=root
|
||||
```
|
||||
|
||||
3. **Create and encrypt `group_vars/proxmox/vault.yml`:**
|
||||
This file will store your initial Proxmox root password.
|
||||
|
||||
```bash
|
||||
ansible-vault create group_vars/proxmox/vault.yml
|
||||
```
|
||||
Enter a strong vault password when prompted. Then add the following content:
|
||||
|
||||
```yaml
|
||||
# group_vars/all/vault.yml
|
||||
initial_root_password: "YourActualProxmoxRootPassword"
|
||||
```
|
||||
Save and exit.
|
||||
|
||||
4. **Configure `group_vars/proxmox/main.yml`:**
|
||||
Update `name` and `ssh_keys` with your desired non-root user and your public SSH key(s).
|
||||
|
||||
```yaml
|
||||
# group_vars/all/main.yml
|
||||
admin:
|
||||
name: "your_ansible_user"
|
||||
ssh_keys:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB... your_public_key"
|
||||
```
|
||||
|
||||
5. **Create a vault password file (recommended):**
|
||||
Create a file (e.g., `~/.ansible_vault_pass`) containing only your vault password.
|
||||
```bash
|
||||
echo "YourVaultPassword" > ~/.ansible_vault_pass
|
||||
chmod 600 ~/.ansible_vault_pass
|
||||
```
|
||||
Ensure `ansible.cfg` points to this file.
|
||||
|
||||
## Running the Playbook
|
||||
|
||||
Execute the bootstrapping playbook:
|
||||
|
||||
```bash
|
||||
ansible-playbook playbooks/bootstrap.yml
|
||||
```
|
||||
|
||||
If you didn't set `vault_password_file` in `ansible.cfg`, you'll be prompted for the vault password.
|
||||
|
||||
## Post-Bootstrapping
|
||||
|
||||
After the playbook completes:
|
||||
|
||||
1. **Test SSH login with the new user:**
|
||||
```bash
|
||||
ssh your_ansible_user@<your_proxmox_ip_address>
|
||||
```
|
||||
You should be able to log in without a password using your SSH key.
|
||||
|
||||
2. **Consider removing root SSH login:**
|
||||
The `common` role already includes a task to disable `PermitRootLogin`. Verify it's set to `no` in `/etc/ssh/sshd_config` on the Proxmox host.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue