Enhance Ansible playbooks and documentation for Debian and Proxmox management. Add new playbooks for Debian hardening, maintenance, SSH key rotation, and Proxmox cluster setup. Update README.md with quick start instructions for Debian and Proxmox operations. Modify group_vars to include Argo CD application settings, improving deployment flexibility and clarity.

2026-04-01 01:19:50 -04:00
parent 89be30884e
commit c15bf4d708
33 changed files with 682 additions and 5 deletions
--- a/ansible/roles/proxmox_cluster/tasks/main.yml
+++ b/ansible/roles/proxmox_cluster/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+- name: Skip cluster role when disabled
+  ansible.builtin.meta: end_host
+  when: not (proxmox_cluster_enabled | bool)
+
+- name: Check whether corosync cluster config exists
+  ansible.builtin.stat:
+    path: /etc/pve/corosync.conf
+  register: proxmox_cluster_corosync_conf
+
+- name: Set effective Proxmox cluster master
+  ansible.builtin.set_fact:
+    proxmox_cluster_master_effective: "{{ proxmox_cluster_master | default(groups['proxmox_hosts'][0], true) }}"
+
+- name: Set effective Proxmox cluster master IP
+  ansible.builtin.set_fact:
+    proxmox_cluster_master_ip_effective: >-
+      {{
+        proxmox_cluster_master_ip
+        | default(hostvars[proxmox_cluster_master_effective].ansible_host
+        | default(proxmox_cluster_master_effective), true)
+      }}
+
+- name: Create cluster on designated master
+  ansible.builtin.command:
+    cmd: "pvecm create {{ proxmox_cluster_name }}"
+  when:
+    - inventory_hostname == proxmox_cluster_master_effective
+    - not proxmox_cluster_corosync_conf.stat.exists
+
+- name: Ensure python3-pexpect is installed for password-based cluster join
+  ansible.builtin.apt:
+    name: python3-pexpect
+    state: present
+    update_cache: true
+  when:
+    - inventory_hostname != proxmox_cluster_master_effective
+    - not proxmox_cluster_corosync_conf.stat.exists
+    - proxmox_cluster_master_root_password | length > 0
+
+- name: Join node to existing cluster (password provided)
+  ansible.builtin.expect:
+    command: >-
+      pvecm add {{ proxmox_cluster_master_ip_effective }}
+      {% if proxmox_cluster_force | bool %}--force{% endif %}
+    responses:
+      "Please enter superuser \\(root\\) password for '.*':": "{{ proxmox_cluster_master_root_password }}"
+      "password:": "{{ proxmox_cluster_master_root_password }}"
+  no_log: true
+  when:
+    - inventory_hostname != proxmox_cluster_master_effective
+    - not proxmox_cluster_corosync_conf.stat.exists
+    - proxmox_cluster_master_root_password | length > 0
+
+- name: Join node to existing cluster (SSH trust/no prompt)
+  ansible.builtin.command:
+    cmd: >-
+      pvecm add {{ proxmox_cluster_master_ip_effective }}
+      {% if proxmox_cluster_force | bool %}--force{% endif %}
+  when:
+    - inventory_hostname != proxmox_cluster_master_effective
+    - not proxmox_cluster_corosync_conf.stat.exists
+    - proxmox_cluster_master_root_password | length == 0