45 lines
1.7 KiB
YAML
45 lines
1.7 KiB
YAML
---
|
|
##########
|
|
# This playbook is expressly to load management ssh-keys on proxmox LXC containers
|
|
# that might not have SSH enabled.
|
|
#
|
|
- name: Bootstrap SSH on LXC Containers via Proxmox Host
|
|
hosts: lxc_containers
|
|
gather_facts: false
|
|
vars:
|
|
client_pub_key: "/root/.ssh/client_{{ CLIENT_SLUG }}.pub"
|
|
|
|
tasks:
|
|
- name: Find current node for VMID {{ vmid }}
|
|
# We delegate to the first host in your proxmox_cluster group
|
|
delegate_to: "{{ groups['proxmox_cluster'][0] }}"
|
|
ansible.builtin.shell:
|
|
cmd: "pvesh get /cluster/resources --type vm | grep -w '{{ vmid }}' | awk '{print $4}'"
|
|
register: container_node
|
|
changed_when: false
|
|
|
|
- name: Set active host fact
|
|
ansible.builtin.set_fact:
|
|
active_pve_node: "{{ container_node.stdout | trim }}"
|
|
|
|
- name: Configure LXC via PVE CLI
|
|
delegate_to: "{{ active_pve_node }}"
|
|
become: true
|
|
block:
|
|
- name: Ensure .ssh directory exists in LXC
|
|
ansible.builtin.command:
|
|
cmd: "pct exec {{ vmid }} -- mkdir -p /root/.ssh"
|
|
|
|
- name: Push SSH key to LXC
|
|
ansible.builtin.command:
|
|
cmd: "pct push {{ vmid }} {{ client_pub_key }} /root/.ssh/authorized_keys --perms 600"
|
|
|
|
- name: Set SSH permissions and restart
|
|
ansible.builtin.command:
|
|
cmd: >
|
|
pct exec {{ vmid }} -- bash -c "
|
|
chown root:root /root/.ssh/authorized_keys &&
|
|
sed -i 's/^#?PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config &&
|
|
sed -i 's/^#?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config &&
|
|
systemctl restart ssh"
|