Setting up Proxmox with Ansible, part1

In first article of this series we will makae a simple configuration to set-up the enviroment and perform a simple task: check if LXC Container is not present
Ansible provides 2 nice modules:

  1. proxmox_kvm – Management of Qemu(KVM) Virtual Machines in Proxmox VE cluster
  2. proxmox – Management of instances in Proxmox VE cluster

In this series we will focus on proxmox module which allows you to create/delete/stop LXC Containers in Proxmox VE cluster, but this first part is available also for proxmox_kvm module, which allows you to create/delete/stop instances in Proxmox VE cluster

Requirements:

First, check if the API is working in your Proxmox enviroment
curl -k -d "username=root@pam&password=yourpassword" https://10.0.0.1:8006/api2/json/access/ticket

You need to make sure that the followings are installed

On host:
You’ll need ansible 2.9.2 at least
to check your version : ansible --version
upgrade to the latest version : pip3 install --upgrade ansible
then, the proxmoxer and requests packages are required pip install proxmoxer requests

We recommend using a vm ( we use a minimal centOs8 ) to perform all tasks related to DevOps

On target:
Install proxmoxer and requests packages: pip install proxmoxer requests
*If pip is not installed on your Debian system:
apt update && apt upgrade && apt install python-pip && pip --version

Project structure

We will start with a simple folder structure and we will develop it in the later posts

  1. create the inventory file:
mkdir ansible-proxmox && cd ansible-proxmox
cat <<EOF >> dc_hosts.yml
---
all:
  children:
    proxmox:
      hosts:
        erver2:
          ansible_host: 82.208.158.24
          ansible_port: 20
  vars:
    ansible_ssh_private_key_file: ~/.ssh/id_padi
    ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
EOF
  1. create a simple main.yml file which will contain a basic operation
cat << EOF >> main.yml
---
- hosts: proxmox
  tasks:
  - name: 'Check if container exist'
    proxmox:
      api_host: "{{ proxmox_api_host }}"
      api_user: "{{ proxmox_api_user }}"
      api_password: "{{ proxmox_api_password }}"
      # ---
      vmid: "{{ hostvars[target_host].lxc_vmid }}"
      state: absent
EOF

Until now you should be able to start a vm running the following command
ansible-playbook main.yml -i dc_hosts

Now, because the proxmox and proxmox_kvm module require inline password we will setup an ansible vault to securely store it and PREVENT committing the password to git. The Ansible Vault is not a subject of this tutorial so we will keep it simple.

To encrypt the proxmox password to an ansible vault variable:
ansible-vault encrypt_string 'mypassword' --name 'proxmox_password'
Output:

proxmox_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          32646131666435646327546283725387726483303461333365663933346635656466373735376431
          3036326139366123443292645217623512323730326237620a373330633231373165623439396437
          63663137234631345342366464386565663362646232613832376435616435626535343333383430
          36626562342423134443313736636266643336653833333830316262666238353966363736306264
          3535

Encryption is successful and now we need to store this in a variable file

and then we need to store this in a variable file
cat << EOF >> vi /vars/main.yml
---
pmx_api_host: 10.10.10.2
pmx_api_user: root@pam
pmx_api_password: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  32646131666435646327546283725387726483303461333365663933346635656466373735376431
  3036326139366123443292645217623512323730326237620a373330633231373165623439396437
  63663137234631345342366464386565663362646232613832376435616435626535343333383430
  36626562342423134443313736636266643336653833333830316262666238353966363736306264
  3535
EOF

and now we can edit our playbook main.yml file with the followings

- hosts: proxmox
  tasks:
  - name: 'Check if container exist'
    proxmox:
      api_host: "{{ pmx_api_host }}"
      api_user: "{{ pmx_api_user }}"
      api_password: "{{ pmx_api_pass }}"
      # ---
      vmid: 103
      state: absent

and run the playbook:
ansible-playbook main-proxmox.yml -i isv_hosts --ask-vault-pass

*to check if the password is good you cand print it with the debug module:

- name: 'Display proxmox pass'
  debug:
    var: "{{ pmx_api_pass }}"

So this was the firsts steps to configure a local enviroment for configure your Proxmox platform with Ansible

In the next tutorial we will make an operations suite for managing vm’s.