Compare commits
No commits in common. "eca9b4d382763409027a511b84eef8e6863fae34" and "75c4a665f47a94cff26594cb079fd4055c60cc67" have entirely different histories.
eca9b4d382
...
75c4a665f4
@ -3,7 +3,7 @@
|
|||||||
#~ always loaded ~#
|
#~ always loaded ~#
|
||||||
|
|
||||||
api_user_name: terraform
|
api_user_name: terraform
|
||||||
api_group_role: PVEVMAdmin # Virtual Machine Administrator
|
api_user_role: PVEVMAdmin # Virtual Machine Administrator
|
||||||
api_object_path: /vms # Access to VMs
|
api_object_path: /vms # Access to VMs
|
||||||
|
|
||||||
...
|
...
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
proxmox_hosts:
|
proxmox_hosts:
|
||||||
hosts:
|
hosts:
|
||||||
vulpes.c0de.online:
|
vulpes.c0de.online:
|
||||||
|
proxmox.c0de.online:
|
||||||
vars:
|
vars:
|
||||||
ansible_user: root
|
ansible_user: root
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
api_group_name: provisioning
|
|
||||||
api_user_name: ansible
|
|
||||||
api_auth_realm: pve
|
|
||||||
api_object_path: /
|
|
||||||
|
|
||||||
...
|
|
@ -15,7 +15,7 @@ argument_specs:
|
|||||||
- Group permission assignment should be preferred
|
- Group permission assignment should be preferred
|
||||||
|
|
||||||
options:
|
options:
|
||||||
api_group_role:
|
api_user_role:
|
||||||
type: str
|
type: str
|
||||||
required: false
|
required: false
|
||||||
default: NoAccess
|
default: NoAccess
|
||||||
@ -40,12 +40,6 @@ argument_specs:
|
|||||||
default: ansible
|
default: ansible
|
||||||
description: The user-name of the account that will get an API token
|
description: The user-name of the account that will get an API token
|
||||||
|
|
||||||
api_auth_realm:
|
|
||||||
type: str
|
|
||||||
required: false
|
|
||||||
default: pve
|
|
||||||
description: The authentication backend provider
|
|
||||||
|
|
||||||
api_object_path:
|
api_object_path:
|
||||||
type: str
|
type: str
|
||||||
required: false
|
required: false
|
||||||
|
@ -1,63 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Get list of users
|
|
||||||
ansible.builtin.shell: pveum user list --output-format json
|
|
||||||
register: user_list
|
|
||||||
|
|
||||||
- name: Determine if our user is in the list
|
|
||||||
set_fact:
|
|
||||||
found_users: "{{ user_list.stdout | from_json | community.general.json_query(jq) }}"
|
|
||||||
vars:
|
|
||||||
jq: "[?userid == '{{ api_user_name }}@{{ api_auth_realm }}'].userid"
|
|
||||||
|
|
||||||
- name: "Fail if {{ api_user_name }} User exists"
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: "{{ api_user_name }} already exists. Nothing to do."
|
|
||||||
when: found_users | length >= 1
|
|
||||||
|
|
||||||
- name: Get list of groups
|
|
||||||
ansible.builtin.shell: pveum group list --output-format json
|
|
||||||
register: group_list
|
|
||||||
|
|
||||||
- name: "Determine if {{ api_group_name }} is in the list"
|
|
||||||
set_fact:
|
|
||||||
found_groups: "{{ group_list.stdout | from_json | community.general.json_query(jq) }}"
|
|
||||||
vars:
|
|
||||||
jq: "[?groupid == '{{ api_group_name }}'].groupid"
|
|
||||||
|
|
||||||
- name: "Create {{ api_group_name }} Group if it does not already exist"
|
|
||||||
ansible.builtin.shell: "pveum group add {{ api_group_name }}"
|
|
||||||
when: found_groups | length <= 0
|
|
||||||
|
|
||||||
- name: "Assign {{ api_group_role }} Role to {{ api_group_name }} on {{ api_object_path }} Objects"
|
|
||||||
ansible.builtin.shell: "pveum acl modify {{ api_object_path }} -group {{ api_group_name }} -role {{ api_group_role }}"
|
|
||||||
when: found_groups | length <= 0
|
|
||||||
|
|
||||||
- name: "Create {{ api_user_name }} User and add it to the {{ api_group_name }} Group"
|
|
||||||
ansible.builtin.shell: "pveum user add {{ api_user_name }}@{{ api_auth_realm }} -groups {{ api_group_name }}"
|
|
||||||
|
|
||||||
- name: "Create API Token for {{ api_user_name }}"
|
|
||||||
ansible.builtin.shell: >
|
|
||||||
pveum user token add {{ api_user_name }}@{{ api_auth_realm }} api_token -privsep 0 --output-format json | jq '.value'
|
|
||||||
register: api_user_token
|
|
||||||
|
|
||||||
- name: Print the token secret
|
|
||||||
debug:
|
|
||||||
msg: >
|
|
||||||
Token ID: {{ api_user_name }}@{{ api_auth_realm }}!api_token
|
|
||||||
Token Secret: {{ api_user_token.stdout }}
|
|
||||||
|
|
||||||
# FIXME: We're failing to auth here
|
|
||||||
# TASK [create-api-user : Verify API Token works] ********************************
|
|
||||||
# An exception occurred during task execution. To see the full traceback, use -vvv. The error was: proxmoxer.core.ResourceException: 401 Unauthorized: invalid token value! - {'errors': b''}
|
|
||||||
# fatal: [vulpes.c0de.online -> localhost]: FAILED! => {"changed": false, "msg": "401 Unauthorized: invalid token value! - {'errors': b''}"}
|
|
||||||
- name: Verify API Token works
|
|
||||||
community.general.proxmox_vm_info:
|
|
||||||
api_host: "{{ inventory_hostname }}"
|
|
||||||
validate_certs: true
|
|
||||||
api_user: "{{ api_user_name }}@{{ api_auth_realm }}"
|
|
||||||
api_token_id: "api_token"
|
|
||||||
api_token_secret: "{{ api_user_token.stdout }}"
|
|
||||||
delegate_to: localhost
|
|
||||||
|
|
||||||
...
|
|
Loading…
x
Reference in New Issue
Block a user