Replies: 1 comment
-
| Hello, 
 If I create an admin user on the PVE and add it to the sudo group which has the following permissions according to sudoers: Is it a paramiko limitation that it can not pass password to sudo, or am I missing something? But still security people are irritated by this NOPASSWD.. | 
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Introduction
Because of some extensive work (ansible-collections/community.general#8424) by @mietzen, the ansible
community.generalcollection1 now supports managing Proxmox LXCs using PCT over SSH (community.general.proxmox_pct_remote2).This enables management of Proxmox containers without the need to setup SSH access to the containers themselves.
Below I will show you how to set this up, and give an example of how to use it. Hope this will be useful to you!
Prerequisites
Before we begin, ensure you have the following:
Step-by-Step Guide
Step 1: Install/update the
community.generalcollectionThe
proxmox_pct_remoteconnection module is part of thecommunity.generalcollection from version 10.3.0 onwards. You can install/update it using the following command:Step 2: Create an inventory of your Proxmox LXCs
It is possible to create a static or dynamic inventory. Below is an example of how to create a dynamic inventory using
proxmox.inventory3 (for a static example see2)):Some notes:
keyed_groupsgroups proxmox LXCs/VMs by their tags, so for example, all containers tagged with 'docker' will be in the ansible hosts groupproxmox_tags_dockercomposesection is key here, we can use it to add some default variables to the hosts in this inventory. In this case we specify that we want to use thecommunity.general.proxmox_pct_remoteconnection plugin over SSH to the Proxmox host (192.168.2.3 in my case). Note the double quotes in the compose section, this is because these are Jinja expressions IIRC.Test the inventory and
community.general.proxmox_pct_remoteYou can test the inventory by running the following command:
To test the
community.general.proxmox_pct_remoteconnection plugin, you can run the following command (proxmox_all_runningis a group that is created by the inventory plugin):(Optional) Speeding it up
By default, the dynamic inventory will be recreated every time you run a playbook. This can be slow if you have many containers. To speed it up, you can cache the inventory, by adding the following to your
ansible.cfg:In addition, the PCT over SSH it quite slow, because the paramiko ssh plugin (used by this plugin) doesn't support persistent connections. You can use parallel execution to speed it up a bit, by adding the following to your
ansible.cfg:Also gathering facts can be slow, you can disable it by setting
gather_facts: falsein your playbook. (it can even crash ansible if you have many containers, because many devices are shared between containers, in that case you can use thegather_subsetoption to limit the facts gathered, for examplegather_subset: ["!devices"]).Example use
You can now use the inventory to run regular playbooks on your Proxmox containers. For example, I use the following playbook (based on https://docs.portainer.io/start/upgrade/docker) to update portainer and the
portainer_agentcontainer to 2.27.1 on all my LXCs I tagged in proxmox withdocker:Enjoy!
Footnotes
https://galaxy.ansible.com/ui/repo/published/community/general/ ↩
https://docs.ansible.com/ansible/latest/collections/community/general/proxmox_pct_remote_connection.html ↩ ↩2
https://docs.ansible.com/ansible/latest/collections/community/general/proxmox_inventory.html ↩ ↩2
Beta Was this translation helpful? Give feedback.
All reactions