Merge pull request #314 from simoncaron/feature/fixes-for-pve9

Proxmox VE 9 Configuration Fixes

- adds deb822 repositories for PVE9
- introduces pve_repository role variable as part of refactoring for deb822
- fixes HA groups check condition for PVE9

Co-authored-by: Simon Caron <[email protected]>

Author: lae

README.md

@@ -386,6 +386,12 @@ serially during a maintenance period.) It will also enable the IPMI watchdog.
 ```
 [variable]: [default] #[description/purpose]
 pve_group: proxmox # host group that contains the Proxmox hosts to be clustered together
+# Proxmox repository configuration for PVE 9 and above
+pve_repository:
+  uris: # List of URIs for the Proxmox repository
+  suites: # List of suites for the Proxmox repository
+  components: # List of components for the Proxmox repository
+# Proxmox repository configuration for PVE 8 and below
 pve_repository_line: "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription" # apt-repository configuration - change to enterprise if needed (although TODO further configuration may be needed)
 pve_remove_subscription_warning: true # patches the subscription warning messages in proxmox if you are using the community edition
 pve_extra_packages: [] # Any extra packages you may want to install, e.g. ngrep
@@ -413,6 +419,12 @@ pve_zfs_enabled: no # Specifies whether or not to install and configure ZFS pack
 # pve_zfs_zed_email: "" # Should be set to an email to receive ZFS notifications
 pve_zfs_create_volumes: [] # List of ZFS Volumes to create (to use as PVE Storages). See section on Storage Management.
 pve_ceph_enabled: false # Specifies wheter or not to install and configure Ceph packages. See below for an example configuration.
+# Proxmox Ceph repository configuration for PVE 9 and above
+pve_ceph_repository:
+  uris: # List of URIs for the Ceph repository
+  suites: # List of suites for the Ceph repository
+  components: # List of components for the Ceph repository
+# Proxmox Ceph repository configuration for PVE 8 and below
 pve_ceph_repository_line: "deb http://download.proxmox.com/debian/ceph-pacific bookworm main" # apt-repository configuration. Will be automatically set for 6.x and 7.x (Further information: https://pve.proxmox.com/wiki/Package_Repositories)
 pve_ceph_network: "{{ (ansible_default_ipv4.network +'/'+ ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}" # Ceph public network
 # pve_ceph_cluster_network: "" # Optional, if the ceph cluster network is different from the public network (see https://pve.proxmox.com/pve-docs/chapter-pveceph.html#pve_ceph_install_wizard)

defaults/main.yml

@@ -1,6 +1,11 @@
 ---
 # defaults file for ansible-role-proxmox
 pve_group: proxmox
+pve_repository:
+  uris: http://download.proxmox.com/debian/pve
+  suites: "{{ ansible_distribution_release }}"
+  components: pve-no-subscription
+# Repo configuration for Proxmox VE < 9
 pve_repository_line: "deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription"
 pve_remove_subscription_warning: true
 pve_extra_packages: []
@@ -28,6 +33,11 @@ pve_zfs_enabled: no
 # pve_zfs_zed_email: "email address for zfs events"
 pve_zfs_create_volumes: []
 pve_ceph_enabled: false
+pve_ceph_repository:
+  uris: http://download.proxmox.com/debian/ceph-{{ pve_ceph_default_version }}
+  suites: "{{ ansible_distribution_release }}"
+  components: "{{ pve_ceph_debian_component }}"
+# Ceph Repo configuration for Proxmox VE < 9
 pve_ceph_repository_line: "deb http://download.proxmox.com/debian/ceph-{{ pve_ceph_default_version }} {{ ansible_distribution_release }} {{ pve_ceph_debian_component }}"
 pve_ceph_network: "{{ (ansible_default_ipv4.network +'/'+ ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}"
 pve_ceph_nodes: "{{ pve_group }}"

files/proxmox-release-trixie.gpg

@@ -120,12 +120,12 @@
     state: present
   when: "ansible_distribution_major_version | int < 12"
 
-- name: Trust Proxmox' packaging key on Debian 12
+- name: Trust Proxmox' packaging key on Debian >= 12
   copy:
     src: "proxmox-release-{{ ansible_distribution_release }}.gpg"
     dest: "/etc/apt/trusted.gpg.d/proxmox-release-{{ ansible_distribution_release }}.gpg"
     mode: 0644
-  when: "ansible_distribution_major_version | int == 12"
+  when: "ansible_distribution_major_version | int >= 12"
 
 - name: Remove os-prober package
   apt:
@@ -136,20 +136,55 @@
   when:
     - "'pve-no-subscription' in pve_repository_line"
 
-- name: Add Proxmox repository
-  apt_repository:
-    repo: "{{ pve_repository_line }}"
-    filename: proxmox
-    state: present
-  register: _pve_repo
-
-- name: Add Proxmox Ceph repository
-  apt_repository:
-    repo: '{{ pve_ceph_repository_line }}'
-    filename: ceph
-    state: present
-  register: _pve_ceph_repo
-  when: "pve_ceph_enabled | bool"
+- name: Manage apt repositories
+  block:
+  - name: Add Proxmox repository
+    ansible.builtin.apt_repository:
+      repo: "{{ pve_repository_line }}"
+      filename: proxmox
+      state: present
+    register: _pve_repo
+
+  - name: Add Proxmox Ceph repository
+    ansible.builtin.apt_repository:
+      repo: '{{ pve_ceph_repository_line }}'
+      filename: ceph
+      state: present
+    register: _pve_ceph_repo
+    when: "pve_ceph_enabled | bool"
+  when: "ansible_distribution_major_version | int <= 12"
+
+- name: Manage deb822 repositories
+  block:
+  - name: Add Proxmox repository
+    ansible.builtin.deb822_repository:
+      name: proxmox
+      types: deb
+      uris: "{{ pve_repository.uris }}"
+      suites: "{{ pve_repository.suites }}"
+      components: "{{ pve_repository.components }}"
+      signed_by: /etc/apt/trusted.gpg.d/proxmox-release-{{ ansible_distribution_release }}.gpg
+      state: present
+    register: _pve_repo
+
+  - name: Add Proxmox Ceph repository
+    ansible.builtin.deb822_repository:
+      name: ceph
+      types: deb
+      uris: "{{ pve_ceph_repository.uris }}"
+      suites: "{{ pve_ceph_repository.suites }}"
+      components: "{{ pve_ceph_repository.components }}"
+      signed_by: /etc/apt/trusted.gpg.d/proxmox-release-{{ ansible_distribution_release }}.gpg
+      state: present
+    register: _pve_ceph_repo
+    when: "pve_ceph_enabled | bool"
+
+  - name: Update repositories cache
+    ansible.builtin.apt:
+      update_cache: yes
+    when: _pve_repo is changed or _pve_ceph_repo is changed
+
+  when: "ansible_distribution_major_version | int > 12"
 
 - name: Run apt-get dist-upgrade on repository changes
   apt:

tasks/main.yml

@@ -80,7 +80,7 @@
   proxmox_query:
     query: "/cluster/ha/groups"
   register: _ha_group_list
-  when: "inventory_hostname == _init_node"
+  when: "inventory_hostname == _init_node and pve_cluster_ha_groups | length > 0"
 
 - name: Create PVE cluster HA groups
   command: >-

tasks/pve_cluster_config.yml

@@ -8,3 +8,17 @@
     - "deb https://enterprise.proxmox.com/debian {{ ansible_distribution_release }} pve-enterprise"
     - "deb https://enterprise.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-enterprise"
     - "deb https://enterprise.proxmox.com/debian/ceph-quincy {{ ansible_distribution_release }} enterprise"
+  when: "ansible_distribution_major_version | int <= 12"
+
+- name: Remove automatically installed PVE Enterprise repo configuration
+  ansible.builtin.deb822_repository:
+    name: "{{ item.name }}"
+    state: absent
+    types: deb
+    uris: "{{ item.uris }}"
+    suites: "{{ ansible_distribution_release }}"
+    components: "{{ item.components }}"
+  loop:
+    - { name: 'pve-enterprise', uris: 'https://enterprise.proxmox.com/debian/pve', components: ['pve-enterprise'] }
+    - { name: 'ceph', uris: 'https://enterprise.proxmox.com/debian/{{ pve_ceph_debian_component }}', components: ['enterprise'] }
+  when: "ansible_distribution_major_version | int > 12"

tasks/remove_enterprise_repos.yml

@@ -0,0 +1,4 @@
+---
+pve_ssh_ciphers: "aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]"
+pve_ceph_default_version: squid
+pve_ceph_debian_component: no-subscription