--- - name: Provision OpenApply LXC on Proxmox hosts: localhost gather_facts: false connection: local pre_tasks: - name: Validate required infrastructure variables ansible.builtin.assert: that: - openapply_pve_api_host | length > 0 - openapply_pve_api_user | length > 0 - openapply_pve_api_token_id | length > 0 - openapply_pve_api_token_secret | length > 0 - openapply_pve_node | length > 0 - openapply_lxc_vmid | int > 0 - openapply_lxc_hostname | length > 0 - openapply_lxc_template | length > 0 - openapply_lxc_storage | length > 0 - openapply_lxc_ip_cidr | length > 0 - openapply_lxc_gateway | length > 0 - openapply_lxc_management_ip | length > 0 - openapply_lxc_password | length > 0 fail_msg: >- Required Proxmox/OpenApply LXC variables are missing. Check group_vars/all/openapply.yml and vault variables. - name: Validate Proxmox Python dependencies on controller ansible.builtin.command: python3 -c "import proxmoxer, requests" register: openapply_controller_python_deps changed_when: false failed_when: openapply_controller_python_deps.rc != 0 when: openapply_validate_controller_python_deps | bool tasks: - name: Ensure OpenApply LXC is present and started community.proxmox.proxmox: api_host: "{{ openapply_pve_api_host }}" api_user: "{{ openapply_pve_api_user }}" api_token_id: "{{ openapply_pve_api_token_id }}" api_token_secret: "{{ openapply_pve_api_token_secret }}" validate_certs: "{{ openapply_proxmox_validate_certs }}" node: "{{ openapply_pve_node }}" vmid: "{{ openapply_lxc_vmid }}" hostname: "{{ openapply_lxc_hostname }}" ostemplate: "{{ openapply_lxc_template }}" storage: "{{ openapply_lxc_storage }}" cores: "{{ openapply_lxc_cores }}" memory: "{{ openapply_lxc_memory_mb }}" swap: "{{ openapply_lxc_swap_mb }}" password: "{{ openapply_lxc_password }}" onboot: "{{ openapply_lxc_onboot }}" unprivileged: "{{ openapply_lxc_unprivileged }}" netif: net0: "name=eth0,bridge={{ openapply_lxc_bridge }},ip={{ openapply_lxc_ip_cidr }},gw={{ openapply_lxc_gateway }}" features: "{{ openapply_lxc_features }}" state: started register: openapply_lxc_status - name: Reconcile LXC NIC configuration via Proxmox API when: openapply_use_proxmox_nic | bool block: - name: Ensure net0 configuration through proxmox_nic community.proxmox.proxmox_nic: api_host: "{{ openapply_pve_api_host }}" api_user: "{{ openapply_pve_api_user }}" api_token_id: "{{ openapply_pve_api_token_id }}" api_token_secret: "{{ openapply_pve_api_token_secret }}" validate_certs: "{{ openapply_proxmox_validate_certs }}" vmid: "{{ openapply_lxc_vmid }}" name: "{{ openapply_lxc_hostname }}" interface: net0 bridge: "{{ openapply_lxc_bridge }}" firewall: "{{ openapply_lxc_nic_firewall }}" state: present rescue: - name: Continue when proxmox_nic is unsupported for this target ansible.builtin.debug: msg: >- proxmox_nic could not be applied to vmid {{ openapply_lxc_vmid }}; continuing with proxmox container network configuration only. - name: Add OpenApply LXC to runtime inventory ansible.builtin.add_host: name: "{{ openapply_lxc_hostname }}" ansible_host: "{{ openapply_lxc_management_ip }}" ansible_user: "{{ openapply_lxc_ssh_user }}" ansible_port: "{{ openapply_lxc_ssh_port }}" ansible_python_interpreter: /usr/bin/python3 groups: lxc_guests - name: Display provisioning summary ansible.builtin.debug: msg: - "LXC hostname: {{ openapply_lxc_hostname }}" - "LXC management IP: {{ openapply_lxc_management_ip }}" - "LXC vmid: {{ openapply_lxc_vmid }}" - "LXC changed: {{ openapply_lxc_status.changed | default(false) }}" - name: Configure OpenApply application inside guest hosts: lxc_guests gather_facts: true become: true pre_tasks: - name: Wait for SSH connectivity to LXC guest ansible.builtin.wait_for_connection: timeout: 300 roles: - role: openapply_app