homelab/ansible/playbooks/onboard-proxmox.yml

---
# Proxmox Node Onboarding Playbook
# Purpose: Onboard Proxmox VE hosts with post-install configuration
# Usage: ansible-playbook playbooks/onboard-proxmox.yml -k --limit pve01
#        (-k prompts for root SSH password on first run)

- name: Onboard Proxmox VE node
  hosts: proxmox_cluster
  gather_facts: true
  become: false  # Already connecting as root
  
  tasks:
    - name: Display target host information
      ansible.builtin.debug:
        msg: |
          Onboarding {{ inventory_hostname }}
          IP: {{ ansible_host }}
          User: {{ ansible_user }}
          
    - name: Ensure .ssh directory exists for root
      ansible.builtin.file:
        path: /root/.ssh
        state: directory
        mode: "0700"
        owner: root
        group: root

    - name: Deploy watchtower SSH public key to root
      ansible.builtin.authorized_key:
        user: root
        state: present
        key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ryXcRsMITcIW+Rc0t3Qou7XGfyIeihLR2PInySogp ansible@watchtower"
        comment: "ansible@watchtower"

    - name: Detect Proxmox VE version
      ansible.builtin.command: pveversion
      register: pve_version_check
      changed_when: false
      failed_when: false

    - name: Display Proxmox version
      ansible.builtin.debug:
        msg: |
          {% if pve_version_check.rc == 0 %}
          ✅ Proxmox VE detected: {{ pve_version_check.stdout }}
          {% else %}
          ⚠️  Could not detect Proxmox VE (pveversion command failed)
          {% endif %}

    - name: Verify Python 3 is available
      ansible.builtin.command: python3 --version
      register: python_version
      changed_when: false

    - name: Display Python version
      ansible.builtin.debug:
        msg: "Python: {{ python_version.stdout }}"

    - name: Run Proxmox post-install configuration
      ansible.builtin.include_role:
        name: proxmox_post_install
      vars:
        proxmox_post_install_enabled: true
        proxmox_disable_subscription_nag: true
        proxmox_disable_pve_enterprise: true
        proxmox_enable_pve_no_subscription: true
        proxmox_fix_sources: true
        proxmox_fix_ceph_repos: true
        proxmox_run_dist_upgrade: false  # Skip for initial onboarding
        proxmox_reboot_after: false      # Manual control
      when: pve_version_check.rc == 0

    - name: Display onboarding summary
      ansible.builtin.debug:
        msg:
          - "=========================================="
          - "Proxmox Onboarding Complete: {{ inventory_hostname }}"
          - "=========================================="
          - "✅ SSH key deployed to root"
          - "✅ Subscription nag removed"
          - "✅ Repositories configured"
          - ""
          - "Next steps:"
          - "  • Test connectivity: ansible pve01 -m ping"
          - "  • Update system: ansible pve01 -m apt -a 'upgrade=dist update_cache=yes'"
          - "  • Review logs and reboot if kernel/system updates applied"