prepare node

proxmox/.gitignore

@@ -1,2 +1 @@
 _cfgs/
-*.yaml

proxmox/prepare/Makefile

@@ -0,0 +1,3 @@
+
+prepare:
+	ansible-playbook -Dv -i proxmox.ini proxmox.yaml

proxmox/prepare/README.md

@@ -0,0 +1,20 @@
+# Proxmox
+
+Apply a few changes to the proxmox node.
+* ipv4 NAT
+* cpu governor to `schedutil` (by default it is `performance`)
+* ipv4/v6 forwarding
+
+Inventory file, set the ip here `ansible_host`
+
+```ini
+[pve]
+proxmox-1       ansible_host=1.2.3.1 ansible_ssh_user=root
+proxmox-2       ansible_host=1.2.3.2 ansible_ssh_user=root
+```
+
+Apply optimizations:
+
+```shell
+make prepare
+```

proxmox/prepare/group_vars/pve.yml

@@ -0,0 +1,28 @@
+---
+
+system_cpufrequtils_governor: schedutil
+system_packages:
+  - tcpdump
+  - htop
+  - iftop
+system_sshd_tcpforward: true
+system_sshd_acceptenv: LC_PVE_TICKET
+system_sysctl:
+  - { name: net.ipv4.ip_forward,          value: 1 }
+  - { name: net.ipv6.conf.all.forwarding, value: 1 }
+  - { name: net.ipv6.conf.all.autoconf,   value: 0 }
+  - { name: net.ipv6.conf.all.accept_ra,  value: 0 }
+
+#
+
+iptables_apply_changes: false
+iptables_configuration_template: iptables_proxmox.j2
+iptables6_configuration_template: iptables6_proxmox.j2
+iptables_nat_enabled: true
+
+iptables_input_policy: "ACCEPT"
+iptables_forward_policy: "ACCEPT"
+iptables_output_policy: "ACCEPT"
+iptables6_input_policy: "ACCEPT"
+iptables6_forward_policy: "ACCEPT"
+iptables6_output_policy: "ACCEPT"

proxmox/prepare/proxmox.ini

@@ -0,0 +1,2 @@
+[pve]
+proxmox-1       ansible_host=1.2.3.4 ansible_ssh_user=root

proxmox/prepare/proxmox.yaml

@@ -0,0 +1,6 @@
+
+- hosts: pve
+  roles:
+    - ansible-role-system
+    - ansible-role-users
+    - ansible-role-iptables