The task files were previously renamed to .yml (commits b2379e5, ce7ec1b)
but main.yml's include_tasks directives still referenced the old .yaml
names, causing role execution to fail with 'Could not find or access'
errors for extra-packages.yaml, user.yaml, and ssh.yaml.
The user-module tasks in post-clone.yml were running without become, so
modifying /etc/passwd failed with 'usermod: Permission denied' when the
connection user (e.g. admin) was non-root. Add become: true to both
password tasks. Block-level become is avoided because the known_hosts
task in the same file is delegate_to: localhost and should not sudo on
the controller.
Also fix the variable name passed to the system_setup ssh tasks_from:
post-clone.yml was setting 'regenerate_ssh_keys', but ssh.yml gates on
'regenerate_ssh_host_keys'. The mismatch caused cloned containers to
silently keep the source template's SSH host keys.
The bridge (vmbr0) and interface name (eth0) were previously hardcoded
in the netif string, and there was no way to set an 802.1Q VLAN tag.
Expose lxc_bridge, lxc_iface_name, and lxc_vlan_tag (optional) so
containers can be attached to non-default bridges or tagged into a VLAN
without forking the role.
Also drop the misleading 'lxc_ipv6 | default(omit)' filter — default(omit)
does not produce omission inside a string context, and lxc_ipv6 always
has a default of 'auto' in defaults/main.yml.
The bare 'password' variable in user.yml could silently collide with any
same-named variable elsewhere in scope. Rename to user_password to
namespace it alongside username.
BREAKING CHANGE: callers passing 'password' to this role must rename it
to user_password.
Rename lxc_password to lxc_root_password for consistency with the new
lxc_user_password (replaces the previously bare 'password' variable in
post-clone.yml, which silently collided with any same-named caller var).
Add lxc_user_name (default: admin) so the non-root account managed in
post-clone.yml is no longer hardcoded. Apply default(omit) to the root
password in create.yml so it is genuinely optional as documented.
BREAKING CHANGE: callers passing lxc_password or a bare 'password' var
must rename to lxc_root_password and lxc_user_password respectively.
Add post-clone.yml and edit-config.yml to the task list, and document
the previously undocumented optional variables (lxc_unprivileged,
lxc_mounts, lxc_onboot, lxc_startup, lxc_timezone, lxc_nvidia_gpu_mount,
gpu_device_id, uvm_device_id, lxc_id_mappings).
- Document proxmox_delegate_host for delegating pct commands to inventory host
- Update check-exists.yml description to reflect vmid or hostname checking
- Document lxc_exists fact set by idempotency check
patrick
hiperman