Support for CIFS storages, namespacing in PBS, and ranking interfaces for corosync

README.md

@@ -422,6 +422,7 @@ pve_users: [] # List of user definitions to manage in PVE. See section on User M
 pve_storages: [] # List of storages to manage in PVE. See section on Storage Management.
 pve_datacenter_cfg: {} # Dictionary to configure the PVE datacenter.cfg config file.
 pve_domains_cfg: [] # List of realms to use as authentication sources in the PVE domains.cfg config file.
+pve_no_log: false # Set this to true in production to prevent leaking of storage credentials in run logs. (may be used in other tasks in the future)
 ```
 
 To enable clustering with this role, configure the following variables appropriately:
@@ -434,12 +435,17 @@ pve_manage_hosts_enabled : yes # Set this to no to NOT configure hosts file (cas
 
 The following variables are used to provide networking information to corosync.
 These are known as ring0_addr/ring1_addr or link0_addr/link1_addr, depending on
-PVE version. They should be IPv4 or IPv6 addresses. For more information, refer
-to the [Cluster Manager][pvecm-network] chapter in the PVE Documentation.
+PVE version. They should be IPv4 or IPv6 addresses. You can also configure the
+[priority of these interfaces][pvecm-network-priority] to hint to corosync
+which interface should handle cluster traffic (lower numbers indicate higher
+priority). For more information, refer to the [Cluster Manager][pvecm-network]
+chapter in the PVE Documentation.
 
 ```
 # pve_cluster_addr0: "{{ defaults to the default interface ipv4 or ipv6 if detected }}"
 # pve_cluster_addr1: "another interface's IP address or hostname"
+# pve_cluster_addr0_priority: 255
+# pve_cluster_addr1_priority: 0
 ```
 
 You can set options in the datacenter.cfg configuration file:
@@ -592,9 +598,9 @@ Refer to `library/proxmox_role.py` [link][user-module] and
 
 ## Storage Management
 
-You can use this role to manage storage within Proxmox VE (both in
-single server deployments and cluster deployments). For now, the only supported
-types are `dir`, `rbd`, `nfs`, `cephfs`, `lvm`,`lvmthin`, `zfspool`, `btrfs`,
+You can use this role to manage storage within Proxmox VE (both in single
+server deployments and cluster deployments). For now, the only supported types
+are `dir`, `rbd`, `nfs`, `cephfs`, `lvm`,`lvmthin`, `zfspool`, `btrfs`, `cifs`
 and `pbs`. Here are some examples.
 
 ```
@@ -645,6 +651,7 @@ pve_storages:
     username: user@pbs
     password: PBSPassword1
     datastore: main
+    namespace: Top/something # Optional
   - name: zfs1
     type: zfspool
     content: [ "images", "rootdir" ]
@@ -656,6 +663,15 @@ pve_storages:
     nodes: [ "lab-node01.local", "lab-node02.local" ]
     path: /mnt/proxmox_storage
     is_mountpoint: true
+  - name: cifs1
+    server: cifs-host.domain.tld
+    type: cifs
+    content: [ "snippets", "vztmpl", "iso" ]
+    share: sharename
+    subdir: /subdir
+    username: user
+    password: supersecurepass
+    domain: addomain.tld
 ```
 
 Refer to https://pve.proxmox.com/pve-docs/api-viewer/index.html for more information.
@@ -868,6 +884,7 @@ Adam Delo ([@ol3d](https://github.com/ol3d)) - PCIe Passthrough Support
 [pve-cluster]: https://pve.proxmox.com/wiki/Cluster_Manager
 [install-ansible]: http://docs.ansible.com/ansible/intro_installation.html
 [pvecm-network]: https://pve.proxmox.com/pve-docs/chapter-pvecm.html#_separate_cluster_network
+[pvecm-network-priority]: https://pve.proxmox.com/pve-docs/chapter-pvecm.html#_Corosync_Redundancy
 [pvesm]: https://pve.proxmox.com/pve-docs/chapter-pvesm.html
 [user-module]: https://github.com/lae/ansible-role-proxmox/blob/master/library/proxmox_user.py
 [group-module]: https://github.com/lae/ansible-role-proxmox/blob/master/library/proxmox_group.py

defaults/main.yml

@@ -44,6 +44,8 @@ pve_cluster_clustername: "{{ pve_group }}"
 pve_manage_hosts_enabled: yes
 pve_cluster_addr0: "{{ ansible_default_ipv4.address if ansible_default_ipv4.address is defined else ansible_default_ipv6.address if ansible_default_ipv6.address is defined }}"
 # pve_cluster_addr1: "{{ ansible_eth1.ipv4.address }}
+# pve_cluster_addr0_priority: 0
+# pve_cluster_addr1_priority: 1
 pve_datacenter_cfg: {}
 pve_domains_cfg: []
 pve_cluster_ha_groups: []
@@ -57,3 +59,4 @@ pve_storages: []
 pve_ssh_port: 22
 pve_manage_ssh: true
 pve_hooks: {}
+pve_no_log: false

library/proxmox_storage.py

@@ -103,6 +103,22 @@
         description:
             - Specifies whether or not the given path is an externally managed
             mountpoint.
+    namespace:
+        required: false
+        description:
+            - Specifies the Namespace that should be used on PBS
+    share:
+        required: false
+        description:
+            - Specifies the CIFS-Share to use
+    subdir:
+        required: false
+            - specifies the folder in the share dir to use for proxmox
+              (useful to seperate proxmox content from other content)
+    domain:
+        required: false
+            - Specifies Realm to use for NTLM/LDAPS Authentification if using
+              an AD-Enabled share
 
 author:
     - Fabien Brachere (@fbrachere)
@@ -170,13 +186,25 @@
     datastore: main
     fingerprint: f2:fb:85:76:d2:2a:c4:96:5c:6e:d8:71:37:36:06:17:09:55:f7:04:e3:74:bb:aa:9e:26:85:92:63:c8:b9:23
     encryption_key: autogen
+    namespace: Top/something
 - name: Create a ZFS storage type
   proxmox_storage:
     name: zfs1
     type: zfspool
     content: [ "images", "rootdir" ]
     pool: rpool/data
     sparse: true
+- name: CIFS-Share
+  proxmox_storage:
+    name: cifs1
+    server: cifs-host.domain.tld
+    type: cifs
+    content: [ "snippets", "vztmpl", "iso" ]
+    share: sharename
+    subdir: /subdir
+    username: user
+    password: supersecurepass
+    domain: addomain.tld
 '''
 
 RETURN = '''
@@ -221,6 +249,13 @@ def __init__(self, module):
         self.sparse = module.params['sparse']
         self.is_mountpoint = module.params['is_mountpoint']
 
+        # namespace for pbs
+        self.namespace = module.params['namespace']
+        # CIFS properties
+        self.domain = module.params['domain']
+        self.subdir = module.params['subdir']
+        self.share = module.params['share']
+
         # Validate the parameters given to us
         fingerprint_re = re.compile('^([A-Fa-f0-9]{2}:){31}[A-Fa-f0-9]{2}$')
         if self.fingerprint is not None and not fingerprint_re.match(self.fingerprint):
@@ -305,11 +340,21 @@ def prepare_storage_args(self):
             args['vgname'] = self.vgname
         if self.thinpool is not None:
             args['thinpool'] = self.thinpool
+        if self.namespace is not None:
+            args['namespace'] = self.namespace
         if self.sparse is not None:
             args['sparse'] = 1 if self.sparse else 0
         if self.is_mountpoint is not None:
             args['is_mountpoint'] = 1 if self.is_mountpoint else 0
 
+        # CIFS
+        if self.subdir is not None:
+            args['subdir'] = self.subdir
+        if self.domain is not None:
+            args['domain'] = self.domain
+        if self.share is not None:
+            args['share'] = self.share
+        # end cifs
         if self.maxfiles is not None and 'backup' not in self.content:
             self.module.fail_json(msg="maxfiles is not allowed when there is no 'backup' in content")
         if self.krbd is not None and self.type != 'rbd':
@@ -386,7 +431,7 @@ def main():
         nodes=dict(type='list', required=False, default=None),
         type=dict(default=None, type='str', required=True,
                   choices=["dir", "nfs", "rbd", "lvm", "lvmthin", "cephfs",
-                           "zfspool", "btrfs", "pbs"]),
+                           "zfspool", "btrfs", "pbs", "cifs"]),
         # Remaining PVE API arguments (depending on type) past this point
         datastore=dict(default=None, type='str', required=False),
         encryption_key=dict(default=None, type='str', required=False),
@@ -406,6 +451,10 @@ def main():
         thinpool=dict(default=None, type='str', required=False),
         sparse=dict(default=None, type='bool', required=False),
         is_mountpoint=dict(default=None, type='bool', required=False),
+        namespace=dict(default=None, type='str', required=False),
+        subdir=dict(default=None, type='str', required=False),
+        domain=dict(default=None, type='str', required=False),
+        share=dict(default=None, type='str', required=False),
     )
 
     module = AnsibleModule(
@@ -420,7 +469,8 @@ def main():
             ["type", "lvmthin", ["vgname", "thinpool", "content"]],
             ["type", "zfspool", ["pool", "content"]],
             ["type", "btrfs", ["path", "content"]],
-            ["type", "pbs", ["server", "username", "password", "datastore"]]
+            ["type", "pbs", ["server", "username", "password", "datastore"]],
+            ["type", "cifs", ["server", "share"]],
         ],
         required_by={
             "master_pubkey": "encryption_key"

tasks/main.yml

@@ -333,6 +333,11 @@
     vgname: "{{ item.vgname | default(omit) }}"
     thinpool: "{{ item.thinpool | default(omit) }}"
     sparse: "{{ item.sparse | default(omit) }}"
+    namespace: "{{ item.namespace | default(omit) }}"
+    domain: "{{ item.domain | default(omit) }}"
+    subdir: "{{ item.subdir | default(omit) }}"
+    share: "{{ item.share | default(omit) }}"
+  no_log: "{{ pve_no_log }}"
   with_items: "{{ pve_storages }}"
   when: "not pve_cluster_enabled | bool or (pve_cluster_enabled | bool and inventory_hostname == _init_node)"
   tags: storage

tasks/pve_add_node.yml

@@ -17,9 +17,9 @@
 - name: Add node to Proxmox cluster
   ansible.builtin.command: >-
     pvecm add {{ hostvars[_init_node].pve_cluster_addr0 }} -use_ssh
-    -link0 {{ pve_cluster_addr0 }}
+    -link0 {{ pve_cluster_addr0 }}{% if pve_cluster_addr0_priority is defined %},priority={{ pve_cluster_addr0_priority }}{% endif %}
     {% if pve_cluster_addr1 is defined %}
-    -link1 {{ pve_cluster_addr1 }}
+    -link1 {{ pve_cluster_addr1 }}{% if pve_cluster_addr1_priority is defined %},priority={{ pve_cluster_addr1_priority }}{% endif %}
     {% endif %}
   # Ensure that nodes join one-by-one because cluster joins create a lock
   throttle: 1

tasks/pve_cluster_config.yml

@@ -49,9 +49,9 @@
 - name: Initialize a Proxmox cluster
   ansible.builtin.command: >-
     pvecm create {{ pve_cluster_clustername }}
-    -link0 {{ pve_cluster_addr0 }}
+    -link0 {{ pve_cluster_addr0 }}{% if pve_cluster_addr0_priority is defined %},priority={{ pve_cluster_addr0_priority }}{% endif %}
     {% if pve_cluster_addr1 is defined %}
-    -link1 {{ pve_cluster_addr1 }}
+    -link1 {{ pve_cluster_addr1 }}{% if pve_cluster_addr1_priority is defined %},priority={{ pve_cluster_addr1_priority }}{% endif %}
     {% endif %}
   args:
     creates: "{{ pve_cluster_conf }}"