community.general
community.general copied to clipboard
ansible-collections
Proxmox: "net" do not configure network card
SUMMARY
Can't set any configuration with the parameter net in "proxmox_kvm" I can see my options in proxmox Syslog but nothing will be configured.
Using latest repo from github
ISSUE TYPE
- Bug Report
COMPONENT NAME
proxmox_kvm
ANSIBLE VERSION
ansible 2.10.3
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/felix/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/felix/.local/lib/python3.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.7.3 (default, Jul 25 2020, 13:03:44) [GCC 8.3.0]
CONFIGURATION
""
OS / ENVIRONMENT
Debian 10 WSL on Windows 10 20H2
STEPS TO REPRODUCE
- name: Create VM
community.general.proxmox_kvm:
api_user: "{{prox_user}}"
api_password: "{{prox_pass}}"
api_host: "{{prox_host}}"
node: "{{prox_host}}"
name: "{{item.name}}"
clone: "{{template_name}}"
newid: "{{item.id}}"
memory: "{{item.ram}}"
sockets: "{{vm_sockets}}"
cores: "{{item.cores}}"
net: {"net0":"virtio=32:5F:B4:35:16:0F,bridge=vmbr1"}
cpu: host
scsihw: virtio-scsi-pci
agent: yes
full: "{{ vm_full_clone }}"
proxmox_default_behavior: no_defaults
with_items: "{{vms}}"
register: vmsinfo
EXPECTED RESULTS
Network card of vm will use "vmbr1" and mac address seen in config
ACTUAL RESULTS
It doesn't matter what I provide through the net option, it will be ignored:
Syslog Output:
...memory=2048 sockets=1 cores=2 net={'net0': 'virtio=32:5F:B4:35:16:0F,bridge=vmbr1'} cpu=host scsihw=virtio-scsi-pci agent=True full=False...
Files identified in the description: None
If these files are inaccurate, please update the component name section of the description or use the !component bot command.
Files identified in the description:
If these files are inaccurate, please update the component name section of the description or use the !component bot command.
So the proxmox server is reporting that it is getting the setting passed to it? I don't see anything necessarily wrong. Have you tried adding quotes around the json you are passing in there? If you look at the examples the quote the json.
Looking at your task though you are going to have problems with looping over VMs and passing them all the same MAC address for the network.
Hello @felixhopfauf,
net is not a valid parameter when cloning another VM or template. It should be for the update action but it's currently not.
@JuddTracy-DAS Mac Address was only for example in my real script the is a variable for the mac.
@Aversiste Hello Aversiste,
i rewrite the code to do an update after creating vms but seems the same behavior:
Prox Syslog: Invoked with api_user= api_password=NOT_LOGGING_PARAMETER api_host=prox01 node=prox01 name=con01 update=True net={'net0': 'virtio,bridge=vmbr0,tag=36'}
But Tag is not set.
Thats now the playbook:
-
name: Create VM community.general.proxmox_kvm: api_user: "{{prox_user}}" api_password: "{{prox_pass}}" api_host: "{{prox_host}}" node: "{{prox_host}}" name: "{{item.name}}" clone: "{{template_name}}" newid: "{{item.id}}" memory: "{{item.ram}}" sockets: "{{vm_sockets}}" cores: "{{item.cores}}" cpu: host scsihw: virtio-scsi-pci agent: yes full: "{{ vm_full_clone }}" timeout: 300 proxmox_default_behavior: no_defaults with_items: "{{vms}}" register: vmsinfo
-
name: Update Network Settings community.general.proxmox_kvm: api_user: "{{prox_user}}" api_password: "{{prox_pass}}" api_host: "{{prox_host}}" node: "{{prox_host}}" name: "{{item.name}}" update: yes net: "{{ vm_net }}" proxmox_default_behavior: no_defaults with_items: "{{vms}}"
And {{ vm_net }} is declared as:
vm_storage: "Dev_Storage" vm_disk_size: "+30G" vm_sockets: "1" vm_full_clone: "no" vm_net: '{"net0":"virtio,bridge={{item.bridge}},tag={{item.tag}}"}'
vms:
- name: "con01" id: "401" cores: "2" ram: "4096" bridge: "vmbr0" tag: "36" ip: "" gw: ""
Having two subsequent tasks, one for cloning and the second for updating, is the right way to go in my opinion. But right now update: yes will silently drop the net parameter. It only works with small subset of parameters such as cores, keyboard or memory.
You can workaround by sshing to the proxmox host and using qm(1):
- name: Configure network adapter
become: true
become_user: "{{prox_user}}"
delegate_to: "{{ prox_host }}"
command: "qm set {{item.id}} -net0 virtio,bridge={{item.bridge}},tag={{item.tag}}"
This is an annoyance I am working on but I got sidetracked by other issues.
@Aversiste I was working on the issue too but got pulled onto another project. I plan on eventually getting back to it.
@felixhopfauf If you don't mind keeping a custom version of the module you can modify it so that it does not remove net options on modify. The original author stated it was for security reasons, but I am not sure why that would be. If you do modify it the biggest caveat that you have to worry about is always passing in the exact net configuration with a MAC address. If you do not pass in the MAC Proxmox will generate a new MAC every time you call it which can cause problems. In the current module in git you can remove lines 967-968. But if you do please do lots of testing to make sure it is doing what you need it to do.
netandipconfigparameter has both no effect.
The ipconfig parameter only works with a cloud-init config drive.
@tleguern I know. And it is not applying when creating a vm, based on a clone, that included a cloud-init drive.
- name: >
create a vm base on my template
community.general.proxmox_kvm:
clone: arbitrary_name
vmid: 9000
newid: 106
name: test01
node: proxmox
storage: local
sshkeys: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgQJkfyi1FjMC8ta8cuAln1g+nR64QV7kq0UqYMd6OQ
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL8teglE1qdZ8qWUL+yqnj09e1dPnlxiTHAPXHDAuYny
ipconfig:
ipconfig0: 'ip=10.10.10.106/16,gw=10.10.0.1'
net:
net0: 'virtio,bridge=vmbr0'
@tleguern You cannot pass those options when you clone. It is not documented very well but when cloning the only valid options are:
valid_clone_params = ['format', 'full', 'pool', 'snapname', 'storage', 'target']
@JuddTracy-DAS that's true, only a handful of options are passed to the API when cloning and no warning are displayed.
@markuman you need to split your task in two: one with a clone: whatever and a second with update: true as well as your cloud-init parameters. That's what I do anyway.
@tleguern @markuman But what he wants to do is not going to work. He is updating the bridge too which is not allowed with update: true.
Ah yes, it is currently not possible. A “workaround”, if you squint enough, is to ssh to the proxmox node and use qm set {{ vmid }} -{{ netidx }} virtio={{ hwaddr }},bridge={{ bridge }},tag={{ vlan }}.
@JuddTracy-DAS that's true, only a handful of options are passed to the API when cloning and no warning are displayed.
@markuman you need to split your task in two: one with a
clone: whateverand a second withupdate: trueas well as your cloud-init parameters. That's what I do anyway.
@tleguern @markuman But what he wants to do is not going to work. He is updating the bridge too which is not allowed with
update: true.
I don't need to update the bridge. I thought it belongs together and will only change if net: parameter also exists.
I'll give the two-step solution a try.
I also ended up here. If you don't like ssh and qm, another work around is to use lineinfile with the config file in /etc/pve/qemu-server/{{ vmid }}.conf while the vm is not yet running.
I'm also not seeing the security issue, especially since there are multiple ways to achieve the same goal.
@Aversiste I was working on the issue too but got pulled onto another project. I plan on eventually getting back to it.
@felixhopfauf If you don't mind keeping a custom version of the module you can modify it so that it does not remove net options on modify. The original author stated it was for security reasons, but I am not sure why that would be. If you do modify it the biggest caveat that you have to worry about is always passing in the exact net configuration with a MAC address. If you do not pass in the MAC Proxmox will generate a new MAC every time you call it which can cause problems. In the current module in git you can remove lines 967-968. But if you do please do lots of testing to make sure it is doing what you need it to do.
ansible-doc proxmox_kvm mentions:
`virtio' create always new disk
That means the guest cannot boot after trying update: yes. Proceed with caution...
- update
If `yes', the VM will be update with new value.
Cause of the operations of the API and security reasons, I have disabled the update of the following parameters
`net, virtio, ide, sata, scsi'. Per example updating `net' update the MAC address and `virtio' create always new disk...
[Default: no]
type: bool
As @c33howard suggested I use lineinfile to change the MAC after cloning the VM from a template:
- name: "set macaddress for new VM"
lineinfile:
path: "/etc/pve/qemu-server/{{ vm_state['vmid'] }}.conf"
regexp: '^net0:.*$'
line: 'net0: virtio={{ vm_mac_address }},bridge=vmbr0,firewall=1'
delegate_to: "{{ physical_host }}"
This "situation" cost me two full days. I feel like either the approach should be revisited (I do not see any security concerns, you simply need to understand what you are doing) or at least the docs should make very clear, that changing values on cloning is not possible (because normally you would expect, that this is possible).
Yeah, it is really not a security concern, but there is a problem with the Proxmox API in that if you specify a net section and it does not contain the MAC of the current one it will regenerate the network interface which could cause all kinds of issues in the VM.
Logic needs to be generated on how to properly define net statements to be idempotent that allows both for keeping existing settings and allow for regenerating them too. It might be that we need an additional Boolean to control that process. And of course it needs to not break backwards compatibility with the current code base otherwise lots of plays are going to break down the road.
If you have the time and the skills please update the module. You can also submit a change to the documentation to better describe the issue so other people do not waste time chasing the same issue.
Files identified in the description:
If these files are incorrect, please update the component name section of the description or use the !component bot command.
Finally found this thread that explains why I was having so many difficulties. Such an inconvenience.
Hei folks, what about to use the proxmox_nic module for net updates?
It seems to have the logic already implemented:
https://docs.ansible.com/ansible/latest/collections/community/general/proxmox_nic_module.html#parameter-mac
When not specified this module will keep the MAC address the same when changing an existing interface.
@Jurka007 thx man, you safe my day! was going crazy because this didn't worked at all with proxmox_kvm
