refactor(virt): adopt module_defaults for hypervisor credentials

2026-02-20 21:16:33 +01:00
parent 5ca1c7f570
commit ba6be037ac
5 changed files with 273 additions and 261 deletions
--- a/roles/virtualization/tasks/vmware.yml
+++ b/roles/virtualization/tasks/vmware.yml
@@ -11,105 +11,109 @@
  loop_control:
    label: "{{ item | to_json }}"

-# community.vmware: full-featured guest management
- name: Create VM in vCenter
+- name: Deploy VM in vCenter
  delegate_to: localhost
-  vars:
-    virtualization_vmware_networks: >-
-      {%- set ns = namespace(out=[]) -%}
-      {%- for iface in system_cfg.network.interfaces -%}
-      {%- set entry = {'name': iface.bridge, 'type': 'dhcp'} -%}
-      {%- if (iface.vlan | default('') | string | length) > 0 -%}
-      {%- set entry = entry | combine({'vlan': iface.vlan | int}) -%}
-      {%- endif -%}
-      {%- set ns.out = ns.out + [entry] -%}
-      {%- endfor -%}
-      {{ ns.out }}
-  community.vmware.vmware_guest:
-    hostname: "{{ hypervisor_cfg.url }}"
-    username: "{{ hypervisor_cfg.username }}"
-    password: "{{ hypervisor_cfg.password }}"
-    validate_certs: "{{ hypervisor_cfg.certs | bool }}"
-    datacenter: "{{ hypervisor_cfg.datacenter }}"
-    cluster: "{{ hypervisor_cfg.cluster }}"
-    folder: "{{ system_cfg.path if system_cfg.path | string | length > 0 else omit }}"
-    name: "{{ hostname }}"
-    # Generic guest ID — VMware auto-detects OS post-install
-    guest_id: otherLinux64Guest
-    annotation: |
-      {{ note if note is defined else '' }}
-    state: "{{ 'poweredoff' if virtualization_tpm2_enabled | bool else 'poweredon' }}"
-    disk: "{{ virtualization_vmware_disks }}"
-    hardware:
-      memory_mb: "{{ system_cfg.memory }}"
-      num_cpus: "{{ system_cfg.cpus }}"
-      boot_firmware: efi
-      secure_boot: false
-    cdrom: >-
-      {{
-        [ {
-            "controller_number": 0,
-            "unit_number": 0,
-            "controller_type": "sata",
-            "state": "present",
-            "type": "iso",
-            "iso_path": boot_iso
-          } ]
-        +
-        ( [ {
-            "controller_number": 0,
-            "unit_number": 1,
-            "controller_type": "sata",
-            "state": "present",
-            "type": "iso",
-            "iso_path": rhel_iso
-          } ] if rhel_iso is defined and rhel_iso | length > 0 else [] )
-      }}
-    networks: "{{ virtualization_vmware_networks }}"
-  no_log: true
-  register: virtualization_vmware_create_result
+  module_defaults:
+    community.vmware.vmware_guest:
+      hostname: "{{ hypervisor_cfg.url }}"
+      username: "{{ hypervisor_cfg.username }}"
+      password: "{{ hypervisor_cfg.password }}"
+      validate_certs: "{{ hypervisor_cfg.certs | bool }}"
+      datacenter: "{{ hypervisor_cfg.datacenter }}"
+    community.vmware.vmware_guest_tpm:
+      hostname: "{{ hypervisor_cfg.url }}"
+      username: "{{ hypervisor_cfg.username }}"
+      password: "{{ hypervisor_cfg.password }}"
+      validate_certs: "{{ hypervisor_cfg.certs | bool }}"
+      datacenter: "{{ hypervisor_cfg.datacenter }}"
+    vmware.vmware.vm_powerstate:
+      hostname: "{{ hypervisor_cfg.url }}"
+      username: "{{ hypervisor_cfg.username }}"
+      password: "{{ hypervisor_cfg.password }}"
+      validate_certs: "{{ hypervisor_cfg.certs | bool }}"
+      datacenter: "{{ hypervisor_cfg.datacenter }}"
+  block:
+    # community.vmware: full-featured guest management
+    - name: Create VM in vCenter
+      vars:
+        virtualization_vmware_networks: >-
+          {%- set ns = namespace(out=[]) -%}
+          {%- for iface in system_cfg.network.interfaces -%}
+          {%- set entry = {'name': iface.bridge, 'type': 'dhcp'} -%}
+          {%- if (iface.vlan | default('') | string | length) > 0 -%}
+          {%- set entry = entry | combine({'vlan': iface.vlan | int}) -%}
+          {%- endif -%}
+          {%- set ns.out = ns.out + [entry] -%}
+          {%- endfor -%}
+          {{ ns.out }}
+      community.vmware.vmware_guest:
+        cluster: "{{ hypervisor_cfg.cluster }}"
+        folder: "{{ system_cfg.path if system_cfg.path | string | length > 0 else omit }}"
+        name: "{{ hostname }}"
+        # Generic guest ID — VMware auto-detects OS post-install
+        guest_id: otherLinux64Guest
+        annotation: |
+          {{ note if note is defined else '' }}
+        state: "{{ 'poweredoff' if virtualization_tpm2_enabled | bool else 'poweredon' }}"
+        disk: "{{ virtualization_vmware_disks }}"
+        hardware:
+          memory_mb: "{{ system_cfg.memory }}"
+          num_cpus: "{{ system_cfg.cpus }}"
+          boot_firmware: efi
+          secure_boot: false
+        cdrom: >-
+          {{
+            [ {
+                "controller_number": 0,
+                "unit_number": 0,
+                "controller_type": "sata",
+                "state": "present",
+                "type": "iso",
+                "iso_path": boot_iso
+              } ]
+            +
+            ( [ {
+                "controller_number": 0,
+                "unit_number": 1,
+                "controller_type": "sata",
+                "state": "present",
+                "type": "iso",
+                "iso_path": rhel_iso
+              } ] if rhel_iso is defined and rhel_iso | length > 0 else [] )
+          }}
+        networks: "{{ virtualization_vmware_networks }}"
+      no_log: true
+      register: virtualization_vmware_create_result

- name: Set VM created fact when VM was powered on during creation
-  ansible.builtin.set_fact:
-    virtualization_vm_created_in_run: true
-  when:
-    - virtualization_vmware_create_result is defined
-    - not virtualization_tpm2_enabled | bool
-    - virtualization_vmware_create_result.changed | bool
+    - name: Set VM created fact when VM was powered on during creation
+      ansible.builtin.set_fact:
+        virtualization_vm_created_in_run: true
+      when:
+        - virtualization_vmware_create_result is defined
+        - not virtualization_tpm2_enabled | bool
+        - virtualization_vmware_create_result.changed | bool

- name: Ensure vTPM2 is enabled when required
-  when: virtualization_tpm2_enabled | bool
-  delegate_to: localhost
-  community.vmware.vmware_guest_tpm:
-    hostname: "{{ hypervisor_cfg.url }}"
-    username: "{{ hypervisor_cfg.username }}"
-    password: "{{ hypervisor_cfg.password }}"
-    validate_certs: "{{ hypervisor_cfg.certs | bool }}"
-    datacenter: "{{ hypervisor_cfg.datacenter }}"
-    folder: "{{ system_cfg.path if system_cfg.path | string | length > 0 else omit }}"
-    name: "{{ hostname }}"
-    state: present
-  no_log: true
+    - name: Ensure vTPM2 is enabled when required
+      when: virtualization_tpm2_enabled | bool
+      community.vmware.vmware_guest_tpm:
+        folder: "{{ system_cfg.path if system_cfg.path | string | length > 0 else omit }}"
+        name: "{{ hostname }}"
+        state: present
+      no_log: true

-# vmware.vmware: modern collection for power operations
- name: Start VM in vCenter
-  when: virtualization_tpm2_enabled | bool
-  delegate_to: localhost
-  vmware.vmware.vm_powerstate:
-    hostname: "{{ hypervisor_cfg.url }}"
-    username: "{{ hypervisor_cfg.username }}"
-    password: "{{ hypervisor_cfg.password }}"
-    validate_certs: "{{ hypervisor_cfg.certs | bool }}"
-    datacenter: "{{ hypervisor_cfg.datacenter }}"
-    name: "{{ hostname }}"
-    state: powered-on
-  no_log: true
-  register: virtualization_vmware_start_result
+    # vmware.vmware: modern collection for power operations
+    - name: Start VM in vCenter
+      when: virtualization_tpm2_enabled | bool
+      vmware.vmware.vm_powerstate:
+        name: "{{ hostname }}"
+        state: powered-on
+      no_log: true
+      register: virtualization_vmware_start_result

- name: Set VM created fact when VM was started separately (TPM2 case)
-  ansible.builtin.set_fact:
-    virtualization_vm_created_in_run: true
-  when:
-    - virtualization_tpm2_enabled | bool
-    - virtualization_vmware_start_result is defined
-    - virtualization_vmware_start_result.changed | bool
+    - name: Set VM created fact when VM was started separately (TPM2 case)
+      ansible.builtin.set_fact:
+        virtualization_vm_created_in_run: true
+      when:
+        - virtualization_tpm2_enabled | bool
+        - virtualization_vmware_start_result is defined
+        - virtualization_vmware_start_result.changed | bool