Ansible Role hetzner_vm
This role creates and manages servers (virtual machines) and volumes at the Hetzner console
Installs the VM with the provided t-shirt-size / flavor / server-type (or removes it)
Rescales the VM (for this the VM must be stopped before changing type)
Turns Hetzner backups on/off
Selects the image to install
Selects the location
Deploys the SSH keys from the Hetzner portal
Upgrades disks
Manages additional volumes (just attaches/removes them to/from the VM, but does not mount/unmount them in any way)
Manages networks, subnets and routes
Manages firewall rules
This role does not configure the VM’s network interfaces.
Runs on
Fedora 35
Fedora 36
Mandatory Requirements
Install the Python library
hcloudon the Ansible control node (usepip install --user --upgrade hcloud).Import your public SSH-key into Hetzner (your project > Security > SSH Keys).
Optional Requirements
Install the hcloud command line tool.
Mandatory Role Variables
Variable |
Description |
|---|---|
|
Set the Hetzner API token. API tokens can be managed in your project > Security > API Tokens. The API token requires read and write permissions. |
|
The Hetzner image to use for the server. The possible options can be obtained using |
|
The Hetzner location the instance should run in. The possible options can be obtained using |
|
The Hetzner server type. This defines the number of CPU cores, the CPU type, the disk space and the memory size. The possible options can be obtained using |
You also need ONE of these:
Variable |
Description |
Default Value |
|---|---|---|
|
Choose if the VM should have a public IPv6 address. |
|
|
Choose if the VM should have a public IPv6 address. |
|
|
A list of dictionaries defining which networks should be attached to this instance. It also allows the creation of new internal networks, or setting a fixed IP for the instance. Subkeys: |
|
Example:
# mandatory
hetzner_vm__api_token: 'V5bg8DsrWxgbydkiS6RrE2Jcbcw1eWEZxh26Oms2t6ZhTWfg25r60ua9upCZgt79ui'
hetzner_vm__image: 'rocky-8'
hetzner_vm__location: 'nbg1'
hetzner_vm__server_type: 'cx11'
# one of these
hetzner_vm__enable_public_ipv4: false
hetzner_vm__enable_public_ipv6: false
hetzner_vm__networks:
- name: 'net-test01'
cidr: '10.126.219.0/24'
fixed_ip: '10.126.219.12'
state: 'present'
routes:
- destination: '0.0.0.0/0'
gateway: '10.126.219.2'
Optional Role Variables
Variable |
Description |
Default Value |
|---|---|---|
|
Choose if Hetzner itself should make backups of the volumes. Note that backups cost an additional 20% of the server price. Volumes are not included in backups. Possible options: |
|
|
List of firewall rules that should be applied to the server. Subkeys: |
|
|
Force the update of the server. This may power off the server. The rescaling process will usually take just a few minutes. Also have a look at |
|
|
The name of the server. By default, it uses the Ansible inventory name. |
|
|
List of SSH-key names that should be placed on the server. The names have to match the SSH-keys depoisted in Hetzner. |
|
|
The state of the server. Possible options: |
|
|
Resize the disk when resizing the server. This will prevent downgrades to a |
|
|
Dictionary of volumes that should be managed and attached to this server. Subkeys: |
|
Example:
# optional
hetzner_vm__backups: false
hetzner_vm__firewall_rules:
- direction: 'in'
port: 22
protocol: 'tcp'
source_ips:
- 0.0.0.0/0
- ::/0
hetzner_vm__force: false
hetzner_vm__name: '{{ inventory_hostname }}'
hetzner_vm__ssh_keys:
- 'alice'
- 'bob'
hetzner_vm__state: 'started'
hetzner_vm__upgrade_disk: false
hetzner_vm__volumes:
- name: 'data'
size: '100'
Known Limitations
Creating a server with only an internal network and a fixed IP is currently not possible. See https://github.com/ansible-collections/hetzner.hcloud/issues/172. As a workaround, you need to assign a public IP as well, preferabably hetzner_vm__enable_public_ipv6: true as these are free. After running ansible, you can shutdown the VM via the WebGUI, go to Networking and Disable public network.