1
0
IaC/ansible/roles/hypervisor/tasks/main.yaml

123 lines
2.9 KiB
YAML
Raw Normal View History

2023-08-10 20:52:27 -04:00
---
- name: Install libvirt packages (Arch)
when: ansible_os_distribution == 'Archlinux'
community.general.pacman:
name: "{{ libvirt_packages['Arch'] }}"
state: present
update_cache: true
- name: Add user to libvirt group
ansible.builtin.user:
name: "{{ ansible_user }}"
groups: libvirt
append: true
- name: Set required sysctl flags for bridging
ansible.posix.sysctl:
name: "{{ item.name }}"
reload: true
state: present
sysctl_file: /etc/sysctl.d/bridge.conf
sysctl_set: true
value: "{{ item.value }}}}"
loop:
- name: net.ipv4.ip_forward
value: 1
- name: net.bridge.bridge-nf-call-iptables
value: 0
- name: net.bridge.bridge-nf-call-ip6tables
value: 0
- name: net.bridge.bridge-nf-call-arptables
value: 0
- name: Add bridge(s) to qemu_bridge_helper
when: qemu_bridges is defined
ansible.builtin.lineinfile:
path: /etc/qemu/bridge.conf
line: "{{ item }}"
state: present
backup: false
insertafter: EOF
loop: "{{ qemu_bridges | default(['virbr0']) }}"
- name: Start and enable libvirt service
ansible.builtin.service:
name: libvirtd.service
state: started
enabled: true
- name: Stop the default libvirt network
community.libvirt.virt_net:
name: default
state: inactive
- name: Remove default libvirt network
community.libvirt.virt_net:
name: default
state: absent
- name: Remove the default libvirt storage pool
community.libvirt.virt_pool:
name: default
state: deleted
- name: Create standard libvirt storage directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: libvirt-qemu
group: libvirt-qemu
mode: '0775'
loop:
- /var/lib/libvirt/isos/
- /var/lib/libvirt/nvram/
- name: Get libvirt storage pool facts
community.libvirt.virt_pool:
command: facts
- name: Define the standard libvirt storage pools
community.libvirt.virt_pool:
name: "{{ item.name }}"
command: define
xml: "{{ lookup('template', 'dir_pool.xml.j2') }}"
loop:
- name: isos
path: /var/lib/libvirt/isos/
- name: nvram
path: /var/lib/libvirt/nvram/
- name: Create the standard libvirt storage pools
community.libvirt.virt_pool:
name: "{{ item }}"
command: build
loop:
- isos
- nvram
- name: Start the standard libvirt storage pools
community.libvirt.virt_pool:
name: "{{ item }}"
state: active
autostart: true
loop:
- isos
- nvram
- name: Setup additional libvirt storage (dir)
when: hypervisor.storage == 'dir'
ansible.builtin.include_tasks:
file: libvirt_dir.yaml
- name: Setup additional libvirt storage (zfs)
when: hypervisor.storage == 'zfs'
ansible.builtin.include_tasks:
file: libvirt_zfs.yaml
# - name: Enroll libvirtd TLS certificate
# - name: Configure libvirtd TLS listener
# - name: Open libvirtd TLS firewall ports