1
0

libvirt config

This commit is contained in:
michael 2022-09-05 21:27:26 +12:00
parent 140749e34c
commit 1166e932c5
9 changed files with 166 additions and 43 deletions

View File

@ -7,6 +7,7 @@
roles: roles:
- python-install - python-install
- sshd - sshd
#- firewall - firewall
- pikaur - pikaur
- zfs-install - zfs-install
- libvirt-server

View File

@ -30,7 +30,7 @@
proto: tcp proto: tcp
interface: "{{ firewall_ssh_interface }}" interface: "{{ firewall_ssh_interface }}"
direction: in direction: in
src: '{{ item }}' src: "{{ item }}"
loop: loop:
- 192.168.20.0/24 - 192.168.20.0/24
- 192.168.72.0/24 - 192.168.72.0/24

View File

@ -6,6 +6,8 @@ libvirt_server_packages:
- openbsd-netcat - openbsd-netcat
- edk2-ovmf - edk2-ovmf
- swtpm - swtpm
- libvirt-python
- python-lxml
libvirt_zfs_pool_name: zfs libvirt_zfs_pool_name: zfs
libvirt_zfs_pool_path: ssd/vhds libvirt_zfs_pool_path: ssd/vhds

View File

@ -5,7 +5,6 @@
name: "{{ libvirt_server_packages }}" name: "{{ libvirt_server_packages }}"
state: latest state: latest
update_cache: true update_cache: true
reason: explicit
when: when:
- ansible_os_family == 'Arch' - ansible_os_family == 'Arch'
@ -23,9 +22,12 @@
state: started state: started
enabled: yes enabled: yes
- name: define vm cluster network - name: set cluster network variables
set_fact:
libvirt_network_name: "{{ libvirt_cluster_network_name }}" libvirt_network_name: "{{ libvirt_cluster_network_name }}"
libvirt_network_domain: "{{ libvirt_cluster_network_name }}" libvirt_network_domain: "{{ libvirt_cluster_network_name }}"
- name: define vm cluster network
community.libvirt.virt_net: community.libvirt.virt_net:
name: "{{ libvirt_cluster_network_name }}" name: "{{ libvirt_cluster_network_name }}"
command: define command: define
@ -34,7 +36,7 @@
- name: build vm cluster network - name: build vm cluster network
community.libvirt.virt_net: community.libvirt.virt_net:
name: "{{ libvirt_cluster_network_name }}" name: "{{ libvirt_cluster_network_name }}"
command: build command: create
- name: start vm cluster network - name: start vm cluster network
community.libvirt.virt_net: community.libvirt.virt_net:
@ -52,32 +54,36 @@
name: "{{ libvirt_zfs_pool_path }}" name: "{{ libvirt_zfs_pool_path }}"
state: present state: present
extra_zfs_properties: extra_zfs_properties:
- canmount: off canmount: off
- mountpoint: none mountpoint: none
- compression: off compression: off
- primarycache: metadata primarycache: metadata
- secondarycache: none secondarycache: none
- reservation: none reservation: none
- refreservation: none refreservation: none
- dedup: off dedup: off
- encryption: off encryption: off
- volmode: dev volmode: dev
- devices: off devices: off
- atime: off atime: off
- name: define zfs storage pool - name: set zfs pool variables
set_fact:
libvirt_pool_type: zfs libvirt_pool_type: zfs
libvirt_pool_name: "{{ libvirt_zfs_pool_name }}" libvirt_pool_name: "{{ libvirt_zfs_pool_name }}"
libvirt_pool_path: "{{ libvirt_zfs_pool_path }}" libvirt_pool_source: "{{ libvirt_zfs_pool_path }}"
libvirt_pool_target: ""
- name: define zfs storage pool
community.libvirt.virt_pool: community.libvirt.virt_pool:
name: "{{ libvirt_zfs_pool_name }}" name: "{{ libvirt_zfs_pool_name }}"
command: define command: define
xml: '{{ lookup("template", "pool.xml.j2") }}' xml: '{{ lookup("template", "pool.xml.j2") }}'
- name: build zfs storage pool # - name: build zfs storage pool
community.libvirt.virt_pool: # community.libvirt.virt_pool:
name: "{{ libvirt_zfs_pool_name }}" # name: "{{ libvirt_zfs_pool_name }}"
command: build # command: build
- name: start zfs storage pool - name: start zfs storage pool
community.libvirt.virt_pool: community.libvirt.virt_pool:
@ -85,6 +91,13 @@
state: active state: active
autostart: true autostart: true
- name: set iso pool variables
set_fact:
libvirt_pool_type: dir
libvirt_pool_name: "{{ libvirt_iso_pool_name }}"
libvirt_pool_source: ""
libvirt_pool_target: "{{ libvirt_iso_pool_path }}"
- name: create iso storage dir - name: create iso storage dir
become: true become: true
ansible.builtin.file: ansible.builtin.file:
@ -95,9 +108,6 @@
mode: 0775 mode: 0775
- name: define iso storage pool - name: define iso storage pool
libvirt_pool_type: dir
libvirt_pool_name: "{{ libvirt_iso_pool_name }}"
libvirt_pool_path: "{{ libvirt_iso_pool_path }}"
community.libvirt.virt_pool: community.libvirt.virt_pool:
name: "{{ libvirt_iso_pool_name }}" name: "{{ libvirt_iso_pool_name }}"
command: define command: define
@ -114,6 +124,13 @@
state: active state: active
autostart: true autostart: true
- name: set iso pool variables
set_fact:
libvirt_pool_type: dir
libvirt_pool_name: "{{ libvirt_qcow_pool_name }}"
libvirt_pool_source: ""
libvirt_pool_target: "{{ libvirt_qcow_pool_path }}"
- name: create qcow storage dir - name: create qcow storage dir
become: true become: true
ansible.builtin.file: ansible.builtin.file:
@ -124,9 +141,6 @@
mode: 0775 mode: 0775
- name: define qcow storage pool - name: define qcow storage pool
libvirt_pool_type: dir
libvirt_pool_name: "{{ libvirt_qcow_pool_name }}"
libvirt_pool_path: "{{ libvirt_qcow_pool_path }}"
community.libvirt.virt_pool: community.libvirt.virt_pool:
name: "{{ libvirt_qcow_pool_name }}" name: "{{ libvirt_qcow_pool_name }}"
command: define command: define

View File

@ -1,6 +1,9 @@
<pool type="{{ libvirt_pool_type }}"> <pool type="{{ libvirt_pool_type }}">
<name>{{ libvirt_pool_name }}</name> <name>{{ libvirt_pool_name }}</name>
<source> <source>
<name>{{ libvirt_pool_path }}</name> <name>{{ libvirt_pool_source }}</name>
</source> </source>
<target>
<path>{{ libvirt_pool_target }}</path>
</target>
</pool> </pool>

View File

@ -0,0 +1,17 @@
---
aur_zfs_key_fingerprint: '4F3BA9AB6D1F8D683DC2DFB56AD860EED4598027'
zfs_prereq_packages:
- gnupg
- linux-lts-headers
zfs_packages:
- zfs-utils
- zfs-dkms
zfs_arc_min: '1073741824'
zfs_arc_max: '4294967296'
zfs_zpool_ashift: '12'
zfs_zpool_name: ssd
zfs_zpool_compression: lz4
zfs_zpool_type: mirror
zfs_zpool_disk_a: /dev/disk/by-id/ata-Samsung_SSD_850_PRO_2TB_S3D4NX0J503633V
zfs_zpool_disk_b: /dev/disk/by-id/ata-Samsung_SSD_850_PRO_2TB_S3D4NX0J708201E
zfs_backup_dataset: ssd/backup

View File

@ -1,15 +1,91 @@
--- ---
- name: Install ZFS DKMS module - name: install zfs prerequisites
become: true
community.general.pacman:
name: "{{ zfs_prereq_packages }}"
state: latest
update_cache: true
when:
- ansible_os_family == 'Arch'
- name: add gpg parameters file from template
become: true
ansible.builtin.template:
src: key-params.j2
dest: /root/key-params
owner: root
group: root
mode: 0660
- name: generate gpg key for root
become: true become: true
ansible.builtin.shell: ansible.builtin.shell:
cmd: pikaur -S zfs-dkms --noconfirm cmd: gpg --batch --gen-key /root/key-params
executable: /usr/bin/bash
# install linux-lts-headers first - name: import zfs signing key
# add a gpg signing key, import and lsign the AUR key below become: true
# https://gist.github.com/woods/8970150 ansible.builtin.shell:
# zfs-dkms AUR key 6AD860EED4598027 / 4F3BA9AB6D1F8D683DC2DFB56AD860EED4598027 cmd: gpg --receive-keys {{ aur_zfs_key_fingerprint|quote }}
set zfs params (ARC) - name: trust zfs signing key
modprobe zfs become: true
set module to start at boot ansible.builtin.shell:
cmd: gpg --quick-lsign-key {{ aur_zfs_key_fingerprint|quote }}
- name: install zfs module
become: true
community.general.pacman:
executable: /usr/bin/pikaur
name: "{{ zfs_packages }}"
state: latest
update_cache: true
when:
- ansible_os_family == 'Arch'
- name: set zfs module parameters
become: true
ansible.builtin.template:
src: zfs.conf.j2
dest: /etc/modprobe.d/zfs.conf
owner: root
group: root
mode: 0664
- name: load zfs module
become: true
community.general.modprobe:
name: zfs
state: present
- name: create zpool
become: true
ansible.builtin.shell:
cmd: zpool create -o ashift={{ zfs_zpool_ashift|quote }} -o autotrim=on -o cachefile=/etc/zfs/zpool.cache -O acltype=posixacl -O atime=off -O xattr=sa -O mountpoint=none -O canmount=off -O devices=off -O compression={{ zfs_zpool_compression|quote }} {{ zfs_zpool_name|quote }} {{ zfs_zpool_type|quote }} {{ zfs_zpool_disk_a|quote }} {{ zfs_zpool_disk_b|quote }}
- name: enable zfs services
become: true
ansible.builtin.service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- zfs-import-cache.service
- zfs-mount.service
- zfs.target
- name: create backup zfs dataset
community.general.zfs:
name: "{{ zfs_backup_dataset }}"
state: present
extra_zfs_properties:
canmount: off
mountpoint: none
primarycache: none
secondarycache: none
reservation: none
refreservation: none
dedup: off
encryption: off
volmode: dev
devices: off
atime: off

View File

@ -0,0 +1,8 @@
Key-Type: 1
Key-Length: 3072
Subkey-Type: 1
Subkey-Length: 3072
Name-Real: Local Administrator
Name-Email: root@{{ ansible_host }}
Expire-Date: 0
%no-protection

View File

@ -0,0 +1,2 @@
options zfs zfs_arc_min={{ zfs_arc_min }}
options zfs zfs_arc_max={{ zfs_arc_max }}