libvirt and firewall additions

ansible/roles/libvirt-server/defaults/main.yml

@@ -8,6 +8,12 @@ libvirt_server_packages:
   - swtpm
 
 libvirt_zfs_pool_name: zfs
+libvirt_zfs_pool_path: ssd/vhds
+
 libvirt_iso_pool_name: iso
+libvirt_iso_pool_path: /iso
+
 libvirt_qcow_pool_name: qcow
-libvirt_vm_network_name: br22
+libvirt_qcow_pool_path: /qcow
+
+libvirt_cluster_network_name: cluster

ansible/roles/libvirt-server/tasks/main.yml

@@ -23,28 +23,56 @@
     state: started
     enabled: yes
 
-- name: define vm network
+- name: define vm cluster network
+  libvirt_network_name: "{{ libvirt_cluster_network_name }}"
+  libvirt_network_domain: "{{ libvirt_cluster_network_name }}"
   community.libvirt.virt_net:
-    name: "{{ libvirt_vm_network_name }}"
+    name: "{{ libvirt_cluster_network_name }}"
     command: define
     xml: '{{ lookup("template", "network.xml.j2") }}'
 
-- name: build vm network
+- name: build vm cluster network
   community.libvirt.virt_net:
-    name: "{{ libvirt_vm_network_name }}"
+    name: "{{ libvirt_cluster_network_name }}"
     command: build
     
-- name: start vm network
+- name: start vm cluster network
   community.libvirt.virt_net:
-    name: "{{ libvirt_vm_network_name }}"
+    name: "{{ libvirt_cluster_network_name }}"
     state: active
     autostart: true
 
+- name: remove default libvirt network
+  community.libvirt.virt_net:
+    name: default
+    state: absent
+
+- name: create libvirt zfs dataset
+  community.general.zfs:
+    name: "{{ libvirt_zfs_pool_path }}"
+    state: present
+    extra_zfs_properties:
+      - canmount: off
+      - mountpoint: none
+      - compression: off
+      - primarycache: metadata
+      - secondarycache: none
+      - reservation: none
+      - refreservation: none
+      - dedup: off
+      - encryption: off
+      - volmode: dev
+      - devices: off
+      - atime: off
+
 - name: define zfs storage pool
+  libvirt_pool_type: zfs
+  libvirt_pool_name: "{{ libvirt_zfs_pool_name }}"
+  libvirt_pool_path: "{{ libvirt_zfs_pool_path }}"
   community.libvirt.virt_pool:
     name: "{{ libvirt_zfs_pool_name }}"
     command: define
-    xml: '{{ lookup("template", "zfs.xml.j2") }}'
+    xml: '{{ lookup("template", "pool.xml.j2") }}'
 
 - name: build zfs storage pool
   community.libvirt.virt_pool:
@@ -57,11 +85,23 @@
     state: active
     autostart: true
 
+- name: create iso storage dir
+  become: true
+  ansible.builtin.file:
+    path: "{{ libvirt_iso_pool_path }}"
+    state: directory
+    owner: root
+    group: libvirt
+    mode: 0775
+
 - name: define iso storage pool
+  libvirt_pool_type: dir
+  libvirt_pool_name: "{{ libvirt_iso_pool_name }}"
+  libvirt_pool_path: "{{ libvirt_iso_pool_path }}"
   community.libvirt.virt_pool:
     name: "{{ libvirt_iso_pool_name }}"
     command: define
-    xml: '{{ lookup("template", "iso.xml.j2") }}'
+    xml: '{{ lookup("template", "pool.xml.j2") }}'
 
 - name: build iso storage pool
   community.libvirt.virt_pool:
@@ -74,11 +114,23 @@
     state: active
     autostart: true
 
+- name: create qcow storage dir
+  become: true
+  ansible.builtin.file:
+    path: "{{ libvirt_qcow_pool_path }}"
+    state: directory
+    owner: root
+    group: libvirt
+    mode: 0775
+
 - name: define qcow storage pool
+  libvirt_pool_type: dir
+  libvirt_pool_name: "{{ libvirt_qcow_pool_name }}"
+  libvirt_pool_path: "{{ libvirt_qcow_pool_path }}"
   community.libvirt.virt_pool:
     name: "{{ libvirt_qcow_pool_name }}"
     command: define
-    xml: '{{ lookup("template", "qcow.xml.j2") }}'
+    xml: '{{ lookup("template", "pool.xml.j2") }}'
 
 - name: build qcow storage pool
   community.libvirt.virt_pool:

ansible/roles/libvirt-server/templates/iso.xml.j2

@@ -1,17 +0,0 @@
-<pool type="dir">
-  <name>iso</name>
-  <uuid>c7be6440-728c-4181-b7e8-68bf3094740a</uuid>
-  <capacity unit="bytes">208525328384</capacity>
-  <allocation unit="bytes">31027101696</allocation>
-  <available unit="bytes">177498226688</available>
-  <source>
-  </source>
-  <target>
-    <path>/mnt/smb/isos</path>
-    <permissions>
-      <mode>0755</mode>
-      <owner>1000</owner>
-      <group>1000</group>
-    </permissions>
-  </target>
-</pool>

ansible/roles/libvirt-server/templates/network.xml.j2

@@ -1,12 +1,4 @@
 <network>
-  <name>default</name>
-  <uuid>ea5ab2e3-1c95-49de-af3b-131a836f4b7b</uuid>
-  <forward mode="nat"/>
-  <bridge name="virbr0" stp="on" delay="0"/>
-  <mac address="52:54:00:63:57:8d"/>
-  <ip address="192.168.122.1" netmask="255.255.255.0">
-    <dhcp>
-      <range start="192.168.122.2" end="192.168.122.254"/>
-    </dhcp>
-  </ip>
+  <name>{{ libvirt_network_name }}</name>
+  <domain name="{{ libvirt_network_domain }}"/>
 </network>

ansible/roles/libvirt-server/templates/pool.xml.j2

@@ -0,0 +1,6 @@
+<pool type="{{ libvirt_pool_type }}">
+  <name>{{ libvirt_pool_name }}</name>
+  <source>
+    <name>{{ libvirt_pool_path }}</name>
+  </source>
+</pool>

ansible/roles/libvirt-server/templates/zfs.xml.j2

@@ -1,13 +0,0 @@
-<pool type="zfs">
-  <name>zfs-nvme</name>
-  <uuid>026cccc9-ee79-467a-bf19-91e6f3d2531d</uuid>
-  <capacity unit="bytes">498216206336</capacity>
-  <allocation unit="bytes">185811460096</allocation>
-  <available unit="bytes">312404746240</available>
-  <source>
-    <name>nvme/vhds</name>
-  </source>
-  <target>
-    <path>/dev/zvol/nvme/vhds</path>
-  </target>
-</pool>