hypervisor refinement

2023-08-11 10:52:27 +10:00 · 2023-08-11 10:52:27 +10:00 · 8f22f5429a
commit 8f22f5429a
parent 2769a3430b
13 changed files with 178 additions and 91 deletions
--- a/ansible/roles/hypervisor_qcow/defaults/main.yaml
+++ b/ansible/roles/hypervisor_qcow/defaults/main.yaml
@ -9,4 +9,8 @@ libvirt_packages:

 hypervisor:
  storage: dir
-  device: /dev/sda
+  device: /dev/sda
+  datasets:
+    - name: tank/vhds
+      compression: lz4
+      encryption: 'off'
--- a/ansible/roles/hypervisor_qcow/tasks/libvirt_dir.yaml
+++ b/ansible/roles/hypervisor_qcow/tasks/libvirt_dir.yaml
@ -5,7 +5,7 @@
    - hypervisor.device not in (ansible_mounts | json_query('[?mount == `/`].device'))
    - hypervisor.device not in (ansible_mounts | json_query('[?mount == `/var/lib/libvirt`].device'))
  ansible.builtin.include_tasks:
-    file: libvirt_mount.yaml
+    file: libvirt_dir_mount.yaml

 - name: Create the libvirt storage directories
  ansible.builtin.file:
@ -16,46 +16,27 @@
    mode: '0775'
  loop:
    - /var/lib/libvirt/vhds/
-    - /var/lib/libvirt/isos/
-    - /var/lib/libvirt/nvram/

- name: Remove the default libvirt storage pool
-  community.libvirt.virt_pool:
-    name: default
-    state: deleted
-
- name: Get libvirt storage pool facts
-  community.libvirt.virt_pool:
-    command: facts
-
- name: Define the libvirt storage pools
+- name: Define additional libvirt storage pools
  community.libvirt.virt_pool:
    name: "{{ item.name }}"
    command: define
-    xml: "{{ lookup('template', 'dir_pool.xml.j2') }}"
+    xml: "{{ lookup('template', 'dir_libvirt_pool.xml.j2') }}"
  loop:
    - name: vhds
      path: /var/lib/libvirt/vhds/
-    - name: isos
-      path: /var/lib/libvirt/isos/
-    - name: nvram
-      path: /var/lib/libvirt/nvram/

- name: Create the libvirt storage pools
+- name: Create additional libvirt storage pools
  community.libvirt.virt_pool:
    name: "{{ item }}"
    command: build
  loop:
    - vhds
-    - isos
-    - nvram

- name: Start the libvirt storage pools
+- name: Start additional libvirt storage pools
  community.libvirt.virt_pool:
    name: "{{ item }}"
    state: active
    autostart: true
  loop:
    - vhds
-    - isos
-    - nvram
--- a/ansible/roles/hypervisor_qcow/tasks/libvirt_mount.yaml
+++ b/ansible/roles/hypervisor_qcow/tasks/libvirt_mount.yaml
--- a/ansible/roles/hypervisor/tasks/libvirt_zfs.yaml
+++ b/ansible/roles/hypervisor/tasks/libvirt_zfs.yaml
@ -0,0 +1,40 @@
+---
+
+- name: Create libvirt zfs dataset(s)
+  community.general.zfs:
+    name: "{{ item.name }}"
+    state: present
+    extra_zfs_properties: # TODO fix property values
+      canmount: false
+      mountpoint: none
+      compression: false
+      primarycache: metadata
+      secondarycache: none
+      reservation: none
+      refreservation: none
+      dedup: false
+      encryption: "{{ item.encryption | default('off') }}"
+      volmode: dev
+      devices: false
+      atime: false
+  loop: "{{ hypervisor.datasets }}"
+
+- name: Define additional libvirt storage pools
+  community.libvirt.virt_pool:
+    name: "{{ item.name | split('/') | last }}"
+    command: define
+    xml: "{{ lookup('template', 'zfs_libvirt_pool.xml.j2') }}"
+  loop: "{{ hypervisor.datasets }}"
+
+- name: Create additional libvirt storage pools
+  community.libvirt.virt_pool:
+    name: "{{ item.name | split('/') | last }}"
+    command: build
+  loop: "{{ hypervisor.datasets }}"
+
+- name: Start additional libvirt storage pools
+  community.libvirt.virt_pool:
+    name: "{{ item.name | split('/') | last }}"
+    state: active
+    autostart: true
+  loop: "{{ hypervisor.datasets }}"
--- a/ansible/roles/hypervisor/tasks/main.yaml
+++ b/ansible/roles/hypervisor/tasks/main.yaml
@ -0,0 +1,122 @@
+---
+
+- name: Install libvirt packages (Arch)
+  when: ansible_os_distribution == 'Archlinux'
+  community.general.pacman:
+    name: "{{ libvirt_packages['Arch'] }}"
+    state: present
+    update_cache: true
+
+- name: Add user to libvirt group
+  ansible.builtin.user:
+    name: "{{ ansible_user }}"
+    groups: libvirt
+    append: true
+
+- name: Set required sysctl flags for bridging
+  ansible.posix.sysctl:
+    name: "{{ item.name }}"
+    reload: true
+    state: present
+    sysctl_file: /etc/sysctl.d/bridge.conf
+    sysctl_set: true
+    value: "{{ item.value }}}}"
+  loop:
+    - name: net.ipv4.ip_forward
+      value: 1
+    - name: net.bridge.bridge-nf-call-iptables
+      value: 0
+    - name: net.bridge.bridge-nf-call-ip6tables
+      value: 0
+    - name: net.bridge.bridge-nf-call-arptables
+      value: 0
+
+- name: Add bridge(s) to qemu_bridge_helper
+  when: qemu_bridges is defined
+  ansible.builtin.lineinfile:
+    path: /etc/qemu/bridge.conf
+    line: "{{ item }}"
+    state: present
+    backup: false
+    insertafter: EOF
+  loop: "{{ qemu_bridges | default(['virbr0']) }}"
+
+- name: Start and enable libvirt service
+  ansible.builtin.service:
+    name: libvirtd.service
+    state: started
+    enabled: true
+
+- name: Stop the default libvirt network
+  community.libvirt.virt_net:
+    name: default
+    state: inactive
+
+- name: Remove default libvirt network
+  community.libvirt.virt_net:
+    name: default
+    state: absent
+
+- name: Remove the default libvirt storage pool
+  community.libvirt.virt_pool:
+    name: default
+    state: deleted
+
+- name: Create standard libvirt storage directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: libvirt-qemu
+    group: libvirt-qemu
+    mode: '0775'
+  loop:
+    - /var/lib/libvirt/isos/
+    - /var/lib/libvirt/nvram/
+
+- name: Get libvirt storage pool facts
+  community.libvirt.virt_pool:
+    command: facts
+
+- name: Define the standard libvirt storage pools
+  community.libvirt.virt_pool:
+    name: "{{ item.name }}"
+    command: define
+    xml: "{{ lookup('template', 'dir_pool.xml.j2') }}"
+  loop:
+    - name: isos
+      path: /var/lib/libvirt/isos/
+    - name: nvram
+      path: /var/lib/libvirt/nvram/
+
+- name: Create the standard libvirt storage pools
+  community.libvirt.virt_pool:
+    name: "{{ item }}"
+    command: build
+  loop:
+    - isos
+    - nvram
+
+- name: Start the standard libvirt storage pools
+  community.libvirt.virt_pool:
+    name: "{{ item }}"
+    state: active
+    autostart: true
+  loop:
+    - isos
+    - nvram
+
+- name: Setup additional libvirt storage (dir)
+  when: hypervisor.storage == 'dir'
+  ansible.builtin.include_tasks:
+    file: libvirt_dir.yaml
+
+- name: Setup additional libvirt storage (zfs)
+  when: hypervisor.storage == 'zfs'
+  ansible.builtin.include_tasks:
+    file: libvirt_zfs.yaml
+
+# - name: Enroll libvirtd TLS certificate
+
+# - name: Configure libvirtd TLS listener
+
+# - name: Open libvirtd TLS firewall ports
--- a/ansible/roles/hypervisor_qcow/templates/dir_libvirt_pool.xml.j2
+++ b/ansible/roles/hypervisor_qcow/templates/dir_libvirt_pool.xml.j2
--- a/ansible/roles/hypervisor/templates/zfs_libvirt_pool.xml.j2
+++ b/ansible/roles/hypervisor/templates/zfs_libvirt_pool.xml.j2
@ -0,0 +1,6 @@
+<pool type="zfs">
+  <name>{{ item.name | split('/') | last }}</name>
+  <source>
+    <name>{{ item.name }}</name>
+  </source>
+</pool>
--- a/ansible/roles/hypervisor_old/defaults/main.yml
+++ b/ansible/roles/hypervisor_old/defaults/main.yml
--- a/ansible/roles/hypervisor_old/tasks/main.yml
+++ b/ansible/roles/hypervisor_old/tasks/main.yml
--- a/ansible/roles/hypervisor_old/templates/network.xml.j2
+++ b/ansible/roles/hypervisor_old/templates/network.xml.j2
--- a/ansible/roles/hypervisor_old/templates/pool.xml.j2
+++ b/ansible/roles/hypervisor_old/templates/pool.xml.j2
--- a/ansible/roles/hypervisor_qcow/tasks/main.yaml
+++ b/ansible/roles/hypervisor_qcow/tasks/main.yaml
@ -1,60 +0,0 @@
---
-
- name: Install libvirt packages (Arch)
-  when: ansible_os_distribution == 'Archlinux'
-  community.general.pacman:
-    name: "{{ libvirt_packages['Arch'] }}"
-    state: present
-    update_cache: true
-
- name: Add user to libvirt group
-  ansible.builtin.user:
-    name: "{{ ansible_user }}"
-    groups: libvirt
-    append: true
-
- name: Set required sysctl flags for bridging
-  ansible.posix.sysctl:
-    name: "{{ item.name }}"
-    value: "{{ item.value }}}}"
-    state: present
-    sysctl_set: true
-    reload: true # TODO set sysctl file?
-  loop:
-    - net.ipv4.ip_forward # TODO add remaining values here
-
- name: Add bridge(s) to qemu_bridge_helper
-  when: qemu_bridges is defined
-  ansible.builtin.lineinfile:
-    path: /etc/qemu/bridge.conf
-    line: "{{ item }}"
-    state: present
-    backup: false
-    insertafter: EOF
-  loop: "{{ qemu_bridges | default(['virbr0']) }}"
-
- name: Start and enable libvirt service
-  ansible.builtin.service:
-    name: libvirtd.service
-    state: started
-    enabled: true
-
- name: Stop the default libvirt network
-  community.libvirt.virt_net:
-    name: default
-    state: inactive
-
- name: Remove default libvirt network
-  community.libvirt.virt_net:
-    name: default
-    state: absent
-
- name: Setup libvirt storage (dir)
-  when: hypervisor.storage == 'dir'
-  ansible.builtin.include_tasks:
-    file: libvirt_dir.yaml
-
- name: Setup libvirt storage (zfs)
-  when: hypervisor.storage == 'zfs'
-  ansible.builtin.include_tasks:
-    file: libvirt_zfs.yaml
--- a/ansible/roles/hypervisor_qcow/templates/zfs_libvirt_pool.xml.j2
+++ b/ansible/roles/hypervisor_qcow/templates/zfs_libvirt_pool.xml.j2
@ -1,6 +0,0 @@
-<pool type="zfs">
-  <name>{{ item.name }}</name>
-  <source>
-    <name>{{ item.dataset }}</name>
-  </source>
-</pool>