From 8f22f5429a552dd3fa2e11df4bdcca6fb9ade05e Mon Sep 17 00:00:00 2001 From: michael Date: Fri, 11 Aug 2023 10:52:27 +1000 Subject: [PATCH] hypervisor refinement --- .../defaults/main.yaml | 6 +- .../tasks/libvirt_dir.yaml | 29 +---- .../tasks/libvirt_dir_mount.yaml} | 0 .../roles/hypervisor/tasks/libvirt_zfs.yaml | 40 ++++++ ansible/roles/hypervisor/tasks/main.yaml | 122 ++++++++++++++++++ .../templates/dir_libvirt_pool.xml.j2 | 0 .../templates/zfs_libvirt_pool.xml.j2 | 6 + .../defaults/main.yml | 0 .../tasks/main.yml | 0 .../templates/network.xml.j2 | 0 .../templates/pool.xml.j2 | 0 ansible/roles/hypervisor_qcow/tasks/main.yaml | 60 --------- .../templates/zfs_libvirt_pool.xml.j2 | 6 - 13 files changed, 178 insertions(+), 91 deletions(-) rename ansible/roles/{hypervisor_qcow => hypervisor}/defaults/main.yaml (58%) rename ansible/roles/{hypervisor_qcow => hypervisor}/tasks/libvirt_dir.yaml (57%) rename ansible/roles/{hypervisor_qcow/tasks/libvirt_mount.yaml => hypervisor/tasks/libvirt_dir_mount.yaml} (100%) create mode 100644 ansible/roles/hypervisor/tasks/libvirt_zfs.yaml create mode 100644 ansible/roles/hypervisor/tasks/main.yaml rename ansible/roles/{hypervisor_qcow => hypervisor}/templates/dir_libvirt_pool.xml.j2 (100%) create mode 100644 ansible/roles/hypervisor/templates/zfs_libvirt_pool.xml.j2 rename ansible/roles/{hypervisor_zfs => hypervisor_old}/defaults/main.yml (100%) rename ansible/roles/{hypervisor_zfs => hypervisor_old}/tasks/main.yml (100%) rename ansible/roles/{hypervisor_zfs => hypervisor_old}/templates/network.xml.j2 (100%) rename ansible/roles/{hypervisor_zfs => hypervisor_old}/templates/pool.xml.j2 (100%) delete mode 100644 ansible/roles/hypervisor_qcow/tasks/main.yaml delete mode 100644 ansible/roles/hypervisor_qcow/templates/zfs_libvirt_pool.xml.j2 diff --git a/ansible/roles/hypervisor_qcow/defaults/main.yaml b/ansible/roles/hypervisor/defaults/main.yaml similarity index 58% rename from ansible/roles/hypervisor_qcow/defaults/main.yaml rename to ansible/roles/hypervisor/defaults/main.yaml index cda758f..0787198 100644 --- a/ansible/roles/hypervisor_qcow/defaults/main.yaml +++ b/ansible/roles/hypervisor/defaults/main.yaml @@ -9,4 +9,8 @@ libvirt_packages: hypervisor: storage: dir - device: /dev/sda \ No newline at end of file + device: /dev/sda + datasets: + - name: tank/vhds + compression: lz4 + encryption: 'off' \ No newline at end of file diff --git a/ansible/roles/hypervisor_qcow/tasks/libvirt_dir.yaml b/ansible/roles/hypervisor/tasks/libvirt_dir.yaml similarity index 57% rename from ansible/roles/hypervisor_qcow/tasks/libvirt_dir.yaml rename to ansible/roles/hypervisor/tasks/libvirt_dir.yaml index c9774f8..c563323 100644 --- a/ansible/roles/hypervisor_qcow/tasks/libvirt_dir.yaml +++ b/ansible/roles/hypervisor/tasks/libvirt_dir.yaml @@ -5,7 +5,7 @@ - hypervisor.device not in (ansible_mounts | json_query('[?mount == `/`].device')) - hypervisor.device not in (ansible_mounts | json_query('[?mount == `/var/lib/libvirt`].device')) ansible.builtin.include_tasks: - file: libvirt_mount.yaml + file: libvirt_dir_mount.yaml - name: Create the libvirt storage directories ansible.builtin.file: @@ -16,46 +16,27 @@ mode: '0775' loop: - /var/lib/libvirt/vhds/ - - /var/lib/libvirt/isos/ - - /var/lib/libvirt/nvram/ -- name: Remove the default libvirt storage pool - community.libvirt.virt_pool: - name: default - state: deleted - -- name: Get libvirt storage pool facts - community.libvirt.virt_pool: - command: facts - -- name: Define the libvirt storage pools +- name: Define additional libvirt storage pools community.libvirt.virt_pool: name: "{{ item.name }}" command: define - xml: "{{ lookup('template', 'dir_pool.xml.j2') }}" + xml: "{{ lookup('template', 'dir_libvirt_pool.xml.j2') }}" loop: - name: vhds path: /var/lib/libvirt/vhds/ - - name: isos - path: /var/lib/libvirt/isos/ - - name: nvram - path: /var/lib/libvirt/nvram/ -- name: Create the libvirt storage pools +- name: Create additional libvirt storage pools community.libvirt.virt_pool: name: "{{ item }}" command: build loop: - vhds - - isos - - nvram -- name: Start the libvirt storage pools +- name: Start additional libvirt storage pools community.libvirt.virt_pool: name: "{{ item }}" state: active autostart: true loop: - vhds - - isos - - nvram diff --git a/ansible/roles/hypervisor_qcow/tasks/libvirt_mount.yaml b/ansible/roles/hypervisor/tasks/libvirt_dir_mount.yaml similarity index 100% rename from ansible/roles/hypervisor_qcow/tasks/libvirt_mount.yaml rename to ansible/roles/hypervisor/tasks/libvirt_dir_mount.yaml diff --git a/ansible/roles/hypervisor/tasks/libvirt_zfs.yaml b/ansible/roles/hypervisor/tasks/libvirt_zfs.yaml new file mode 100644 index 0000000..245da7c --- /dev/null +++ b/ansible/roles/hypervisor/tasks/libvirt_zfs.yaml @@ -0,0 +1,40 @@ +--- + +- name: Create libvirt zfs dataset(s) + community.general.zfs: + name: "{{ item.name }}" + state: present + extra_zfs_properties: # TODO fix property values + canmount: false + mountpoint: none + compression: false + primarycache: metadata + secondarycache: none + reservation: none + refreservation: none + dedup: false + encryption: "{{ item.encryption | default('off') }}" + volmode: dev + devices: false + atime: false + loop: "{{ hypervisor.datasets }}" + +- name: Define additional libvirt storage pools + community.libvirt.virt_pool: + name: "{{ item.name | split('/') | last }}" + command: define + xml: "{{ lookup('template', 'zfs_libvirt_pool.xml.j2') }}" + loop: "{{ hypervisor.datasets }}" + +- name: Create additional libvirt storage pools + community.libvirt.virt_pool: + name: "{{ item.name | split('/') | last }}" + command: build + loop: "{{ hypervisor.datasets }}" + +- name: Start additional libvirt storage pools + community.libvirt.virt_pool: + name: "{{ item.name | split('/') | last }}" + state: active + autostart: true + loop: "{{ hypervisor.datasets }}" diff --git a/ansible/roles/hypervisor/tasks/main.yaml b/ansible/roles/hypervisor/tasks/main.yaml new file mode 100644 index 0000000..1c9826b --- /dev/null +++ b/ansible/roles/hypervisor/tasks/main.yaml @@ -0,0 +1,122 @@ +--- + +- name: Install libvirt packages (Arch) + when: ansible_os_distribution == 'Archlinux' + community.general.pacman: + name: "{{ libvirt_packages['Arch'] }}" + state: present + update_cache: true + +- name: Add user to libvirt group + ansible.builtin.user: + name: "{{ ansible_user }}" + groups: libvirt + append: true + +- name: Set required sysctl flags for bridging + ansible.posix.sysctl: + name: "{{ item.name }}" + reload: true + state: present + sysctl_file: /etc/sysctl.d/bridge.conf + sysctl_set: true + value: "{{ item.value }}}}" + loop: + - name: net.ipv4.ip_forward + value: 1 + - name: net.bridge.bridge-nf-call-iptables + value: 0 + - name: net.bridge.bridge-nf-call-ip6tables + value: 0 + - name: net.bridge.bridge-nf-call-arptables + value: 0 + +- name: Add bridge(s) to qemu_bridge_helper + when: qemu_bridges is defined + ansible.builtin.lineinfile: + path: /etc/qemu/bridge.conf + line: "{{ item }}" + state: present + backup: false + insertafter: EOF + loop: "{{ qemu_bridges | default(['virbr0']) }}" + +- name: Start and enable libvirt service + ansible.builtin.service: + name: libvirtd.service + state: started + enabled: true + +- name: Stop the default libvirt network + community.libvirt.virt_net: + name: default + state: inactive + +- name: Remove default libvirt network + community.libvirt.virt_net: + name: default + state: absent + +- name: Remove the default libvirt storage pool + community.libvirt.virt_pool: + name: default + state: deleted + +- name: Create standard libvirt storage directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: libvirt-qemu + group: libvirt-qemu + mode: '0775' + loop: + - /var/lib/libvirt/isos/ + - /var/lib/libvirt/nvram/ + +- name: Get libvirt storage pool facts + community.libvirt.virt_pool: + command: facts + +- name: Define the standard libvirt storage pools + community.libvirt.virt_pool: + name: "{{ item.name }}" + command: define + xml: "{{ lookup('template', 'dir_pool.xml.j2') }}" + loop: + - name: isos + path: /var/lib/libvirt/isos/ + - name: nvram + path: /var/lib/libvirt/nvram/ + +- name: Create the standard libvirt storage pools + community.libvirt.virt_pool: + name: "{{ item }}" + command: build + loop: + - isos + - nvram + +- name: Start the standard libvirt storage pools + community.libvirt.virt_pool: + name: "{{ item }}" + state: active + autostart: true + loop: + - isos + - nvram + +- name: Setup additional libvirt storage (dir) + when: hypervisor.storage == 'dir' + ansible.builtin.include_tasks: + file: libvirt_dir.yaml + +- name: Setup additional libvirt storage (zfs) + when: hypervisor.storage == 'zfs' + ansible.builtin.include_tasks: + file: libvirt_zfs.yaml + +# - name: Enroll libvirtd TLS certificate + +# - name: Configure libvirtd TLS listener + +# - name: Open libvirtd TLS firewall ports diff --git a/ansible/roles/hypervisor_qcow/templates/dir_libvirt_pool.xml.j2 b/ansible/roles/hypervisor/templates/dir_libvirt_pool.xml.j2 similarity index 100% rename from ansible/roles/hypervisor_qcow/templates/dir_libvirt_pool.xml.j2 rename to ansible/roles/hypervisor/templates/dir_libvirt_pool.xml.j2 diff --git a/ansible/roles/hypervisor/templates/zfs_libvirt_pool.xml.j2 b/ansible/roles/hypervisor/templates/zfs_libvirt_pool.xml.j2 new file mode 100644 index 0000000..1754099 --- /dev/null +++ b/ansible/roles/hypervisor/templates/zfs_libvirt_pool.xml.j2 @@ -0,0 +1,6 @@ + + {{ item.name | split('/') | last }} + + {{ item.name }} + + \ No newline at end of file diff --git a/ansible/roles/hypervisor_zfs/defaults/main.yml b/ansible/roles/hypervisor_old/defaults/main.yml similarity index 100% rename from ansible/roles/hypervisor_zfs/defaults/main.yml rename to ansible/roles/hypervisor_old/defaults/main.yml diff --git a/ansible/roles/hypervisor_zfs/tasks/main.yml b/ansible/roles/hypervisor_old/tasks/main.yml similarity index 100% rename from ansible/roles/hypervisor_zfs/tasks/main.yml rename to ansible/roles/hypervisor_old/tasks/main.yml diff --git a/ansible/roles/hypervisor_zfs/templates/network.xml.j2 b/ansible/roles/hypervisor_old/templates/network.xml.j2 similarity index 100% rename from ansible/roles/hypervisor_zfs/templates/network.xml.j2 rename to ansible/roles/hypervisor_old/templates/network.xml.j2 diff --git a/ansible/roles/hypervisor_zfs/templates/pool.xml.j2 b/ansible/roles/hypervisor_old/templates/pool.xml.j2 similarity index 100% rename from ansible/roles/hypervisor_zfs/templates/pool.xml.j2 rename to ansible/roles/hypervisor_old/templates/pool.xml.j2 diff --git a/ansible/roles/hypervisor_qcow/tasks/main.yaml b/ansible/roles/hypervisor_qcow/tasks/main.yaml deleted file mode 100644 index 90c3b9a..0000000 --- a/ansible/roles/hypervisor_qcow/tasks/main.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- - -- name: Install libvirt packages (Arch) - when: ansible_os_distribution == 'Archlinux' - community.general.pacman: - name: "{{ libvirt_packages['Arch'] }}" - state: present - update_cache: true - -- name: Add user to libvirt group - ansible.builtin.user: - name: "{{ ansible_user }}" - groups: libvirt - append: true - -- name: Set required sysctl flags for bridging - ansible.posix.sysctl: - name: "{{ item.name }}" - value: "{{ item.value }}}}" - state: present - sysctl_set: true - reload: true # TODO set sysctl file? - loop: - - net.ipv4.ip_forward # TODO add remaining values here - -- name: Add bridge(s) to qemu_bridge_helper - when: qemu_bridges is defined - ansible.builtin.lineinfile: - path: /etc/qemu/bridge.conf - line: "{{ item }}" - state: present - backup: false - insertafter: EOF - loop: "{{ qemu_bridges | default(['virbr0']) }}" - -- name: Start and enable libvirt service - ansible.builtin.service: - name: libvirtd.service - state: started - enabled: true - -- name: Stop the default libvirt network - community.libvirt.virt_net: - name: default - state: inactive - -- name: Remove default libvirt network - community.libvirt.virt_net: - name: default - state: absent - -- name: Setup libvirt storage (dir) - when: hypervisor.storage == 'dir' - ansible.builtin.include_tasks: - file: libvirt_dir.yaml - -- name: Setup libvirt storage (zfs) - when: hypervisor.storage == 'zfs' - ansible.builtin.include_tasks: - file: libvirt_zfs.yaml diff --git a/ansible/roles/hypervisor_qcow/templates/zfs_libvirt_pool.xml.j2 b/ansible/roles/hypervisor_qcow/templates/zfs_libvirt_pool.xml.j2 deleted file mode 100644 index d1cdfef..0000000 --- a/ansible/roles/hypervisor_qcow/templates/zfs_libvirt_pool.xml.j2 +++ /dev/null @@ -1,6 +0,0 @@ - - {{ item.name }} - - {{ item.dataset }} - - \ No newline at end of file