1
0

hypervisor refinement

This commit is contained in:
michael 2023-08-11 10:52:27 +10:00
parent 2769a3430b
commit 8f22f5429a
13 changed files with 178 additions and 91 deletions

View File

@ -10,3 +10,7 @@ libvirt_packages:
hypervisor: hypervisor:
storage: dir storage: dir
device: /dev/sda device: /dev/sda
datasets:
- name: tank/vhds
compression: lz4
encryption: 'off'

View File

@ -5,7 +5,7 @@
- hypervisor.device not in (ansible_mounts | json_query('[?mount == `/`].device')) - hypervisor.device not in (ansible_mounts | json_query('[?mount == `/`].device'))
- hypervisor.device not in (ansible_mounts | json_query('[?mount == `/var/lib/libvirt`].device')) - hypervisor.device not in (ansible_mounts | json_query('[?mount == `/var/lib/libvirt`].device'))
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: libvirt_mount.yaml file: libvirt_dir_mount.yaml
- name: Create the libvirt storage directories - name: Create the libvirt storage directories
ansible.builtin.file: ansible.builtin.file:
@ -16,46 +16,27 @@
mode: '0775' mode: '0775'
loop: loop:
- /var/lib/libvirt/vhds/ - /var/lib/libvirt/vhds/
- /var/lib/libvirt/isos/
- /var/lib/libvirt/nvram/
- name: Remove the default libvirt storage pool - name: Define additional libvirt storage pools
community.libvirt.virt_pool:
name: default
state: deleted
- name: Get libvirt storage pool facts
community.libvirt.virt_pool:
command: facts
- name: Define the libvirt storage pools
community.libvirt.virt_pool: community.libvirt.virt_pool:
name: "{{ item.name }}" name: "{{ item.name }}"
command: define command: define
xml: "{{ lookup('template', 'dir_pool.xml.j2') }}" xml: "{{ lookup('template', 'dir_libvirt_pool.xml.j2') }}"
loop: loop:
- name: vhds - name: vhds
path: /var/lib/libvirt/vhds/ path: /var/lib/libvirt/vhds/
- name: isos
path: /var/lib/libvirt/isos/
- name: nvram
path: /var/lib/libvirt/nvram/
- name: Create the libvirt storage pools - name: Create additional libvirt storage pools
community.libvirt.virt_pool: community.libvirt.virt_pool:
name: "{{ item }}" name: "{{ item }}"
command: build command: build
loop: loop:
- vhds - vhds
- isos
- nvram
- name: Start the libvirt storage pools - name: Start additional libvirt storage pools
community.libvirt.virt_pool: community.libvirt.virt_pool:
name: "{{ item }}" name: "{{ item }}"
state: active state: active
autostart: true autostart: true
loop: loop:
- vhds - vhds
- isos
- nvram

View File

@ -0,0 +1,40 @@
---
- name: Create libvirt zfs dataset(s)
community.general.zfs:
name: "{{ item.name }}"
state: present
extra_zfs_properties: # TODO fix property values
canmount: false
mountpoint: none
compression: false
primarycache: metadata
secondarycache: none
reservation: none
refreservation: none
dedup: false
encryption: "{{ item.encryption | default('off') }}"
volmode: dev
devices: false
atime: false
loop: "{{ hypervisor.datasets }}"
- name: Define additional libvirt storage pools
community.libvirt.virt_pool:
name: "{{ item.name | split('/') | last }}"
command: define
xml: "{{ lookup('template', 'zfs_libvirt_pool.xml.j2') }}"
loop: "{{ hypervisor.datasets }}"
- name: Create additional libvirt storage pools
community.libvirt.virt_pool:
name: "{{ item.name | split('/') | last }}"
command: build
loop: "{{ hypervisor.datasets }}"
- name: Start additional libvirt storage pools
community.libvirt.virt_pool:
name: "{{ item.name | split('/') | last }}"
state: active
autostart: true
loop: "{{ hypervisor.datasets }}"

View File

@ -0,0 +1,122 @@
---
- name: Install libvirt packages (Arch)
when: ansible_os_distribution == 'Archlinux'
community.general.pacman:
name: "{{ libvirt_packages['Arch'] }}"
state: present
update_cache: true
- name: Add user to libvirt group
ansible.builtin.user:
name: "{{ ansible_user }}"
groups: libvirt
append: true
- name: Set required sysctl flags for bridging
ansible.posix.sysctl:
name: "{{ item.name }}"
reload: true
state: present
sysctl_file: /etc/sysctl.d/bridge.conf
sysctl_set: true
value: "{{ item.value }}}}"
loop:
- name: net.ipv4.ip_forward
value: 1
- name: net.bridge.bridge-nf-call-iptables
value: 0
- name: net.bridge.bridge-nf-call-ip6tables
value: 0
- name: net.bridge.bridge-nf-call-arptables
value: 0
- name: Add bridge(s) to qemu_bridge_helper
when: qemu_bridges is defined
ansible.builtin.lineinfile:
path: /etc/qemu/bridge.conf
line: "{{ item }}"
state: present
backup: false
insertafter: EOF
loop: "{{ qemu_bridges | default(['virbr0']) }}"
- name: Start and enable libvirt service
ansible.builtin.service:
name: libvirtd.service
state: started
enabled: true
- name: Stop the default libvirt network
community.libvirt.virt_net:
name: default
state: inactive
- name: Remove default libvirt network
community.libvirt.virt_net:
name: default
state: absent
- name: Remove the default libvirt storage pool
community.libvirt.virt_pool:
name: default
state: deleted
- name: Create standard libvirt storage directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: libvirt-qemu
group: libvirt-qemu
mode: '0775'
loop:
- /var/lib/libvirt/isos/
- /var/lib/libvirt/nvram/
- name: Get libvirt storage pool facts
community.libvirt.virt_pool:
command: facts
- name: Define the standard libvirt storage pools
community.libvirt.virt_pool:
name: "{{ item.name }}"
command: define
xml: "{{ lookup('template', 'dir_pool.xml.j2') }}"
loop:
- name: isos
path: /var/lib/libvirt/isos/
- name: nvram
path: /var/lib/libvirt/nvram/
- name: Create the standard libvirt storage pools
community.libvirt.virt_pool:
name: "{{ item }}"
command: build
loop:
- isos
- nvram
- name: Start the standard libvirt storage pools
community.libvirt.virt_pool:
name: "{{ item }}"
state: active
autostart: true
loop:
- isos
- nvram
- name: Setup additional libvirt storage (dir)
when: hypervisor.storage == 'dir'
ansible.builtin.include_tasks:
file: libvirt_dir.yaml
- name: Setup additional libvirt storage (zfs)
when: hypervisor.storage == 'zfs'
ansible.builtin.include_tasks:
file: libvirt_zfs.yaml
# - name: Enroll libvirtd TLS certificate
# - name: Configure libvirtd TLS listener
# - name: Open libvirtd TLS firewall ports

View File

@ -0,0 +1,6 @@
<pool type="zfs">
<name>{{ item.name | split('/') | last }}</name>
<source>
<name>{{ item.name }}</name>
</source>
</pool>

View File

@ -1,60 +0,0 @@
---
- name: Install libvirt packages (Arch)
when: ansible_os_distribution == 'Archlinux'
community.general.pacman:
name: "{{ libvirt_packages['Arch'] }}"
state: present
update_cache: true
- name: Add user to libvirt group
ansible.builtin.user:
name: "{{ ansible_user }}"
groups: libvirt
append: true
- name: Set required sysctl flags for bridging
ansible.posix.sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}}}"
state: present
sysctl_set: true
reload: true # TODO set sysctl file?
loop:
- net.ipv4.ip_forward # TODO add remaining values here
- name: Add bridge(s) to qemu_bridge_helper
when: qemu_bridges is defined
ansible.builtin.lineinfile:
path: /etc/qemu/bridge.conf
line: "{{ item }}"
state: present
backup: false
insertafter: EOF
loop: "{{ qemu_bridges | default(['virbr0']) }}"
- name: Start and enable libvirt service
ansible.builtin.service:
name: libvirtd.service
state: started
enabled: true
- name: Stop the default libvirt network
community.libvirt.virt_net:
name: default
state: inactive
- name: Remove default libvirt network
community.libvirt.virt_net:
name: default
state: absent
- name: Setup libvirt storage (dir)
when: hypervisor.storage == 'dir'
ansible.builtin.include_tasks:
file: libvirt_dir.yaml
- name: Setup libvirt storage (zfs)
when: hypervisor.storage == 'zfs'
ansible.builtin.include_tasks:
file: libvirt_zfs.yaml

View File

@ -1,6 +0,0 @@
<pool type="zfs">
<name>{{ item.name }}</name>
<source>
<name>{{ item.dataset }}</name>
</source>
</pool>