michael/IaC
1
0
Fork 0
Code Packages Activity

sshd setup

Browse Source
This commit is contained in:
michael
2023-08-14 22:27:29 +10:00
parent e1fb6b94ee
commit cffbcaea8c
23 changed files with 256 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ansible/roles/hypervisor/tasks/libvirt_dir.yaml
View File

@ -1,12 +1,5 @@
---
- name: Format and mount the libvirt disk if it is not root
when:
- hypervisor.device not in (ansible_mounts | json_query('[?mount == `/`].device'))
- hypervisor.device not in (ansible_mounts | json_query('[?mount == `/var/lib/libvirt`].device'))
ansible.builtin.include_tasks:
file: libvirt_dir_mount.yaml
- name: Create the libvirt storage directories
ansible.builtin.file:
path: "{{ item }}"

45
ansible/roles/hypervisor/tasks/libvirt_dir_mount.yaml → ansible/roles/hypervisor/tasks/libvirt_drive_mount.yaml
View File

@ -12,6 +12,8 @@
part_start: 0%
state: present
# TODO disk encryption
- name: Format filesystem
community.general.filesystem:
device: "{{ hypervisor.device }}1"
@ -19,12 +21,24 @@
resizefs: true
state: present
- name: Stop the libvirt service
- name: Get list of services
ansible.builtin.service_facts:
- name: Stop the libvirt services
when: item in ansible_facts.services
ansible.builtin.service:
name: libvirtd
name: "{{ item }}"
state: stopped
loop:
- libvirtd.service
- name: Check if libvirt storage directory exists
ansible.builtin.stat:
path: /var/lib/libvirt/
register: libvirt_storage
- name: Temp mount and copy block
when: libvirt_storage.stat.exists
block:
- name: Temporarily mount hypervisor storage
@ -42,6 +56,17 @@
remote_src: true
mode: preserve
- name: Remove existing libvirt storage
ansible.builtin.file:
path: /var/lib/libvirt/
state: "{{ item }}"
owner: root
group: root
mode: '0775'
loop:
- absent
- directory
always:
- name: Unmount from temporary mount point
@ -49,17 +74,6 @@
path: /mnt/libvirt_temp/
state: absent
- name: Remove existing libvirt storage
ansible.builtin.file:
path: /var/lib/libvirt/
state: "{{ item }}"
owner: root
group: root
mode: '0775'
loop:
- absent
- directory
- name: Mount hypervisor storage
ansible.posix.mount:
path: /var/lib/libvirt/
@ -69,6 +83,9 @@
boot: true
- name: Start the libvirt service
when: item in ansible_facts.services
ansible.builtin.service:
name: libvirtd
name: "{{ item }}"
state: started
loop:
- libvirtd.service

28
ansible/roles/hypervisor/tasks/main.yaml
View File

@ -1,18 +1,32 @@
---
- name: Install libvirt packages (Arch)
when: ansible_os_distribution == 'Archlinux'
- name: Format and mount the libvirt disk if it is not root
when:
- hypervisor.device is defined
- hypervisor.device not in (ansible_mounts | json_query('[?mount == `/var/lib/libvirt`].device'))
ansible.builtin.include_tasks:
file: libvirt_drive_mount.yaml
- name: Install libvirt packages (Archlinux)
when: ansible_distribution == 'Archlinux'
community.general.pacman:
name: "{{ libvirt_packages['Arch'] }}"
name: "{{ libvirt_packages['Archlinux'] }}"
state: present
update_cache: true
- name: Add user to libvirt group
ansible.builtin.user:
name: "{{ ansible_user }}"
groups: libvirt
groups:
- libvirt
- libvirt-qemu
append: true
- name: Load br_netfilter kernel module so sysctl flags can be set
community.general.modprobe:
name: br_netfilter
state: present
- name: Set required sysctl flags for bridging
ansible.posix.sysctl:
name: "{{ item.name }}"
@ -20,7 +34,7 @@
state: present
sysctl_file: /etc/sysctl.d/bridge.conf
sysctl_set: true
value: "{{ item.value }}}}"
value: "{{ item.value }}"
loop:
- name: net.ipv4.ip_forward
value: 1
@ -77,11 +91,11 @@
community.libvirt.virt_pool:
command: facts
- name: Define the standard libvirt storage pools
- name: Define the standard libvirt storage pools # TODO add when condition against existing pools
community.libvirt.virt_pool:
name: "{{ item.name }}"
command: define
xml: "{{ lookup('template', 'dir_pool.xml.j2') }}"
xml: "{{ lookup('template', 'dir_libvirt_pool.xml.j2') }}"
loop:
- name: isos
path: /var/lib/libvirt/isos/