From dde75d6597d9fc20bf3f87fadba85172638c341e Mon Sep 17 00:00:00 2001 From: Adrien Date: Mon, 8 Oct 2018 19:35:15 +0200 Subject: [PATCH] Externalize role --- TODO.txt | 5 ++ defaults/main.yml | 3 + files/DMZ Publique.xml | 7 ++ files/internet.xml.macvtap | 6 ++ handlers/main.yml | 4 ++ tasks/RedHat.yml | 4 ++ tasks/main.yml | 93 +++++++++++++++++++++++++ templates/CentOS-libvirt-latest.repo.j2 | 18 +++++ templates/kvm.conf.j2 | 12 ++++ templates/networks/default.xml.j2 | 14 ++++ templates/networks/openvswitch.xml.j2 | 21 ++++++ templates/networks/private.xml.j2 | 9 +++ vars/RedHat.yml | 11 +++ 13 files changed, 207 insertions(+) create mode 100644 TODO.txt create mode 100644 defaults/main.yml create mode 100644 files/DMZ Publique.xml create mode 100644 files/internet.xml.macvtap create mode 100644 handlers/main.yml create mode 100644 tasks/RedHat.yml create mode 100644 tasks/main.yml create mode 100644 templates/CentOS-libvirt-latest.repo.j2 create mode 100644 templates/kvm.conf.j2 create mode 100644 templates/networks/default.xml.j2 create mode 100644 templates/networks/openvswitch.xml.j2 create mode 100644 templates/networks/private.xml.j2 create mode 100644 vars/RedHat.yml diff --git a/TODO.txt b/TODO.txt new file mode 100644 index 0000000..fe78060 --- /dev/null +++ b/TODO.txt @@ -0,0 +1,5 @@ +https://blog.scottlowe.org/2012/11/07/using-vlans-with-ovs-and-libvirt/ +http://docs.openvswitch.org/en/latest/howto/libvirt/ +https://libvirt.org/formatnetwork.html +https://stackoverflow.com/questions/30622680/kvm-ovs-bridged-network-how-to-configure + diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..e5e58a6 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- +qemu_default_network_interface: brdefaults + diff --git a/files/DMZ Publique.xml b/files/DMZ Publique.xml new file mode 100644 index 0000000..ca519fd --- /dev/null +++ b/files/DMZ Publique.xml @@ -0,0 +1,7 @@ + + DMZ Publique + + + + + diff --git a/files/internet.xml.macvtap b/files/internet.xml.macvtap new file mode 100644 index 0000000..a5a8057 --- /dev/null +++ b/files/internet.xml.macvtap @@ -0,0 +1,6 @@ + + Bridge Internet + + + + diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..d7c62d5 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: Restart libvirt + service: name="{{ libvirt_service }}" state=restarted + diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml new file mode 100644 index 0000000..164bedf --- /dev/null +++ b/tasks/RedHat.yml @@ -0,0 +1,4 @@ +--- +- name: Define libvirt-latest CentOS repo + template: src=CentOS-libvirt-latest.repo.j2 dest=/etc/yum.repos.d/CentOS-libvirt-latest.repo owner=root group=root mode=0644 + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..0d14353 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,93 @@ +--- +- name: Include vars for {{ ansible_os_family }} + include_vars: "{{ ansible_os_family }}.yml" + +- name: "Ensure system is x86_64" + fail: msg="qemu-kvm requires a 64bit system architecture for now" + when: "ansible_architecture != 'x86_64'" + +- name: "Ensure system is hardware virtualization capability" + fail: msg="qemu-kvm requires hypervisor capability" + when: "ansible_virtualization_type != 'kvm'" + +- name: Include tasks for {{ ansible_os_family }} + include_tasks: "{{ ansible_os_family }}.yml" + +- name: install packages + package: name="{{ libvirt_kvm_packages }}" state=latest update_cache=yes + notify: Restart libvirt + +- name: Allow hypervisor in VM + template: src=kvm.conf.j2 dest=/etc/modprobe.d/kvm.conf owner=root group=root mode=0644 + +- name: Install Openvswitch + include_role: + name: openvswitch +# vars: +# openvswitch_brname: "{{ libvirt_brname }}" + when: + - libvirt_openvswitch == true + notify: Restart openswitch + +#- name: Add Openvswitch bridge +# openvswitch_bridge: +# bridge: '{{ qemu_default_network_interface }}' +# parent: '{{ openvswitch_interface }}' +# state: present + +- name: Enable libvirt deamon + service: name="{{ libvirt_service }}" state=started enabled=yes + +- name: Add defaults networks + virt_net: + command: define + name: '{{ item }}' + xml: '{{ lookup ("template", "networks/{{ item }}.xml.j2") }}' + with_items: + - default + - private + +- name: Enable defaults networks on boot + virt_net: + name: '{{ item }}' + autostart: yes + with_items: + - default + - private + +- name: Activate defaults networks now if it doesn't already up + virt_net: + name: '{{ item }}' + state: active + with_items: + - default + - private + +- name: Add OpenVswitch networks + virt_net: + command: define + name: '{{ item.name }}' + xml: '{{ lookup ("template", "networks/openvswitch.xml.j2") }}' + with_items: + - '{{ virtual_network }}' + when: + - virtual_network is defined + +- name: Activate OpenVSwitch networks now if it doesn't already up + virt_net: + name: '{{ item.name }}' + state: active + with_items: + - '{{ virtual_network }}' + when: + - virtual_network is defined + +- name: Enable OpenVSwitch networks on boot + virt_net: + name: '{{ item.name }}' + autostart: yes + with_items: + - '{{ virtual_network }}' + when: + - virtual_network is defined + diff --git a/templates/CentOS-libvirt-latest.repo.j2 b/templates/CentOS-libvirt-latest.repo.j2 new file mode 100644 index 0000000..30cf681 --- /dev/null +++ b/templates/CentOS-libvirt-latest.repo.j2 @@ -0,0 +1,18 @@ +# CentOS-libvirt-latest.repo +# +# Please see http://wiki.centos.org/SpecialInterestGroup/Virtualization for more +# information + +[centos-libvirt-latest] +name=CentOS-$releasever - Libvirt +baseurl=http://mirror.centos.org/centos/$releasever/virt/$basearch/libvirt-latest/ +gpgcheck=1 +enabled=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization + +[centos-libvirt-latest-test] +name=CentOS-$releasever - Libvirt Testing +baseurl=http://buildlogs.centos.org/centos/$releasever/virt/$basearch/libvirt-latest/ +gpgcheck=0 +enabled=0 + diff --git a/templates/kvm.conf.j2 b/templates/kvm.conf.j2 new file mode 100644 index 0000000..dc00381 --- /dev/null +++ b/templates/kvm.conf.j2 @@ -0,0 +1,12 @@ +# Setting modprobe kvm_intel/kvm_amd nested = 1 +# only enables Nested Virtualization until the next reboot or +# module reload. Uncomment the option applicable +# to your system below to enable the feature permanently. +# +# User changes in this file are preserved across upgrades. +# +# For Intel +options kvm_intel nested=1 +# +# For AMD +options kvm_amd nested=1 diff --git a/templates/networks/default.xml.j2 b/templates/networks/default.xml.j2 new file mode 100644 index 0000000..c76994d --- /dev/null +++ b/templates/networks/default.xml.j2 @@ -0,0 +1,14 @@ + + default + + + + + + + + + + + + diff --git a/templates/networks/openvswitch.xml.j2 b/templates/networks/openvswitch.xml.j2 new file mode 100644 index 0000000..516d5a8 --- /dev/null +++ b/templates/networks/openvswitch.xml.j2 @@ -0,0 +1,21 @@ + + {{ item.name }} + + + + +{% if item.vlan is defined %} +{% if item.vlan|length > 1 %} + +{% else %} + +{% endif %} +{% if item.nativevlan is defined %} + +{% endif %} +{% for tagvlan in item.vlan %} + +{% endfor %} + +{% endif %} + diff --git a/templates/networks/private.xml.j2 b/templates/networks/private.xml.j2 new file mode 100644 index 0000000..6192d44 --- /dev/null +++ b/templates/networks/private.xml.j2 @@ -0,0 +1,9 @@ + + private + + + + + + + diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..e6ddfd5 --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,11 @@ +--- +libvirt_kvm_packages: + - centos-release-qemu-ev + - qemu-kvm-ev + - OVMF + - libvirt-daemon-kvm + - libvirt-python + - python-lxml +# - virt-install +libvirt_service: libvirtd +