Externalize role

2018-10-08 19:35:15 +02:00 · 2018-10-08 19:35:15 +02:00 · dde75d6597
commit dde75d6597
13 changed files with 207 additions and 0 deletions
--- a/TODO.txt
+++ b/TODO.txt
@ -0,0 +1,5 @@
+https://blog.scottlowe.org/2012/11/07/using-vlans-with-ovs-and-libvirt/
+http://docs.openvswitch.org/en/latest/howto/libvirt/
+https://libvirt.org/formatnetwork.html
+https://stackoverflow.com/questions/30622680/kvm-ovs-bridged-network-how-to-configure
+
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,3 @@
+---
+qemu_default_network_interface: brdefaults
+
--- a/Publique.xml
+++ b/Publique.xml
@ -0,0 +1,7 @@
+<network>
+  <name>DMZ Publique</name>
+  <forward mode='route'/>
+  <bridge name='virbr1' stp='on' delay='0' />
+  <ip address='88.190.204.174' netmask='255.255.255.240'>
+  </ip>
+</network>
--- a/files/internet.xml.macvtap
+++ b/files/internet.xml.macvtap
@ -0,0 +1,6 @@
+<network>
+  <name>Bridge Internet</name>
+  <forward mode="bridge">
+    <interface dev="eth0"/>
+  </forward>
+</network>
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,4 @@
+---
+- name: Restart libvirt
+  service: name="{{ libvirt_service }}" state=restarted
+
--- a/tasks/RedHat.yml
+++ b/tasks/RedHat.yml
@ -0,0 +1,4 @@
+---
+- name: Define libvirt-latest CentOS repo
+  template: src=CentOS-libvirt-latest.repo.j2 dest=/etc/yum.repos.d/CentOS-libvirt-latest.repo owner=root group=root mode=0644
+
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,93 @@
+---
+- name: Include vars for {{ ansible_os_family }}
+  include_vars: "{{ ansible_os_family }}.yml"
+
+- name: "Ensure system is x86_64"
+  fail: msg="qemu-kvm requires a 64bit system architecture for now"
+  when: "ansible_architecture != 'x86_64'"
+
+- name: "Ensure system is hardware virtualization capability"
+  fail: msg="qemu-kvm requires hypervisor capability"
+  when: "ansible_virtualization_type != 'kvm'"
+
+- name: Include tasks for {{ ansible_os_family }}
+  include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: install packages
+  package: name="{{ libvirt_kvm_packages }}" state=latest update_cache=yes
+  notify: Restart libvirt
+
+- name: Allow hypervisor in VM
+  template: src=kvm.conf.j2 dest=/etc/modprobe.d/kvm.conf owner=root group=root mode=0644
+
+- name: Install Openvswitch
+  include_role:
+    name: openvswitch
+#  vars:
+#    openvswitch_brname: "{{ libvirt_brname }}"
+  when:
+    - libvirt_openvswitch == true
+  notify: Restart openswitch
+
+#- name: Add Openvswitch bridge
+#  openvswitch_bridge:
+#    bridge: '{{ qemu_default_network_interface }}'
+#    parent: '{{ openvswitch_interface }}'
+#    state: present
+
+- name: Enable libvirt deamon
+  service: name="{{ libvirt_service }}" state=started enabled=yes
+
+- name: Add defaults networks
+  virt_net:
+    command: define
+    name: '{{ item }}'
+    xml: '{{ lookup ("template", "networks/{{ item }}.xml.j2") }}'
+  with_items:
+    - default
+    - private
+
+- name: Enable defaults networks on boot
+  virt_net:
+    name: '{{ item }}'
+    autostart: yes
+  with_items:
+    - default
+    - private
+
+- name: Activate defaults networks now if it doesn't already up
+  virt_net:
+    name: '{{ item }}'
+    state: active
+  with_items:
+    - default
+    - private
+
+- name: Add OpenVswitch networks
+  virt_net:
+    command: define
+    name: '{{ item.name }}'
+    xml: '{{ lookup ("template", "networks/openvswitch.xml.j2") }}'
+  with_items:
+    - '{{ virtual_network }}'
+  when:
+    - virtual_network is defined
+
+- name: Activate OpenVSwitch networks now if it doesn't already up
+  virt_net:
+    name: '{{ item.name }}'
+    state: active
+  with_items:
+    - '{{ virtual_network }}'
+  when:
+    - virtual_network is defined
+
+- name: Enable OpenVSwitch networks on boot
+  virt_net:
+    name: '{{ item.name }}'
+    autostart: yes
+  with_items:
+    - '{{ virtual_network }}'
+  when:
+    - virtual_network is defined
+
--- a/templates/CentOS-libvirt-latest.repo.j2
+++ b/templates/CentOS-libvirt-latest.repo.j2
@ -0,0 +1,18 @@
+# CentOS-libvirt-latest.repo
+#
+# Please see http://wiki.centos.org/SpecialInterestGroup/Virtualization for more
+# information
+
+[centos-libvirt-latest]
+name=CentOS-$releasever - Libvirt
+baseurl=http://mirror.centos.org/centos/$releasever/virt/$basearch/libvirt-latest/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization
+
+[centos-libvirt-latest-test]
+name=CentOS-$releasever - Libvirt Testing
+baseurl=http://buildlogs.centos.org/centos/$releasever/virt/$basearch/libvirt-latest/
+gpgcheck=0
+enabled=0
+
--- a/templates/kvm.conf.j2
+++ b/templates/kvm.conf.j2
@ -0,0 +1,12 @@
+# Setting modprobe kvm_intel/kvm_amd nested = 1
+# only enables Nested Virtualization until the next reboot or
+# module reload. Uncomment the option applicable
+# to your system below to enable the feature permanently.
+#
+# User changes in this file are preserved across upgrades.
+#
+# For Intel
+options kvm_intel nested=1
+#
+# For AMD
+options kvm_amd nested=1
--- a/templates/networks/default.xml.j2
+++ b/templates/networks/default.xml.j2
@ -0,0 +1,14 @@
+<network>
+  <name>default</name>
+  <forward mode='nat'>
+    <nat>
+      <port start='1024' end='65535'/>
+    </nat>
+  </forward>
+  <bridge name="virbr0" stp='on' delay='0'/>
+  <ip address='192.168.122.1' netmask='255.255.255.0'>
+    <dhcp>
+      <range start="192.168.122.128" end="192.168.122.254"/>
+    </dhcp>
+  </ip>
+</network>
--- a/templates/networks/openvswitch.xml.j2
+++ b/templates/networks/openvswitch.xml.j2
@ -0,0 +1,21 @@
+<network>
+  <name>{{ item.name }}</name>
+  <forward mode='bridge'/>
+  <bridge name='{{ item.bridgename }}'/>
+  <virtualport type='openvswitch'>
+  </virtualport>
+{% if item.vlan is defined %}
+{% if item.vlan|length > 1 %}
+  <vlan trunk='yes'>
+{% else %}
+  <vlan>
+{% endif %}
+{% if item.nativevlan is defined %}
+    <tag id='{{ item.nativevlan }}' nativeMode='untagged'/>
+{% endif %}
+{% for tagvlan in item.vlan %}
+    <tag id='{{ tagvlan }}'/>
+{% endfor %}
+  </vlan>
+{% endif %}
+</network>
--- a/templates/networks/private.xml.j2
+++ b/templates/networks/private.xml.j2
@ -0,0 +1,9 @@
+<network>
+  <name>private</name>
+  <bridge name="virbr2"/>
+  <ip address="192.168.152.1" netmask="255.255.255.0">
+    <dhcp>
+      <range start="192.168.152.128" end="192.168.152.254"/>
+    </dhcp>
+  </ip>
+</network>
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@ -0,0 +1,11 @@
+---
+libvirt_kvm_packages:
+  - centos-release-qemu-ev
+  - qemu-kvm-ev
+  - OVMF
+  - libvirt-daemon-kvm
+  - libvirt-python
+  - python-lxml
+#  - virt-install
+libvirt_service: libvirtd
+