Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/stackhpc/ansible-role-libvirt-host

This role configures a host as a Libvirt/KVM hypervisor. It can also configure storage pools and networks on the host.
https://github.com/stackhpc/ansible-role-libvirt-host

Last synced: 4 days ago
JSON representation

This role configures a host as a Libvirt/KVM hypervisor. It can also configure storage pools and networks on the host.

Awesome Lists containing this project

README 

          
Libvirt Host

============



This role configures a host as a Libvirt/KVM hypervisor. It can also configure

storage pools and networks on the host.



Requirements

------------



The host should have Virtualization Technology (VT) enabled.



Role Variables

--------------



`libvirt_host_pools` is a list of pools to define and start. Each item

should be a dict containing the following items:

- `name` The name of the pool.

- `type` The type of the pool, currently only `dir`, `logical` and `rbd` are

  supported. `lvm2` is supported as an alias for `logical`, but this alias is

  deprecated and will be removed in a future release.

- `capacity`  The capacity, in bytes, of the pool. (optional)

- `path` The absolute path to the pool's backing directory.

- `mode` The access mode of the pool. N.B.: This should be specified as an

  integer **without** a leading zero; for example: `mode: 755`. (only `dir`)

- `owner` The owner of the pool. (only `dir`)

- `group` The group of the pool. (only `dir`)

- `source` The name of the volume group (when type is `logical`) or RBD pool

  (when type is `rbd`).

- `pvs` A list of physical volumes the volume group consists of. (only when

  type is `logical`)

- `hosts` The list of the Ceph monitors IPs or hostnames. (only `rbd`)

- `username` The username used for RADOS authentification. (only `rbd`)

- `passphrase` The passphrase used for RADOS authentification. (only `rbd`)



`libvirt_host_networks` is a list of networks to define and start. Each item

should be a dict containing the following items:

- `name` The name of the network.

- `mode` The forwarding mode of the network, `bridge`, `route`, `open` and `nat` are

  supported. Leave empty for a isolated network mode.

- `bridge` The name of the bridge interface for this network.

- `ip` IP address of the virtual bridge, mandatory for `route`, `open` and `nat` mode.

- `netmask` Netmask of the virtual bridge, mandatory for `route`, `open` and `nat` mode.

- `domain` DNS domain name for `route`, `open` and `nat` mode, default to the network

   name (optional).

- `dhcp_start` First IP of the DHCP range in `route` , `open` or `nat` mode (optional).

- `dhcp_end` Last IP of the DHCP range in `route`, `open` or `nat` mode (optional).

- `routes` Optional list of additionals routes defined as following:

  - `address` Address of the route, required.

  - `prefix` Prefix of the route, required.

  - `gateway` Gateway of the route, required.

  - `metric` Metric of the route (optional).

- `ipv6` IPv6 address of the virtual bridge (optional).

- `ipv6_prefix` IPv6 prefix of the virtual bridge (optional).

- `routesv6` Optional list of additionals IPv6 routes defined as following:

  - `address` IPv6 address of the route, required.

  - `prefix` IPv6 previx of the route, required.

  - `gateway` gateway of the route, required.

  - `metric` metric of the route (optional).



`libvirt_host_require_vt` is whether to require that Intel Virtualisation

Technology (VT) is enabled in order to run this role. While this provides

better VM performance, it may not be available in certain environments. The

default value is `true`.



`libvirt_host_arch`: Architecture of the libvirt host. This defaults to

`ansible_facts.architecture`.



`libvirt_host_qemu_emulators`: List of architectures for which to install QEMU

system emulators, e.g.  `x86`. The default value is `['x86']` if



`libvirt_host_require_vt` is `false`, otherwise the default value is an empty

list.



`libvirt_host_enable_efi_support`: Whether to enable EFI support. This defaults

to false as extra packages need to be installed.



`libvirt_host_var_prefix`: This determines The directory under /var/run that libvirt

uses to store state, e.g unix domain sockets, as well as the default name of the

PID file. Override this if you have a conflict with the default socket e.g it

could be in use by the nova_libvirt container. Defaults to `""`.



`libvirt_host_socket_dir`: Where the libvirtd socket is created. Defaults to

`/var/run/{{ libvirt_host_var_prefix }}` if `libvirt_host_var_prefix` is set,

otherwise `""`.



`libvirt_host_pid_path`: Path to PID file which prevents multiple instances of

the daemon from spawning. Defaults to `/var/run/{{ libvirt_host_var_prefix }}.pid`

if `libvirt_host_var_prefix` is set, otherwise `""`.



`libvirt_host_libvirtd_args`: Command line arguments passed to libvirtd by the

init system when libvirtd is started - quotes will be added



`libvirt_host_uri`: The libvirt connnection URI. Defaults to

`qemu+unix:///system?socket={{ libvirt_host_socket_dir }}/libvirt-sock` if

`libvirt_host_var_prefix` is set, otherwise `""`. If set to a falsey value,

an explicit connection URI will not be set when calling virsh or any of

the virt_ ansible modules.



`libvirt_host_python3`: Whether the python3 version of the libvirt python

bindings should be installed. If `false`, the python 2 bindings will be

installed.



`libvirt_host_install_daemon`: Whether to install and enable the libvirt

daemon. Default is `true`.



`libvirt_host_install_client`: Whether to install and enable the libvirt

client. Default is `true`.



`libvirt_host_extra_daemon_packages`: List of additional packages to install on

libvirt daemon hosts.



`libvirt_host_extra_client_packages`: List of additional packages to install on

libvirt client hosts.



`libvirt_host_libvirtd_conf_enabled`: Whether to configure `libvirtd.conf`.

Default is `true`.



`libvirt_host_libvirtd_conf`: Configuration for `libvirtd.conf`. Dict mapping

option names to values. Default is an empty dict.



`libvirt_host_qemu_conf_enabled`: Whether to configure `qemu.conf`. Default is

`true`.



`libvirt_host_qemu_conf`: Configuration for `qemu.conf`. Dict mapping option

names to values. Default is an empty dict.



`libvirt_host_enable_sasl_support`: Whether to enable SASL authentication

support. Default is `false`.



`libvirt_host_sasl_conf_enabled`: Whether to configure SASL authentication

(`/etc/sasl2/libvirt.conf`). Default is the same as

`libvirt_host_enable_sasl_support`.



`libvirt_host_sasl_conf`: Configuration for SASL authentication

(`/etc/sasl2/libvirt.conf`). String.



`libvirt_host_sasl_mech_list`: List of enabled libvirt SASL authentication

mechanisms. Default is `["SCRAM-SHA-256"]` when `libvirt_host_tls_listen` is

`true`, otherwise `["DIGEST-MD5"]`.



`libvirt_host_sasl_credentials`: List of SASL authentication credentials to

create.  Each item is a dict containing `username` and `password` items.

Default is a single item list containing `libvirt_host_sasl_authname` and

`libvirt_host_sasl_password`.



`libvirt_host_sasl_authname`: Username for SASL authentication. Default is

`libvirt`.



`libvirt_host_sasl_password`: Password for SASL authentication. Default is

unset.



`libvirt_host_sasl_auth_conf_enabled`: Whether to configure SASL authentication

credentials (`/etc/libvirt/auth.conf`). Default is the same as

`libvirt_host_enable_sasl_support`.



`libvirt_host_sasl_auth_conf`: Configuration for SASL authentication

credentials (`/etc/libvirt/auth.conf`). String.



`libvirt_host_sasl_auth_conf_filename`: Name of file to write SASL

authentication credentials to. Default is `"/etc/libvirt/auth.conf"`.



`libvirt_host_sasl_auth_conf_owner`: Owner of file to write SASL

authentication credentials to. Default is `"root"`.



`libvirt_host_sasl_auth_conf_group`: Group of file to write SASL

authentication credentials to. Default is `"root"`.



`libvirt_host_sasl_auth_conf_mode`: Mode of file to write SASL

authentication credentials to. Default is `"0600"`.



`libvirt_host_tcp_listen`: Whether to enable the systemd TCP socket unit.

Default is `false`.



`libvirt_host_tcp_listen_address`: Systemd TCP socket ListenStream. See man

systemd.socket for format. Default is unset.



`libvirt_host_tls_listen`: Whether to enable the systemd TLS socket unit.

Default is `false`.



`libvirt_host_tls_listen_address`: Systemd TLS socket ListenStream. See man

systemd.socket for format. Default is unset.



`libvirt_host_tls_server_cert`: TLS server certificate. Default is unset.



`libvirt_host_tls_server_key`: TLS server key. Default is unset.



`libvirt_host_tls_client_cert`: TLS client certificate. Default is unset.



`libvirt_host_tls_client_key`: TLS client key. Default is unset.



`libvirt_host_tls_cacert`: TLS CA certificate. Default is unset.



`libvirt_host_qemu_tls_enabled`: Encrypt communication between QEMU instances using TLS.

Default is `false`.



`libvirt_host_qemu_tls_server_cert`: TLS server certificate. Default is `libvirt_host_tls_server_cert`.



`libvirt_host_qemu_tls_server_key`: TLS server key. Default is `libvirt_host_tls_server_key`.



`libvirt_host_qemu_tls_client_cert`: TLS client certificate. Default is `libvirt_host_tls_client_cert`.



`libvirt_host_qemu_tls_client_key`: TLS client key. Default is `libvirt_host_tls_client_key`.



`libvirt_host_qemu_tls_cacert`:  TLS CA certificate. Default is `libvirt_host_tls_cacert`.



`libvirt_host_qemu_user`: The user that QEMU runs as. This will be used for TLS file ownership

Default is `libvirt-qemu`.



`libvirt_host_qemu_group`: The group that the QEMU user belongs to. This will be used for TLS file ownership.

Default is `libvirt-qemu`.



`libvirt_host_vnc_tls_enabled`: Encrypt VNC traffic using TLS. Default is `false`.



`libvirt_host_vnc_tls_server_cert`: TLS server certificate. Default is `libvirt_host_tls_server_cert`.



`libvirt_host_vnc_tls_server_key`: TLS server key. Default is `libvirt_host_tls_server_key`.



`libvirt_host_vnc_tls_cacert`: TLS CA certificate. Default is `libvirt_host_tls_cacert`.



`libvirt_host_configure_apparmor`: Whether to configure AppArmor for directory

storage pools.



Dependencies

------------



None



Example Playbook

----------------



    ---

    - name: Ensure that Libvirt is configured

      hosts: all

      roles:

        - role: stackhpc.libvirt-host

          libvirt_host_pools:

            - name: my-pool

              type: dir

              capacity: 1024

              path: /path/to/pool

              mode: 755

              owner: my-user

              group: my-group

            - name: lvm_pool

              type: logical

              source: vg1

              target: /dev/vg1

              pvs:

                - /dev/sda3

            - name: rbd-pool

              type: rbd

              source: rbd

              hosts:

                - 192.168.42.200

                - 192.168.42.204

                - 192.168.42.208

              username: admin

              passphrase: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx



          libvirt_host_networks:

            - name: br-example

              mode: bridge

              bridge: br-example

            - name: brnat-example

              mode: nat

              bridge: brnat-example

              domain: example.local

              ip: 192.168.133.254

              netmask: 255.255.255.0

              dhcp_start: 192.168.133.100

              dhcp_end: 192.168.133.200



Author Information

------------------



- Mark Goddard ()