pvc-ansible/roles/pvc/tasks/libvirt/main.yml

---
- name: install libvirt packages
  apt:
    name:
      - libvirt-daemon-system
      - qemu-kvm
      - qemu-utils
      - qemu-block-extra
      - vhostmd
      - ceph-common
      - libguestfs-tools
    state: present
  register: apt_res
  retries: 5
  until: apt_res is success

- name: install Prometheus libvirt exporter if enabled (Debian 11+)
  apt:
    name:
      - prometheus-libvirt-exporter
  register: apt_res
  retries: 5
  until: apt_res is success
  when: enable_prometheus_exporters is defined and enable_prometheus_exporters and debian_version|int >= 11

- name: add libvirt user to ceph group
  user:
    name: libvirt-qemu
    groups: ceph
    append: yes

- name: add admin users to libvirt groups
  user:
    name: "{{ item.name }}"
    groups: kvm,libvirt
    append: yes
  with_items: "{{ admin_users }}"

- name: install libvirt configurations
  template:
    src: libvirt/{{ item }}.j2
    dest: /etc/libvirt/{{ item }}
  with_items:
    - libvirtd.conf
    - ceph-secret.xml
  notify: restart libvirtd

- include: libvirt/bootstrap.yml
  when: do_bootstrap is defined and do_bootstrap
  run_once: yes

- name: get ceph libvirt secret key
  command: ceph auth get-key client.libvirt
  register: libvirt_key

- name: define ceph secret
  command: virsh secret-define /etc/libvirt/ceph-secret.xml
  ignore_errors: true

- name: set ceph libvirt secret value
  command: virsh secret-set-value --secret {{ pvc_ceph_storage_secret_uuid }} --base64 {{ libvirt_key.stdout }}
  ignore_errors: true

- name: configure libvirt for listening
  template:
    src: libvirt/libvirtd.default.j2
    dest: /etc/default/libvirtd
  notify: restart libvirtd

- name: install systemd unit file (override default on Bullseye)
  template:
    src: libvirt/libvirtd.service.j2
    dest: /etc/systemd/system/libvirtd.service
  register: systemd
  notify: restart libvirtd

- name: reload systemd to apply changes
  command: systemctl daemon-reload
  when: systemd.changed

- name: create unit override configuration directory
  file:
    dest: /etc/systemd/system/libvirtd.service.d
    state: directory

- name: install libvirt cgroup delegation configuration
  template:
    src: libvirt/{{ item }}.j2
    dest: /etc/systemd/system/libvirtd.service.d/{{ item }}
  with_items:
    - cgroup-delegation.conf
  register: systemd
  notify: restart libvirtd

- name: reload systemd to apply changes
  command: systemctl daemon-reload
  when: systemd.changed

- name: start and enable services (not managed by PVC)
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  ignore_errors: yes
  with_items:
    - vhostmd

- name: start but disable services (managed by PVC)
  service:
    name: "{{ item }}"
    state: started
    enabled: no
  with_items:
    - libvirtd

- name: disable socket services
  service:
    name: "{{ item }}"
    enabled: no
  with_items:
    - libvirtd.socket
    - libvirtd-ro.socket
    - libvirtd-admin.socket
  ignore_errors: yes

- meta: flush_handlers
Initial commit of PVC Ansible role 2023-09-01 15:42:19 -04:00			`---`
			`- name: install libvirt packages`
			`apt:`
			`name:`
			`- libvirt-daemon-system`
			`- qemu-kvm`
			`- qemu-utils`
			`- qemu-block-extra`
			`- vhostmd`
			`- ceph-common`
Add libguestfs-tools to libvirt role deps 2023-09-01 15:42:25 -04:00			`- libguestfs-tools`
Don't set "latest" for libvirt packages Avoids errors during runs before upgrades. 2023-10-11 13:18:05 -04:00			`state: present`
Add retries to all apt commands 2023-09-01 15:42:30 -04:00			`register: apt_res`
			`retries: 5`
			`until: apt_res is success`
Initial commit of PVC Ansible role 2023-09-01 15:42:19 -04:00
Only install libvirt exporter on Debian 11+ 2023-12-27 13:57:21 -05:00			`- name: install Prometheus libvirt exporter if enabled (Debian 11+)`
Add Libvirt Prometheus exporter 2023-12-10 01:42:09 -05:00			`apt:`
			`name:`
			`- prometheus-libvirt-exporter`
			`register: apt_res`
			`retries: 5`
			`until: apt_res is success`
Only install libvirt exporter on Debian 11+ 2023-12-27 13:57:21 -05:00			`when: enable_prometheus_exporters is defined and enable_prometheus_exporters and debian_version\|int >= 11`
Add Libvirt Prometheus exporter 2023-12-10 01:42:09 -05:00
Correct bug with libvirt permissions 2023-09-01 15:42:20 -04:00			`- name: add libvirt user to ceph group`
			`user:`
			`name: libvirt-qemu`
			`groups: ceph`
			`append: yes`

Ensure Admin users are in additional groups 2023-09-01 15:42:28 -04:00			`- name: add admin users to libvirt groups`
			`user:`
			`name: "{{ item.name }}"`
			`groups: kvm,libvirt`
			`append: yes`
			`with_items: "{{ admin_users }}"`

Add cgroup delegation override Required to solve the occasional libvirt: QEMU Driver error : Requested operation is not valid: cgroup CPUACCT controller is not mounted problem, as per: https://answers.launchpad.net/ubuntu/+question/665132 2023-09-01 15:42:28 -04:00			`- name: install libvirt configurations`
Initial commit of PVC Ansible role 2023-09-01 15:42:19 -04:00			`template:`
			`src: libvirt/{{ item }}.j2`
			`dest: /etc/libvirt/{{ item }}`
			`with_items:`
			`- libvirtd.conf`
			`- ceph-secret.xml`
			`notify: restart libvirtd`

Reorganize and rejigger 2023-09-01 15:42:19 -04:00			`- include: libvirt/bootstrap.yml`
Adjust name of bootstrap trigger variable The PVC bootstrap framework overrides this variable and wreaks havoc on it. Instead adjust our side so that it looks for do_bootstrap instead. 2023-09-01 15:42:29 -04:00			`when: do_bootstrap is defined and do_bootstrap`
Reorganize and rejigger 2023-09-01 15:42:19 -04:00			`run_once: yes`

Improve libvirt key handling 2023-09-01 15:42:19 -04:00			`- name: get ceph libvirt secret key`
			`command: ceph auth get-key client.libvirt`
			`register: libvirt_key`

Initial commit of PVC Ansible role 2023-09-01 15:42:19 -04:00			`- name: define ceph secret`
			`command: virsh secret-define /etc/libvirt/ceph-secret.xml`
			`ignore_errors: true`

Improve libvirt key handling 2023-09-01 15:42:19 -04:00			`- name: set ceph libvirt secret value`
Define secret key properly 2023-09-01 15:42:19 -04:00			`command: virsh secret-set-value --secret {{ pvc_ceph_storage_secret_uuid }} --base64 {{ libvirt_key.stdout }}`
Initial commit of PVC Ansible role 2023-09-01 15:42:19 -04:00			`ignore_errors: true`

			`- name: configure libvirt for listening`
Convert default libvirtd to template 2023-09-01 15:42:28 -04:00			`template:`
			`src: libvirt/libvirtd.default.j2`
Initial commit of PVC Ansible role 2023-09-01 15:42:19 -04:00			`dest: /etc/default/libvirtd`
			`notify: restart libvirtd`

Add override custom libvirtd.service unit This has no functional change on Buster, but on Bullseye this overrides the stupid socket-based activation shenanigans that the default unit tries to do, as well as the breaking replacement of the /etc/default/libvirt variable names. 2023-09-01 15:42:26 -04:00			`- name: install systemd unit file (override default on Bullseye)`
			`template:`
			`src: libvirt/libvirtd.service.j2`
			`dest: /etc/systemd/system/libvirtd.service`
			`register: systemd`
Ensure libvirtd restarts when unit changes 2023-09-01 15:42:26 -04:00			`notify: restart libvirtd`
Add override custom libvirtd.service unit This has no functional change on Buster, but on Bullseye this overrides the stupid socket-based activation shenanigans that the default unit tries to do, as well as the breaking replacement of the /etc/default/libvirt variable names. 2023-09-01 15:42:26 -04:00
			`- name: reload systemd to apply changes`
			`command: systemctl daemon-reload`
			`when: systemd.changed`

Add cgroup delegation override Required to solve the occasional libvirt: QEMU Driver error : Requested operation is not valid: cgroup CPUACCT controller is not mounted problem, as per: https://answers.launchpad.net/ubuntu/+question/665132 2023-09-01 15:42:28 -04:00			`- name: create unit override configuration directory`
			`file:`
			`dest: /etc/systemd/system/libvirtd.service.d`
			`state: directory`

			`- name: install libvirt cgroup delegation configuration`
			`template:`
			`src: libvirt/{{ item }}.j2`
			`dest: /etc/systemd/system/libvirtd.service.d/{{ item }}`
			`with_items:`
			`- cgroup-delegation.conf`
			`register: systemd`
			`notify: restart libvirtd`

			`- name: reload systemd to apply changes`
			`command: systemctl daemon-reload`
			`when: systemd.changed`

Add override custom libvirtd.service unit This has no functional change on Buster, but on Bullseye this overrides the stupid socket-based activation shenanigans that the default unit tries to do, as well as the breaking replacement of the /etc/default/libvirt variable names. 2023-09-01 15:42:26 -04:00			`- name: start and enable services (not managed by PVC)`
Enable and start vhostmd service 2023-09-01 15:42:22 -04:00			`service:`
			`name: "{{ item }}"`
			`state: started`
Add override custom libvirtd.service unit This has no functional change on Buster, but on Bullseye this overrides the stupid socket-based activation shenanigans that the default unit tries to do, as well as the breaking replacement of the /etc/default/libvirt variable names. 2023-09-01 15:42:26 -04:00			`enabled: yes`
Ignore errors enabling vhostmd Seems to cause issues in bookworm. 2023-09-01 15:42:30 -04:00			`ignore_errors: yes`
Enable and start vhostmd service 2023-09-01 15:42:22 -04:00			`with_items:`
			`- vhostmd`

Add override custom libvirtd.service unit This has no functional change on Buster, but on Bullseye this overrides the stupid socket-based activation shenanigans that the default unit tries to do, as well as the breaking replacement of the /etc/default/libvirt variable names. 2023-09-01 15:42:26 -04:00			`- name: start but disable services (managed by PVC)`
Initial commit of PVC Ansible role 2023-09-01 15:42:19 -04:00			`service:`
			`name: "{{ item }}"`
Add override custom libvirtd.service unit This has no functional change on Buster, but on Bullseye this overrides the stupid socket-based activation shenanigans that the default unit tries to do, as well as the breaking replacement of the /etc/default/libvirt variable names. 2023-09-01 15:42:26 -04:00			`state: started`
Initial commit of PVC Ansible role 2023-09-01 15:42:19 -04:00			`enabled: no`
			`with_items:`
			`- libvirtd`
Reorganize and rejigger 2023-09-01 15:42:19 -04:00
Disable failing socket services 2023-11-03 12:10:19 -04:00			`- name: disable socket services`
			`service:`
			`name: "{{ item }}"`
			`enabled: no`
			`with_items:`
			`- libvirtd.socket`
			`- libvirtd-ro.socket`
			`- libvirtd-admin.socket`
Ignore errors when disabling sockets 2023-12-27 15:35:17 -05:00			`ignore_errors: yes`
Disable failing socket services 2023-11-03 12:10:19 -04:00
Reorganize and rejigger 2023-09-01 15:42:19 -04:00			`- meta: flush_handlers`