pvc-ansible/roles/pvc/tasks/libvirt/main.yml

---
- name: install libvirt packages
  apt:
    name:
      - libvirt-daemon-system
      - qemu-kvm
      - qemu-utils
      - qemu-block-extra
      - vhostmd
      - ceph-common
      - libguestfs-tools
    state: latest

- name: add libvirt user to ceph group
  user:
    name: libvirt-qemu
    groups: ceph
    append: yes

- name: add admin users to libvirt groups
  user:
    name: "{{ item.name }}"
    groups: kvm,libvirt
    append: yes
  with_items: "{{ admin_users }}"

- name: install libvirt configurations
  template:
    src: libvirt/{{ item }}.j2
    dest: /etc/libvirt/{{ item }}
  with_items:
    - libvirtd.conf
    - ceph-secret.xml
  notify: restart libvirtd

- include: libvirt/bootstrap.yml
  when: bootstrap is defined and bootstrap
  run_once: yes

- name: get ceph libvirt secret key
  command: ceph auth get-key client.libvirt
  register: libvirt_key

- name: define ceph secret
  command: virsh secret-define /etc/libvirt/ceph-secret.xml
  ignore_errors: true

- name: set ceph libvirt secret value
  command: virsh secret-set-value --secret {{ pvc_ceph_storage_secret_uuid }} --base64 {{ libvirt_key.stdout }}
  ignore_errors: true

- name: configure libvirt for listening
  template:
    src: libvirt/libvirtd.default.j2
    dest: /etc/default/libvirtd
  notify: restart libvirtd

- name: install systemd unit file (override default on Bullseye)
  template:
    src: libvirt/libvirtd.service.j2
    dest: /etc/systemd/system/libvirtd.service
  register: systemd
  notify: restart libvirtd

- name: reload systemd to apply changes
  command: systemctl daemon-reload
  when: systemd.changed

- name: create unit override configuration directory
  file:
    dest: /etc/systemd/system/libvirtd.service.d
    state: directory

- name: install libvirt cgroup delegation configuration
  template:
    src: libvirt/{{ item }}.j2
    dest: /etc/systemd/system/libvirtd.service.d/{{ item }}
  with_items:
    - cgroup-delegation.conf
  register: systemd
  notify: restart libvirtd

- name: reload systemd to apply changes
  command: systemctl daemon-reload
  when: systemd.changed

- name: start and enable services (not managed by PVC)
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  with_items:
    - vhostmd

- name: start but disable services (managed by PVC)
  service:
    name: "{{ item }}"
    state: started
    enabled: no
  with_items:
    - libvirtd

- meta: flush_handlers