pvc-ansible/roles/pvc/tasks/libvirt/main.yml

117 lines
2.6 KiB
YAML

---
- name: install libvirt packages
apt:
name:
- libvirt-daemon-system
- qemu-kvm
- qemu-utils
- qemu-block-extra
- vhostmd
- ceph-common
- libguestfs-tools
state: present
register: apt_res
retries: 5
until: apt_res is success
- name: add libvirt user to ceph group
user:
name: libvirt-qemu
groups: ceph
append: yes
- name: add admin users to libvirt groups
user:
name: "{{ item.name }}"
groups: kvm,libvirt
append: yes
with_items: "{{ admin_users }}"
- name: install libvirt configurations
template:
src: libvirt/{{ item }}.j2
dest: /etc/libvirt/{{ item }}
with_items:
- libvirtd.conf
- ceph-secret.xml
notify: restart libvirtd
- include: libvirt/bootstrap.yml
when: do_bootstrap is defined and do_bootstrap
run_once: yes
- name: get ceph libvirt secret key
command: ceph auth get-key client.libvirt
register: libvirt_key
- name: define ceph secret
command: virsh secret-define /etc/libvirt/ceph-secret.xml
ignore_errors: true
- name: set ceph libvirt secret value
command: virsh secret-set-value --secret {{ pvc_ceph_storage_secret_uuid }} --base64 {{ libvirt_key.stdout }}
ignore_errors: true
- name: configure libvirt for listening
template:
src: libvirt/libvirtd.default.j2
dest: /etc/default/libvirtd
notify: restart libvirtd
- name: install systemd unit file (override default on Bullseye)
template:
src: libvirt/libvirtd.service.j2
dest: /etc/systemd/system/libvirtd.service
register: systemd
notify: restart libvirtd
- name: reload systemd to apply changes
command: systemctl daemon-reload
when: systemd.changed
- name: create unit override configuration directory
file:
dest: /etc/systemd/system/libvirtd.service.d
state: directory
- name: install libvirt cgroup delegation configuration
template:
src: libvirt/{{ item }}.j2
dest: /etc/systemd/system/libvirtd.service.d/{{ item }}
with_items:
- cgroup-delegation.conf
register: systemd
notify: restart libvirtd
- name: reload systemd to apply changes
command: systemctl daemon-reload
when: systemd.changed
- name: start and enable services (not managed by PVC)
service:
name: "{{ item }}"
state: started
enabled: yes
ignore_errors: yes
with_items:
- vhostmd
- name: start but disable services (managed by PVC)
service:
name: "{{ item }}"
state: started
enabled: no
with_items:
- libvirtd
- name: disable socket services
service:
name: "{{ item }}"
enabled: no
with_items:
- libvirtd.socket
- libvirtd-ro.socket
- libvirtd-admin.socket
- meta: flush_handlers