From 379aea1c3698a6d637682183136ebb95500ce9b4 Mon Sep 17 00:00:00 2001
From: Bodo Schulz <bodo@boone-schulz.de>
Date: Mon, 9 May 2022 06:16:29 +0200
Subject: [PATCH] small changes

---
 README.md                                 | 224 ++++++++++++++++++++++
 defaults/main.yml                         |  45 +----
 tasks/configure.yml                       |  26 +--
 tasks/configure/libvirt_networks.yml      |  26 ++-
 tasks/configure/libvirt_storage_pools.yml |  12 +-
 tasks/install.yml                         |   2 +
 tasks/prepare.yml                         |  12 +-
 7 files changed, 278 insertions(+), 69 deletions(-)

diff --git a/README.md b/README.md
index e69de29..dc9cf0d 100644
--- a/README.md
+++ b/README.md
@@ -0,0 +1,224 @@
+
+# Ansible Role:  `libvirt`
+
+This role configures a host as a [Libvirt/KVM](https://libvirt.org) hypervisor.
+
+It can also configure storage pools and networks on the host.
+
+[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/bodsch/ansible-libvirt/CI)][ci]
+[![GitHub issues](https://img.shields.io/github/issues/bodsch/ansible-libvirt)][issues]
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/bodsch/ansible-libvirt)][releases]
+
+[ci]: https://github.com/bodsch/ansible-libvirt/actions
+[issues]: https://github.com/bodsch/ansible-libvirt/issues?q=is%3Aopen+is%3Aissue
+[releases]: https://github.com/bodsch/ansible-libvirt/releases
+
+
+
+## Supported (tested) Operating systems
+
+Tested on
+
+* Arch Linux
+* Debian based
+    - Debian 10 / 11
+    - Ubuntu 20.10
+
+
+## Contribution
+
+Please read [Contribution](CONTRIBUTING.md)
+
+## Development,  Branches (Git Tags)
+
+The `master` Branch is my *Working Horse* includes the "latest, hot shit" and can be complete broken!
+
+If you want to use something stable, please use a [Tagged Version](https://github.com/bodsch/ansible-prometheus/tags)!
+
+
+## Configuration
+
+```yaml
+libvirt_libvirtd: {}
+
+libvirt_qemu: {}
+
+libvirt_virtual_networks: []
+
+libvirt_storage_pools: []
+```
+
+### `libvirt_libvirtd`
+
+```yaml
+libvirt_libvirtd:
+  # - network
+  enable_tls: false
+  enable_tcp: false
+  tls_port: 16514
+  tcp_port: 16509
+  listen_addr: "127.0.0.1"
+  enable_mdns: false
+  # - socket
+  unix_sock_group: "libvirt"
+  unix_sock_ro_perms: ""  # 0777
+  unix_sock_rw_perms: ""  # 0770
+  unix_sock_admin_perms: ""  # 0770
+  unix_sock_dir: "/run/libvirt"
+  # - authentication
+  #   - none
+  #   - sasl
+  #   - polkit
+  auth_unix_ro: ""
+  auth_unix_rw: ""
+  # auth_tcp = "sasl"
+  # auth_tls = "none"
+  # tcp_min_ssf = 112
+  # access_drivers = [ "polkit" ]
+  # - TLS x509 certificate configuration
+  # key_file = "/etc/pki/libvirt/private/serverkey.pem"
+  # cert_file = "/etc/pki/libvirt/servercert.pem"
+  # ca_file = "/etc/pki/CA/cacert.pem"
+  # crl_file = "/etc/pki/CA/crl.pem"
+  # - Authorization controls
+  # tls_no_sanity_certificate = 1
+  # tls_no_verify_certificate = 1
+  # tls_allowed_dn_list = ["DN1", "DN2"]
+  # tls_priority="NORMAL"
+  # sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
+  # - Processing controls
+  max_clients: 5000              # 5000
+  max_queued_clients: 1000       # 1000
+  max_anonymous_clients: 20      # 20
+  min_workers: 5                 # 5
+  max_workers: 20                # 20
+  prio_workers: 5                # 5
+  max_requests: ""               # ?
+  max_client_requests: 5         # 5
+  admin_min_workers: 1           # 1
+  admin_max_workers: 5           # 5
+  admin_max_clients: 5           # 5
+  admin_max_queued_clients: 5    # 5
+  admin_max_client_requests: 5   # 5
+  # - Logging controls
+  #    1: DEBUG
+  #    2: INFO
+  #    3: WARNING
+  #    4: ERROR
+  log_level: 3
+  log_filters: []
+  #   - 3:remote
+  #   - 4:event
+  #   - 4:json
+  # ="1:qemu 1:libvirt 4:object 4:json 4:event 1:util"
+  # Logging outputs:
+  # An output is one of the places to save logging information
+  # The format for an output can be:
+  #    level:stderr
+  #      output goes to stderr
+  #    level:syslog:name
+  #      use syslog for the output and use the given name as the ident
+  #    level:file:file_path
+  #      output to a file, with the given filepath
+  #    level:journald
+  #      output to journald logging system
+  # In all cases 'level' is the minimal priority, acting as a filter
+  #    1: DEBUG
+  #    2: INFO
+  #    3: WARNING
+  #    4: ERROR
+  log_outputs: []
+  #   - "3:syslog:libvirtd"
+  #   - "4:livirtd.log:/var/log/libvirt"
+  #   - "3:syslog:libvirtd"
+  # - auditing                    #
+  #   audit_level == 0  -> disable all auditing
+  #   audit_level == 1  -> enable auditing, only if enabled on host (default)
+  #   audit_level == 2  -> enable auditing, and exit if disabled on host
+  #
+  audit_level: 1
+  #
+  # If set to 1, then audit messages will also be sent
+  # via libvirt logging infrastructure. Defaults to 0
+  #
+  audit_logging: false
+  # - UUID of the host
+  # host_uuid = "00000000-0000-0000-0000-000000000000"
+  # host_uuid_source = "smbios"
+  # - Keepalive protocol          #
+  keepalive_interval: ""          # 5
+  keepalive_count: ""             # 5
+  admin_keepalive_interval: ""    # 5
+  admin_keepalive_count: ""       # 5
+  # - Open vSwitch
+  ovs_timeout: ""                 # 5
+```
+
+### `libvirt_qemu`
+
+The default security driver is SELinux.
+If SELinux is disabled on the host, then the security driver will automatically disable itself.
+If you wish to disable QEMU SELinux security driver while leaving SELinux enabled for the host in general,
+then set this to `none` instead.
+It's also possible to use more than one security driver at the same time, for this use a list of names:
+
+```yaml
+  security_driver:
+    - selinux
+    - apparmor
+```
+
+Notes: The DAC security driver is always enabled; as a result, the value of `security_driver` cannot
+contain "dac".
+The value `none` is a special value; security_driver can be set to that value in isolation, but it cannot appear in a list of drivers.
+
+```yaml
+libvirt_qemu:
+  security_drivers:
+    - apparmor
+```
+
+### `libvirt_virtual_networks`
+
+`libvirt_virtual_networks` is a list of networks to define and start.
+
+```yaml
+libvirt_virtual_networks:
+  - name: ovs-network
+    mode: bridge
+    bridge_name: br0
+    autostart: true
+    # active, inactive, present and absent
+    state: active
+```
+
+### `libvirt_storage_pools`
+
+`libvirt_storage_pools` is a list of storage pools to define and start.
+
+generate a simple used XML file unter `/etc/libvirt/storage`.
+
+[upstream doku](https://libvirt.org/formatstorage.html)
+
+```yaml
+libvirt_storage_pools:
+  - name: filesystems
+    path: /var/lib/libvirt/filesystems/
+    autostart: true
+    state: active
+  - name: lxc
+    path: /var/lib/libvirt/lxc
+    autostart: true
+    state: active
+```
+
+## Author and License
+
+- Bodo Schulz
+
+## License
+
+[Apache](LICENSE)
+
+`FREE SOFTWARE, HELL YEAH!`
+
diff --git a/defaults/main.yml b/defaults/main.yml
index 7fa1b7a..79fd191 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,50 +5,7 @@ libvirt_libvirtd: {}
 libvirt_qemu: {}
 
 libvirt_virtual_networks: []
-  # - name: ovs-network
-  #   mode: bridge
-  #   bridge_name: ovsbr0
-  #   autostart: true
-  #   # active, inactive, present and absent
-  #   state: active
-  #   virtualport_type: openvswitch
-  #   vlans:
-  #     - name: vlan-101
-  #       trunk: false
-  #       vlan: 101
-  #     - name: vlan-102
-  #       trunk: false
-  #       vlan: 102
-  #     - name: vlan-201
-  #       trunk: false
-  #       vlan: 201
-  #     - name: vlan-all
-  #       trunk: true
-  #       vlan:
-  #         - 101
-  #         - 102
-  #         - 201
-  # - name: Green_Servers_VLAN101
-  #   mode: bridge
-  #   bridge_name: vmbr101
-  #   autostart: true
-  #   state: active
-  # - name: maas
-  #   mode: bridge
-  #   bridge_name: ovsbr0
-  #   autostart: true
-  #   state: active
-  #   virtualport_type: openvswitch
-  #   vlan: 193
 
-# Define KVM Dir type Storage Pools to create
 libvirt_storage_pools: []
-  #  - name: VM1
-  #   path: /var/lib/libvirt/filesystems/
-  #   autostart: true
-  #   state: active
-  # - name: VM2
-  #   path: /var/lib/libvirt/lxc
-  #   autostart: true
-  #   state: active
+
 ...
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 0fb503d..e1f6ce7 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -1,18 +1,18 @@
 ---
 
-- name: load all groups
-  getent:
-    database: group
-    split: ":"
-  check_mode: false
-
-- name: define unix_sock_group
-  set_fact:
-    libvirt_unix_sock_group: "{{
-      ('libvirtd' in getent_group) | ternary('libvirtd', 'libvirt') }}"
-  when:
-    - getent_group is defined
-    - "'libvirt' in getent_group or 'libvirtd' in getent_group"
+# - name: load all groups
+#   getent:
+#     database: group
+#     split: ":"
+#   check_mode: false
+#
+# - name: define unix_sock_group
+#   set_fact:
+#     libvirt_unix_sock_group: "{{
+#       ('libvirtd' in getent_group) | ternary('libvirtd', 'libvirt') }}"
+#   when:
+#     - getent_group is defined
+#     - "'libvirt' in getent_group or 'libvirtd' in getent_group"
 
 - name: create system libvirtd config
   become: true
diff --git a/tasks/configure/libvirt_networks.yml b/tasks/configure/libvirt_networks.yml
index 83b50b7..b759689 100644
--- a/tasks/configure/libvirt_networks.yml
+++ b/tasks/configure/libvirt_networks.yml
@@ -1,22 +1,30 @@
 ---
 
-- name: config virtual_networks | define virtual networks
+- name: define virtual networks
   become: true
   virt_net:
     command: define
     name: "{{ item.name }}"
     xml: "{{ lookup('template', 'etc/libvirt/qemu/networks/network.xml.j2') }}"
+  when:
+    - item.state is defined
+    - not item.state | default("") == "absent"
   loop: "{{ libvirt_virtual_networks }}"
+  loop_control:
+    label: "{{ item.name }}"
 
-- name: config virtual networks | setting state of virtual networks
+- name: setting state of virtual networks
   become: true
   virt_net:
     name: "{{ item.name }}"
     state: "{{ item.state }}"
-  when: item.state is defined
+  when:
+    - item.state is defined
   loop: "{{ libvirt_virtual_networks }}"
+  loop_control:
+    label: "{{ item.name }}"
 
-- name: config virtual networks | setting virtual networks to autostart
+- name: setting virtual networks to autostart
   become: true
   virt_net:
     autostart: true
@@ -24,10 +32,12 @@
   when:
     - item.autostart is defined
     - item.autostart
-    - (item.state | default("")) == "active"
+    - item.state | default("") == "active"
   loop: "{{ libvirt_virtual_networks }}"
+  loop_control:
+    label: "{{ item.name }} - state: {{ item.state }}, autostart: {{ item.autostart }}"
 
-- name: config virtual networks | setting virtual networks to not autostart
+- name: remove virtual network from autostart
   become: true
   virt_net:
     autostart: false
@@ -36,3 +46,7 @@
     - item.autostart is defined
     - not item.autostart
   loop: "{{ libvirt_virtual_networks }}"
+  loop_control:
+    label: "{{ item.name }} - state: {{ item.state }}, autostart: {{ item.autostart }}"
+
+...
diff --git a/tasks/configure/libvirt_storage_pools.yml b/tasks/configure/libvirt_storage_pools.yml
index 99e3c3d..36abd7e 100644
--- a/tasks/configure/libvirt_storage_pools.yml
+++ b/tasks/configure/libvirt_storage_pools.yml
@@ -5,6 +5,9 @@
     mode: u=rwx,g=rx,o=rx
     path: "{{ item.path }}"
     state: directory
+  when:
+    - item.state is defined
+    - not item.state | default("") == "absent"
   loop: "{{ libvirt_storage_pools }}"
   loop_control:
     label: "{{ item.path }}"
@@ -25,7 +28,8 @@
   virt_pool:
     name: "{{ item.name }}"
     state: "{{ item.state }}"
-  when: item.state is defined
+  when:
+    - item.state is defined
   loop: "{{ libvirt_storage_pools }}"
   loop_control:
     label: "{{ item.name }} - state {{ item.state }}"
@@ -41,9 +45,9 @@
     - (item.state | default("")) == "active"
   loop: "{{ libvirt_storage_pools }}"
   loop_control:
-    label: "{{ item.name }} - autostart {{ item.autostart }}"
+    label: "{{ item.name }} - state: {{ item.state }}, autostart: {{ item.autostart }}"
 
-- name: setting storage pools to not autostart
+- name: remove storage pool from autostart
   virt_pool:
     autostart: false
     name: "{{ item.name }}"
@@ -53,6 +57,6 @@
     - not item.autostart
   loop: "{{ libvirt_storage_pools }}"
   loop_control:
-    label: "{{ item.name }} - autostart {{ item.autostart }}"
+    label: "{{ item.name }} - state: {{ item.state }}, autostart: {{ item.autostart }}"
 
 ...
diff --git a/tasks/install.yml b/tasks/install.yml
index 1d7769e..7a28987 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -7,3 +7,5 @@
     state: present
   register: result
   until: result is successful
+
+...
diff --git a/tasks/prepare.yml b/tasks/prepare.yml
index 63ff692..70d71bf 100644
--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@@ -22,19 +22,27 @@
   package:
     update_cache: true
 
-- name: hw_virtualization_check | load cpu info
+- name: load cpu info
   become: true
   slurp:
     src: /proc/cpuinfo
   register: cpu_info
 
-- name: hw_virtualization_check | idenitfy hw virtualization support
+- name: identify hardware virtualization support
   set_fact:
     libvirt_domain_type: "{{
       cpu_info['content'] | b64decode |
       regex_search('(vmx|svm)', multiline=True) |
       ternary('kvm', 'qemu') }}"
 
+- name: fail if Virtualization Technology (VT) is not kvm or qemu
+  fail:
+    msg: >
+      Virtualization Technology (VT) is currently disabled.
+      Please enable VT before running this role again.
+  when:
+    - not libvirt_domain_type in ["kvm","qemu"]
+
 - name: install dependency
   package:
     name: "{{ libvirt_dependecies }}"