-
Notifications
You must be signed in to change notification settings - Fork 51
/
main.yml
298 lines (257 loc) · 8.67 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
---
# defaults file for ansible-kvm
# Defines if ssh should be configured to allow root logins
# mainly for managing KVM/Libvirt remotely using virt-manager or other.
kvm_allow_root_ssh: false
# This setting allows usage of the auditing subsystem to be altered:
#
# audit_level == 0 -> disable all auditing
# audit_level == 1 -> enable auditing, only if enabled on host (default)
# audit_level == 2 -> enable auditing, and exit if disabled on host
kvm_audit_level: 1
# If set to 1, then audit messages will also be sent
# via libvirt logging infrastructure. Defaults to 0
kvm_audit_logging: 0
# Set an authentication scheme for UNIX read-only sockets
# By default socket permissions allow anyone to connect
kvm_auth_unix_ro: none
# Set an authentication scheme for UNIX read-write sockets
# By default socket permissions only allow root.
kvm_auth_unix_rw: none
# Defines if kvm/libvirt should be configured
kvm_config: false
# Defines if kvm_users should be added to libvirtd for managing KVM
kvm_config_users: false
# Defines if kvm virtual networks should be configured
# if set to true ensure that your underlying bridges have been created
# using mrlesmithjr.config-interfaces role from Ansible Galaxy.
kvm_config_virtual_networks: false
# Defines if kvm storage pools should be configured
# if set to true ensure that your underlying filesystems paths are avaialable
# using ansible file role
kvm_config_storage_pools: false
# Disable apparmor
kvm_disable_apparmor: false
# Flag toggling mDNS advertizement of the libvirt service.
kvm_enable_mdns: false
kvm_enable_system_tweaks: false
# Listen for unencrypted TCP connections on the public TCP/IP port
kvm_enable_tcp: false
# Defines if remote tls connections are desired
# default is true.
kvm_enable_tls: true
kvm_enable_libvirtd_syslog: false
# Define default disk image cache mode
## none, writethrough, writeback, directsync, and unsafe
kvm_images_cache_mode: none
kvm_images_format_type: qcow2
# Defines the path to store VM images
kvm_images_path: /var/lib/libvirt/images
# This allows libvirtd to detect broken client connections or even
# dead clients. A keepalive message is sent to a client after
# keepalive_interval seconds of inactivity to check if the client is
# still responding; keepalive_count is a maximum number of keepalive
# messages that are allowed to be sent to the client without getting
# any response before the connection is considered broken.
kvm_keepalive_interval: 5
kvm_keepalive_count: 5
kvm_admin_keepalive_interval: 5
kvm_admin_keepalive_count: 5
# Override the default configuration which binds to all network
# interfaces. This can be a numeric IPv4/6 address, or hostname
kvm_listen_addr: 0.0.0.0
# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
kvm_log_level: 3
# Defines if VMs defined in kvm_vms are managed
kvm_manage_vms: false
# The maximum length of queue of accepted but not yet
# authenticated clients. The default value is 20. Set this to
# zero to turn this feature off.
kvm_max_anonymous_clients: 20
# Limit on concurrent requests from a single client
# connection. To avoid one client monopolizing the server
# this should be a small fraction of the global max_requests
# and max_workers parameter
kvm_max_client_requests: 5
kvm_admin_max_client_requests: 5
# The maximum number of concurrent client connections to allow
# over all sockets combined.
kvm_max_clients: 5000
kvm_admin_max_clients: 5
# The maximum length of queue of connections waiting to be
# accepted by the daemon.
kvm_max_queued_clients: 1000
kvm_admin_max_queued_clients: 5
# Total global limit on concurrent RPC calls. Should be
# at least as large as max_workers. Beyond this, RPC requests
# will be read into memory and queued. This directly impacts
# memory usage, currently each request requires 256 KB of
# memory. So by default up to 5 MB of memory is used
#
# XXX this isn't actually enforced yet, only the per-client
# limit is used so far
kvm_max_requests: 20
# The minimum limit sets the number of workers to start up
# initially. If the number of active clients exceeds this,
# then more threads are spawned, up to max_workers limit.
# Typically you'd want max_workers to equal maximum number
# of clients allowed
kvm_max_workers: 20
kvm_min_workers: 5
kvm_admin_min_workers: 1
kvm_admin_max_workers: 5
# This allows to specify a timeout for openvswitch calls made by
# libvirt. The ovs-vsctl utility is used for the configuration and
# its timeout option is set by default to 5 seconds to avoid
# potential infinite waits blocking libvirt.
kvm_ovs_timeout: 5
# The number of priority workers. If all workers from above
# pool are stuck, some calls marked as high priority
# (notably domainDestroy) can be executed in this pool.
kvm_prio_workers: 5
kvm_redhat_8_packages:
- libvirt-client
- libvirt-python3
- libvirt
- qemu-img
- qemu-kvm
- virt-install
- virt-manager
- virt-viewer
kvm_redhat_packages:
- bridge-utils
- libvirt-client
- libvirt-python
- libvirt
- qemu-img
- qemu-kvm
- virt-install
- virt-manager
- virt-viewer
# The default security driver is SELinux. If SELinux is disabled
# on the host, then the security driver will automatically disable
# itself. If you wish to disable QEMU SELinux security driver while
# leaving SELinux enabled for the host in general, then set this
# to 'none' instead. It's also possible to use more than one security
# driver at the same time, for this use a list of names separated by
# comma and delimited by square brackets. For example:
#
# security_driver = [ "selinux", "apparmor" ]
#
# Notes: The DAC security driver is always enabled; as a result, the
# value of security_driver cannot contain "dac". The value "none" is
# a special value; security_driver can be set to that value in
# isolation, but it cannot appear in a list of drivers.
#
kvm_security_driver: none
# I experienced an issue with bridges no longer working on Ubuntu 16.04
# for some reason. And the following settings below from the link provided
# solved this issue.
# https://wiki.libvirt.org/page/Networking#Debian.2FUbuntu_Bridging
kvm_sysctl_settings:
- name: net.bridge.bridge-nf-call-ip6tables
value: 0
state: present
- name: net.bridge.bridge-nf-call-iptables
value: 0
state: present
- name: net.bridge.bridge-nf-call-arptables
value: 0
state: present
# Override the port for accepting insecure TCP connections
# This can be a port number, or service name
kvm_tcp_port: 16509
# Override the port for accepting secure TLS connections
# This can be a port number, or service name
kvm_tls_port: 16514
# Set the name of the directory in which sockets will be found/created.
kvm_unix_sock_dir: /var/run/libvirt
# Defines users to add to libvirt group
kvm_users:
[]
# - remote
# Define KVM Networks to create
kvm_virtual_networks:
[]
# - name: ovs-network
# mode: bridge
# bridge_name: ovsbr0
# autostart: true
# # active, inactive, present and absent
# state: active
# virtualport_type: openvswitch
# vlans:
# - name: vlan-101
# trunk: false
# vlan: 101
# - name: vlan-102
# trunk: false
# vlan: 102
# - name: vlan-201
# trunk: false
# vlan: 201
# - name: vlan-all
# trunk: true
# vlan:
# - 101
# - 102
# - 201
# - name: Green_Servers_VLAN101
# mode: bridge
# bridge_name: vmbr101
# autostart: true
# state: active
# - name: maas
# mode: bridge
# bridge_name: ovsbr0
# autostart: true
# state: active
# virtualport_type: openvswitch
# vlan: 193
# Define KVM Dir type Storage Pools to create
kvm_storage_pools:
[]
# - name: VM1
# path: /var/lib/libvirt/filesystems/
# autostart: true
# state: active
# - name: VM2
# path: /var/lib/libvirt/lxc
# autostart: true
# state: active
# Define VM(s) to create
kvm_vms:
[]
# - name: test_vm
# autostart: true
# # Define boot devices in order of preference
# boot_devices:
# - network
# - hd
# # - cdrom
# cdrom:
# source: /path/to/iso
# graphics: false
# # Define disks in MB
# disks:
# # ide, scsi, virtio, xen, usb, sata or sd
# - disk_driver: virtio
# name: test_vm.1
# size: 36864
# - disk_driver: virtio
# name: test_vm.2
# size: 51200
# # Define a specific host where the VM should reside..Match inventory_hostname
# # host: kvm01
# # Define memory in MB
# memory: 512
# network_interfaces:
# - source: default
# network_driver: virtio
# portgroup: vlan-102
# type: network
# # - source: vmbr102
# # network_driver: virtio
# # type: bridge
# state: running
# vcpu: 1