update to hypervisor role

play.yml

@@ -67,3 +67,5 @@
   become: true
   roles:
     - hypervisor
+  tags:
+    - hypervisor

roles/hypervisor/defaults/main.yml

@@ -4,5 +4,17 @@ hypervisor_packages:
   - vlan
   - bridge-utils
   - ethtool
+  - python3-lxml
+  - python3-libvirt
 hypervisor_modprobe: modprobe.j2
 hypervisor_sysctl: sysctl.j2
+
+hypervisor_networks:
+  - name: AS44194
+    bridge_interface: ens2f1np1.123
+    address: 77.87.50.2/24
+    gateway: 77.87.50.1
+  - name: Strom
+    bridge_interface: ens2f1np1.1312
+  - name: in-berlin
+    bridge_interface: ens2f1np1.1300

roles/hypervisor/tasks/main.yml

@@ -22,7 +22,47 @@
     owner: root
     group: root
 
-# Todo
-# - bridges
-# custom boot options
-# add users to group
+- name: Copy libvirt-guests defaults
+  ansible.builtin.template:
+    src: libvirt-guests-default.j2
+    dest: /etc/default/libvirt-guests
+    mode: "0640"
+    owner: root
+    group: root
+
+- name: Define bridges
+  ansible.builtin.template:
+    src: "bridge.j2"
+    dest: "/etc/network/interfaces.d/{{ item.name }}"
+    mode: "0640"
+    owner: root
+    group: root
+  loop: "{{ hypervisor_networks }}"
+
+- name: Define libvirt networks
+  community.libvirt.virt_net:
+    command: define
+    name: "{{ item.name }}"
+    xml: '{{ lookup("template", "libvirt-network.xml.j2") }}'
+  loop: "{{ hypervisor_networks }}"
+
+- name: Set libvirt Networks active and autostart
+  community.libvirt.virt_net:
+    name: "{{ item.name }}"
+    autostart: true
+    state: active
+  loop: "{{ hypervisor_networks }}"
+
+# Todo:
+# - custom boot options (maybe not needed)
+# - add users to group
+# - Service restarts (or maybe just a Warning that this needs to be done manually for safety reasons?)
+# - debian backports?
+#   - qemu 7.2 => 9.0 https://wiki.qemu.org/ChangeLog
+#   - kernel 6.1 => 6.5/6.9
+#
+#
+#
+#
+#
+#

roles/hypervisor/templates/bridge.j2

@@ -0,0 +1,13 @@
+auto br-{{ item.name | lower }}
+iface br-{{ item.name | lower }} inet {% if item.address is defined %}static{% else %}manual{% endif %}
+
+        bridge_ports {{ item.bridge_interface }}
+        bridge_stp off
+        bridge_fd 0
+        bridge_maxwait 0
+{% if item.address is defined %}
+        address {{ item.address }}
+{% endif %}
+{% if item.gateway is defined %}
+        gateway {{ item.gateway }}
+{% endif %}

roles/hypervisor/templates/libvirt-guests-default.j2

@@ -0,0 +1,50 @@
+# Customizations for the libvirt-guests.service systemd unit
+
+# URIs to check for running guests
+# example: URIS='default xen:///system vbox+tcp://host/system lxc:///system'
+#URIS=default
+
+# action taken on host boot
+# - start   all guests which were running on shutdown are started on boot
+#           regardless on their autostart settings
+# - ignore  libvirt-guests init script won't start any guest on boot, however,
+#           guests marked as autostart will still be automatically started by
+#           libvirtd
+#ON_BOOT=ignore
+
+# Number of seconds to wait between each guest start. Set to 0 to allow
+# parallel startup.
+#START_DELAY=0
+
+# action taken on host shutdown
+# - suspend   all running guests are suspended using virsh managedsave
+# - shutdown  all running guests are asked to shutdown. Please be careful with
+#             this settings since there is no way to distinguish between a
+#             guest which is stuck or ignores shutdown requests and a guest
+#             which just needs a long time to shutdown. When setting
+#             ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a
+#             value suitable for your guests.
+#ON_SHUTDOWN=shutdown
+
+# Number of guests will be shutdown concurrently, taking effect when
+# "ON_SHUTDOWN" is set to "shutdown". If Set to 0, guests will be shutdown one
+# after another. Number of guests on shutdown at any time will not exceed number
+# set in this variable.
+PARALLEL_SHUTDOWN=4
+
+# Number of seconds we're willing to wait for a guest to shut down. If parallel
+# shutdown is enabled, this timeout applies as a timeout for shutting down all
+# guests on a single URI defined in the variable URIS. If this is 0, then there
+# is no time out (use with caution, as guests might not respond to a shutdown
+# request). The default value is 300 seconds (5 minutes).
+#SHUTDOWN_TIMEOUT=300
+
+# If non-zero, try to bypass the file system cache when saving and
+# restoring guests, even though this may give slower operation for
+# some file systems.
+#BYPASS_CACHE=0
+
+# If non-zero, try to sync guest time on domain resume. Be aware, that
+# this requires guest agent with support for time synchronization
+# running in the guest. By default, this functionality is turned off.
+#SYNC_TIME=1

roles/hypervisor/templates/libvirt-network.xml.j2

@@ -0,0 +1,5 @@
+<network>
+  <name>{{ item.name }}</name>
+  <forward mode='bridge'/>
+  <bridge name='br-{{ item.name | lower }}'/>
+</network>