kvm: configure NATed networking & nested virt

This enables the "default" libvirt networking which creates a virtual network for "guests" (VMs) which is behind NAT to the hypervisor. Additionally nested virt is now enabled in the kernel if this playbook is run on a non-virtualized host. This also sets some necessary apparmour policies to allow the libvirt-qemu group to interact with libvirt.
2 years ago · b8c06f1fe1
parent 8ea14442b6
commit b8c06f1fe1
2 changed files with 22 additions and 0 deletions
--- a/roles/kvm/files/kvm.conf
+++ b/roles/kvm/files/kvm.conf
@ -0,0 +1 @@
+options kvm_intel nested=1
--- a/roles/kvm/tasks/main.yml
+++ b/roles/kvm/tasks/main.yml
@ -50,3 +50,24 @@
  template:
    src: libvirt-default-uri.sh
    dest: /etc/profile.d/libvirt-default-uri.sh
+
+- name: Allow libvirt-qemu to access images
+  lineinfile:
+    line: "{{ item }}"
+    dest: "/etc/apparmor.d/abstractions/libvirt-qemu"
+  with_items:
+    - "  /var/lib/libvirt/qemu/channel/target/* rw,"
+    - "  /var/lib/libvirt/images/* rwk,"
+
+- name: Enable libvirt default network
+  shell:
+    cmd: virsh --connect=qemu:///system net-autostart default
+
+- name: Enable nested virtualization and reboot
+  copy:
+    src: kvm.conf
+    dest: /etc/modprobe.d/kvm.conf
+    mode: 0644
+  notify:
+    - reboot
+  when: ansible_system_vendor != "QEMU"