From b8c06f1fe12fe37486a8b096416225eccb39a4f3 Mon Sep 17 00:00:00 2001 From: Devan Carpenter Date: Tue, 3 Nov 2020 17:35:15 +0100 Subject: [PATCH] kvm: configure NATed networking & nested virt This enables the "default" libvirt networking which creates a virtual network for "guests" (VMs) which is behind NAT to the hypervisor. Additionally nested virt is now enabled in the kernel if this playbook is run on a non-virtualized host. This also sets some necessary apparmour policies to allow the libvirt-qemu group to interact with libvirt. --- roles/kvm/files/kvm.conf | 1 + roles/kvm/tasks/main.yml | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 roles/kvm/files/kvm.conf diff --git a/roles/kvm/files/kvm.conf b/roles/kvm/files/kvm.conf new file mode 100644 index 0000000..679c3a6 --- /dev/null +++ b/roles/kvm/files/kvm.conf @@ -0,0 +1 @@ +options kvm_intel nested=1 diff --git a/roles/kvm/tasks/main.yml b/roles/kvm/tasks/main.yml index 18c961c..ffacac7 100644 --- a/roles/kvm/tasks/main.yml +++ b/roles/kvm/tasks/main.yml @@ -50,3 +50,24 @@ template: src: libvirt-default-uri.sh dest: /etc/profile.d/libvirt-default-uri.sh + +- name: Allow libvirt-qemu to access images + lineinfile: + line: "{{ item }}" + dest: "/etc/apparmor.d/abstractions/libvirt-qemu" + with_items: + - " /var/lib/libvirt/qemu/channel/target/* rw," + - " /var/lib/libvirt/images/* rwk," + +- name: Enable libvirt default network + shell: + cmd: virsh --connect=qemu:///system net-autostart default + +- name: Enable nested virtualization and reboot + copy: + src: kvm.conf + dest: /etc/modprobe.d/kvm.conf + mode: 0644 + notify: + - reboot + when: ansible_system_vendor != "QEMU"