133 lines
4.5 KiB
YAML
133 lines
4.5 KiB
YAML
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
|
|
|
---
|
|
|
|
- name: "proxy libvirt.yml"
|
|
debug:
|
|
verbosity: 1
|
|
msg: "proxy libvirt.yml BOX_TOXCORE_FEATURES={{BOX_TOXCORE_FEATURES}}"
|
|
|
|
# console=tty0 console=ttyS0,115200n8 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on vsyscall=none extra_latent_entropy
|
|
# from Gateway
|
|
|
|
- block:
|
|
|
|
- name: "/etc/libvirt/virtlogd.conf"
|
|
lineinfile:
|
|
path: /etc/libvirt/virtlogd.conf
|
|
create: yes
|
|
mode: 0755
|
|
insertafter: BOF
|
|
line: '{{item.key}}="{{item.val}}"'
|
|
regexp: "^#{{item.key}}.*"
|
|
with_items:
|
|
- key: log_filters
|
|
val: "1:logging 4:object 4:json 4:event 1:util"
|
|
- key: log_outputs
|
|
val: "3:file:/var/log/libvirt/virtlogd.log"
|
|
|
|
|
|
# /usr/portage/app-emulation/libvirt/files/libvirtd.init-r19 after livirt-7.2.0a
|
|
- name: /usr/local/etc/init.d/libvirtd.openrc
|
|
shell: |
|
|
cp -p /usr/local/etc/init.d/libvirtd.openrc /etc/init.d/livirtd
|
|
chmod 755 /etc/init.d/libvirtd
|
|
args:
|
|
creates: /etc/init.d/libvirtd
|
|
when: false # where is virtlogd
|
|
|
|
- name: "/etc/libvirt/qemu.conf"
|
|
blockinfile:
|
|
dest: "/etc/libvirt/qemu.conf"
|
|
create: false
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK toxcore vms {{item.name}}"
|
|
insertafter: '^#* *{{item.name}}.*'
|
|
block: |
|
|
{{ item.name }} = {{ item.val }}
|
|
with_items:
|
|
- { name: 'migration_address', val: '"0.0.0.0"' }
|
|
- { name: 'user', val: '"root"' }
|
|
#? why qemu - serverfault sez must be root for passthrough
|
|
# root is not enough for passthorugh mounting rw
|
|
- { name: 'group', val: '"root"' }
|
|
#? why
|
|
- { name: 'dynamic_ownership', val: '1' }
|
|
#?? why
|
|
# error : virGetUserID:1041 : invalid argument: Failed to parse user 'tss'
|
|
# - { name: 'swtpm_user', val: '"tss"' }
|
|
#?? why
|
|
# error : virGetGroupID:1124 : invalid argument: Failed to parse group 'tss'
|
|
# - { name: 'swtpm_group', val: '"tss"' }
|
|
# - { name: '', val: '' }
|
|
ignore_errors: true
|
|
# required
|
|
when: not ansible_check_mode
|
|
|
|
- name: "/etc/libvirt/libvirtd.conf"
|
|
blockinfile:
|
|
dest: /etc/libvirt/libvirtd.conf
|
|
create: yes
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK toxcore vms {{item.name}}"
|
|
insertafter: '^#* *{{item.name}}.*'
|
|
block: |
|
|
{{ item.name }} = "{{ item.val }}"
|
|
with_items:
|
|
#listen_addr = "192.168.0.1"
|
|
- { name: "listen_addr", val: "127.0.0.1" }
|
|
#_sock_group = "libvirt"
|
|
- { name: "unix_sock_group", val: "libvirt" }
|
|
- { name: "unix_sock_ro_perms", val: "0750" }
|
|
- { name: "unix_sock_rw_perms", val: "0770" }
|
|
#ca_file = "/etc/pki/CA/cacert.pem"
|
|
- { name: "ca_file", val: "{{ PLAY_CA_CERT }}" }
|
|
- { name: "auth_unix_ro", val: "none" }
|
|
- { name: "auth_unix_rw", val: "none" }
|
|
- { name: "log_filters", val: "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" }
|
|
- { name: "log_outputs", val: "3:file:/var/log/libvirtd.log" }
|
|
#
|
|
# - { name: "", val: "" }
|
|
ignore_errors: true
|
|
# required
|
|
when: not ansible_check_mode
|
|
notify: restart libvirtd
|
|
|
|
- name: /etc/modprobe.d/nbd.conf"
|
|
shell: |
|
|
file="/etc/modprobe.d/nbd.conf"
|
|
[ -f $file ] || echo >$file options nbd max_part=16
|
|
args:
|
|
creates: /etc/modprobe.d/nbd.conf
|
|
|
|
- name: "/etc/default/libvirt-guests"
|
|
lineinfile:
|
|
path: /etc/default/libvirt-guests
|
|
create: yes
|
|
mode: 0755
|
|
insertafter: BOF
|
|
line: '{{item.key}}="{{item.val}}"'
|
|
regexp: "^#{{item.key}}.*"
|
|
with_items:
|
|
- key: ON_BOOT
|
|
val: ignore
|
|
when:
|
|
- "ansible_distribution == 'Debian'"
|
|
|
|
- name: /usr/local/sbin/proxy_libvirt_install.bash
|
|
shell: |
|
|
/usr/local/sbin/proxy_libvirt_install.bash
|
|
when: false
|
|
when:
|
|
- "'libvirt' in BOX_TOXCORE_FEATURES or BOX_WHONIX_PROXY_HOST != ''"
|
|
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
|
|
|
|
- block:
|
|
|
|
- name: usr/local/etc/supervisor/conf.d/socat9050.conf
|
|
template:
|
|
src: usr/local/etc/supervisor/conf.d/socat9050.conf
|
|
dest: /usr/local/etc/supervisor/conf.d/socat9050.conf
|
|
|
|
when:
|
|
- "'libvirt' in BOX_TOXCORE_FEATURES or BOX_WHONIX_PROXY_HOST != ''"
|
|
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
|