ansible-role-libvirt-host/defaults/main.yml at eea3163c8b309750e28a1034f6e9451d7918ea75 · stackhpc/ansible-role-libvirt-host · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
---
# List of pools to define and start.
# Each item should be a dict containing the following items:
# name: The name of the pool.
# type: The type of the pool, currently only 'dir', 'logical' or 'zfs' are
#       supported. 'lvm2' is supported as an alias for 'logical', but this
#       alias is deprecated and will be removed in a future release.
# capacity:  The capacity, in bytes, of the pool.
# path: The absolute path to the pool's backing directory.
# mode: The access mode of the pool.
# owner: The owner of the pool.
# group: The group of the pool.
libvirt_host_pools: []

# List of networks to define and start.
# Each item should be a dict containing the following items:
# name: The name of the network.
# mode: The forwarding mode of the network, currently only 'bridge' is
# supported.
# bridge: The name of the bridge interface for this network.
libvirt_host_networks: []

# Whether to require that Intel Virtualisation Technology (VT) is enabled in
# order to run this role. While this provides better VM performance, it may not
# be available in certain environments.
libvirt_host_require_vt: true

# List of architectures for which to install QEMU system emulators, e.g. x86.
libvirt_host_qemu_emulators: "{{ [] if libvirt_host_require_vt | bool else ['x86'] }}"

# Whether or not to enable UEFI support. In some cases this requires installing
# extra packages.
libvirt_host_enable_efi_support: false

# This determines The directory under /var/run that libvirt uses to store state,
# e.g unix domain sockets, as well as the default name of the PID file. Override
# this if you have a conflict with the default socket e.g it could be in use by the
# nova_libvirt container
libvirt_host_var_prefix: ""

# Where the Unix Domain sockets are stored
libvirt_host_socket_dir: >-
  {%- if libvirt_host_var_prefix -%}
  /var/run/{{ libvirt_host_var_prefix }}
  {%- endif -%}

# Path to PID file which prevents mulitple instances of the daemon from
# spawning
libvirt_host_pid_path: >-
  {%- if libvirt_host_var_prefix -%}
  /var/run/{{ libvirt_host_var_prefix }}.pid
  {%- endif -%}

# Command line arguments passed to libvirtd by the init system when
# libvirtd is started - quotes will be added
libvirt_host_libvirtd_args: >-
  {%- if libvirt_host_pid_path -%}
  -p {{ libvirt_host_pid_path }}
  {%- endif %}

# The libvirt connnection URI
libvirt_host_uri: >-
  {%- if libvirt_host_socket_dir -%}
  qemu+unix:///system?socket={{ libvirt_host_socket_dir }}/libvirt-sock
  {%- endif %}

# Whether the python3 version of the libvirt python bindings should be
# installed. If false, the python 2 bindings will be installed.
libvirt_host_python3: "{{ ansible_facts.python.version.major == 3 }}"

# Whether to install and enable the libvirt daemon.
libvirt_host_install_daemon: true

# Whether to install and enable the libvirt client.
libvirt_host_install_client: true

# List of additional packages to install on libvirt daemon hosts.
libvirt_host_extra_daemon_packages: []

# List of additional packages to install on libvirt client hosts.
libvirt_host_extra_client_packages: []

# Whether to configure libvirtd.conf.
libvirt_host_libvirtd_conf_enabled: true
# Configuration for libvirtd.conf. Dict mapping option names to values.
libvirt_host_libvirtd_conf: {}

# Whether to configure qemu.conf.
libvirt_host_qemu_conf_enabled: true
# Configuration for qemu.conf. Dict mapping option names to values.
libvirt_host_qemu_conf: {}

# Whether to enable SASL authentication support.
libvirt_host_enable_sasl_support: false

# Whether to configure SASL authentication (/etc/sasl2/libvirt.conf).
libvirt_host_sasl_conf_enabled: "{{ libvirt_host_enable_sasl_support | bool }}"
# Configuration for SASL authentication (/etc/sasl2/libvirt.conf). String.
libvirt_host_sasl_conf: |
  mech_list: {{ libvirt_host_sasl_mech_list | join(' ') }}
  sasldb_path: /etc/libvirt/passwd.db
# List of enabled libvirt SASL authentication mechanisms.
libvirt_host_sasl_mech_list:
  - "{{ 'SCRAM-SHA-256' if libvirt_host_tls_listen | bool else 'DIGEST-MD5' }}"

# List of SASL authentication credentials to create. Each item is a dict
# containing "username" and "password" items.
libvirt_host_sasl_credentials:
  - username: "{{ libvirt_host_sasl_authname }}"
    password: "{{ libvirt_host_sasl_password }}"
# Username for SASL authentication.
libvirt_host_sasl_authname: libvirt
# Password for SASL authentication.
libvirt_host_sasl_password:

# Whether to configure SASL authentication credentials (/etc/libvirt/auth.conf).
libvirt_host_sasl_auth_conf_enabled: "{{ libvirt_host_enable_sasl_support | bool }}"
# Configuration for SASL authentication credentials (/etc/libvirt/auth.conf). String.
libvirt_host_sasl_auth_conf: |
  [credentials-default]
  authname={{ libvirt_host_sasl_authname }}
  password={{ libvirt_host_sasl_password }}

  [auth-libvirt-default]
  credentials=default
# Name of file to write SASL authentication credentials to.
libvirt_host_sasl_auth_conf_filename: "/etc/libvirt/auth.conf"
# Owner of file to write SASL authentication credentials to.
libvirt_host_sasl_auth_conf_owner: "root"
# Group of file to write SASL authentication credentials to.
libvirt_host_sasl_auth_conf_group: "root"
# Mode of file to write SASL authentication credentials to.
libvirt_host_sasl_auth_conf_mode: "0600"

# Whether to enable the systemd TCP socket unit.
libvirt_host_tcp_listen: false
# Systemd TCP socket ListenStream. See man systemd.socket for format.
libvirt_host_tcp_listen_address:

# Whether to enable the systemd TLS socket unit.
libvirt_host_tls_listen: false
# Systemd TLS socket ListenStream. See man systemd.socket for format.
libvirt_host_tls_listen_address:
# TLS server and client certificates.
libvirt_host_tls_server_cert:
libvirt_host_tls_server_key:
libvirt_host_tls_client_cert:
libvirt_host_tls_client_key:
libvirt_host_tls_cacert:

# Configure QEMU to use TLS for data transfer between hypervisors
# This is more secure than SASL authentication.
libvirt_host_qemu_tls_enabled: false

# The user/group used to run the QEMU process. For security reasons,
# Libvirt normally sets this to something other than root.
libvirt_host_qemu_user: "qemu"
libvirt_host_qemu_group: "qemu"

# Encrypt VNC traffic
libvirt_host_vnc_tls_enabled: false

# Whether to configure AppArmor for directory storage pools.
libvirt_host_configure_apparmor: "{{ libvirt_host_install_daemon | bool }}"

# Whether to disable and mask libvirt modular systemd units
# See: https://libvirt.org/daemons.html
libvirt_disable_modular_systemd_units: true

# A list of libvirt modular daemon drivers
libvirtd_modular_daemon_drivers:
  - qemu
  - interface
  - network
  - nodedev
  - nwfilter
  - proxy
  - secret
  - storage

# A list of libvirt modular systemd services.
# The {driver} replacement string is populated
# from libvirtd_modular_daemon_drivers.
libvirtd_modular_services:
  - virt{driver}d.service
  - virt{driver}d.socket
  - virt{driver}d-ro.socket
  - virt{driver}d-admin.socket