Ansible Role Create KVMs

kvm_provision.yaml

@@ -0,0 +1,25 @@
+- name: Deploys VM based on cloud image
+  hosts: localhost
+  gather_facts: yes
+  #become: yes
+  vars:
+    pool_dir: "/home/user/kvm"
+    vm: vm_name
+    vcpus: 1
+    ram_mb: 512
+    cleanup: no
+    net: default
+    ssh_pub_key: "/home/user/.ssh/id_ed25519.pub"
+
+  tasks:
+    - name: KVM Provision role
+      include_role:
+        name: kvm_provision
+      vars:
+        libvirt_pool_dir: "{{ pool_dir }}"
+        vm_name: "{{ vm }}"
+        vm_vcpus: "{{ vcpus }}"
+        vm_ram_mb: "{{ ram_mb }}"
+        vm_net: "{{ net }}"
+        cleanup_tmp: "{{ cleanup }}"
+        ssh_key: "{{ ssh_pub_key }}"

roles/kvm_provision/README.md

@@ -0,0 +1,50 @@
+KVM Provision
+=========
+
+Provision virtual machines to local libvirt
+
+Related to:
+* https://www.redhat.com/sysadmin/build-VM-fast-ansible
+* https://www.redhat.com/sysadmin/developing-ansible-role
+
+Requirements
+------------
+
+Recommend: 
+
+* Pre install and configure libvirt
+* Create your ssh key 
+* Check permissions/security apparmor on qemu:///system or qemu:///session
+
+Example Playbook
+----------------
+
+- name: Deploys VM based on cloud image
+  hosts: localhost
+  gather_facts: yes
+  vars:
+    pool_dir: "/home/user/kvm"
+    vm: vm_name
+    vcpus: 1
+    ram_mb: 512
+    cleanup: no
+    net: default
+    ssh_pub_key: "/home/user/.ssh/id_ed25519.pub"
+
+  tasks:
+    - name: KVM Provision role
+      include_role:
+        name: kvm_provision
+      vars:
+        libvirt_pool_dir: "{{ pool_dir }}"
+        vm_name: "{{ vm }}"
+        vm_vcpus: "{{ vcpus }}"
+        vm_ram_mb: "{{ ram_mb }}"
+        vm_net: "{{ net }}"
+        cleanup_tmp: "{{ cleanup }}"
+        ssh_key: "{{ ssh_pub_key }}"
+
+License
+-------
+
+BSD

roles/kvm_provision/defaults/main.yml

@@ -0,0 +1,13 @@
+---
+# defaults file for kvm_provision
+base_image_name: debian-11-nocloud-amd64.qcow2
+base_image_url: https://cloud.debian.org/images/cloud/bullseye/latest/{{ base_image_name }}
+base_image_sha: 6180a18d3ed6ad2e24000024dc275c3956584873da2200113194e8db08dd316b8be1dd0421016c2e87ba0a445a1c0068bc86a4071e6e02cd8821d0f060e19544
+libvirt_pool_dir: "/var/lib/libvirt/images"
+vm_name: debian-dev
+vm_vcpus: 2
+vm_ram_mb: 2048
+vm_net: default
+vm_root_pass: debian
+cleanup_tmp: no
+ssh_key: /home/ocoris/.ssh/id_rsa.pub

roles/kvm_provision/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for kvm_provision

roles/kvm_provision/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/kvm_provision/tasks/main.yml

@@ -0,0 +1,70 @@
+---
+- name: Requirements
+  apt:
+    name:
+      - guestfs-tools
+      - python3-libvirt
+      - qemu-system 
+      - libvirt-clients 
+      - libvirt-daemon-system
+    state: present
+  become: yes
+
+
+- name: Get VMs
+  community.libvirt.virt:
+    command: list_vms
+    uri: "qemu:///system" 
+  register: existing_vms
+  changed_when: no
+
+- name: Create VM if not exists
+  block:
+
+  - name: Download base image
+    get_url:
+      url: "{{ base_image_url }}"
+      dest: "/tmp/{{ base_image_name }}"
+      checksum: "sha512:{{ base_image_sha }}"
+      mode: '0660'
+
+  - name: Copy base image to libvirt
+    copy:
+      dest: "{{ libvirt_pool_dir }}/{{ vm_name }}.qcow2"
+      src: "/tmp/{{ base_image_name }}"
+      force: no
+      remote_src: yes
+      mode: 0660
+    register: copy_results
+
+  - name: Custom kvm
+    command:
+      virt-customize -a {{ libvirt_pool_dir }}/{{ vm_name }}.qcow2 \
+      --hostname {{ vm_name }} \
+      --root-password password:{{ vm_root_pass }} \
+      --ssh-inject 'root:file:{{ ssh_key }}'
+    when: copy_results is changed
+
+  - name: Define vm
+    community.libvirt.virt:
+      uri: "qemu:///system" 
+      command: define
+      xml: "{{ lookup('template','vm-template.xml.j2') }}"
+
+  when: "vm_name not in existing_vms.list_vms"
+
+- name: Ensure VM is started
+  community.libvirt.virt:
+    name: "{{ vm_name }}"
+    uri: "qemu:///system" 
+    state: running
+  register: vm_start_results
+  until: "vm_start_results is success"
+  retries: 15
+  delay: 2
+
+- name: Ensure temporary file is deleted
+  file:
+    path: "/tmp/{{ base_image_name }}"
+    state: absent
+  when: cleanup_tmp | bool

roles/kvm_provision/templates/vm-template.xml.j2

@@ -0,0 +1,106 @@
+<domain type='kvm' id='4'>
+  <name>{{ vm_name}}</name>
+  <memory unit='MiB'>{{ vm_ram_mb }}</memory>
+  <vcpu placement='static'>{{ vm_vcpus }}</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-2.8'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='custom' match='exact' check='full'>
+    <model fallback='forbid'>Skylake-Client-IBRS</model>
+    <feature policy='disable' name='rtm'/>
+    <feature policy='disable' name='hle'/>
+    <feature policy='require' name='md-clear'/>
+    <feature policy='require' name='ssbd'/>
+    <feature policy='require' name='spec-ctrl'/>
+    <feature policy='require' name='hypervisor'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/kvm</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='{{ libvirt_pool_dir }}/{{ vm_name }}.qcow2'/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </disk>
+    <interface type='network'>
+      <source network='{{ vm_net }}'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x01' function='0x0'/>
+    </interface>
+    <serial type='pty'>
+      <source path='/dev/pts/15'/>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+      <alias name='serial0'/>
+    </serial>
+    <console type='pty' tty='/dev/pts/15'>
+      <source path='/dev/pts/15'/>
+      <target type='serial' port='0'/>
+      <alias name='serial0'/>
+    </console>
+    <channel type='unix'>
+      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-4-nova/org.qemu.guest_agent.0'/>
+      <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/>
+      <alias name='channel0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0' state='disconnected'/>
+      <alias name='channel1'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <alias name='input0'/>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'>
+      <alias name='input1'/>
+    </input>
+    <input type='keyboard' bus='ps2'>
+      <alias name='input2'/>
+    </input>
+    <graphics type='spice' port='5901' autoport='yes' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+    </graphics>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </video>
+    <memballoon model='virtio'>
+      <alias name='balloon0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <alias name='rng0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'>
+    <label>libvirt-57b7bbd8-ca67-44c9-8750-49d47ca11c88</label>
+    <imagelabel>libvirt-57b7bbd8-ca67-44c9-8750-49d47ca11c88</imagelabel>
+  </seclabel>
+  <seclabel type='dynamic' model='dac' relabel='yes'>
+    <label>+64055:+64055</label>
+    <imagelabel>+64055:+64055</imagelabel>
+  </seclabel>
+</domain>

roles/kvm_provision/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/kvm_provision/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - kvm_provision

roles/kvm_provision/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for kvm_provision