sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Virtualization TPM2 and cloud-init fixes

Browse Source
This commit is contained in:
Sandwich
2025-12-27 20:19:11 +01:00
parent 4bce08e77b
commit f08855456a
6 changed files with 157 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
roles/virtualization/defaults/main.yml Normal file
View File

@@ -0,0 +1,11 @@
---
virtualization_tpm2_enabled: >-
{{
(partitioning_luks_enabled | default(luks_enabled | default(false)) | bool)
and (partitioning_luks_auto_decrypt | default(luks_auto_decrypt | default(true)) | bool)
and (
(partitioning_luks_auto_decrypt_method | default(luks_auto_decrypt_method | default('tpm2')))
| lower
== 'tpm2'
)
}}

48
roles/virtualization/tasks/libvirt.yml
View File

@@ -1,22 +1,34 @@
--- ---
- name: Check if VM disk exists - name: Set libvirt image paths
delegate_to: localhost delegate_to: localhost
ansible.builtin.stat: vars:
path: "{{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2" virtualization_libvirt_image_dir_value: "{{ vm_path | default('/var/lib/libvirt/images') }}"
register: vm_disk_stat ansible.builtin.set_fact:
virtualization_libvirt_image_dir: "{{ virtualization_libvirt_image_dir_value }}"
virtualization_libvirt_disk_path: >-
{{ [virtualization_libvirt_image_dir_value, hostname ~ '.qcow2'] | ansible.builtin.path_join }}
virtualization_libvirt_cloudinit_path: >-
{{ [virtualization_libvirt_image_dir_value, hostname ~ '-cloudinit.iso'] | ansible.builtin.path_join }}
changed_when: false
- name: Create VM disk - name: Create VM disk
when: not vm_disk_stat.stat.exists
delegate_to: localhost delegate_to: localhost
ansible.builtin.command: qemu-img create -f qcow2 {{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2 {{ vm_size }}G ansible.builtin.command:
changed_when: result.rc == 0 argv:
register: result - qemu-img
- create
- -f
- qcow2
- "{{ virtualization_libvirt_disk_path }}"
- "{{ vm_size }}G"
creates: "{{ virtualization_libvirt_disk_path }}"
- name: Generate Random MAC Address - name: Generate VM MAC address
delegate_to: localhost delegate_to: localhost
ansible.builtin.shell: set -o pipefail && openssl rand -hex 5 | sed 's/\(..\)/\1:/g; s/.$//' | sed 's/^/02:/' ansible.builtin.set_fact:
virtualization_mac_address: >-
{{ '52:54:00' | community.general.random_mac(seed=hostname) }}
changed_when: false changed_when: false
register: mac_address_output
- name: Render cloud config templates - name: Render cloud config templates
delegate_to: localhost delegate_to: localhost
@@ -30,12 +42,14 @@
- name: Create cloud-init disk - name: Create cloud-init disk
delegate_to: localhost delegate_to: localhost
ansible.builtin.command: > ansible.builtin.command:
cloud-localds {{ vm_path | default('/var/lib/libvirt/images/') }}/{{ hostname }}-cloudinit.iso argv:
/tmp/cloud-user-data-{{ hostname }}.yml - cloud-localds
-N /tmp/cloud-network-config-{{ hostname }}.yml - "{{ virtualization_libvirt_cloudinit_path }}"
changed_when: result.rc == 0 - "/tmp/cloud-user-data-{{ hostname }}.yml"
register: result - -N
- "/tmp/cloud-network-config-{{ hostname }}.yml"
creates: "{{ virtualization_libvirt_cloudinit_path }}"
- name: Create VM using libvirt - name: Create VM using libvirt
delegate_to: localhost delegate_to: localhost

43
roles/virtualization/tasks/proxmox.yml
View File

@@ -1,7 +1,26 @@
--- ---
- name: Deploy VM on Proxmox - name: Deploy VM on Proxmox
delegate_to: localhost delegate_to: localhost
community.general.proxmox_kvm: vars:
virtualization_dns_value: "{{ vm_dns | default('') }}"
virtualization_dns_list_raw: >-
{{
virtualization_dns_value
if virtualization_dns_value is iterable and virtualization_dns_value is not string
else virtualization_dns_value.split(',')
}}
virtualization_dns_list: >-
{{ virtualization_dns_list_raw | map('trim') | reject('equalto', '') | list }}
virtualization_search_value: "{{ vm_dns_search | default('') }}"
virtualization_search_list_raw: >-
{{
virtualization_search_value
if virtualization_search_value is iterable and virtualization_search_value is not string
else virtualization_search_value.split(',')
}}
virtualization_search_list: >-
{{ virtualization_search_list_raw | map('trim') | reject('equalto', '') | list }}
community.proxmox.proxmox_kvm:
api_host: "{{ hypervisor_url }}" api_host: "{{ hypervisor_url }}"
api_user: "{{ hypervisor_username }}" api_user: "{{ hypervisor_username }}"
api_password: "{{ hypervisor_password }}" api_password: "{{ hypervisor_password }}"
@@ -17,7 +36,10 @@
balloon: "{{ vm_ballo | default(omit) }}" balloon: "{{ vm_ballo | default(omit) }}"
numa_enabled: true numa_enabled: true
hotplug: network,disk hotplug: network,disk
update: "{{ virtualization_tpm2_enabled | bool }}"
update_unsafe: "{{ virtualization_tpm2_enabled | bool }}"
bios: ovmf bios: ovmf
machine: "{{ 'q35' if virtualization_tpm2_enabled | bool else omit }}"
boot: ac boot: ac
scsihw: virtio-scsi-single scsihw: virtio-scsi-single
scsi: scsi:
@@ -27,6 +49,12 @@
format: raw format: raw
pre_enrolled_keys: false pre_enrolled_keys: false
storage: "{{ hypervisor_storage }}" storage: "{{ hypervisor_storage }}"
tpmstate0: >-
{{
{'storage': hypervisor_storage, 'version': '2.0'}
if virtualization_tpm2_enabled | bool
else omit
}}
ide: ide:
ide0: "{{ boot_iso }},media=cdrom" ide0: "{{ boot_iso }},media=cdrom"
ide1: "{{ rhel_iso + ',media=cdrom' if rhel_iso is defined else omit }}" ide1: "{{ rhel_iso + ',media=cdrom' if rhel_iso is defined else omit }}"
@@ -34,14 +62,21 @@
net: net:
net0: virtio,bridge={{ vm_nif }}{% if vlan_name is defined and vlan_name %},tag={{ vlan_name }}{% endif %} net0: virtio,bridge={{ vm_nif }}{% if vlan_name is defined and vlan_name %},tag={{ vlan_name }}{% endif %}
ipconfig: ipconfig:
ipconfig0: ip={{ vm_ip }}/{{ vm_nms | default(24) }},gw={{ vm_gw }} ipconfig0: >-
nameservers: "{{ vm_dns }}" {{
'ip=' ~ vm_ip ~ '/' ~ (vm_nms | default(24))
~ (',gw=' ~ vm_gw if vm_gw is defined and vm_gw | length else '')
if vm_ip is defined and vm_ip | length
else 'ip=dhcp'
}}
nameservers: "{{ virtualization_dns_list if virtualization_dns_list | length else omit }}"
searchdomains: "{{ virtualization_search_list if virtualization_search_list | length else omit }}"
onboot: true onboot: true
state: present state: present
- name: Start VM on Proxmox - name: Start VM on Proxmox
delegate_to: localhost delegate_to: localhost
community.general.proxmox_kvm: community.proxmox.proxmox_kvm:
api_host: "{{ hypervisor_url }}" api_host: "{{ hypervisor_url }}"
api_user: "{{ hypervisor_username }}" api_user: "{{ hypervisor_username }}"
api_password: "{{ hypervisor_password }}" api_password: "{{ hypervisor_password }}"

36
roles/virtualization/tasks/vmware.yml
View File

@@ -1,3 +1,4 @@
---
- name: Create VM in vCenter - name: Create VM in vCenter
delegate_to: localhost delegate_to: localhost
community.vmware.vmware_guest: community.vmware.vmware_guest:
@@ -7,12 +8,12 @@
validate_certs: false validate_certs: false
datacenter: "{{ hypervisor_datacenter }}" datacenter: "{{ hypervisor_datacenter }}"
cluster: "{{ hypervisor_cluster }}" cluster: "{{ hypervisor_cluster }}"
folder: "{{ vm_path }}" folder: "{{ vm_path | default(omit) }}"
name: "{{ hostname }}" name: "{{ hostname }}"
guest_id: otherLinux64Guest guest_id: otherLinux64Guest
annotation: | annotation: |
{{ note | default('') }} {{ note | default('') }}
state: poweredon state: "{{ 'poweredoff' if virtualization_tpm2_enabled | bool else 'poweredon' }}"
disk: disk:
- size_gb: "{{ vm_size }}" - size_gb: "{{ vm_size }}"
type: thin type: thin
@@ -46,9 +47,28 @@
- name: "{{ vm_nif }}" - name: "{{ vm_nif }}"
type: dhcp type: dhcp
vlan: "{{ vlan_name | default(omit) }}" vlan: "{{ vlan_name | default(omit) }}"
register: vmware_guest_result
failed_when: - name: Ensure vTPM2 is enabled when required
- vmware_guest_result.failed is defined and vmware_guest_result.failed when: virtualization_tpm2_enabled | bool
- "'error' in vmware_guest_result" delegate_to: localhost
- "'failed' in vmware_guest_result" community.vmware.vmware_guest_tpm:
- vmware_guest_result.rc is defined and vmware_guest_result.rc != 0 hostname: "{{ hypervisor_url }}"
username: "{{ hypervisor_username }}"
password: "{{ hypervisor_password }}"
validate_certs: false
datacenter: "{{ hypervisor_datacenter }}"
folder: "{{ vm_path | default(omit) }}"
name: "{{ hostname }}"
state: present
- name: Start VM in vCenter
when: virtualization_tpm2_enabled | bool
delegate_to: localhost
vmware.vmware.vm_powerstate:
hostname: "{{ hypervisor_url }}"
username: "{{ hypervisor_username }}"
password: "{{ hypervisor_password }}"
validate_certs: false
datacenter: "{{ hypervisor_datacenter }}"
name: "{{ hostname }}"
state: powered-on

41
roles/virtualization/templates/cloud-network-config.yml.j2
View File

@@ -3,9 +3,44 @@ network:
ethernets: ethernets:
id0: id0:
match: match:
macaddress: "{{ mac_address_output.stdout }}" macaddress: "{{ virtualization_mac_address }}"
{% set has_static = vm_ip is defined and vm_ip | length %}
{% set dns_value = vm_dns | default('') %}
{% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %}
{% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %}
{% set search_value = vm_dns_search | default('') %}
{% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %}
{% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %}
{% if has_static %}
addresses: addresses:
- "{{ vm_ip }}" - "{{ vm_ip }}/{{ vm_nms | default(24) }}"
{% if vm_gw is defined and vm_gw | length %}
gateway4: "{{ vm_gw }}" gateway4: "{{ vm_gw }}"
{% endif %}
{% else %}
dhcp4: true
{% if (vm_dns is defined and vm_dns | length) or (vm_dns_search is defined and vm_dns_search | length) %}
dhcp4-overrides:
{% if vm_dns is defined and vm_dns | length %}
use-dns: false
{% endif %}
{% if vm_dns_search is defined and vm_dns_search | length %}
use-domains: false
{% endif %}
{% endif %}
{% endif %}
{% if dns_list or search_list %}
nameservers: nameservers:
addresses: ['1.1.1.1', '1.0.0.1'] {% if dns_list %}
addresses:
{% for dns in dns_list %}
- "{{ dns }}"
{% endfor %}
{% endif %}
{% if search_list %}
search:
{% for search in search_list %}
- "{{ search }}"
{% endfor %}
{% endif %}
{% endif %}

11
roles/virtualization/templates/vm.xml.j2
View File

@@ -24,7 +24,7 @@
<devices> <devices>
<disk type='file' device='disk'> <disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source file='{{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2'/> <source file='{{ virtualization_libvirt_disk_path }}'/>
<target dev='vda' bus='virtio'/> <target dev='vda' bus='virtio'/>
</disk> </disk>
<disk type="file" device="cdrom"> <disk type="file" device="cdrom">
@@ -34,7 +34,7 @@
</disk> </disk>
<disk type="file" device="cdrom"> <disk type="file" device="cdrom">
<driver name="qemu" type="raw"/> <driver name="qemu" type="raw"/>
<source file="{{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}-cloudinit.iso"/> <source file="{{ virtualization_libvirt_cloudinit_path }}"/>
<target dev="sdb" bus="sata"/> <target dev="sdb" bus="sata"/>
</disk> </disk>
{% if rhel_iso is defined %} {% if rhel_iso is defined %}
@@ -45,10 +45,15 @@
</disk> </disk>
{% endif %} {% endif %}
<interface type='network'> <interface type='network'>
<mac address="{{ mac_address_output.stdout }}"/> <mac address="{{ virtualization_mac_address }}"/>
<source network='default'/> <source network='default'/>
<model type='virtio'/> <model type='virtio'/>
</interface> </interface>
{% if virtualization_tpm2_enabled | default(false) %}
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'/>
</tpm>
{% endif %}
<input type="tablet" bus="usb"/> <input type="tablet" bus="usb"/>
<input type="mouse" bus="ps2"/> <input type="mouse" bus="ps2"/>
<input type="keyboard" bus="ps2"/> <input type="keyboard" bus="ps2"/>