From 30e998edf79b01d8e317b5e6e62141b030b3ca72 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 16 Aug 2024 11:58:49 -0400 Subject: [PATCH] bridge and pools --- salt/libvirt/defaults.yaml | 6 ++--- salt/libvirt/init.sls | 49 ++++++++++++++++++++++++++++---------- salt/libvirt/ssh/users.sls | 2 ++ 3 files changed, 41 insertions(+), 16 deletions(-) diff --git a/salt/libvirt/defaults.yaml b/salt/libvirt/defaults.yaml index 1905b2e8f..b8da19cb2 100644 --- a/salt/libvirt/defaults.yaml +++ b/salt/libvirt/defaults.yaml @@ -10,9 +10,9 @@ libvirt: unix_sock_rw_perms: "0770" unix_sock_admin_perms: "0700" unix_sock_dir: "/run/libvirt" - auth_unix_ro: "none" - auth_unix_rw: "none" - auth_tcp: "none" + auth_unix_ro: "polkit" + auth_unix_rw: "polkit" + auth_tcp: "sasl" auth_tls: "none" tcp_min_ssf: 112 access_drivers: ["polkit"] diff --git a/salt/libvirt/init.sls b/salt/libvirt/init.sls index f4c9e1d5b..327bc1150 100644 --- a/salt/libvirt/init.sls +++ b/salt/libvirt/init.sls @@ -23,10 +23,11 @@ libvirt_conf_dir: libvirt_config: file.managed: - name: /opt/so/conf/libvirt/libvirtd.conf - - source: salt://libvirt/etc/libvirtd.conf.jinja - - template: jinja - - defaults: - LIBVIRTMERGED: {{ LIBVIRTMERGED }} + - source: salt://libvirt/configstockstock +# - source: salt://libvirt/etc/libvirtd.conf.jinja +# - template: jinja +# - defaults: +# LIBVIRTMERGED: {{ LIBVIRTMERGED }} # since the libvirtd service looks for the config at /etc/libvirt/libvirtd.conf, and we dont want to manage the service looking in a new location, create this symlink to the managed config config_symlink: @@ -34,6 +35,8 @@ config_symlink: - name: /etc/libvirt/libvirtd.conf - target: /opt/so/conf/libvirt/libvirtd.conf - force: True + - user: qemu + - group: qemu libvirt_service: service.running: @@ -54,20 +57,40 @@ install_qemu: pkg.installed: - name: qemu-kvm -create_host_bridge: +#create_host_bridge: +# virt.network_running: +# - name: host-bridge +# - bridge: br0 +# - forward: bridge +# - autostart: True + +set_default_bridge: virt.network_running: - - name: host-bridge + - name: default - bridge: br0 - forward: bridge - autostart: True -disable_default_bridge: - cmd.run: - - name: virsh net-destroy default && virsh net-autostart default --disable - - require: - - pkg: install_libvirt-client - - onlyif: - - virsh net-info | grep default +# set the default storage pool to point to the location we want +set_default_pool: + virt.pool_running: + - name: default + - ptype: dir + - target: /var/lib/libvirt/images/coreol9 + - permissions: + - mode: 0711 + - owner: qemu + - group: qemu + - label: "system_u:object_r:virt_image_t:s0" # this doesnt seem to set the selinux context + - autostart: True + +#disable_default_bridge: +# cmd.run: +# - name: virsh net-destroy default && virsh net-autostart default --disable +# - require: +# - pkg: install_libvirt-client +# - onlyif: +# - virsh net-info | grep default # this should only run during the first highstate after setup. it will transfer connection from mgmt to br0 down_original_mgmt_interface: diff --git a/salt/libvirt/ssh/users.sls b/salt/libvirt/ssh/users.sls index 28d9afe0d..a893b9a7d 100644 --- a/salt/libvirt/ssh/users.sls +++ b/salt/libvirt/ssh/users.sls @@ -14,6 +14,8 @@ create_soqemussh_user: {% if not GLOBALS.is_manager %} - groups: - wheel + - qemu + - libvirt {% endif %} {% if GLOBALS.is_manager %}