Skip to content
This repository has been archived by the owner on Jun 10, 2024. It is now read-only.

Ideas virt_net

Simon edited this page Nov 7, 2020 · 14 revisions

Everything started with issues with the virt_net modules:

This page collects ideas for dicussion to find the right way of a fix / improvement.

From Ansible use case configuration management:

Ansible features an state-driven resource model that describes the desired state of computer systems and services, not the paths to get them to this state. No matter what state a system is in, Ansible understands how to transform it to the desired state (and also supports a "dry run" mode to preview needed changes). This allows reliable and repeatable IT infrastructure configuration, avoiding the potential failures from scripting and script-based solutions that describe explicit and often irreversible actions rather than the end goal."

Good example from https://hvops.com/articles/ansible-vs-shell-scripts:

---
- hosts: all
  tasks:

  - name: Ensure the PGP key is installed
    apt_key: >
      state=present
      id=AC40B2F7
      url="http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x561F9B9CAC40B2F7"

  - name: Ensure https support for apt is installed
    apt: >
      state=present
      pkg=apt-transport-https

  - name: Ensure the passenger apt repository is added
    apt_repository: >
      state=present
      repo='deb https://oss-binaries.phusionpassenger.com/apt/passenger raring main'

  - name: Ensure nginx is installed
    apt: >
      state=present
      pkg=nginx-full

  - name: Ensure passenger is installed
    apt: >
      state=present
      pkg=passenger
      update_cache=yes

  - name: Ensure the nginx configuration file is set
    copy: >
      src=/app/config/nginx.conf
      dest=/etc/nginx/nginx.conf

  - name: Ensure nginx is running
    service: >
      name=nginx
      state=started

Some critical / skeptical words: https://regebro.wordpress.com/2014/09/17/a-script-is-not-configuration

I want to focus on virt_net, but sometimes I will draw a parallel with the domains.

An Ansible developer wants to run a virtual machine as staging environment. Could be a network of several virtual machines.

Basic steps:

  1. Boot up a fresh virtual machine from a fresh image
  2. Bootstrap Ansible playbook
  3. Test everything
  4. Clean up in the end

As part of the first step, we must ensure the virtual staging network is set up as needed.

---
- name: Ensure the test environment is set up correctly
  hosts: localhost
  tasks:
    - name: Ensure the default network defined correctly and running
      community.libvirt.virt_net:
        xml: '{{ lookup("template", "network_default.xml") }}'
        persistent: yes
        active: yes

I do not define parameters here, which are already part of the XML template. Especially I avoided the parameter name in the example to see how it feels. The combination of name and xml has issues in the current implementation. However, the default network already exists. The user needs not specify an XML definition, if she is happy with the default definition of libvirt. In this case, she needs a parameter name.

---
- name: Ensure the test environment is set up correctly
  hosts: localhost
  tasks:
    - name: Ensure the default network is running
      community.libvirt.virt_net:
        name: default
        active: yes

This network can be non-persistent

---
- name: Ensure the test environment is set up correctly
  hosts: localhost
  tasks:
    - name: Ensure the network *development* is defined correctly and running
      community.libvirt.virt_net:
        xml: '{{ lookup("template", "network_development.xml") }}'
        persistent: no
        active: yes

After running the tests, the developer could clean up the development environment.

---
- name: Ensure a cleaned up development environment
  hosts: localhost
  tasks:
    - name: Ensure the network *development* is removed
      community.libvirt.virt_net:
        name: development
        persistent: no
        active: no

Having the parameter name sometimes in and out makes it a bit difficult, to bring the corresponding definitions together, if there are several network definitions.

---
- name: Ensure the service XY is running
  hosts: all
  tasks:
    - name: Ensure the network *storage* is defined correctly and running
      community.libvirt.virt_net:
        xml: '{{ lookup("template", "network_storage.xml") }}'
        persistent: yes
        active: yes
        autostart: yes

TODO ...

Similar modules are

TODO ...

Docker compose module

TODO ...

To simplify the definition, we could distinguish between

  • mandatory parameters (no simplification)
  • parameters with default values
  • optional parameters without default values that remain untouched.
Parameter Default value
persistent no
active yes
autostart no
uri qemu:///system

TODO ...

Persistent Active State name
yes yes  
yes no  
no yes  
no no  

TODO ...

We can distinguish four machines to bootstrap a virtual machine with Ansible.

  1. Machine that executes the playbook
  2. Machine on which the libvirt client runs
  3. Machine the libvirt client connects to
  4. Instantiated and booted virtual machine that needs to be set up via Ansible

TODO ...

TODO ...

Do we need the commands info, facts, get_xml, status and net_list all together?

From VMware module: "Note that this play disables the gather_facts parameter, since you don’t want to collect facts about localhost."

TODO ...

TODO ...

(ARchived) Working groups

Working groups are now in the Ansible forum

Ansible project:
Community, Contributor Experience, Docs, News, Outreach, RelEng, Testing

Cloud:
AWS, Azure, CloudStack, Container, DigitalOcean, Docker, hcloud, Kubernetes, Linode, OpenStack, oVirt, Virt, VMware

Networking:
ACI, AVI, F5, Meraki, Network, NXOS

Ansible Developer Tools:
Ansible-developer-tools

Software:
Crypto, Foreman, GDrive, GitLab, Grafana, IPA, JBoss, MongoDB, MySQL, PostgreSQL, RabbitMQ, Zabbix

System:
AIX, BSD, HP-UX, macOS, Remote Management, Solaris, Windows

Security:
Security-Automation, Lockdown

Tooling:
AWX, Galaxy, Molecule

Communities

Modules:
unarchive, xml

Plugins:
httpapi

Wiki

Roles, Communication, Reviewing, Checklist, TODO

Clone this wiki locally