Skip to content
This repository has been archived by the owner on Jun 10, 2024. It is now read-only.

Ideas virt_net

Simon edited this page Nov 20, 2020 · 14 revisions

Everything started with issues with the virt_net modules:

This page collects ideas for dicussion to find the right way of a fix / improvement.

From Ansible use case configuration management:

Ansible features an state-driven resource model that describes the desired state of computer systems and services, not the paths to get them to this state. No matter what state a system is in, Ansible understands how to transform it to the desired state (and also supports a "dry run" mode to preview needed changes). This allows reliable and repeatable IT infrastructure configuration, avoiding the potential failures from scripting and script-based solutions that describe explicit and often irreversible actions rather than the end goal."

Good example from (with slight wording improvements):

- hosts: all

  - name: Ensure the PGP key is installed
    apt_key: >

  - name: Ensure https support for apt is installed
    apt: >

  - name: Ensure the passenger apt repository is configured
    apt_repository: >
      repo='deb raring main'

  - name: Ensure nginx is installed
    apt: >

  - name: Ensure passenger is installed
    apt: >

  - name: Ensure the nginx configuration is correct
    copy: >

  - name: Ensure nginx is running
    service: >

Some critical / skeptical words:

This section focuses on the user context, when using virt_net. The purpose is to understand the workflow of the user. It is insufficient to just look at libvirt network features.

An Ansible developer wants to run a virtual machine as staging environment for her Ansible configuration. Could be a network of several virtual machines. Mainly, I assume the virtual machine runs on the local host in the user space.

Basic steps:

  1. Boot up a fresh virtual machine from a fresh image
  2. Bootstrap Ansible playbook
  3. Test everything
  4. Clean up in the end

As part of the first step, we must ensure the virtual staging network is set up as needed.

- name: Ensure the test environment is set up correctly
  hosts: localhost
    - name: Ensure the default network defined correctly and running
        xml: '{{ lookup("template", "network_default.xml") }}'
        persistent: yes
        active: yes

I do not define parameters here, which are already part of the XML template. Especially I avoided the parameter name in the example to see how it feels. The combination of name and xml has issues in the current implementation (see parameter name). However, the default network already exists. The user needs not specify an XML definition, if she is happy with the default definition of libvirt. In this case, she needs a parameter name.

- name: Ensure the test environment is set up correctly
  hosts: localhost
    - name: Ensure the default network is running
        name: default
        active: yes

This network can be non-persistent

- name: Ensure the test environment is set up correctly
  hosts: localhost
    - name: Ensure the network *development* is defined correctly and running
        xml: '{{ lookup("template", "network_development.xml") }}'
        persistent: no
        active: yes

After running the tests, the developer could clean up the development environment.

- name: Ensure a cleaned up development environment
  hosts: localhost
    - name: Ensure the network *development* is removed
        name: development
        persistent: no
        active: no

Having the parameter name sometimes in and out makes it a bit difficult, to bring the corresponding definitions together, if there are several network definitions.

Testing systems in a continuous integration environment is basically the next step after the previous use case. The CI system might select the right test machine bootstrap the virtual machine, run test case and clean up everything in the end. Ansible can help to create the virtual machine as well as to deploy the current software in the virtual machine. Note: I think libvirt might be good for small setups. For bigger setups we have usual other suspects like OKD, OpenStack etc.

The Ansible playbook is very similar to the previous use case: non-persistent setup (everything managed by Ansible), but no local host.

- name: Ensure the test environment is set up correctly
  hosts: {{ staging_host }}
    - name: Ensure the network *development* is defined correctly and running
        xml: '{{ lookup("template", "network_development.xml") }}'
        persistent: no
        active: yes

Run a service XY in a virtual machine. Again this is for small environments. The host could be selected by the infrastructure file or by a simple management component. In this case, we would configure the autostart option.

- name: Ensure the service XY is running
  hosts: all
    - name: Ensure the network *storage* is defined correctly and running
        xml: '{{ lookup("template", "network_storage.xml") }}'
        persistent: yes
        active: yes
        autostart: yes

Similar modules are

The current implementation allows to specify conflicting network names in the referenced XML file and the playbook. The implementation does not handle this case actively and the documentation does not mention the issue. The behaviour is undefined and leads to effects like that described in ansible-collections/community.libvirt#47.

Docker compose module Parameter project_name is taken. If absent, the base name of project_src is taken.
Kubernetes module An inline definition or referenced definition overwrites the top level parameter name.
OpenStack subnet module All defined inline. No parameter to reference an external source.

Proposed solution:

Docker compose module

TODO ...

To simplify the definition, we could distinguish between

  • mandatory parameters (no simplification)
  • parameters with default values
  • optional parameters without default values that remain untouched.
Parameter Default value
persistent no
active yes
autostart no
uri qemu:///system

TODO ...

Docker compose module

  • Parameter state (absent or present) defines the persistence.
  • Additional parameters restarted and stopped. They can be conflicting (not defined in the documentation) and might assume a certain precondition. From my point of view, they easily lead to user errors without seeing the benefit.

Kubernetes module

  • Parameter state: “Determines if an object should be created, patched, or deleted. When set to present, an object will be created, if it does not already exist. If set to absent, an existing object will be deleted. If set to present, an existing object will be patched, if its attributes differ from those specified using resource_definition or src.”
  • No further distinction between running or not.

OpenStack subnet module

  • Just parameter state (absent or present). No further distinction between running or not.

Current documentation of virt_net

  • Parameter state with the possible values active, inactive, present, absent. Allows no clear state definition. Inconsistent with other modules.

Proposal 1

  • Parameter state (absent or present) describes the persistence.
  • Parameter active (yes or no) describes the running state.

The combination state = absent and active = yes sounds wrong. How can it be absent but running? The naming persistence = no and active = yes would be clearer.

Proposal 2

  • Parameter persistence (absent or present) describes the persistence.
  • Parameter active (yes or no) describes the running state.
  • No parameter state.

Somehow inconsistent with other modules, but at least fully clear and logically.

Both proposals could be somehow combined by defining state as an alias to persistence.

We can distinguish four machines to bootstrap a virtual machine with Ansible.

  1. Machine that executes the playbook
  2. Machine on which the libvirt client runs
  3. Machine the libvirt client connects to
  4. Instantiated and booted virtual machine that needs to be set up via Ansible

TODO ...

TODO ...

Do we need the commands info, facts, get_xml, status and net_list all together?

From VMware module: "Note that this play disables the gather_facts parameter, since you don’t want to collect facts about localhost."

TODO ...

TODO ...

(ARchived) Working groups

Working groups are now in the Ansible forum

Ansible project:
Community, Contributor Experience, Docs, News, Outreach, RelEng, Testing

AWS, Azure, CloudStack, Container, DigitalOcean, Docker, hcloud, Kubernetes, Linode, OpenStack, oVirt, Virt, VMware

ACI, AVI, F5, Meraki, Network, NXOS

Ansible Developer Tools:

Crypto, Foreman, GDrive, GitLab, Grafana, IPA, JBoss, MongoDB, MySQL, PostgreSQL, RabbitMQ, Zabbix

AIX, BSD, HP-UX, macOS, Remote Management, Solaris, Windows

Security-Automation, Lockdown

AWX, Galaxy, Molecule


unarchive, xml



Roles, Communication, Reviewing, Checklist, TODO

Clone this wiki locally