diff --git a/playbooks/configure_swap.yml b/playbooks/configure_swap.yml new file mode 100644 index 0000000..523cfb5 --- /dev/null +++ b/playbooks/configure_swap.yml @@ -0,0 +1,191 @@ +--- +# ============================================================================= +# Configure Swap on Systems Without It +# ============================================================================= +# This playbook creates and enables a swap file on systems that don't have +# swap configured, bringing them into CLAUDE.md compliance. +# +# Usage: +# ansible-playbook playbooks/configure_swap.yml +# ansible-playbook playbooks/configure_swap.yml --limit pihole +# +# Tags: +# - swap: All swap-related tasks +# - validate: Validation tasks only +# ============================================================================= + +- name: Configure Swap on Systems Without Adequate Swap + hosts: all + become: yes + gather_facts: yes + + vars: + swap_file_path: /swapfile + swap_size_mb: 2048 # 2GB - CLAUDE.md compliant + swap_minimum_mb: 512 # Only configure if less than this + + tasks: + - name: Check current swap configuration + command: swapon --show --bytes + register: current_swap + changed_when: false + failed_when: false + tags: [swap, validate] + + - name: Parse current swap size + set_fact: + current_swap_mb: >- + {% if current_swap.stdout_lines | length > 1 %} + {{ (current_swap.stdout_lines[1].split()[2] | int / 1024 / 1024) | int }} + {% else %} + 0 + {% endif %} + tags: [swap] + + - name: Display current swap status + debug: + msg: + - "Current swap size: {{ current_swap_mb }} MB" + - "Target swap size: {{ swap_size_mb }} MB" + - "Will configure swap: {{ current_swap_mb | int < swap_minimum_mb }}" + tags: [swap] + + - name: Configure swap if needed + block: + - name: Check if swap file already exists + stat: + path: "{{ swap_file_path }}" + register: swap_file_stat + + - name: Check available disk space + shell: df -BM {{ swap_file_path | dirname }} | tail -1 | awk '{print $4}' | sed 's/M//' + register: available_space + changed_when: false + + - name: Verify sufficient disk space + assert: + that: + - available_space.stdout | int > swap_size_mb | int + fail_msg: "Insufficient disk space. Available: {{ available_space.stdout }}MB, Required: {{ swap_size_mb }}MB" + success_msg: "Sufficient disk space available: {{ available_space.stdout }}MB" + + - name: Create swap file + command: dd if=/dev/zero of={{ swap_file_path }} bs=1M count={{ swap_size_mb }} + args: + creates: "{{ swap_file_path }}" + register: swap_file_created + tags: [swap] + + - name: Set correct permissions on swap file + file: + path: "{{ swap_file_path }}" + mode: '0600' + owner: root + group: root + tags: [swap] + + - name: Format swap file + command: mkswap {{ swap_file_path }} + when: swap_file_created is changed + register: swap_formatted + tags: [swap] + + - name: Enable swap file + command: swapon {{ swap_file_path }} + when: + - swap_file_path not in current_swap.stdout + - swap_formatted is succeeded or swap_file_stat.stat.exists + register: swap_enabled + tags: [swap] + + - name: Check if swap is in fstab + lineinfile: + path: /etc/fstab + regexp: "^{{ swap_file_path }}" + state: absent + check_mode: yes + register: fstab_check + changed_when: false + tags: [swap] + + - name: Add swap to fstab for persistence + lineinfile: + path: /etc/fstab + line: "{{ swap_file_path }} none swap sw 0 0" + state: present + backup: yes + when: fstab_check is not changed + tags: [swap] + + - name: Verify swap is active + command: swapon --show + register: final_swap + changed_when: false + tags: [swap, validate] + + - name: Get swap usage statistics + command: free -h + register: swap_stats + changed_when: false + tags: [swap, validate] + + - name: Display swap configuration success + debug: + msg: + - "=== Swap Configuration Complete ===" + - "Swap file: {{ swap_file_path }}" + - "Size: {{ swap_size_mb }} MB" + - "Active swaps:" + - "{{ final_swap.stdout_lines }}" + - "" + - "Memory status:" + - "{{ swap_stats.stdout_lines }}" + tags: [swap] + + rescue: + - name: Swap configuration failed - cleanup + debug: + msg: + - "=== Swap Configuration Failed ===" + - "Error occurred during swap configuration" + - "Attempting cleanup..." + + - name: Disable swap file if partially configured + command: swapoff {{ swap_file_path }} + failed_when: false + tags: [swap] + + - name: Remove incomplete swap file + file: + path: "{{ swap_file_path }}" + state: absent + when: swap_file_created is changed + failed_when: false + tags: [swap] + + - name: Fail with error message + fail: + msg: | + Swap configuration failed. Please check: + 1. Sufficient disk space ({{ swap_size_mb }}MB required) + 2. Permissions to create {{ swap_file_path }} + 3. System logs: journalctl -xe + + when: current_swap_mb | int < swap_minimum_mb + + - name: Swap already configured adequately + debug: + msg: + - "Swap is already configured with {{ current_swap_mb }}MB" + - "No action needed (minimum: {{ swap_minimum_mb }}MB)" + when: current_swap_mb | int >= swap_minimum_mb + tags: [swap, validate] + + - name: Update system swappiness (optional optimization) + sysctl: + name: vm.swappiness + value: '10' + state: present + reload: yes + when: current_swap_mb | int >= swap_minimum_mb or swap_enabled is changed + tags: [swap] diff --git a/playbooks/install_qemu_agent.yml b/playbooks/install_qemu_agent.yml new file mode 100644 index 0000000..b9b00e6 --- /dev/null +++ b/playbooks/install_qemu_agent.yml @@ -0,0 +1,269 @@ +--- +# ============================================================================= +# Install QEMU Guest Agent on KVM Virtual Machines +# ============================================================================= +# This playbook installs and configures qemu-guest-agent on all KVM guest VMs, +# enabling better VM management from the hypervisor. +# +# Benefits of QEMU Guest Agent: +# - Accurate IP address discovery from hypervisor +# - Filesystem quiescing for consistent snapshots +# - Graceful shutdown/reboot from hypervisor +# - VM state monitoring and management +# +# Usage: +# ansible-playbook playbooks/install_qemu_agent.yml +# ansible-playbook playbooks/install_qemu_agent.yml --limit pihole +# +# Note: After installation, the VM needs a virtio-serial channel configured +# in the libvirt domain XML. This playbook installs the guest-side component. +# +# To add the channel (run on hypervisor): +# virsh attach-device --config --file channel.xml +# +# Where channel.xml contains: +# +# +# +# +# Tags: +# - install: Package installation tasks +# - config: Service configuration tasks +# - validate: Validation tasks only +# ============================================================================= + +- name: Install and Configure QEMU Guest Agent + hosts: all + become: yes + gather_facts: yes + + tasks: + - name: Display QEMU Guest Agent installation information + debug: + msg: + - "=== Installing QEMU Guest Agent ===" + - "Host: {{ inventory_hostname }}" + - "OS Family: {{ ansible_os_family }}" + - "Distribution: {{ ansible_distribution }} {{ ansible_distribution_version }}" + tags: [always] + + - name: Check if QEMU Guest Agent is already installed + command: which qemu-ga + register: qemu_ga_installed + changed_when: false + failed_when: false + tags: [install, validate] + + - name: Display current installation status + debug: + msg: "QEMU Guest Agent {{ 'is already installed' if qemu_ga_installed.rc == 0 else 'is NOT installed' }}" + tags: [install, validate] + + - name: Install QEMU Guest Agent - Debian/Ubuntu + apt: + name: qemu-guest-agent + state: present + update_cache: yes + when: ansible_os_family == "Debian" + register: debian_install + tags: [install] + + - name: Install QEMU Guest Agent - RHEL/Rocky/AlmaLinux/CentOS + yum: + name: qemu-guest-agent + state: present + when: ansible_os_family == "RedHat" + register: rhel_install + tags: [install] + + - name: Install QEMU Guest Agent - SUSE/openSUSE + zypper: + name: qemu-guest-agent + state: present + when: ansible_os_family == "Suse" + register: suse_install + tags: [install] + + - name: Verify package installation + command: which qemu-ga + register: qemu_ga_post_install + changed_when: false + tags: [install, validate] + + - name: Get QEMU Guest Agent version + command: qemu-ga --version + register: qemu_ga_version + changed_when: false + tags: [install, validate] + + - name: Display installed version + debug: + msg: "QEMU Guest Agent version: {{ qemu_ga_version.stdout }}" + tags: [install, validate] + + - name: Enable QEMU Guest Agent service + systemd: + name: qemu-guest-agent + enabled: yes + state: started + register: service_status + tags: [config] + + - name: Wait for service to be fully started + wait_for: + timeout: 3 + when: service_status is changed + tags: [config] + + - name: Verify service is running + systemd: + name: qemu-guest-agent + register: service_check + tags: [config, validate] + + - name: Check if virtio-serial device exists + stat: + path: /dev/virtio-ports/org.qemu.guest_agent.0 + register: virtio_serial + tags: [validate] + + - name: Check for alternative virtio device paths + shell: ls -la /dev/vport* 2>/dev/null || echo "No virtio ports found" + register: virtio_ports + changed_when: false + failed_when: false + tags: [validate] + + - name: Display service and channel status + debug: + msg: + - "=== QEMU Guest Agent Status ===" + - "Service status: {{ service_check.status.ActiveState }}" + - "Service enabled: {{ service_check.status.UnitFileState }}" + - "Virtio serial channel: {{ 'CONFIGURED' if virtio_serial.stat.exists else 'NOT CONFIGURED' }}" + - "Available virtio ports:" + - "{{ virtio_ports.stdout_lines }}" + tags: [validate] + + - name: Display warning if channel not configured + debug: + msg: + - "" + - "WARNING: Virtio serial channel is not configured!" + - "The guest agent is running but cannot communicate with the hypervisor." + - "" + - "To fix this, run on the HYPERVISOR:" + - " 1. Shutdown the VM: virsh shutdown {{ inventory_hostname }}" + - " 2. Add the channel:" + - " virsh attach-device {{ inventory_hostname }} --config \\" + - " <(echo '')" + - " 3. Start the VM: virsh start {{ inventory_hostname }}" + when: not virtio_serial.stat.exists + tags: [validate] + + - name: Test QEMU Guest Agent functionality + block: + - name: Try to ping QEMU Guest Agent + command: qemu-ga-client ping + register: agent_ping + changed_when: false + failed_when: false + tags: [validate] + + - name: Display agent connectivity + debug: + msg: "Agent connectivity: {{ 'SUCCESS' if agent_ping.rc == 0 else 'FAILED - Channel not configured' }}" + tags: [validate] + + when: virtio_serial.stat.exists + + - name: Create documentation file for manual steps + copy: + dest: /root/qemu-guest-agent-setup.txt + content: | + QEMU Guest Agent Installation Summary + ====================================== + Date: {{ ansible_date_time.iso8601 }} + Host: {{ inventory_hostname }} + Status: Agent installed and running + + Virtio Serial Channel Status: {{ 'CONFIGURED' if virtio_serial.stat.exists else 'NOT CONFIGURED' }} + + {% if not virtio_serial.stat.exists %} + MANUAL CONFIGURATION REQUIRED + ============================= + + The QEMU guest agent is installed and running inside this VM, but it cannot + communicate with the hypervisor because the virtio-serial channel is not configured. + + To complete the setup, execute these commands ON THE HYPERVISOR: + + 1. Shutdown this VM: + virsh shutdown {{ inventory_hostname }} + + 2. Create channel configuration file: + cat > /tmp/{{ inventory_hostname }}-channel.xml << 'EOF' + + + + + EOF + + 3. Attach the channel to the VM: + virsh attach-device {{ inventory_hostname }} \ + --config --file /tmp/{{ inventory_hostname }}-channel.xml + + 4. Start the VM: + virsh start {{ inventory_hostname }} + + 5. Verify the agent is working: + virsh qemu-agent-command {{ inventory_hostname }} '{"execute":"guest-ping"}' + + Alternatively, you can edit the XML directly: + virsh edit {{ inventory_hostname }} + + And add this section inside : + + + + + {% else %} + CONFIGURATION COMPLETE + ====================== + + The QEMU guest agent is fully configured and can communicate with the hypervisor. + + Test from hypervisor: + virsh qemu-agent-command {{ inventory_hostname }} '{"execute":"guest-ping"}' + virsh qemu-agent-command {{ inventory_hostname }} '{"execute":"guest-info"}' + {% endif %} + mode: '0644' + tags: [config] + + - name: Display installation summary + debug: + msg: + - "====================================" + - "QEMU Guest Agent Installation Complete" + - "====================================" + - "Host: {{ inventory_hostname }}" + - "Package: {{ 'Installed' if debian_install is changed or rhel_install is changed or suse_install is changed else 'Already installed' }}" + - "Service: {{ service_check.status.ActiveState }} ({{ service_check.status.UnitFileState }})" + - "Version: {{ qemu_ga_version.stdout }}" + - "Virtio Channel: {{ 'Configured' if virtio_serial.stat.exists else 'Requires hypervisor configuration' }}" + - "" + tags: [always] + + - name: Display action required message + debug: + msg: + - "ACTION REQUIRED:" + - " See /root/qemu-guest-agent-setup.txt for hypervisor configuration steps" + when: not virtio_serial.stat.exists + tags: [always] + + - name: Display operational status + debug: + msg: "Status: Fully operational" + when: virtio_serial.stat.exists + tags: [always]