ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e28d1633a1a46766020002aa0ea4a6777403a56
infra-automation/inventories/development/group_vars/kvm_guests.yml
ansible cfad67a3a1 Remove static inventory, use only dynamic libvirt inventory 
Remove static hosts.yml inventory file and configure pure dynamic
inventory discovery using community.libvirt.libvirt plugin.

Changes:

1. Removed Static Inventory:
   - Deleted inventories/development/hosts.yml
   - All host definitions now come from libvirt dynamic discovery
   - Complies with CLAUDE.md requirement for dynamic inventories

2. Updated libvirt_kvm.yml Dynamic Inventory:
   - Changed URI from local to remote: qemu+ssh://grok@grok.home.serneels.xyz/system
   - Configures automatic VM discovery from grokbox hypervisor
   - Creates dynamic groups: kvm_guests, running_vms, small_vms, large_vms
   - Creates keyed groups by state and OS
   - Extracts IP addresses from guest_info

3. Created Host Variables Override:
   - inventories/development/host_vars/pihole.yml
   - inventories/development/host_vars/mymx.yml
   - inventories/development/host_vars/derp.yml
   - Override ansible_connection from libvirt_qemu to ssh
   - Set ansible_host to IP addresses (192.168.122.x)

4. Updated Group Variables:
   - inventories/development/group_vars/kvm_guests.yml
   - Added ansible_connection: ssh to force SSH over libvirt
   - Maintains ProxyJump configuration through grokbox
   - SSH connection multiplexing settings preserved

5. Added .gitignore:
   - Exclude stats/ directory from version control
   - Prevents system_info role output from being committed

Dynamic Inventory Discovery:
- Automatically discovers VMs: pihole, mymx, derp
- Groups by state: running_vms, stopped_vms
- Groups by size: small_vms (≤2GB), medium_vms (2-8GB), large_vms (>8GB)
- Groups by OS: os_debian, os_unknown
- Creates UUID-based groups for unique identification

Connection Method:
- Discovery: libvirt plugin queries grokbox via SSH
- Execution: SSH with ProxyJump through grokbox
- Authentication: SSH keys (ansible user)
- Network: Private 192.168.122.0/24 via NAT

Testing Results:
 Dynamic inventory discovers all 3 VMs
 Groups created correctly (kvm_guests, running_vms, etc.)
 pihole: Connection successful via ProxyJump
⚠️  mymx, derp: SSH key authentication needed (not inventory issue)

Benefits:
- No manual inventory maintenance required
- VMs automatically added/removed based on libvirt state
- Dynamic grouping by resource allocation
- Centralized management through grokbox
- CLAUDE.md compliant (no static inventories in production-like envs)

Usage:
# List all discovered VMs
ansible-inventory -i inventories/development/ --graph

# Ping all KVM guests
ansible -i inventories/development/ kvm_guests -m ping

# Run playbook on running VMs
ansible-playbook -i inventories/development/ site.yml --limit running_vms

Migration Note:
The static inventory (hosts.yml) contained some hosts not managed
by libvirt (odin, seed). These external hosts need to be managed
via separate dynamic inventory sources or added back if required.

Related Documentation:
- docs/network-access-patterns.md (ProxyJump configuration)
- inventories/production/README.md (dynamic inventory examples)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 02:10:54 +01:00

102 lines
2.8 KiB
YAML
Raw Blame History

---
# =============================================================================
# KVM Guest VMs Group Variables
# =============================================================================
# Common configuration for all KVM guest virtual machines
# =============================================================================
# VM Platform Details
# -----------------------------------------------------------------------------
virtualization_type: kvm
virtualization_role: guest
hypervisor_host: grokbox
management_interface: libvirt
# Network Configuration
# -----------------------------------------------------------------------------
vm_network_type: nat
vm_network_bridge: virbr0
vm_network_subnet: "192.168.122.0/24"
vm_gateway: "192.168.122.1"
# SSH & Connectivity
# -----------------------------------------------------------------------------
# Force SSH connection (override libvirt_qemu from dynamic inventory)
ansible_connection: ssh
ansible_user: ansible
ansible_become_password: null # Passwordless sudo configured
# Connection via ProxyJump through hypervisor
ansible_ssh_common_args: >-
-o ProxyJump=grokbox
-o StrictHostKeyChecking=accept-new
-o ServerAliveInterval=45
-o ServerAliveCountMax=3
-o ControlMaster=auto
-o ControlPersist=600s
# Storage Configuration (LVM - per CLAUDE.md)
# -----------------------------------------------------------------------------
lvm_enabled: true
lvm_vg_name: vg_system
lvm_pvs:
- /dev/vda2
lvm_lvs:
- name: lv_root
size: 8G
mount_point: /
fstype: ext4
- name: lv_boot
size: 2G
mount_point: /boot
fstype: ext4
- name: lv_opt
size: 3G
mount_point: /opt
fstype: ext4
- name: lv_tmp
size: 1G
mount_point: /tmp
fstype: ext4
mount_options: noexec,nosuid,nodev
- name: lv_home
size: 2G
mount_point: /home
fstype: ext4
- name: lv_var_log
size: 2G
mount_point: /var/log
fstype: ext4
- name: lv_var_audit
size: 1G
mount_point: /var/log/audit
fstype: ext4
- name: lv_swap
size: 1G
fstype: swap
# Resource Monitoring Thresholds
# -----------------------------------------------------------------------------
disk_usage_warning_threshold: 80
disk_usage_critical_threshold: 90
memory_warning_threshold: 85
memory_critical_threshold: 95
cpu_warning_threshold: 80
# Backup Configuration
# -----------------------------------------------------------------------------
backup_enabled: false # Development environment
snapshot_enabled: true
snapshot_retention_days: 7
# VM Lifecycle
# -----------------------------------------------------------------------------
vm_autostart: true
vm_shutdown_timeout: 300 # seconds
# Cloud-init Configuration
# -----------------------------------------------------------------------------
cloud_init_enabled: true
cloud_init_datasource: NoCloud
Reference in New Issue View Git Blame Copy Permalink