imfreedom/ansible

Add the apparmor rule for debian and make the pool configurable

2021-09-19, Gary Kramlich
a272d577ac93
Parents a8fd79d9daea
Children 848e3c090312
Add the apparmor rule for debian and make the pool configurable
7 files changed, 31 insertions(+), 0 deletions(-)
  • +1 -0
    roles/apache2/handlers/main.yaml
  • +2 -0
    roles/libvirt/defaults/main.yaml
  • +6 -0
    roles/libvirt/handlers/main.yaml
  • +9 -0
    roles/libvirt/tasks/apparmor.yaml
  • +4 -0
    roles/libvirt/tasks/debian.yaml
  • +8 -0
    roles/libvirt/tasks/pool.yaml
  • +1 -0
    roles/libvirt/templates/libvirt-qemu.apparmor
    • --- a/roles/apache2/handlers/main.yaml Sat Sep 18 19:22:28 2021 -0500
    +++ b/roles/apache2/handlers/main.yaml Sun Sep 19 01:16:26 2021 -0500
    @@ -1,3 +1,4 @@
    +---
    - name: reload apache2
    systemd:
    name: apache2
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/libvirt/defaults/main.yaml Sun Sep 19 01:16:26 2021 -0500
    @@ -0,0 +1,2 @@
    +---
    +libvirt_pool_path: "/var/lib/libvirt/images"
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/libvirt/handlers/main.yaml Sun Sep 19 01:16:26 2021 -0500
    @@ -0,0 +1,6 @@
    +---
    +- name: restart libvirtd
    + systemd:
    + name: libvirtd
    + state: restarted
    +
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/libvirt/tasks/apparmor.yaml Sun Sep 19 01:16:26 2021 -0500
    @@ -0,0 +1,9 @@
    +---
    +- name: add local apparmour config
    + template:
    + src: libvirt-qemu.apparmor
    + dest: /etc/apparmor.d/local/abstractions/libvirt-qemu
    + mode: 0644
    + notify:
    + - restart libvirtd
    +
    --- a/roles/libvirt/tasks/debian.yaml Sat Sep 18 19:22:28 2021 -0500
    +++ b/roles/libvirt/tasks/debian.yaml Sun Sep 19 01:16:26 2021 -0500
    @@ -12,4 +12,8 @@
    include_tasks: "network.yaml"
    - name: configure users
    include_tasks: "user.yaml"
    +- name: configure pool
    + include_tasks: "pool.yaml"
    +- name: configure apparmor
    + include_tasks: "apparmor.yaml"
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/libvirt/tasks/pool.yaml Sun Sep 19 01:16:26 2021 -0500
    @@ -0,0 +1,8 @@
    +---
    +- name: "create pool directory"
    + file:
    + path: "{{ libvirt_pool_path }}"
    + group: "libvirt"
    + mode: 0771
    + state: "directory"
    +
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/libvirt/templates/libvirt-qemu.apparmor Sun Sep 19 01:16:26 2021 -0500
    @@ -0,0 +1,1 @@
    + {{ libvirt_pool_path }}/* rwk,