Initial implementation (#1)

Signed-off-by: Lukas Bednar <[email protected]>

.gitignore

@@ -0,0 +1,2 @@
+tests/roles/provision_docker
+*.retry

.travis.yml

@@ -0,0 +1,37 @@
+---
+sudo: required
+language: python
+python: "2.7"
+
+services:
+  - docker
+
+env:
+  global:
+    - ANSIBLE_HOST_KEY_CHECKING="False"
+
+# Install python-pip
+addons:
+  apt:
+    packages:
+      - python-pip
+
+install:
+  # Install ansible
+  - pip install -r tests/requirements.txt
+
+  # Check ansible version
+  - ansible --version
+
+  # Install ansible role tests requirements
+  - ansible-galaxy install -r tests/requirements.yml -p tests/roles/
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+  # Execute playbook
+  # FIXME: Can not be tested on travis-ci: "The system doesn't seem to have Intel nor AMD virtualization support."
+  #- ansible-playbook tests/test.yml -i tests/inventory
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

README.md

@@ -1,2 +1,48 @@
-# ansible-role-nested-virtualization
-Ansible to enable or disable nested virtualization
+Nested Virtualization
+=========
+
+An ansible role to enable or disable nested virtualization on target system.
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+```yaml
+---
+nested_virtualization_state: enabled / disabled
+```
+
+Dependencies
+------------
+None
+
+Example Playbook
+----------------
+
+```yaml
+---
+# Enable nested virtualization on your servers
+- hosts: servers
+  roles:
+    - role: "nested-virtualization"
+
+# Disable nested virtualization on your servers
+- hosts: servers
+  roles:
+    - role: "nested-virtualization"
+      nested_virtualization_state: "disabled"
+```
+
+License
+-------
+
+GPLv3
+
+Author Information
+------------------
+
+[Lukas Bednar](https://github.com/lukas-bednar)

defaults/main.yml

@@ -0,0 +1,2 @@
+---
+nested_virtualization_state: "enabled"

meta/main.yml

@@ -0,0 +1,15 @@
+galaxy_info:
+  author: Lukas Bednar
+  description: "Ansible role to enable or disable nested virtualization"
+  company: "Red Hat"
+  license: GPLv3
+  min_ansible_version: 2.4
+  platforms:
+  - name: EL
+    versions:
+    - 6
+    - 7
+  galaxy_tags:
+  - virtualization
+  - nested
+dependencies: []

tasks/disable.yml

@@ -0,0 +1,10 @@
+---
+- name: "Remove {{ nested_virtualization_module_name }} module"
+  shell: |
+    set -e
+    modprobe -r {{ nested_virtualization_module_name }}
+
+- name: "Activate {{ nested_virtualization_module_name }} module without nested feature"
+  shell: |
+    set -e
+    modprobe {{ nested_virtualization_module_name }}

tasks/enable.yml

@@ -0,0 +1,10 @@
+---
+- name: "Remove {{ nested_virtualization_module_name }} module"
+  shell: |
+    set -e
+    modprobe -r {{ nested_virtualization_module_name }}
+
+- name: "Activate {{ nested_virtualization_module_name }} module with nested feature"
+  shell: |
+    set -e
+    modprobe {{ nested_virtualization_module_name }} nested=1

tasks/main.yml

@@ -0,0 +1,65 @@
+---
+- name: Check if Intel virtualization is supported
+  shell: |
+    set -e
+    grep vmx {{ nested_virtualization_cpuinfo }}
+  ignore_errors: yes
+  register: intel_proccesor
+
+- name: Check if AMD virtualization is supported
+  shell: |
+    set -e
+    grep svm {{ nested_virtualization_cpuinfo }}
+  ignore_errors: yes
+  register: amd_proccesor
+
+- name: Fail in case no Intel or AMD virtualization support is not detected.
+  fail:
+    msg: "The system doesn't seem to have Intel nor AMD virtualization support."
+  when: intel_proccesor.rc != 0 and amd_proccesor != 0
+
+- name: Set facts for Intel virtualization
+  set_fact:
+    nested_virtualization_test_path: "/sys/module/kvm_intel/parameters/nested"
+    nested_virtualization_module_name: "kvm_intel"
+  when: intel_proccesor.rc == 0
+
+- name: Set facts for AMD virtualization
+  set_fact:
+    nested_virtualization_test_path: "/sys/module/kvm_amd/parameters/nested"
+    nested_virtualization_module_name: "kvm_amd"
+  when: amd_proccesor.rc == 0
+
+- name: Test status of nested virtualization
+  shell: |
+    set -e
+    cat {{ nested_virtualization_test_path }}
+  register: actual_status
+
+- include_tasks: enable.yml
+  when:
+    - nested_virtualization_state == "enabled"
+    - "'N' in actual_status.stdout or '0' in actual_status.stdout"
+
+- name: "Persist configuration in {{ nested_virtualization_kvm_config }}"
+  lineinfile:
+    path: "{{ nested_virtualization_kvm_config }}"
+    regexp: "^options {{ nested_virtualization_module_name }}.*$"
+    line: "options {{ nested_virtualization_module_name }} nested=1"
+    create: yes
+  when:
+    - nested_virtualization_state == "enabled"
+
+- include_tasks: disable.yml
+  when:
+    - nested_virtualization_state == "disabled"
+    - "'Y' in actual_status.stdout or '1' in actual_status.stdout"
+
+- name: "Persist configuration in {{ nested_virtualization_kvm_config }}"
+  lineinfile:
+    path: "{{ nested_virtualization_kvm_config }}"
+    regexp: "^options {{ nested_virtualization_module_name }}.*$"
+    line: "options {{ nested_virtualization_module_name }}"
+    create: yes
+  when:
+    - nested_virtualization_state == "disabled"

tests/inventory

@@ -0,0 +1 @@
+localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"

tests/requirements.txt

@@ -0,0 +1,2 @@
+ansible
+docker-py

tests/requirements.yml

@@ -0,0 +1,3 @@
+---
+- src: chrismeyersfsu.provision_docker
+  name: provision_docker

tests/roles/nested-virtualization

@@ -0,0 +1 @@
+../../

tests/test.yml

@@ -0,0 +1,29 @@
+---
+- name: Bring up docker containers
+  hosts: localhost
+  gather_facts: false
+  vars:
+    inventory:
+      - name: nested_virt_centos6
+        image: "chrismeyers/centos6"
+      - name: nested_virt_centos7
+        image: "chrismeyers/centos7"
+      - name: nested_virt_rhel6
+        image: "registry.access.redhat.com/rhel6:latest"
+      - name: nested_virt_rhel7
+        image: "registry.access.redhat.com/rhel:latest"
+  roles:
+    - role: provision_docker
+      provision_docker_inventory: "{{ inventory }}"
+
+
+- name: Run nested-virtualization role to enable nested virtualization
+  hosts: docker_containers
+  roles:
+    - role: "nested-virtualization"
+
+- name: Run nested-virtualization role to disable nested virtualization
+  hosts: docker_containers
+  roles:
+    - role: "nested-virtualization"
+      nested_virtualization_state: disable

vars/main.yml

@@ -0,0 +1,3 @@
+---
+nested_virtualization_cpuinfo: "/proc/cpuinfo"
+nested_virtualization_kvm_config: "/etc/modprobe.d/kvm.conf"