kayobe/playbooks/kayobe-seed-vm-base/pre.yml

---
- hosts: primary
  environment:
    KAYOBE_CONFIG_SOURCE_PATH: "{{ kayobe_config_src_dir }}"
  tasks:
    # NOTE(mgoddard): Use the name zz-overrides.yml to ensure this takes
    # precedence over the standard config files.
    - name: Ensure kayobe-config override config file exists
      template:
        src: overrides.yml.j2
        dest: "{{ kayobe_config_src_dir }}/etc/kayobe/zz-overrides.yml"

    - name: Ensure seed group variables exist
      template:
        src: seed-group-vars.j2
        dest: "{{ kayobe_config_src_dir }}/etc/kayobe/inventory/group_vars/seed/network-interfaces"

    # NOTE(mgoddard): The kayobe dev config by default expects a bridge -
    # braio - to exist with an IP address of 192.168.33.4.
    - name: Ensure all-in-one network bridge interface exists
      command: "{{ item }}"
      become: true
      with_items:
        - "ip l add braio type bridge"
        - "ip l set braio up"
        - "ip a add 192.168.33.4/24 dev braio"
        # NOTE(mgoddard): CentOS 8 removes interfaces from their bridge during
        # ifdown, and removes the bridge if there are no interfaces left. When
        # Kayobe bounces veth links plugged into the bridge, it causes the
        # bridge which has the IP we are using for SSH to be removed. Use a
        # dummy interface.
        - "ip l add dummy1 type dummy"
        - "ip l set dummy1 up"
        - "ip l set dummy1 master braio"

    # NOTE(mgoddard): Configure IP forwarding and NAT to allow communication
    # from the seed VM to the outside world.

    # FIXME(mgoddard): use a libvirt network?
    - name: Ensure NAT is configured
      iptables:
        chain: POSTROUTING
        table: nat
        out_interface: "{{ ansible_default_ipv4.interface }}"
        jump: MASQUERADE
      become: true

    # FIXME(mgoddard): use a libvirt network?
    - name: Ensure IP forwarding is enabled
      sysctl:
        name: net.ipv4.conf.all.forwarding
        value: 1
      become: true

    - name: Ensure SELinux is disabled
      selinux:
        state: disabled
      become: True

    - name: Ensure kayobe is installed
      shell:
        cmd: dev/install.sh &> {{ logs_dir }}/ansible/install
        chdir: "{{ kayobe_src_dir }}"