hypervisor

files/hypervisor/iptables-forward.sh

+#!/bin/bash
+sudo iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -p tcp -m tcp --dport $1 -j DNAT --to-destination $2
+sudo iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m udp --dport $1 -j DNAT --to-destination $2
+cp ./ipt ./ipt.bak
+sudo iptables-save > ./ipt
+#netfilter-persistent save 

hypervisor.yml

+---
+- hosts: hypervisor
+  remote_user: root
+  tasks:
+    - name: apt
+      become: true
+      when: "ansible_distribution != 'CentOS'"
+      apt:
+        state: latest
+        update_cache: true
+        name: sudo,python,qemu,qemu-kvm,libvirt-bin,bridge-utils,virtinst,libguestfs-tools,python-libvirt,python-lxml
+    - name: yum
+      become: true
+      when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int <= 7"
+      yum:
+        state: latest
+        update_cache: true
+        name: sudo,python,kvm,qemu-kvm,qemu-kvm-tools,qemu-img,libvirt,libvirt-python,libguestfs-tools,bridge-utils,virt-install,python-lxml
+    - name: dnf
+      become: true
+      when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 8"
+      dnf:
+        state: latest
+        name: sudo,python3,qemu-kvm,qemu-img,libvirt,python3-libvirt,libguestfs-tools,virt-install,python3-lxml
+    - name: libvirt service
+      become: true
+      systemd:
+        name: libvirtd
+        state: started
+    - name: stop firewalld
+      become: true
+      systemd:
+        name: firewalld
+        state: stopped
+      when: "ansible_distribution == 'CentOS'"
+    - name: flush forward table
+      become: true
+      iptables:
+        chain: FORWARD
+        flush: true
+    - name: iptables save
+      shell: 'sudo iptables-save > ~/ipt'
+    - name: iptables forward script
+      copy:
+        src: files/hypervisor/iptables-forward.sh
+        dest: '~/iptables-forward.sh'
+        mode: 0755
+    - name: permission for home path
+      become: true
+      file:
+        path: '{{home_path}}'
+        state: directory
+        owner: '{{ansible_user_id}}'
+        group: '{{ansible_user_id}}'
+    - name: pool directories
+      file:
+        path: '{{home_path}}/{{item}}'
+        state: directory
+      with_items:
+        - iso
+        - img

init.yml

@@ -141,7 +141,7 @@
       become: true
       yum:
         state: latest
-        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,ctags,xclip,traceroute,tar,unzip,iperf,nmap # astyle
+        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,ctags,xclip,traceroute,tar,unzip,iperf,nmap,libselinux-python # astyle
       when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 7"
     #- name: yum autoremove
     #  become: true
@@ -158,13 +158,18 @@
       become: true
       dnf:
         state: latest
-        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,ctags,astyle,traceroute,tar,unzip,nmap # xclip
+        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,ctags,astyle,traceroute,tar,unzip,nmap,python3-libselinux # xclip
       when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 8"
     - name: dnf autoremove
       become: true
       dnf:
         autoremove: true
       when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 8"
+    - name: disable selinux
+      become: true
+      selinux:
+        state: disabled
+      when: "ansible_distribution == 'CentOS'"
     - name: vim
       unarchive:
         src: https://minio.mycard.moe:9000/nanahira/nanahira-vim.tar.gz