Browse code
Move libvirt install + setup to functions-libvirt
Moves installation and setup of libvirt to a common functions-libvirt,
which can be used by other drivers in the future that may require
cross-distro libvirt installation and config but are not using
VIRT_DRIVER=libvirt (ie, Ironic).
Change-Id: I4a9255c8b4bacd5acfde9b8061c9e537aeea592c
Adam Gandelman authored on 2014/03/14 06:20:43Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,125 @@ |
| 0 |
+# lib/nova_plugins/functions-libvirt |
|
| 1 |
+# Common libvirt configuration functions |
|
| 2 |
+ |
|
| 3 |
+# Dependencies: |
|
| 4 |
+# ``functions`` file |
|
| 5 |
+# ``STACK_USER`` has to be defined |
|
| 6 |
+ |
|
| 7 |
+# Save trace setting |
|
| 8 |
+LV_XTRACE=$(set +o | grep xtrace) |
|
| 9 |
+set +o xtrace |
|
| 10 |
+ |
|
| 11 |
+# Defaults |
|
| 12 |
+# ------- |
|
| 13 |
+ |
|
| 14 |
+# if we should turn on massive libvirt debugging |
|
| 15 |
+DEBUG_LIBVIRT=$(trueorfalse False $DEBUG_LIBVIRT) |
|
| 16 |
+ |
|
| 17 |
+# Installs required distro-specific libvirt packages. |
|
| 18 |
+function install_libvirt {
|
|
| 19 |
+ if is_ubuntu; then |
|
| 20 |
+ install_package kvm |
|
| 21 |
+ install_package libvirt-bin |
|
| 22 |
+ install_package python-libvirt |
|
| 23 |
+ install_package python-guestfs |
|
| 24 |
+ elif is_fedora || is_suse; then |
|
| 25 |
+ install_package kvm |
|
| 26 |
+ install_package libvirt |
|
| 27 |
+ install_package libvirt-python |
|
| 28 |
+ install_package python-libguestfs |
|
| 29 |
+ fi |
|
| 30 |
+} |
|
| 31 |
+ |
|
| 32 |
+# Configures the installed libvirt system so that is accessible by |
|
| 33 |
+# STACK_USER via qemu:///system with management capabilities. |
|
| 34 |
+function configure_libvirt {
|
|
| 35 |
+ if is_service_enabled neutron && is_neutron_ovs_base_plugin && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF; then |
|
| 36 |
+ # Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces |
|
| 37 |
+ cat <<EOF | sudo tee -a $QEMU_CONF |
|
| 38 |
+cgroup_device_acl = [ |
|
| 39 |
+ "/dev/null", "/dev/full", "/dev/zero", |
|
| 40 |
+ "/dev/random", "/dev/urandom", |
|
| 41 |
+ "/dev/ptmx", "/dev/kvm", "/dev/kqemu", |
|
| 42 |
+ "/dev/rtc", "/dev/hpet","/dev/net/tun", |
|
| 43 |
+] |
|
| 44 |
+EOF |
|
| 45 |
+ fi |
|
| 46 |
+ |
|
| 47 |
+ if is_ubuntu; then |
|
| 48 |
+ LIBVIRT_DAEMON=libvirt-bin |
|
| 49 |
+ else |
|
| 50 |
+ LIBVIRT_DAEMON=libvirtd |
|
| 51 |
+ fi |
|
| 52 |
+ |
|
| 53 |
+ if is_fedora || is_suse; then |
|
| 54 |
+ if is_fedora && [[ $DISTRO =~ (rhel6) || "$os_RELEASE" -le "17" ]]; then |
|
| 55 |
+ cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
| 56 |
+[libvirt Management Access] |
|
| 57 |
+Identity=unix-group:$LIBVIRT_GROUP |
|
| 58 |
+Action=org.libvirt.unix.manage |
|
| 59 |
+ResultAny=yes |
|
| 60 |
+ResultInactive=yes |
|
| 61 |
+ResultActive=yes |
|
| 62 |
+EOF |
|
| 63 |
+ elif is_suse && [[ $os_RELEASE = 12.2 || "$os_VENDOR" = "SUSE LINUX" ]]; then |
|
| 64 |
+ # openSUSE < 12.3 or SLE |
|
| 65 |
+ # Work around the fact that polkit-default-privs overrules pklas |
|
| 66 |
+ # with 'unix-group:$group'. |
|
| 67 |
+ cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
| 68 |
+[libvirt Management Access] |
|
| 69 |
+Identity=unix-user:$STACK_USER |
|
| 70 |
+Action=org.libvirt.unix.manage |
|
| 71 |
+ResultAny=yes |
|
| 72 |
+ResultInactive=yes |
|
| 73 |
+ResultActive=yes |
|
| 74 |
+EOF |
|
| 75 |
+ else |
|
| 76 |
+ # Starting with fedora 18 and opensuse-12.3 enable stack-user to |
|
| 77 |
+ # virsh -c qemu:///system by creating a policy-kit rule for |
|
| 78 |
+ # stack-user using the new Javascript syntax |
|
| 79 |
+ rules_dir=/etc/polkit-1/rules.d |
|
| 80 |
+ sudo mkdir -p $rules_dir |
|
| 81 |
+ cat <<EOF | sudo tee $rules_dir/50-libvirt-$STACK_USER.rules |
|
| 82 |
+polkit.addRule(function(action, subject) {
|
|
| 83 |
+ if (action.id == 'org.libvirt.unix.manage' && |
|
| 84 |
+ subject.user == '$STACK_USER') {
|
|
| 85 |
+ return polkit.Result.YES; |
|
| 86 |
+ } |
|
| 87 |
+}); |
|
| 88 |
+EOF |
|
| 89 |
+ unset rules_dir |
|
| 90 |
+ fi |
|
| 91 |
+ fi |
|
| 92 |
+ |
|
| 93 |
+ # The user that nova runs as needs to be member of **libvirtd** group otherwise |
|
| 94 |
+ # nova-compute will be unable to use libvirt. |
|
| 95 |
+ if ! getent group $LIBVIRT_GROUP >/dev/null; then |
|
| 96 |
+ sudo groupadd $LIBVIRT_GROUP |
|
| 97 |
+ fi |
|
| 98 |
+ add_user_to_group $STACK_USER $LIBVIRT_GROUP |
|
| 99 |
+ |
|
| 100 |
+ # Enable server side traces for libvirtd |
|
| 101 |
+ if [[ "$DEBUG_LIBVIRT" = "True" ]] ; then |
|
| 102 |
+ local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 1:util" |
|
| 103 |
+ local log_outputs="1:file:/var/log/libvirt/libvirtd.log" |
|
| 104 |
+ if ! grep -q "log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then |
|
| 105 |
+ echo "log_filters=\"$log_filters\"" | sudo tee -a /etc/libvirt/libvirtd.conf |
|
| 106 |
+ fi |
|
| 107 |
+ if ! grep -q "log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then |
|
| 108 |
+ echo "log_outputs=\"$log_outputs\"" | sudo tee -a /etc/libvirt/libvirtd.conf |
|
| 109 |
+ fi |
|
| 110 |
+ fi |
|
| 111 |
+ |
|
| 112 |
+ # libvirt detects various settings on startup, as we potentially changed |
|
| 113 |
+ # the system configuration (modules, filesystems), we need to restart |
|
| 114 |
+ # libvirt to detect those changes. |
|
| 115 |
+ restart_service $LIBVIRT_DAEMON |
|
| 116 |
+} |
|
| 117 |
+ |
|
| 118 |
+ |
|
| 119 |
+# Restore xtrace |
|
| 120 |
+$LV_XTRACE |
|
| 121 |
+ |
|
| 122 |
+# Local variables: |
|
| 123 |
+# mode: shell-script |
|
| 124 |
+# End: |
| ... | ... |
@@ -7,7 +7,6 @@ |
| 7 | 7 |
# Dependencies: |
| 8 | 8 |
# ``functions`` file |
| 9 | 9 |
# ``nova`` configuration |
| 10 |
-# ``STACK_USER`` has to be defined |
|
| 11 | 10 |
|
| 12 | 11 |
# install_nova_hypervisor - install any external requirements |
| 13 | 12 |
# configure_nova_hypervisor - make configuration changes, including those to other services |
| ... | ... |
@@ -19,14 +18,13 @@ |
| 19 | 19 |
MY_XTRACE=$(set +o | grep xtrace) |
| 20 | 20 |
set +o xtrace |
| 21 | 21 |
|
| 22 |
+source $TOP_DIR/lib/nova_plugins/functions-libvirt |
|
| 22 | 23 |
|
| 23 | 24 |
# Defaults |
| 24 | 25 |
# -------- |
| 25 | 26 |
|
| 26 | 27 |
# File injection is disabled by default in Nova. This will turn it back on. |
| 27 | 28 |
ENABLE_FILE_INJECTION=${ENABLE_FILE_INJECTION:-False}
|
| 28 |
-# if we should turn on massive libvirt debugging |
|
| 29 |
-DEBUG_LIBVIRT=$(trueorfalse False $DEBUG_LIBVIRT) |
|
| 30 | 29 |
|
| 31 | 30 |
|
| 32 | 31 |
# Entry Points |
| ... | ... |
@@ -40,88 +38,7 @@ function cleanup_nova_hypervisor {
|
| 40 | 40 |
|
| 41 | 41 |
# configure_nova_hypervisor - Set config files, create data dirs, etc |
| 42 | 42 |
function configure_nova_hypervisor {
|
| 43 |
- if is_service_enabled neutron && is_neutron_ovs_base_plugin && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF; then |
|
| 44 |
- # Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces |
|
| 45 |
- cat <<EOF | sudo tee -a $QEMU_CONF |
|
| 46 |
-cgroup_device_acl = [ |
|
| 47 |
- "/dev/null", "/dev/full", "/dev/zero", |
|
| 48 |
- "/dev/random", "/dev/urandom", |
|
| 49 |
- "/dev/ptmx", "/dev/kvm", "/dev/kqemu", |
|
| 50 |
- "/dev/rtc", "/dev/hpet","/dev/net/tun", |
|
| 51 |
-] |
|
| 52 |
-EOF |
|
| 53 |
- fi |
|
| 54 |
- |
|
| 55 |
- if is_ubuntu; then |
|
| 56 |
- LIBVIRT_DAEMON=libvirt-bin |
|
| 57 |
- else |
|
| 58 |
- LIBVIRT_DAEMON=libvirtd |
|
| 59 |
- fi |
|
| 60 |
- |
|
| 61 |
- if is_fedora || is_suse; then |
|
| 62 |
- if is_fedora && [[ $DISTRO =~ (rhel6) || "$os_RELEASE" -le "17" ]]; then |
|
| 63 |
- cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
| 64 |
-[libvirt Management Access] |
|
| 65 |
-Identity=unix-group:$LIBVIRT_GROUP |
|
| 66 |
-Action=org.libvirt.unix.manage |
|
| 67 |
-ResultAny=yes |
|
| 68 |
-ResultInactive=yes |
|
| 69 |
-ResultActive=yes |
|
| 70 |
-EOF |
|
| 71 |
- elif is_suse && [[ $os_RELEASE = 12.2 || "$os_VENDOR" = "SUSE LINUX" ]]; then |
|
| 72 |
- # openSUSE < 12.3 or SLE |
|
| 73 |
- # Work around the fact that polkit-default-privs overrules pklas |
|
| 74 |
- # with 'unix-group:$group'. |
|
| 75 |
- cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
| 76 |
-[libvirt Management Access] |
|
| 77 |
-Identity=unix-user:$STACK_USER |
|
| 78 |
-Action=org.libvirt.unix.manage |
|
| 79 |
-ResultAny=yes |
|
| 80 |
-ResultInactive=yes |
|
| 81 |
-ResultActive=yes |
|
| 82 |
-EOF |
|
| 83 |
- else |
|
| 84 |
- # Starting with fedora 18 and opensuse-12.3 enable stack-user to |
|
| 85 |
- # virsh -c qemu:///system by creating a policy-kit rule for |
|
| 86 |
- # stack-user using the new Javascript syntax |
|
| 87 |
- rules_dir=/etc/polkit-1/rules.d |
|
| 88 |
- sudo mkdir -p $rules_dir |
|
| 89 |
- cat <<EOF | sudo tee $rules_dir/50-libvirt-$STACK_USER.rules |
|
| 90 |
-polkit.addRule(function(action, subject) {
|
|
| 91 |
- if (action.id == 'org.libvirt.unix.manage' && |
|
| 92 |
- subject.user == '$STACK_USER') {
|
|
| 93 |
- return polkit.Result.YES; |
|
| 94 |
- } |
|
| 95 |
-}); |
|
| 96 |
-EOF |
|
| 97 |
- unset rules_dir |
|
| 98 |
- fi |
|
| 99 |
- fi |
|
| 100 |
- |
|
| 101 |
- # The user that nova runs as needs to be member of **libvirtd** group otherwise |
|
| 102 |
- # nova-compute will be unable to use libvirt. |
|
| 103 |
- if ! getent group $LIBVIRT_GROUP >/dev/null; then |
|
| 104 |
- sudo groupadd $LIBVIRT_GROUP |
|
| 105 |
- fi |
|
| 106 |
- add_user_to_group $STACK_USER $LIBVIRT_GROUP |
|
| 107 |
- |
|
| 108 |
- # Enable server side traces for libvirtd |
|
| 109 |
- if [[ "$DEBUG_LIBVIRT" = "True" ]] ; then |
|
| 110 |
- local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 1:util" |
|
| 111 |
- local log_outputs="1:file:/var/log/libvirt/libvirtd.log" |
|
| 112 |
- if ! grep -q "log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then |
|
| 113 |
- echo "log_filters=\"$log_filters\"" | sudo tee -a /etc/libvirt/libvirtd.conf |
|
| 114 |
- fi |
|
| 115 |
- if ! grep -q "log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then |
|
| 116 |
- echo "log_outputs=\"$log_outputs\"" | sudo tee -a /etc/libvirt/libvirtd.conf |
|
| 117 |
- fi |
|
| 118 |
- fi |
|
| 119 |
- |
|
| 120 |
- # libvirt detects various settings on startup, as we potentially changed |
|
| 121 |
- # the system configuration (modules, filesystems), we need to restart |
|
| 122 |
- # libvirt to detect those changes. |
|
| 123 |
- restart_service $LIBVIRT_DAEMON |
|
| 124 |
- |
|
| 43 |
+ configure_libvirt |
|
| 125 | 44 |
iniset $NOVA_CONF DEFAULT libvirt_type "$LIBVIRT_TYPE" |
| 126 | 45 |
iniset $NOVA_CONF DEFAULT libvirt_cpu_mode "none" |
| 127 | 46 |
iniset $NOVA_CONF DEFAULT use_usb_tablet "False" |
| ... | ... |
@@ -150,17 +67,7 @@ EOF |
| 150 | 150 |
|
| 151 | 151 |
# install_nova_hypervisor() - Install external components |
| 152 | 152 |
function install_nova_hypervisor {
|
| 153 |
- if is_ubuntu; then |
|
| 154 |
- install_package kvm |
|
| 155 |
- install_package libvirt-bin |
|
| 156 |
- install_package python-libvirt |
|
| 157 |
- install_package python-guestfs |
|
| 158 |
- elif is_fedora || is_suse; then |
|
| 159 |
- install_package kvm |
|
| 160 |
- install_package libvirt |
|
| 161 |
- install_package libvirt-python |
|
| 162 |
- install_package python-libguestfs |
|
| 163 |
- fi |
|
| 153 |
+ install_libvirt |
|
| 164 | 154 |
|
| 165 | 155 |
# Install and configure **LXC** if specified. LXC is another approach to |
| 166 | 156 |
# splitting a system into many smaller parts. LXC uses cgroups and chroot |