Fixes bug 1184960
Change-Id: If702807d9ae326bf216a2e076ce61062045d7c6b
... | ... |
@@ -12,8 +12,8 @@ iptables |
12 | 12 |
ebtables |
13 | 13 |
sqlite3 |
14 | 14 |
sudo |
15 |
-kvm |
|
16 |
-qemu # dist:wheezy,jessie |
|
15 |
+kvm # NOPRIME |
|
16 |
+qemu # dist:wheezy,jessie NOPRIME |
|
17 | 17 |
libvirt-bin # NOPRIME |
18 | 18 |
libjs-jquery-tablesorter # Needed for coverage html reports |
19 | 19 |
vlan |
... | ... |
@@ -27,7 +27,7 @@ python-paste |
27 | 27 |
python-migrate |
28 | 28 |
python-gflags |
29 | 29 |
python-greenlet |
30 |
-python-libvirt |
|
30 |
+python-libvirt # NOPRIME |
|
31 | 31 |
python-libxml2 |
32 | 32 |
python-routes |
33 | 33 |
python-netaddr |
... | ... |
@@ -7,11 +7,11 @@ genisoimage # required for config_drive |
7 | 7 |
iptables |
8 | 8 |
iputils |
9 | 9 |
kpartx |
10 |
-kvm |
|
10 |
+kvm # NOPRIME |
|
11 | 11 |
# qemu as fallback if kvm cannot be used |
12 |
-qemu |
|
12 |
+qemu # NOPRIME |
|
13 | 13 |
libvirt # NOPRIME |
14 |
-libvirt-python |
|
14 |
+libvirt-python # NOPRIME |
|
15 | 15 |
libxml2-python |
16 | 16 |
mysql-community-server # NOPRIME |
17 | 17 |
parted |
... | ... |
@@ -237,37 +237,39 @@ function configure_nova() { |
237 | 237 |
# Force IP forwarding on, just on case |
238 | 238 |
sudo sysctl -w net.ipv4.ip_forward=1 |
239 | 239 |
|
240 |
- # Attempt to load modules: network block device - used to manage qcow images |
|
241 |
- sudo modprobe nbd || true |
|
242 |
- |
|
243 |
- # Check for kvm (hardware based virtualization). If unable to initialize |
|
244 |
- # kvm, we drop back to the slower emulation mode (qemu). Note: many systems |
|
245 |
- # come with hardware virtualization disabled in BIOS. |
|
246 |
- if [[ "$LIBVIRT_TYPE" == "kvm" ]]; then |
|
247 |
- sudo modprobe kvm || true |
|
248 |
- if [ ! -e /dev/kvm ]; then |
|
249 |
- echo "WARNING: Switching to QEMU" |
|
250 |
- LIBVIRT_TYPE=qemu |
|
251 |
- if which selinuxenabled 2>&1 > /dev/null && selinuxenabled; then |
|
252 |
- # https://bugzilla.redhat.com/show_bug.cgi?id=753589 |
|
253 |
- sudo setsebool virt_use_execmem on |
|
240 |
+ if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then |
|
241 |
+ # Attempt to load modules: network block device - used to manage qcow images |
|
242 |
+ sudo modprobe nbd || true |
|
243 |
+ |
|
244 |
+ # Check for kvm (hardware based virtualization). If unable to initialize |
|
245 |
+ # kvm, we drop back to the slower emulation mode (qemu). Note: many systems |
|
246 |
+ # come with hardware virtualization disabled in BIOS. |
|
247 |
+ if [[ "$LIBVIRT_TYPE" == "kvm" ]]; then |
|
248 |
+ sudo modprobe kvm || true |
|
249 |
+ if [ ! -e /dev/kvm ]; then |
|
250 |
+ echo "WARNING: Switching to QEMU" |
|
251 |
+ LIBVIRT_TYPE=qemu |
|
252 |
+ if which selinuxenabled 2>&1 > /dev/null && selinuxenabled; then |
|
253 |
+ # https://bugzilla.redhat.com/show_bug.cgi?id=753589 |
|
254 |
+ sudo setsebool virt_use_execmem on |
|
255 |
+ fi |
|
254 | 256 |
fi |
255 | 257 |
fi |
256 |
- fi |
|
257 | 258 |
|
258 |
- # Install and configure **LXC** if specified. LXC is another approach to |
|
259 |
- # splitting a system into many smaller parts. LXC uses cgroups and chroot |
|
260 |
- # to simulate multiple systems. |
|
261 |
- if [[ "$LIBVIRT_TYPE" == "lxc" ]]; then |
|
262 |
- if is_ubuntu; then |
|
263 |
- if [[ ! "$DISTRO" > natty ]]; then |
|
264 |
- cgline="none /cgroup cgroup cpuacct,memory,devices,cpu,freezer,blkio 0 0" |
|
265 |
- sudo mkdir -p /cgroup |
|
266 |
- if ! grep -q cgroup /etc/fstab; then |
|
267 |
- echo "$cgline" | sudo tee -a /etc/fstab |
|
268 |
- fi |
|
269 |
- if ! mount -n | grep -q cgroup; then |
|
270 |
- sudo mount /cgroup |
|
259 |
+ # Install and configure **LXC** if specified. LXC is another approach to |
|
260 |
+ # splitting a system into many smaller parts. LXC uses cgroups and chroot |
|
261 |
+ # to simulate multiple systems. |
|
262 |
+ if [[ "$LIBVIRT_TYPE" == "lxc" ]]; then |
|
263 |
+ if is_ubuntu; then |
|
264 |
+ if [[ ! "$DISTRO" > natty ]]; then |
|
265 |
+ cgline="none /cgroup cgroup cpuacct,memory,devices,cpu,freezer,blkio 0 0" |
|
266 |
+ sudo mkdir -p /cgroup |
|
267 |
+ if ! grep -q cgroup /etc/fstab; then |
|
268 |
+ echo "$cgline" | sudo tee -a /etc/fstab |
|
269 |
+ fi |
|
270 |
+ if ! mount -n | grep -q cgroup; then |
|
271 |
+ sudo mount /cgroup |
|
272 |
+ fi |
|
271 | 273 |
fi |
272 | 274 |
fi |
273 | 275 |
fi |
... | ... |
@@ -278,9 +280,10 @@ function configure_nova() { |
278 | 278 |
configure_baremetal_nova_dirs |
279 | 279 |
fi |
280 | 280 |
|
281 |
- if is_service_enabled quantum && is_quantum_ovs_base_plugin && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF; then |
|
282 |
- # Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces |
|
283 |
- cat <<EOF | sudo tee -a $QEMU_CONF |
|
281 |
+ if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then |
|
282 |
+ if is_service_enabled quantum && is_quantum_ovs_base_plugin && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF; then |
|
283 |
+ # Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces |
|
284 |
+ cat <<EOF | sudo tee -a $QEMU_CONF |
|
284 | 285 |
cgroup_device_acl = [ |
285 | 286 |
"/dev/null", "/dev/full", "/dev/zero", |
286 | 287 |
"/dev/random", "/dev/urandom", |
... | ... |
@@ -288,19 +291,17 @@ cgroup_device_acl = [ |
288 | 288 |
"/dev/rtc", "/dev/hpet","/dev/net/tun", |
289 | 289 |
] |
290 | 290 |
EOF |
291 |
- fi |
|
292 |
- |
|
293 |
- if is_ubuntu; then |
|
294 |
- LIBVIRT_DAEMON=libvirt-bin |
|
295 |
- else |
|
296 |
- LIBVIRT_DAEMON=libvirtd |
|
297 |
- fi |
|
298 |
- |
|
291 |
+ fi |
|
299 | 292 |
|
293 |
+ if is_ubuntu; then |
|
294 |
+ LIBVIRT_DAEMON=libvirt-bin |
|
295 |
+ else |
|
296 |
+ LIBVIRT_DAEMON=libvirtd |
|
297 |
+ fi |
|
300 | 298 |
|
301 |
- if is_fedora || is_suse; then |
|
302 |
- if is_fedora && [[ $DISTRO =~ (rhel6) || "$os_RELEASE" -le "17" ]]; then |
|
303 |
- sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
299 |
+ if is_fedora || is_suse; then |
|
300 |
+ if is_fedora && [[ $DISTRO =~ (rhel6) || "$os_RELEASE" -le "17" ]]; then |
|
301 |
+ sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
304 | 302 |
[libvirt Management Access] |
305 | 303 |
Identity=unix-group:$LIBVIRT_GROUP |
306 | 304 |
Action=org.libvirt.unix.manage |
... | ... |
@@ -308,11 +309,11 @@ ResultAny=yes |
308 | 308 |
ResultInactive=yes |
309 | 309 |
ResultActive=yes |
310 | 310 |
EOF" |
311 |
- elif is_suse && [[ $os_RELEASE = 12.2 || "$os_VENDOR" = "SUSE LINUX" ]]; then |
|
312 |
- # openSUSE < 12.3 or SLE |
|
313 |
- # Work around the fact that polkit-default-privs overrules pklas |
|
314 |
- # with 'unix-group:$group'. |
|
315 |
- sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
311 |
+ elif is_suse && [[ $os_RELEASE = 12.2 || "$os_VENDOR" = "SUSE LINUX" ]]; then |
|
312 |
+ # openSUSE < 12.3 or SLE |
|
313 |
+ # Work around the fact that polkit-default-privs overrules pklas |
|
314 |
+ # with 'unix-group:$group'. |
|
315 |
+ sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
316 | 316 |
[libvirt Management Access] |
317 | 317 |
Identity=unix-user:$USER |
318 | 318 |
Action=org.libvirt.unix.manage |
... | ... |
@@ -320,13 +321,13 @@ ResultAny=yes |
320 | 320 |
ResultInactive=yes |
321 | 321 |
ResultActive=yes |
322 | 322 |
EOF" |
323 |
- else |
|
324 |
- # Starting with fedora 18 and opensuse-12.3 enable stack-user to |
|
325 |
- # virsh -c qemu:///system by creating a policy-kit rule for |
|
326 |
- # stack-user using the new Javascript syntax |
|
327 |
- rules_dir=/etc/polkit-1/rules.d |
|
328 |
- sudo mkdir -p $rules_dir |
|
329 |
- sudo bash -c "cat <<EOF > $rules_dir/50-libvirt-$STACK_USER.rules |
|
323 |
+ else |
|
324 |
+ # Starting with fedora 18 and opensuse-12.3 enable stack-user to |
|
325 |
+ # virsh -c qemu:///system by creating a policy-kit rule for |
|
326 |
+ # stack-user using the new Javascript syntax |
|
327 |
+ rules_dir=/etc/polkit-1/rules.d |
|
328 |
+ sudo mkdir -p $rules_dir |
|
329 |
+ sudo bash -c "cat <<EOF > $rules_dir/50-libvirt-$STACK_USER.rules |
|
330 | 330 |
polkit.addRule(function(action, subject) { |
331 | 331 |
if (action.id == 'org.libvirt.unix.manage' && |
332 | 332 |
subject.user == '"$STACK_USER"') { |
... | ... |
@@ -334,21 +335,22 @@ polkit.addRule(function(action, subject) { |
334 | 334 |
} |
335 | 335 |
}); |
336 | 336 |
EOF" |
337 |
- unset rules_dir |
|
337 |
+ unset rules_dir |
|
338 |
+ fi |
|
338 | 339 |
fi |
339 |
- fi |
|
340 | 340 |
|
341 |
- # The user that nova runs as needs to be member of **libvirtd** group otherwise |
|
342 |
- # nova-compute will be unable to use libvirt. |
|
343 |
- if ! getent group $LIBVIRT_GROUP >/dev/null; then |
|
344 |
- sudo groupadd $LIBVIRT_GROUP |
|
345 |
- fi |
|
346 |
- add_user_to_group $STACK_USER $LIBVIRT_GROUP |
|
341 |
+ # The user that nova runs as needs to be member of **libvirtd** group otherwise |
|
342 |
+ # nova-compute will be unable to use libvirt. |
|
343 |
+ if ! getent group $LIBVIRT_GROUP >/dev/null; then |
|
344 |
+ sudo groupadd $LIBVIRT_GROUP |
|
345 |
+ fi |
|
346 |
+ add_user_to_group $STACK_USER $LIBVIRT_GROUP |
|
347 | 347 |
|
348 |
- # libvirt detects various settings on startup, as we potentially changed |
|
349 |
- # the system configuration (modules, filesystems), we need to restart |
|
350 |
- # libvirt to detect those changes. |
|
351 |
- restart_service $LIBVIRT_DAEMON |
|
348 |
+ # libvirt detects various settings on startup, as we potentially changed |
|
349 |
+ # the system configuration (modules, filesystems), we need to restart |
|
350 |
+ # libvirt to detect those changes. |
|
351 |
+ restart_service $LIBVIRT_DAEMON |
|
352 |
+ fi |
|
352 | 353 |
|
353 | 354 |
|
354 | 355 |
# Instance Storage |
... | ... |
@@ -436,8 +438,10 @@ function create_nova_conf() { |
436 | 436 |
if is_baremetal; then |
437 | 437 |
iniset $NOVA_CONF baremetal sql_connection `database_connection_url nova_bm` |
438 | 438 |
fi |
439 |
- iniset $NOVA_CONF DEFAULT libvirt_type "$LIBVIRT_TYPE" |
|
440 |
- iniset $NOVA_CONF DEFAULT libvirt_cpu_mode "none" |
|
439 |
+ if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then |
|
440 |
+ iniset $NOVA_CONF DEFAULT libvirt_type "$LIBVIRT_TYPE" |
|
441 |
+ iniset $NOVA_CONF DEFAULT libvirt_cpu_mode "none" |
|
442 |
+ fi |
|
441 | 443 |
iniset $NOVA_CONF DEFAULT instance_name_template "${INSTANCE_NAME_PREFIX}%08x" |
442 | 444 |
iniset $NOVA_CONF DEFAULT osapi_v3_enabled "True" |
443 | 445 |
|
... | ... |
@@ -636,26 +640,32 @@ function install_novaclient() { |
636 | 636 |
# install_nova() - Collect source and prepare |
637 | 637 |
function install_nova() { |
638 | 638 |
if is_service_enabled n-cpu; then |
639 |
- if is_ubuntu; then |
|
640 |
- install_package libvirt-bin |
|
641 |
- elif is_fedora || is_suse; then |
|
642 |
- install_package libvirt |
|
643 |
- else |
|
644 |
- exit_distro_not_supported "libvirt installation" |
|
645 |
- fi |
|
646 |
- |
|
647 |
- # Install and configure **LXC** if specified. LXC is another approach to |
|
648 |
- # splitting a system into many smaller parts. LXC uses cgroups and chroot |
|
649 |
- # to simulate multiple systems. |
|
650 |
- if [[ "$LIBVIRT_TYPE" == "lxc" ]]; then |
|
639 |
+ if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then |
|
651 | 640 |
if is_ubuntu; then |
652 |
- if [[ "$DISTRO" > natty ]]; then |
|
653 |
- install_package cgroup-lite |
|
654 |
- fi |
|
641 |
+ install_package kvm |
|
642 |
+ install_package libvirt-bin |
|
643 |
+ install_package python-libvirt |
|
644 |
+ elif is_fedora || is_suse; then |
|
645 |
+ install_package kvm |
|
646 |
+ install_package libvirt |
|
647 |
+ install_package libvirt-python |
|
655 | 648 |
else |
656 |
- ### FIXME(dtroyer): figure this out |
|
657 |
- echo "RPM-based cgroup not implemented yet" |
|
658 |
- yum_install libcgroup-tools |
|
649 |
+ exit_distro_not_supported "libvirt installation" |
|
650 |
+ fi |
|
651 |
+ |
|
652 |
+ # Install and configure **LXC** if specified. LXC is another approach to |
|
653 |
+ # splitting a system into many smaller parts. LXC uses cgroups and chroot |
|
654 |
+ # to simulate multiple systems. |
|
655 |
+ if [[ "$LIBVIRT_TYPE" == "lxc" ]]; then |
|
656 |
+ if is_ubuntu; then |
|
657 |
+ if [[ "$DISTRO" > natty ]]; then |
|
658 |
+ install_package cgroup-lite |
|
659 |
+ fi |
|
660 |
+ else |
|
661 |
+ ### FIXME(dtroyer): figure this out |
|
662 |
+ echo "RPM-based cgroup not implemented yet" |
|
663 |
+ yum_install libcgroup-tools |
|
664 |
+ fi |
|
659 | 665 |
fi |
660 | 666 |
fi |
661 | 667 |
fi |
... | ... |
@@ -698,9 +708,13 @@ function start_nova() { |
698 | 698 |
screen_it n-cell "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-cells --config-file $NOVA_CELLS_CONF" |
699 | 699 |
fi |
700 | 700 |
|
701 |
- # The group **$LIBVIRT_GROUP** is added to the current user in this script. |
|
702 |
- # Use 'sg' to execute nova-compute as a member of the **$LIBVIRT_GROUP** group. |
|
703 |
- screen_it n-cpu "cd $NOVA_DIR && sg $LIBVIRT_GROUP '$NOVA_BIN_DIR/nova-compute --config-file $NOVA_CONF_BOTTOM'" |
|
701 |
+ if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then |
|
702 |
+ # The group **$LIBVIRT_GROUP** is added to the current user in this script. |
|
703 |
+ # Use 'sg' to execute nova-compute as a member of the **$LIBVIRT_GROUP** group. |
|
704 |
+ screen_it n-cpu "cd $NOVA_DIR && sg $LIBVIRT_GROUP '$NOVA_BIN_DIR/nova-compute --config-file $NOVA_CONF_BOTTOM'" |
|
705 |
+ else |
|
706 |
+ screen_it n-cpu "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-compute --config-file $NOVA_CONF_BOTTOM" |
|
707 |
+ fi |
|
704 | 708 |
screen_it n-crt "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-cert" |
705 | 709 |
screen_it n-net "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-network --config-file $NOVA_CONF_BOTTOM" |
706 | 710 |
screen_it n-sch "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-scheduler --config-file $NOVA_CONF_BOTTOM" |