Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 0ed4af02da0bd4a0f757dd8c2156913e6c7a724c / . / lib / nova_plugins / hypervisor-libvirt
blob: a550600363aeda8587f3478dce1aec5be5383bc9 [file] [log] [blame]
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]1# lib/nova_plugins/hypervisor-libvirt
2# Configure the libvirt hypervisor
3
4# Enable with:
5# VIRT_DRIVER=libvirt
6
7# Dependencies:
8# ``functions`` file
9# ``nova`` configuration
Stephan Renatuse578eff2013-11-19 13:31:04 +0100[diff] [blame]10# ``STACK_USER`` has to be defined
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]11
12# install_nova_hypervisor - install any external requirements
13# configure_nova_hypervisor - make configuration changes, including those to other services
14# start_nova_hypervisor - start any external services
15# stop_nova_hypervisor - stop any external services
16# cleanup_nova_hypervisor - remove transient data and cache
17
18# Save trace setting
19MY_XTRACE=$(set +o | grep xtrace)
20set +o xtrace
21
22
23# Defaults
24# --------
25
Russell Bryant5705db62014-02-01 20:06:42 -0500[diff] [blame]26# File injection is disabled by default in Nova. This will turn it back on.
27ENABLE_FILE_INJECTION=${ENABLE_FILE_INJECTION:-False}
28
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]29
30# Entry Points
31# ------------
32
33# clean_nova_hypervisor - Clean up an installation
34function cleanup_nova_hypervisor() {
35 # This function intentionally left blank
36 :
37}
38
39# configure_nova_hypervisor - Set config files, create data dirs, etc
40function configure_nova_hypervisor() {
41 if is_service_enabled neutron && is_neutron_ovs_base_plugin && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF; then
42 # Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces
43 cat <<EOF | sudo tee -a $QEMU_CONF
44cgroup_device_acl = [
45 "/dev/null", "/dev/full", "/dev/zero",
46 "/dev/random", "/dev/urandom",
47 "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
48 "/dev/rtc", "/dev/hpet","/dev/net/tun",
49]
50EOF
51 fi
52
53 if is_ubuntu; then
54 LIBVIRT_DAEMON=libvirt-bin
55 else
56 LIBVIRT_DAEMON=libvirtd
57 fi
58
59 if is_fedora || is_suse; then
60 if is_fedora && [[ $DISTRO =~ (rhel6) || "$os_RELEASE" -le "17" ]]; then
Ian Wienandb8e25022014-02-21 16:14:29 +1100[diff] [blame]61 cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]62[libvirt Management Access]
63Identity=unix-group:$LIBVIRT_GROUP
64Action=org.libvirt.unix.manage
65ResultAny=yes
66ResultInactive=yes
67ResultActive=yes
Ian Wienandb8e25022014-02-21 16:14:29 +1100[diff] [blame]68EOF
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]69 elif is_suse && [[ $os_RELEASE = 12.2 || "$os_VENDOR" = "SUSE LINUX" ]]; then
70 # openSUSE < 12.3 or SLE
71 # Work around the fact that polkit-default-privs overrules pklas
72 # with 'unix-group:$group'.
Ian Wienandb8e25022014-02-21 16:14:29 +1100[diff] [blame]73 cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]74[libvirt Management Access]
Stephan Renatuse578eff2013-11-19 13:31:04 +0100[diff] [blame]75Identity=unix-user:$STACK_USER
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]76Action=org.libvirt.unix.manage
77ResultAny=yes
78ResultInactive=yes
79ResultActive=yes
Ian Wienandb8e25022014-02-21 16:14:29 +1100[diff] [blame]80EOF
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]81 else
82 # Starting with fedora 18 and opensuse-12.3 enable stack-user to
83 # virsh -c qemu:///system by creating a policy-kit rule for
84 # stack-user using the new Javascript syntax
85 rules_dir=/etc/polkit-1/rules.d
86 sudo mkdir -p $rules_dir
Ian Wienandb8e25022014-02-21 16:14:29 +1100[diff] [blame]87 cat <<EOF | sudo tee $rules_dir/50-libvirt-$STACK_USER.rules
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]88polkit.addRule(function(action, subject) {
Sean Dague101b4242013-10-22 08:47:11 -0400[diff] [blame]89 if (action.id == 'org.libvirt.unix.manage' &&
90 subject.user == '"$STACK_USER"') {
91 return polkit.Result.YES;
92 }
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]93});
Ian Wienandb8e25022014-02-21 16:14:29 +1100[diff] [blame]94EOF
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]95 unset rules_dir
96 fi
97 fi
98
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]99 # The user that nova runs as needs to be member of **libvirtd** group otherwise
100 # nova-compute will be unable to use libvirt.
101 if ! getent group $LIBVIRT_GROUP >/dev/null; then
102 sudo groupadd $LIBVIRT_GROUP
103 fi
104 add_user_to_group $STACK_USER $LIBVIRT_GROUP
105
106 # libvirt detects various settings on startup, as we potentially changed
107 # the system configuration (modules, filesystems), we need to restart
108 # libvirt to detect those changes.
109 restart_service $LIBVIRT_DAEMON
110
111 iniset $NOVA_CONF DEFAULT libvirt_type "$LIBVIRT_TYPE"
112 iniset $NOVA_CONF DEFAULT libvirt_cpu_mode "none"
113 iniset $NOVA_CONF DEFAULT use_usb_tablet "False"
Sean Dague6bf1f1f2014-02-01 17:05:18 -0500[diff] [blame]114 iniset $NOVA_CONF DEFAULT default_ephemeral_format "ext4"
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]115 iniset $NOVA_CONF DEFAULT compute_driver "libvirt.LibvirtDriver"
116 LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.libvirt.firewall.IptablesFirewallDriver"}
117 iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER"
118 # Power architecture currently does not support graphical consoles.
119 if is_arch "ppc64"; then
120 iniset $NOVA_CONF DEFAULT vnc_enabled "false"
121 fi
Russell Bryant5705db62014-02-01 20:06:42 -0500[diff] [blame]122
123 ENABLE_FILE_INJECTION=$(trueorfalse False $ENABLE_FILE_INJECTION)
124 if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
125 # When libguestfs is available for file injection, enable using
126 # libguestfs to inspect the image and figure out the proper
127 # partition to inject into.
128 iniset $NOVA_CONF libvirt inject_partition '-1'
129 iniset $NOVA_CONF libvirt inject_key 'true'
130 else
131 # File injection is being disabled by default in the near future -
132 # disable it here for now to avoid surprises later.
133 iniset $NOVA_CONF libvirt inject_partition '-2'
134 fi
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]135}
136
137# install_nova_hypervisor() - Install external components
138function install_nova_hypervisor() {
139 if is_ubuntu; then
140 install_package kvm
141 install_package libvirt-bin
142 install_package python-libvirt
Eric Windisch20185012014-02-03 12:14:08 -0500[diff] [blame]143 install_package python-guestfs
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]144 elif is_fedora || is_suse; then
145 install_package kvm
146 install_package libvirt
147 install_package libvirt-python
Eric Windisch20185012014-02-03 12:14:08 -0500[diff] [blame]148 install_package python-libguestfs
Dean Troyer8c032d12013-09-23 13:53:13 -0500[diff] [blame]149 fi
150
151 # Install and configure **LXC** if specified. LXC is another approach to
152 # splitting a system into many smaller parts. LXC uses cgroups and chroot
153 # to simulate multiple systems.
154 if [[ "$LIBVIRT_TYPE" == "lxc" ]]; then
155 if is_ubuntu; then
156 if [[ "$DISTRO" > natty ]]; then
157 install_package cgroup-lite
158 fi
159 else
160 ### FIXME(dtroyer): figure this out
161 echo "RPM-based cgroup not implemented yet"
162 yum_install libcgroup-tools
163 fi
164 fi
165}
166
167# start_nova_hypervisor - Start any required external services
168function start_nova_hypervisor() {
169 # This function intentionally left blank
170 :
171}
172
173# stop_nova_hypervisor - Stop any external services
174function stop_nova_hypervisor() {
175 # This function intentionally left blank
176 :
177}
178
179
180# Restore xtrace
181$MY_XTRACE
182
183# Local variables:
184# mode: shell-script
185# End: