blob: 5a51f338086de45174707e4fd75f5c23435406e1 [file] [log] [blame]
Dean Troyer8c032d12013-09-23 13:53:13 -05001# lib/nova_plugins/hypervisor-libvirt
2# Configure the libvirt hypervisor
3
4# Enable with:
5# VIRT_DRIVER=libvirt
6
7# Dependencies:
8# ``functions`` file
9# ``nova`` configuration
Stephan Renatuse578eff2013-11-19 13:31:04 +010010# ``STACK_USER`` has to be defined
Dean Troyer8c032d12013-09-23 13:53:13 -050011
12# install_nova_hypervisor - install any external requirements
13# configure_nova_hypervisor - make configuration changes, including those to other services
14# start_nova_hypervisor - start any external services
15# stop_nova_hypervisor - stop any external services
16# cleanup_nova_hypervisor - remove transient data and cache
17
18# Save trace setting
19MY_XTRACE=$(set +o | grep xtrace)
20set +o xtrace
21
22
23# Defaults
24# --------
25
Russell Bryant5705db62014-02-01 20:06:42 -050026# File injection is disabled by default in Nova. This will turn it back on.
27ENABLE_FILE_INJECTION=${ENABLE_FILE_INJECTION:-False}
Sean Daguedd304602014-03-11 16:38:57 -040028# if we should turn on massive libvirt debugging
29DEBUG_LIBVIRT=$(trueorfalse False $DEBUG_LIBVIRT)
Russell Bryant5705db62014-02-01 20:06:42 -050030
Dean Troyer8c032d12013-09-23 13:53:13 -050031
32# Entry Points
33# ------------
34
35# clean_nova_hypervisor - Clean up an installation
Ian Wienandaee18c72014-02-21 15:35:08 +110036function cleanup_nova_hypervisor {
Dean Troyer8c032d12013-09-23 13:53:13 -050037 # This function intentionally left blank
38 :
39}
40
41# configure_nova_hypervisor - Set config files, create data dirs, etc
Ian Wienandaee18c72014-02-21 15:35:08 +110042function configure_nova_hypervisor {
Dean Troyer8c032d12013-09-23 13:53:13 -050043 if is_service_enabled neutron && is_neutron_ovs_base_plugin && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF; then
44 # Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces
45 cat <<EOF | sudo tee -a $QEMU_CONF
46cgroup_device_acl = [
47 "/dev/null", "/dev/full", "/dev/zero",
48 "/dev/random", "/dev/urandom",
49 "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
50 "/dev/rtc", "/dev/hpet","/dev/net/tun",
51]
52EOF
53 fi
54
55 if is_ubuntu; then
56 LIBVIRT_DAEMON=libvirt-bin
57 else
58 LIBVIRT_DAEMON=libvirtd
59 fi
60
61 if is_fedora || is_suse; then
62 if is_fedora && [[ $DISTRO =~ (rhel6) || "$os_RELEASE" -le "17" ]]; then
Ian Wienandb8e25022014-02-21 16:14:29 +110063 cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
Dean Troyer8c032d12013-09-23 13:53:13 -050064[libvirt Management Access]
65Identity=unix-group:$LIBVIRT_GROUP
66Action=org.libvirt.unix.manage
67ResultAny=yes
68ResultInactive=yes
69ResultActive=yes
Ian Wienandb8e25022014-02-21 16:14:29 +110070EOF
Dean Troyer8c032d12013-09-23 13:53:13 -050071 elif is_suse && [[ $os_RELEASE = 12.2 || "$os_VENDOR" = "SUSE LINUX" ]]; then
72 # openSUSE < 12.3 or SLE
73 # Work around the fact that polkit-default-privs overrules pklas
74 # with 'unix-group:$group'.
Ian Wienandb8e25022014-02-21 16:14:29 +110075 cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
Dean Troyer8c032d12013-09-23 13:53:13 -050076[libvirt Management Access]
Stephan Renatuse578eff2013-11-19 13:31:04 +010077Identity=unix-user:$STACK_USER
Dean Troyer8c032d12013-09-23 13:53:13 -050078Action=org.libvirt.unix.manage
79ResultAny=yes
80ResultInactive=yes
81ResultActive=yes
Ian Wienandb8e25022014-02-21 16:14:29 +110082EOF
Dean Troyer8c032d12013-09-23 13:53:13 -050083 else
84 # Starting with fedora 18 and opensuse-12.3 enable stack-user to
85 # virsh -c qemu:///system by creating a policy-kit rule for
86 # stack-user using the new Javascript syntax
87 rules_dir=/etc/polkit-1/rules.d
88 sudo mkdir -p $rules_dir
Ian Wienandb8e25022014-02-21 16:14:29 +110089 cat <<EOF | sudo tee $rules_dir/50-libvirt-$STACK_USER.rules
Dean Troyer8c032d12013-09-23 13:53:13 -050090polkit.addRule(function(action, subject) {
Sean Dague101b4242013-10-22 08:47:11 -040091 if (action.id == 'org.libvirt.unix.manage' &&
Attila Fazekasa42650f2014-02-27 13:08:30 +010092 subject.user == '$STACK_USER') {
Sean Dague101b4242013-10-22 08:47:11 -040093 return polkit.Result.YES;
94 }
Dean Troyer8c032d12013-09-23 13:53:13 -050095});
Ian Wienandb8e25022014-02-21 16:14:29 +110096EOF
Dean Troyer8c032d12013-09-23 13:53:13 -050097 unset rules_dir
98 fi
99 fi
100
Dean Troyer8c032d12013-09-23 13:53:13 -0500101 # The user that nova runs as needs to be member of **libvirtd** group otherwise
102 # nova-compute will be unable to use libvirt.
103 if ! getent group $LIBVIRT_GROUP >/dev/null; then
104 sudo groupadd $LIBVIRT_GROUP
105 fi
106 add_user_to_group $STACK_USER $LIBVIRT_GROUP
107
Sean Dague13349082014-03-10 11:27:23 -0400108 # Enable server side traces for libvirtd
Sean Daguedd304602014-03-11 16:38:57 -0400109 if [[ "$DEBUG_LIBVIRT" = "True" ]] ; then
110 local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 1:util"
111 local log_outputs="1:file:/var/log/libvirt/libvirtd.log"
112 if ! grep -q "log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then
113 echo "log_filters=\"$log_filters\"" | sudo tee -a /etc/libvirt/libvirtd.conf
114 fi
115 if ! grep -q "log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then
116 echo "log_outputs=\"$log_outputs\"" | sudo tee -a /etc/libvirt/libvirtd.conf
117 fi
Sean Dague13349082014-03-10 11:27:23 -0400118 fi
119
Dean Troyer8c032d12013-09-23 13:53:13 -0500120 # libvirt detects various settings on startup, as we potentially changed
121 # the system configuration (modules, filesystems), we need to restart
122 # libvirt to detect those changes.
123 restart_service $LIBVIRT_DAEMON
124
125 iniset $NOVA_CONF DEFAULT libvirt_type "$LIBVIRT_TYPE"
126 iniset $NOVA_CONF DEFAULT libvirt_cpu_mode "none"
127 iniset $NOVA_CONF DEFAULT use_usb_tablet "False"
Sean Dague6bf1f1f2014-02-01 17:05:18 -0500128 iniset $NOVA_CONF DEFAULT default_ephemeral_format "ext4"
Dean Troyer8c032d12013-09-23 13:53:13 -0500129 iniset $NOVA_CONF DEFAULT compute_driver "libvirt.LibvirtDriver"
130 LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.libvirt.firewall.IptablesFirewallDriver"}
131 iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER"
132 # Power architecture currently does not support graphical consoles.
133 if is_arch "ppc64"; then
134 iniset $NOVA_CONF DEFAULT vnc_enabled "false"
135 fi
Russell Bryant5705db62014-02-01 20:06:42 -0500136
137 ENABLE_FILE_INJECTION=$(trueorfalse False $ENABLE_FILE_INJECTION)
138 if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
139 # When libguestfs is available for file injection, enable using
140 # libguestfs to inspect the image and figure out the proper
141 # partition to inject into.
142 iniset $NOVA_CONF libvirt inject_partition '-1'
143 iniset $NOVA_CONF libvirt inject_key 'true'
144 else
145 # File injection is being disabled by default in the near future -
146 # disable it here for now to avoid surprises later.
147 iniset $NOVA_CONF libvirt inject_partition '-2'
148 fi
Dean Troyer8c032d12013-09-23 13:53:13 -0500149}
150
151# install_nova_hypervisor() - Install external components
Ian Wienandaee18c72014-02-21 15:35:08 +1100152function install_nova_hypervisor {
Dean Troyer8c032d12013-09-23 13:53:13 -0500153 if is_ubuntu; then
154 install_package kvm
155 install_package libvirt-bin
156 install_package python-libvirt
Eric Windisch20185012014-02-03 12:14:08 -0500157 install_package python-guestfs
Dean Troyer8c032d12013-09-23 13:53:13 -0500158 elif is_fedora || is_suse; then
159 install_package kvm
160 install_package libvirt
161 install_package libvirt-python
Eric Windisch20185012014-02-03 12:14:08 -0500162 install_package python-libguestfs
Dean Troyer8c032d12013-09-23 13:53:13 -0500163 fi
164
165 # Install and configure **LXC** if specified. LXC is another approach to
166 # splitting a system into many smaller parts. LXC uses cgroups and chroot
167 # to simulate multiple systems.
168 if [[ "$LIBVIRT_TYPE" == "lxc" ]]; then
169 if is_ubuntu; then
170 if [[ "$DISTRO" > natty ]]; then
171 install_package cgroup-lite
172 fi
173 else
174 ### FIXME(dtroyer): figure this out
175 echo "RPM-based cgroup not implemented yet"
176 yum_install libcgroup-tools
177 fi
178 fi
179}
180
181# start_nova_hypervisor - Start any required external services
Ian Wienandaee18c72014-02-21 15:35:08 +1100182function start_nova_hypervisor {
Dean Troyer8c032d12013-09-23 13:53:13 -0500183 # This function intentionally left blank
184 :
185}
186
187# stop_nova_hypervisor - Stop any external services
Ian Wienandaee18c72014-02-21 15:35:08 +1100188function stop_nova_hypervisor {
Dean Troyer8c032d12013-09-23 13:53:13 -0500189 # This function intentionally left blank
190 :
191}
192
193
194# Restore xtrace
195$MY_XTRACE
196
197# Local variables:
198# mode: shell-script
199# End: