Blame - lib/nova_plugins/hypervisor-libvirt - devstack

blob: caf0296ad22c4fe8ed1d8cb35192aa8dfc60a5d8 [file] [log] [blame]

Dean Troyer	8c032d1	2013-09-23 13:53:13 -0500	[diff] [blame^]	1	# lib/nova_plugins/hypervisor-libvirt
				2	# Configure the libvirt hypervisor
				3
				4	# Enable with:
				5	# VIRT_DRIVER=libvirt
				6
				7	# Dependencies:
				8	# ``functions`` file
				9	# ``nova`` configuration
				10
				11	# install_nova_hypervisor - install any external requirements
				12	# configure_nova_hypervisor - make configuration changes, including those to other services
				13	# start_nova_hypervisor - start any external services
				14	# stop_nova_hypervisor - stop any external services
				15	# cleanup_nova_hypervisor - remove transient data and cache
				16
				17	# Save trace setting
				18	MY_XTRACE=$(set +o \| grep xtrace)
				19	set +o xtrace
				20
				21
				22	# Defaults
				23	# --------
				24
				25
				26	# Entry Points
				27	# ------------
				28
				29	# clean_nova_hypervisor - Clean up an installation
				30	function cleanup_nova_hypervisor() {
				31	# This function intentionally left blank
				32	:
				33	}
				34
				35	# configure_nova_hypervisor - Set config files, create data dirs, etc
				36	function configure_nova_hypervisor() {
				37	if is_service_enabled neutron && is_neutron_ovs_base_plugin && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF; then
				38	# Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces
				39	cat <<EOF \| sudo tee -a $QEMU_CONF
				40	cgroup_device_acl = [
				41	"/dev/null", "/dev/full", "/dev/zero",
				42	"/dev/random", "/dev/urandom",
				43	"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
				44	"/dev/rtc", "/dev/hpet","/dev/net/tun",
				45	]
				46	EOF
				47	fi
				48
				49	if is_ubuntu; then
				50	LIBVIRT_DAEMON=libvirt-bin
				51	else
				52	LIBVIRT_DAEMON=libvirtd
				53	fi
				54
				55	if is_fedora \|\| is_suse; then
				56	if is_fedora && [[ $DISTRO =~ (rhel6) \|\| "$os_RELEASE" -le "17" ]]; then
				57	sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
				58	[libvirt Management Access]
				59	Identity=unix-group:$LIBVIRT_GROUP
				60	Action=org.libvirt.unix.manage
				61	ResultAny=yes
				62	ResultInactive=yes
				63	ResultActive=yes
				64	EOF"
				65	elif is_suse && [[ $os_RELEASE = 12.2 \|\| "$os_VENDOR" = "SUSE LINUX" ]]; then
				66	# openSUSE < 12.3 or SLE
				67	# Work around the fact that polkit-default-privs overrules pklas
				68	# with 'unix-group:$group'.
				69	sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
				70	[libvirt Management Access]
				71	Identity=unix-user:$USER
				72	Action=org.libvirt.unix.manage
				73	ResultAny=yes
				74	ResultInactive=yes
				75	ResultActive=yes
				76	EOF"
				77	else
				78	# Starting with fedora 18 and opensuse-12.3 enable stack-user to
				79	# virsh -c qemu:///system by creating a policy-kit rule for
				80	# stack-user using the new Javascript syntax
				81	rules_dir=/etc/polkit-1/rules.d
				82	sudo mkdir -p $rules_dir
				83	sudo bash -c "cat <<EOF > $rules_dir/50-libvirt-$STACK_USER.rules
				84	polkit.addRule(function(action, subject) {
				85	if (action.id == 'org.libvirt.unix.manage' &&
				86	subject.user == '"$STACK_USER"') {
				87	return polkit.Result.YES;
				88	}
				89	});
				90	EOF"
				91	unset rules_dir
				92	fi
				93	fi
				94
				95	# The user that nova runs as needs to be member of libvirtd group otherwise
				96	# nova-compute will be unable to use libvirt.
				97	if ! getent group $LIBVIRT_GROUP >/dev/null; then
				98	sudo groupadd $LIBVIRT_GROUP
				99	fi
				100	add_user_to_group $STACK_USER $LIBVIRT_GROUP
				101
				102	# libvirt detects various settings on startup, as we potentially changed
				103	# the system configuration (modules, filesystems), we need to restart
				104	# libvirt to detect those changes.
				105	restart_service $LIBVIRT_DAEMON
				106
				107	iniset $NOVA_CONF DEFAULT libvirt_type "$LIBVIRT_TYPE"
				108	iniset $NOVA_CONF DEFAULT libvirt_cpu_mode "none"
				109	iniset $NOVA_CONF DEFAULT use_usb_tablet "False"
				110	iniset $NOVA_CONF DEFAULT compute_driver "libvirt.LibvirtDriver"
				111	LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.libvirt.firewall.IptablesFirewallDriver"}
				112	iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER"
				113	# Power architecture currently does not support graphical consoles.
				114	if is_arch "ppc64"; then
				115	iniset $NOVA_CONF DEFAULT vnc_enabled "false"
				116	fi
				117	}
				118
				119	# install_nova_hypervisor() - Install external components
				120	function install_nova_hypervisor() {
				121	if is_ubuntu; then
				122	install_package kvm
				123	install_package libvirt-bin
				124	install_package python-libvirt
				125	elif is_fedora \|\| is_suse; then
				126	install_package kvm
				127	install_package libvirt
				128	install_package libvirt-python
				129	fi
				130
				131	# Install and configure LXC if specified. LXC is another approach to
				132	# splitting a system into many smaller parts. LXC uses cgroups and chroot
				133	# to simulate multiple systems.
				134	if [[ "$LIBVIRT_TYPE" == "lxc" ]]; then
				135	if is_ubuntu; then
				136	if [[ "$DISTRO" > natty ]]; then
				137	install_package cgroup-lite
				138	fi
				139	else
				140	### FIXME(dtroyer): figure this out
				141	echo "RPM-based cgroup not implemented yet"
				142	yum_install libcgroup-tools
				143	fi
				144	fi
				145	}
				146
				147	# start_nova_hypervisor - Start any required external services
				148	function start_nova_hypervisor() {
				149	# This function intentionally left blank
				150	:
				151	}
				152
				153	# stop_nova_hypervisor - Stop any external services
				154	function stop_nova_hypervisor() {
				155	# This function intentionally left blank
				156	:
				157	}
				158
				159
				160	# Restore xtrace
				161	$MY_XTRACE
				162
				163	# Local variables:
				164	# mode: shell-script
				165	# End: