From accd6582e3f97eaaba2db2edbab57a537b99dc6c Mon Sep 17 00:00:00 2001
From: Julia Kreger <juliaashleykreger@gmail.com>
Date: Tue, 30 Jun 2015 10:42:41 -0400
Subject: [PATCH] Getting libvirt functional for testing on RedHat/CentOS

Due to differing default groups across distributions, we need
to variablize the group to add ironic to have access to the
virtualization subsystem.

Additionally on RedHat/CentOS, libvirt is compiled with polkit which
is incompatible with agent_ssh based testing.

Change-Id: Ia175331cefb758ba5ef122c1b573f6235720f0dc
Partial-Bug: 1463871
---
 .../defaults/required_defaults_Debian.yml      |  1 +
 .../defaults/required_defaults_RedHat.yml      |  1 +
 playbooks/roles/ironic-install/tasks/main.yml  | 18 ++++++++++++++++--
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/playbooks/roles/ironic-install/defaults/required_defaults_Debian.yml b/playbooks/roles/ironic-install/defaults/required_defaults_Debian.yml
index 223216a08..37333820d 100644
--- a/playbooks/roles/ironic-install/defaults/required_defaults_Debian.yml
+++ b/playbooks/roles/ironic-install/defaults/required_defaults_Debian.yml
@@ -6,6 +6,7 @@ syslinux_tftp_dir: /usr/lib/syslinux/
 ipxe_dir: /usr/lib/ipxe/
 sgabios_dir: /usr/share/qemu/
 nginx_user: www-data
+virt_group: libvirtd
 mysql_service_name: mysql
 required_packages:
   - mysql-server
diff --git a/playbooks/roles/ironic-install/defaults/required_defaults_RedHat.yml b/playbooks/roles/ironic-install/defaults/required_defaults_RedHat.yml
index 39633b340..673e5b438 100644
--- a/playbooks/roles/ironic-install/defaults/required_defaults_RedHat.yml
+++ b/playbooks/roles/ironic-install/defaults/required_defaults_RedHat.yml
@@ -6,6 +6,7 @@ syslinux_tftp_dir: /var/lib/tftpboot
 ipxe_dir: /usr/share/ipxe/
 sgabios_dir: /usr/share/sgabios/
 nginx_user: nginx
+virt_group: libvirt
 mysql_service_name: mariadb
 required_packages:
   - mariadb-server
diff --git a/playbooks/roles/ironic-install/tasks/main.yml b/playbooks/roles/ironic-install/tasks/main.yml
index 8e83736bf..c59b8cd65 100644
--- a/playbooks/roles/ironic-install/tasks/main.yml
+++ b/playbooks/roles/ironic-install/tasks/main.yml
@@ -116,8 +116,22 @@
   group: name=ironic
 - name: "Creating an ironic service user"
   user: name=ironic group=ironic
-- name: "Adding ironic user to libvirtd group"
-  user: name=ironic group=libvirtd append=yes
+- name: "Create libvirt group on RedHat/Centos"
+  group: name=libvirt
+  when: ansible_os_family == 'RedHat'
+# NOTE(TheJulia): Modify the supplied libvirtd config as by default,
+# access to libvirt is restricted to the root group via polkit.
+- name: "Update libvirt configuration file on RedHat/CentOS so the user"
+  lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_group line='unix_sock_group = "libvirt"'
+  when: ansible_os_family == 'RedHat'
+- name: "Changing libvirt authentication to none as RedHat/CentOS use polkit by default"
+  lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^auth_unix_rw line='auth_unix_rw = "none"'
+  when: ansible_os_family == 'RedHat'
+- name: "Changing libvirt socket permissions to be restricted on on RedHat/CentOS"
+  lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_rw_perms line=unix_sock_rw_perms="0770"
+  when: ansible_os_family == 'RedHat'
+- name: "Adding ironic user to virtualization group"
+  user: name=ironic group="{{ virt_group }}" append=yes
   when: testing == true
 - name: "Creating SSH directory for ironic user"
   local_action: file path=/home/ironic/.ssh owner=ironic group=ironic mode=0700 state=directory