Getting libvirt functional for testing on RedHat/CentOS

Due to differing default groups across distributions, we need to variablize the group to add ironic to have access to the virtualization subsystem. Additionally on RedHat/CentOS, libvirt is compiled with polkit which is incompatible with agent_ssh based testing. Change-Id: Ia175331cefb758ba5ef122c1b573f6235720f0dc Partial-Bug: 1463871
2015-06-30 10:42:41 -04:00 · 2015-06-30 10:42:41 -04:00 · accd6582e3
commit accd6582e3
parent 8e5fd0748a
3 changed files with 18 additions and 2 deletions
--- a/playbooks/roles/ironic-install/defaults/required_defaults_Debian.yml
+++ b/playbooks/roles/ironic-install/defaults/required_defaults_Debian.yml
@ -6,6 +6,7 @@ syslinux_tftp_dir: /usr/lib/syslinux/
 ipxe_dir: /usr/lib/ipxe/
 sgabios_dir: /usr/share/qemu/
 nginx_user: www-data
+virt_group: libvirtd
 mysql_service_name: mysql
 required_packages:
  - mysql-server
--- a/playbooks/roles/ironic-install/defaults/required_defaults_RedHat.yml
+++ b/playbooks/roles/ironic-install/defaults/required_defaults_RedHat.yml
@ -6,6 +6,7 @@ syslinux_tftp_dir: /var/lib/tftpboot
 ipxe_dir: /usr/share/ipxe/
 sgabios_dir: /usr/share/sgabios/
 nginx_user: nginx
+virt_group: libvirt
 mysql_service_name: mariadb
 required_packages:
  - mariadb-server
--- a/playbooks/roles/ironic-install/tasks/main.yml
+++ b/playbooks/roles/ironic-install/tasks/main.yml
@ -116,8 +116,22 @@
  group: name=ironic
 - name: "Creating an ironic service user"
  user: name=ironic group=ironic
- name: "Adding ironic user to libvirtd group"
-  user: name=ironic group=libvirtd append=yes
+- name: "Create libvirt group on RedHat/Centos"
+  group: name=libvirt
+  when: ansible_os_family == 'RedHat'
+# NOTE(TheJulia): Modify the supplied libvirtd config as by default,
+# access to libvirt is restricted to the root group via polkit.
+- name: "Update libvirt configuration file on RedHat/CentOS so the user"
+  lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_group line='unix_sock_group = "libvirt"'
+  when: ansible_os_family == 'RedHat'
+- name: "Changing libvirt authentication to none as RedHat/CentOS use polkit by default"
+  lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^auth_unix_rw line='auth_unix_rw = "none"'
+  when: ansible_os_family == 'RedHat'
+- name: "Changing libvirt socket permissions to be restricted on on RedHat/CentOS"
+  lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_rw_perms line=unix_sock_rw_perms="0770"
+  when: ansible_os_family == 'RedHat'
+- name: "Adding ironic user to virtualization group"
+  user: name=ironic group="{{ virt_group }}" append=yes
  when: testing == true
 - name: "Creating SSH directory for ironic user"
  local_action: file path=/home/ironic/.ssh owner=ironic group=ironic mode=0700 state=directory