Getting libvirt functional for testing on RedHat/CentOS
Due to differing default groups across distributions, we need to variablize the group to add ironic to have access to the virtualization subsystem. Additionally on RedHat/CentOS, libvirt is compiled with polkit which is incompatible with agent_ssh based testing. Change-Id: Ia175331cefb758ba5ef122c1b573f6235720f0dc Partial-Bug: 1463871
This commit is contained in:
parent
8e5fd0748a
commit
accd6582e3
@ -6,6 +6,7 @@ syslinux_tftp_dir: /usr/lib/syslinux/
|
||||
ipxe_dir: /usr/lib/ipxe/
|
||||
sgabios_dir: /usr/share/qemu/
|
||||
nginx_user: www-data
|
||||
virt_group: libvirtd
|
||||
mysql_service_name: mysql
|
||||
required_packages:
|
||||
- mysql-server
|
||||
|
@ -6,6 +6,7 @@ syslinux_tftp_dir: /var/lib/tftpboot
|
||||
ipxe_dir: /usr/share/ipxe/
|
||||
sgabios_dir: /usr/share/sgabios/
|
||||
nginx_user: nginx
|
||||
virt_group: libvirt
|
||||
mysql_service_name: mariadb
|
||||
required_packages:
|
||||
- mariadb-server
|
||||
|
@ -116,8 +116,22 @@
|
||||
group: name=ironic
|
||||
- name: "Creating an ironic service user"
|
||||
user: name=ironic group=ironic
|
||||
- name: "Adding ironic user to libvirtd group"
|
||||
user: name=ironic group=libvirtd append=yes
|
||||
- name: "Create libvirt group on RedHat/Centos"
|
||||
group: name=libvirt
|
||||
when: ansible_os_family == 'RedHat'
|
||||
# NOTE(TheJulia): Modify the supplied libvirtd config as by default,
|
||||
# access to libvirt is restricted to the root group via polkit.
|
||||
- name: "Update libvirt configuration file on RedHat/CentOS so the user"
|
||||
lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_group line='unix_sock_group = "libvirt"'
|
||||
when: ansible_os_family == 'RedHat'
|
||||
- name: "Changing libvirt authentication to none as RedHat/CentOS use polkit by default"
|
||||
lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^auth_unix_rw line='auth_unix_rw = "none"'
|
||||
when: ansible_os_family == 'RedHat'
|
||||
- name: "Changing libvirt socket permissions to be restricted on on RedHat/CentOS"
|
||||
lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_rw_perms line=unix_sock_rw_perms="0770"
|
||||
when: ansible_os_family == 'RedHat'
|
||||
- name: "Adding ironic user to virtualization group"
|
||||
user: name=ironic group="{{ virt_group }}" append=yes
|
||||
when: testing == true
|
||||
- name: "Creating SSH directory for ironic user"
|
||||
local_action: file path=/home/ironic/.ssh owner=ironic group=ironic mode=0700 state=directory
|
||||
|
Loading…
Reference in New Issue
Block a user