devstack/lib/nova_plugins/functions-libvirt
wangxiyuan 6440c6d7e6 Add openEuler 22.03 LTS support
openEuler 20.03 LTS SP2 support was removed from devstack in last
few months due to its python version is too old and the CI job
always fail. And openEuler 20.03 LTS SP2 was out of maintainer in May
2022 by openEuler community.

The newest LTS version was released in March 2022 called 22.03 LTS.
This release will be maintained for at least 2 years. And the python
version is 3.9 which works well for devstack.

This Patch add the openEuler distro support back. And add the related
CI job to make sure its works well.

Change-Id: I99c99d08b4a44d3dc644bd2e56b5ae7f7ee44210
2022-12-07 10:03:27 +08:00

202 lines
7.5 KiB
Bash

#!/bin/bash
#
# lib/nova_plugins/functions-libvirt
# Common libvirt configuration functions
# Dependencies:
# ``functions`` file
# ``STACK_USER`` has to be defined
# Save trace setting
_XTRACE_NOVA_FN_LIBVIRT=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
# Turn on selective debug log filters for libvirt.
# (NOTE: Enabling this by default, because the log filters enabled in
# 'configure_libvirt' function further below are _selective_ and not
# extremely verbose.)
DEBUG_LIBVIRT=$(trueorfalse True DEBUG_LIBVIRT)
# Try to enable coredumps for libvirt
# Currently fairly specific to OpenStackCI hosts
DEBUG_LIBVIRT_COREDUMPS=$(trueorfalse False DEBUG_LIBVIRT_COREDUMPS)
# Enable the Fedora Virtualization Preview Copr repo that provides the latest
# rawhide builds of QEMU, Libvirt and other virt tools.
ENABLE_FEDORA_VIRT_PREVIEW_REPO=$(trueorfalse False ENABLE_FEDORA_VIRT_PREVIEW_REPO)
# Enable coredumps for libvirt
# Bug: https://bugs.launchpad.net/nova/+bug/1643911
function _enable_coredump {
local confdir=/etc/systemd/system/libvirtd.service.d
local conffile=${confdir}/coredump.conf
# Create a coredump directory, and instruct the kernel to save to
# here
sudo mkdir -p /var/core
sudo chmod a+wrx /var/core
echo '/var/core/core.%e.%p.%h.%t' | \
sudo tee /proc/sys/kernel/core_pattern
# Drop a config file to up the core ulimit
sudo mkdir -p ${confdir}
sudo tee ${conffile} <<EOF
[Service]
LimitCORE=infinity
EOF
# Tell systemd to reload the unit (service restarts later after
# config anyway)
sudo systemctl daemon-reload
}
# Installs required distro-specific libvirt packages.
function install_libvirt {
# NOTE(yoctozepto): The common consensus [1] is that libvirt-python should
# be installed from distro packages. However, various projects might be
# trying to ensure it is installed using pip AND use upper-constraints
# with that, causing pip to try to upgrade it and to fail.
# The following line removes libvirt-python from upper-constraints and
# avoids the situation described above. Now only if installed packages
# explicitly depend on a newer (or, in general, incompatible) libvirt-python
# version, will pip try to reinstall it.
# [1] https://review.opendev.org/c/openstack/devstack/+/798514
$REQUIREMENTS_DIR/.venv/bin/edit-constraints \
$REQUIREMENTS_DIR/upper-constraints.txt -- libvirt-python
if is_ubuntu; then
install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt
if is_arch "aarch64"; then
install_package qemu-efi
fi
#pip_install_gr <there-si-no-guestfs-in-pypi>
elif is_fedora || is_suse; then
# Optionally enable the virt-preview repo when on Fedora
if [[ $DISTRO =~ f[0-9][0-9] ]] && [[ ${ENABLE_FEDORA_VIRT_PREVIEW_REPO} == "True" ]]; then
# https://copr.fedorainfracloud.org/coprs/g/virtmaint-sig/virt-preview/
sudo dnf copr enable -y @virtmaint-sig/virt-preview
fi
if is_openeuler; then
qemu_package=qemu
else
qemu_package=qemu-kvm
fi
# Note that in CentOS/RHEL this needs to come from the RDO
# repositories (qemu-kvm-ev ... which provides this package)
# as the base system version is too old. We should have
# pre-installed these
install_package $qemu_package
install_package libvirt libvirt-devel python3-libvirt
if is_arch "aarch64"; then
install_package edk2-aarch64
fi
fi
if [[ $DEBUG_LIBVIRT_COREDUMPS == True ]]; then
_enable_coredump
fi
}
# Configures the installed libvirt system so that is accessible by
# STACK_USER via qemu:///system with management capabilities.
function configure_libvirt {
if is_service_enabled neutron && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF; then
# Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces
cat <<EOF | sudo tee -a $QEMU_CONF
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet","/dev/net/tun",
"/dev/vfio/vfio",
]
EOF
fi
if is_fedora || is_suse; then
# Starting with fedora 18 and opensuse-12.3 enable stack-user to
# virsh -c qemu:///system by creating a policy-kit rule for
# stack-user using the new Javascript syntax
rules_dir=/etc/polkit-1/rules.d
sudo mkdir -p $rules_dir
cat <<EOF | sudo tee $rules_dir/50-libvirt-$STACK_USER.rules
polkit.addRule(function(action, subject) {
if (action.id == 'org.libvirt.unix.manage' &&
subject.user == '$STACK_USER') {
return polkit.Result.YES;
}
});
EOF
unset rules_dir
fi
# The user that nova runs as needs to be member of **libvirtd** group otherwise
# nova-compute will be unable to use libvirt.
if ! getent group $LIBVIRT_GROUP >/dev/null; then
sudo groupadd $LIBVIRT_GROUP
fi
add_user_to_group $STACK_USER $LIBVIRT_GROUP
# Enable server side traces for libvirtd
if [[ "$DEBUG_LIBVIRT" = "True" ]] ; then
if is_ubuntu; then
# Unexpectedly binary package builds in ubuntu get fully qualified
# source file paths, not relative paths. This screws with the matching
# of '1:libvirt' making everything turn on. So use libvirt.c for now.
# This will have to be re-visited when Ubuntu ships libvirt >= 1.2.3
local log_filters="1:libvirt.c 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:cpu"
else
local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:cpu"
fi
local log_outputs="1:file:/var/log/libvirt/libvirtd.log"
if ! sudo grep -q "^log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then
echo "log_filters=\"$log_filters\"" | sudo tee -a /etc/libvirt/libvirtd.conf
fi
if ! sudo grep -q "^log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then
echo "log_outputs=\"$log_outputs\"" | sudo tee -a /etc/libvirt/libvirtd.conf
fi
fi
if is_nova_console_proxy_compute_tls_enabled ; then
echo "vnc_tls = 1" | sudo tee -a $QEMU_CONF
echo "vnc_tls_x509_verify = 1" | sudo tee -a $QEMU_CONF
sudo mkdir -p /etc/pki/libvirt-vnc
deploy_int_CA /etc/pki/libvirt-vnc/ca-cert.pem
deploy_int_cert /etc/pki/libvirt-vnc/server-cert.pem /etc/pki/libvirt-vnc/server-key.pem
# OpenSSL 1.1.0 generates the key file with permissions: 600, by
# default and the deploy_int* methods use 'sudo cp' to copy the
# files, making them owned by root:root.
# Change ownership of everything under /etc/pki/libvirt-vnc to
# libvirt-qemu:libvirt-qemu so that libvirt-qemu can read the key
# file.
sudo chown -R libvirt-qemu:libvirt-qemu /etc/pki/libvirt-vnc
fi
# Service needs to be started on redhat/fedora -- do a restart for
# sanity after fiddling the config.
restart_service libvirtd
# Restart virtlogd companion service to ensure it is running properly
# https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1577455
# https://bugzilla.redhat.com/show_bug.cgi?id=1290357
# (not all platforms have it; libvirt 1.3+ only, thus the ignore)
restart_service virtlogd || true
}
# Restore xtrace
$_XTRACE_NOVA_FN_LIBVIRT
# Local variables:
# mode: shell-script
# End: