libvirt unix_socket_group attribute

- libvirtd.conf template now suports unix_socket_group defined in
  a attribiutes.
- openstack-nova user shuld be member of libvirt group to be able to read
  from libvirt unix_socket. Implemented group resource in libvirt recipie.

Change-Id: I88370f2d7fd5147f3bb46a1411295868a8ea12ce

attributes/default.rb

@@ -145,6 +145,11 @@ default["openstack"]["compute"]["libvirt"]["remove_unused_base_images"] = true
 default["openstack"]["compute"]["libvirt"]["remove_unused_resized_minimum_age_seconds"] = 3600
 default["openstack"]["compute"]["libvirt"]["remove_unused_original_minimum_age_seconds"] = 3600
 default["openstack"]["compute"]["libvirt"]["checksum_base_images"] = false
+if node["platform"] == "suse"
+  default["openstack"]["compute"]["libvirt"]["unix_sock_group"] = "libvirt"
+else
+  default["openstack"]["compute"]["libvirt"]["unix_sock_group"] = "libvirtd"
+end
 default["openstack"]["compute"]["config"]["availability_zone"] = "nova"
 default["openstack"]["compute"]["config"]["storage_availability_zone"] = "nova"
 default["openstack"]["compute"]["config"]["default_schedule_zone"] = "nova"

recipes/libvirt.rb

@@ -74,7 +74,8 @@ template "/etc/libvirt/libvirtd.conf" do
   group  "root"
   mode   00644
   variables(
-    :auth_tcp => node["openstack"]["compute"]["libvirt"]["auth_tcp"]
+    :auth_tcp => node["openstack"]["compute"]["libvirt"]["auth_tcp"],
+    :unix_sock_group => node["openstack"]["compute"]["libvirt"]["unix_sock_group"]
   )
 
   notifies :restart, "service[libvirt-bin]", :immediately

templates/default/libvirtd.conf.erb

@@ -80,7 +80,7 @@ listen_tcp = 1
 # without becoming root.
 #
 # This is restricted to 'root' by default.
-unix_sock_group = "libvirtd"
+unix_sock_group = "<%= @unix_sock_group %>"
 
 # Set the UNIX socket permissions for the R/O socket. This is used
 # for monitoring VM status only