Merge "Make /dev/kvm permissions handling more robust"

This commit is contained in:
Zuul 2020-07-22 12:32:40 +00:00 committed by Gerrit Code Review
commit b0407ffb17
4 changed files with 42 additions and 0 deletions

View File

@ -413,6 +413,11 @@ libvirt_tls_manage_certs: true
# ability for people to override the hostname to use.
migration_hostname: "{{ ansible_nodename }}"
# NOTE(yoctozepto): Part of bug #1681461 fix.
# We can't get the id too effectively from the images so hardcoding here.
# It does not change that often (in fact, most likely never ever).
qemu_user_gid: 42427
####################
# Kolla
####################

View File

@ -22,3 +22,30 @@
when:
- set_sysctl | bool
- inventory_hostname in groups[nova_cell_compute_group]
# NOTE(yoctozepto): Part of bug #1681461 fix.
# This part can actually run on any distro and lets us drop the hardcoded
# chown and chmod from the nova-libvirt image extend_start and make the process
# more robust.
- name: Install udev kolla kvm rules
become: true
template:
src: "99-kolla-kvm.rules.j2"
dest: "/etc/udev/rules.d/99-kolla-kvm.rules"
mode: "0644"
when:
- nova_compute_virt_type == 'kvm'
- inventory_hostname in groups[nova_cell_compute_group]
# NOTE(yoctozepto): Part of bug #1681461 fix.
# This part only really makes sense on Ubuntu and would end up being confusing
# on others. This service changes /dev/kvm permissions.
- name: Mask qemu-kvm service
become: true
systemd:
name: qemu-kvm.service
masked: true
when:
- nova_compute_virt_type == 'kvm'
- ansible_distribution == 'Ubuntu'
- inventory_hostname in groups[nova_cell_compute_group]

View File

@ -0,0 +1,4 @@
# Part of Kolla Ansible OpenStack Nova deployment.
# This ensures the /dev/kvm has proper permissions.
KERNEL=="kvm", GROUP="{{ qemu_user_gid }}", MODE="0660"

View File

@ -0,0 +1,6 @@
---
fixes:
- |
Fixes handling of `/dev/kvm` permissions to be more robust against
host-level actions.
`LP#1681461 <https://launchpad.net/bugs/1681461>`__