From 655d88e3a1054b61d9ede8b99c5ee95f11948227 Mon Sep 17 00:00:00 2001 From: Steven Dake Date: Tue, 29 Sep 2015 01:37:35 -0700 Subject: [PATCH] Make libvirt function on CentOS Recent regressions in the code base removed permission setting of /dev/kvm to root:kvm 660 permissions which are default for CentOS's version of libvirt. Also Libvirt must be able to read its cnofiguration file, which was previously 600 root:root. Now its 644 root:root so its always readable. This is fine, since this file doesn't contain any secret information. Change-Id: Id87cf5da8e37bc5bb613ce919d0293803d0fe5ed Closes-Bug: #1500733 --- ansible/roles/nova/templates/nova-libvirt.json.j2 | 2 +- docker/nova/nova-libvirt/start.sh | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ansible/roles/nova/templates/nova-libvirt.json.j2 b/ansible/roles/nova/templates/nova-libvirt.json.j2 index 598cc9f64e..78d38683a2 100644 --- a/ansible/roles/nova/templates/nova-libvirt.json.j2 +++ b/ansible/roles/nova/templates/nova-libvirt.json.j2 @@ -5,7 +5,7 @@ "source": "/opt/kolla/config_files/libvirtd.conf", "dest": "/etc/libvirt/libvirtd.conf", "owner": "root", - "perm": "0600" + "perm": "0644" }{% if enable_ceph | bool %}, { "source": "/opt/kolla/config_files/secrets", diff --git a/docker/nova/nova-libvirt/start.sh b/docker/nova/nova-libvirt/start.sh index a083e7bacc..df3b0e5a97 100755 --- a/docker/nova/nova-libvirt/start.sh +++ b/docker/nova/nova-libvirt/start.sh @@ -4,4 +4,12 @@ set -o errexit # Loading common functions. source /opt/kolla/kolla-common.sh +# TODO(SamYaple): Tweak libvirt.conf rather than change permissions. +# Fix permissions for libvirt +# Do not remove unless CentOS has been validated +if [[ -c /dev/kvm ]]; then + chmod 660 /dev/kvm + chown root:kvm /dev/kvm +fi + exec $CMD