From 05ffae0ef06c8d0816b118b35e9cfdf0fc0ed985 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
Date: Wed, 6 Jan 2021 17:31:29 +0200
Subject: [PATCH] Use systemd sockets for libvirt

Since libvirt 5.7 we should not use traditional mode. Instead systemd
mode should be choosen. Sockets are provided by libvirt package.
We just need to conditionally enable or disable them.

As addition we changed nova_libvirtd_listen_tls to 0 by default
because listen_tls requires certificate to be provided which is not
the case in the current role state. So we also fix behaviour of the role
when nova_libvirtd_listen_tls is 1, supposing that deployer has manually
distributed certificates across compute hosts.

Change-Id: Id73cb67de26c305908d0245551fa57a7e6448784
Closes-Bug: #1903846
---
 defaults/main.yml                      |  2 +-
 handlers/main.yml                      | 31 +++++++++++++++--
 tasks/drivers/kvm/nova_compute_kvm.yml | 46 +++++++++++++++++++++++---
 3 files changed, 70 insertions(+), 9 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 2b007353..3ba2b0cc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -386,7 +386,7 @@ nova_api_threads: "{{ [[(ansible_processor_vcpus//ansible_processor_threads_per_
 nova_service_in_ldap: false
 
 ## libvirtd config options
-nova_libvirtd_listen_tls: 1
+nova_libvirtd_listen_tls: 0
 nova_libvirtd_listen_tcp: 0
 nova_libvirtd_auth_tcp: sasl
 nova_libvirtd_debug_log_filters: "3:remote 4:event 3:json 3:rpc"
diff --git a/handlers/main.yml b/handlers/main.yml
index 5107c76c..3c7d5b01 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -13,12 +13,37 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Restart libvirt-bin
+- name: Stop libvirt-bin
   service:
     name: "{{ libvirt_service_name }}"
     enabled: yes
-    state: "restarted"
-    daemon_reload: yes
+    state: "stopped"
+  listen:
+    - Restart libvirt-bin
+
+- name: Enable sockets when needed
+  service:
+    name: "{{ item.name | default(item) }}"
+    state: "{{ item.condition | default(False) | ternary('started', 'stopped') }}"
+    enabled: "{{ item.condition | default(False) }}"
+    masked: no
+  when:
+    - libvirtd_version is version('5.7', '>=')
+  with_items:
+    - name: libvirtd-tls.socket
+      condition: "{{ nova_libvirtd_listen_tls | bool }}"
+    - name: libvirtd-tcp.socket
+      condition: "{{ nova_libvirtd_listen_tcp | bool }}"
+  listen:
+    - Restart libvirt-bin
+
+- name: Start libvirt-bin
+  service:
+    name: "{{ libvirt_service_name }}"
+    enabled: yes
+    state: "started"
+  listen:
+    - Restart libvirt-bin
 
 - name: Stop services
   service:
diff --git a/tasks/drivers/kvm/nova_compute_kvm.yml b/tasks/drivers/kvm/nova_compute_kvm.yml
index f884df81..7c10fe32 100644
--- a/tasks/drivers/kvm/nova_compute_kvm.yml
+++ b/tasks/drivers/kvm/nova_compute_kvm.yml
@@ -17,6 +17,25 @@
   tags:
     - nova-install
 
+- name: Check libvirtd version
+  command: "libvirtd --version"
+  register: _libvirtd_version_cmd
+  changed_when: false
+  tags:
+    - nova-install
+    - nova-config
+    - nova-kvm
+    - nova-libvirt
+
+- name: Set libvirtd version
+  set_fact:
+    libvirtd_version: "{{ _libvirtd_version_cmd['stdout'].split()[-1] }}"
+  tags:
+    - nova-install
+    - nova-config
+    - nova-kvm
+    - nova-libvirt
+
 - name: Set nested kvm virt
   copy:
     src: kvm.conf
@@ -81,14 +100,30 @@
     - nova-kvm
     - nova-libvirt
 
-- name: Set libvirt runtime options when listening on tcp (Ubuntu)
+- name: Set libvirt runtime options (Ubuntu)
   lineinfile:
     dest: "/etc/default/libvirtd"
     line: 'libvirtd_opts="-l"'
     regexp: "^libvirtd_opts="
     backup: "yes"
   when:
-    - nova_libvirtd_listen_tcp == 1
+    - (nova_libvirtd_listen_tcp == 1) or (nova_libvirtd_listen_tls == 1)
+    - libvirtd_version is version('5.7', '<')
+    - ansible_pkg_mgr == 'apt'
+  notify: Restart libvirt-bin
+  tags:
+    - nova-config
+    - nova-kvm
+    - nova-libvirt
+
+- name: Unset libvirt runtime options (Ubuntu)
+  lineinfile:
+    dest: "/etc/default/libvirtd"
+    line: 'libvirtd_opts=""'
+    regexp: "^libvirtd_opts="
+    backup: "yes"
+  when:
+    - (nova_libvirtd_listen_tcp == 0 and nova_libvirtd_listen_tls == 0) or libvirtd_version is version('5.7', '>=')
     - ansible_pkg_mgr == 'apt'
   notify: Restart libvirt-bin
   tags:
@@ -103,7 +138,8 @@
     regexp: "^(#)?LIBVIRTD_ARGS=*"
     backup: "yes"
   when:
-    - nova_libvirtd_listen_tcp == 1
+    - (nova_libvirtd_listen_tcp == 1) or (nova_libvirtd_listen_tls == 1)
+    - libvirtd_version is version('5.7', '<')
     - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
   notify: Restart libvirt-bin
   tags:
@@ -111,14 +147,14 @@
     - nova-kvm
     - nova-libvirt
 
-- name: Set libvirt runtime options (RPM)
+- name: Unset libvirt runtime options (RPM)
   lineinfile:
     dest: "/etc/sysconfig/libvirtd"
     line: 'LIBVIRTD_ARGS=""'
     regexp: "^(#)?LIBVIRTD_ARGS=*"
     backup: "yes"
   when:
-    - nova_libvirtd_listen_tcp == 0
+    - (nova_libvirtd_listen_tcp == 0 and nova_libvirtd_listen_tls == 0) or libvirtd_version is version('5.7', '>=')
     - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
   notify: Restart libvirt-bin
   tags: