Use systemd sockets for libvirt

Since libvirt 5.7 we should not use traditional mode. Instead systemd
mode should be choosen. Sockets are provided by libvirt package.
We just need to conditionally enable or disable them.

As addition we changed nova_libvirtd_listen_tls to 0 by default
because listen_tls requires certificate to be provided which is not
the case in the current role state. So we also fix behaviour of the role
when nova_libvirtd_listen_tls is 1, supposing that deployer has manually
distributed certificates across compute hosts.

Change-Id: Id73cb67de26c305908d0245551fa57a7e6448784
Closes-Bug: #1903846
This commit is contained in:
Dmitriy Rabotyagov 2021-01-06 17:31:29 +02:00
parent b03ffb76a2
commit 05ffae0ef0
3 changed files with 70 additions and 9 deletions

View File

@ -386,7 +386,7 @@ nova_api_threads: "{{ [[(ansible_processor_vcpus//ansible_processor_threads_per_
nova_service_in_ldap: false nova_service_in_ldap: false
## libvirtd config options ## libvirtd config options
nova_libvirtd_listen_tls: 1 nova_libvirtd_listen_tls: 0
nova_libvirtd_listen_tcp: 0 nova_libvirtd_listen_tcp: 0
nova_libvirtd_auth_tcp: sasl nova_libvirtd_auth_tcp: sasl
nova_libvirtd_debug_log_filters: "3:remote 4:event 3:json 3:rpc" nova_libvirtd_debug_log_filters: "3:remote 4:event 3:json 3:rpc"

View File

@ -13,12 +13,37 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Restart libvirt-bin - name: Stop libvirt-bin
service: service:
name: "{{ libvirt_service_name }}" name: "{{ libvirt_service_name }}"
enabled: yes enabled: yes
state: "restarted" state: "stopped"
daemon_reload: yes listen:
- Restart libvirt-bin
- name: Enable sockets when needed
service:
name: "{{ item.name | default(item) }}"
state: "{{ item.condition | default(False) | ternary('started', 'stopped') }}"
enabled: "{{ item.condition | default(False) }}"
masked: no
when:
- libvirtd_version is version('5.7', '>=')
with_items:
- name: libvirtd-tls.socket
condition: "{{ nova_libvirtd_listen_tls | bool }}"
- name: libvirtd-tcp.socket
condition: "{{ nova_libvirtd_listen_tcp | bool }}"
listen:
- Restart libvirt-bin
- name: Start libvirt-bin
service:
name: "{{ libvirt_service_name }}"
enabled: yes
state: "started"
listen:
- Restart libvirt-bin
- name: Stop services - name: Stop services
service: service:

View File

@ -17,6 +17,25 @@
tags: tags:
- nova-install - nova-install
- name: Check libvirtd version
command: "libvirtd --version"
register: _libvirtd_version_cmd
changed_when: false
tags:
- nova-install
- nova-config
- nova-kvm
- nova-libvirt
- name: Set libvirtd version
set_fact:
libvirtd_version: "{{ _libvirtd_version_cmd['stdout'].split()[-1] }}"
tags:
- nova-install
- nova-config
- nova-kvm
- nova-libvirt
- name: Set nested kvm virt - name: Set nested kvm virt
copy: copy:
src: kvm.conf src: kvm.conf
@ -81,14 +100,30 @@
- nova-kvm - nova-kvm
- nova-libvirt - nova-libvirt
- name: Set libvirt runtime options when listening on tcp (Ubuntu) - name: Set libvirt runtime options (Ubuntu)
lineinfile: lineinfile:
dest: "/etc/default/libvirtd" dest: "/etc/default/libvirtd"
line: 'libvirtd_opts="-l"' line: 'libvirtd_opts="-l"'
regexp: "^libvirtd_opts=" regexp: "^libvirtd_opts="
backup: "yes" backup: "yes"
when: when:
- nova_libvirtd_listen_tcp == 1 - (nova_libvirtd_listen_tcp == 1) or (nova_libvirtd_listen_tls == 1)
- libvirtd_version is version('5.7', '<')
- ansible_pkg_mgr == 'apt'
notify: Restart libvirt-bin
tags:
- nova-config
- nova-kvm
- nova-libvirt
- name: Unset libvirt runtime options (Ubuntu)
lineinfile:
dest: "/etc/default/libvirtd"
line: 'libvirtd_opts=""'
regexp: "^libvirtd_opts="
backup: "yes"
when:
- (nova_libvirtd_listen_tcp == 0 and nova_libvirtd_listen_tls == 0) or libvirtd_version is version('5.7', '>=')
- ansible_pkg_mgr == 'apt' - ansible_pkg_mgr == 'apt'
notify: Restart libvirt-bin notify: Restart libvirt-bin
tags: tags:
@ -103,7 +138,8 @@
regexp: "^(#)?LIBVIRTD_ARGS=*" regexp: "^(#)?LIBVIRTD_ARGS=*"
backup: "yes" backup: "yes"
when: when:
- nova_libvirtd_listen_tcp == 1 - (nova_libvirtd_listen_tcp == 1) or (nova_libvirtd_listen_tls == 1)
- libvirtd_version is version('5.7', '<')
- ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
notify: Restart libvirt-bin notify: Restart libvirt-bin
tags: tags:
@ -111,14 +147,14 @@
- nova-kvm - nova-kvm
- nova-libvirt - nova-libvirt
- name: Set libvirt runtime options (RPM) - name: Unset libvirt runtime options (RPM)
lineinfile: lineinfile:
dest: "/etc/sysconfig/libvirtd" dest: "/etc/sysconfig/libvirtd"
line: 'LIBVIRTD_ARGS=""' line: 'LIBVIRTD_ARGS=""'
regexp: "^(#)?LIBVIRTD_ARGS=*" regexp: "^(#)?LIBVIRTD_ARGS=*"
backup: "yes" backup: "yes"
when: when:
- nova_libvirtd_listen_tcp == 0 - (nova_libvirtd_listen_tcp == 0 and nova_libvirtd_listen_tls == 0) or libvirtd_version is version('5.7', '>=')
- ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
notify: Restart libvirt-bin notify: Restart libvirt-bin
tags: tags: