Use systemd sockets for libvirt

Since libvirt 5.7 we should not use traditional mode. Instead systemd mode should be choosen. Sockets are provided by libvirt package. We just need to conditionally enable or disable them. As addition we changed nova_libvirtd_listen_tls to 0 by default because listen_tls requires certificate to be provided which is not the case in the current role state. So we also fix behaviour of the role when nova_libvirtd_listen_tls is 1, supposing that deployer has manually distributed certificates across compute hosts. Change-Id: Id73cb67de26c305908d0245551fa57a7e6448784 Closes-Bug: #1903846
2021-01-06 17:31:29 +02:00 · 2021-01-06 17:31:29 +02:00 · 05ffae0ef0
commit 05ffae0ef0
parent b03ffb76a2
3 changed files with 70 additions and 9 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -386,7 +386,7 @@ nova_api_threads: "{{ [[(ansible_processor_vcpus//ansible_processor_threads_per_
 nova_service_in_ldap: false

 ## libvirtd config options
-nova_libvirtd_listen_tls: 1
+nova_libvirtd_listen_tls: 0
 nova_libvirtd_listen_tcp: 0
 nova_libvirtd_auth_tcp: sasl
 nova_libvirtd_debug_log_filters: "3:remote 4:event 3:json 3:rpc"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -13,12 +13,37 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Restart libvirt-bin
+- name: Stop libvirt-bin
  service:
    name: "{{ libvirt_service_name }}"
    enabled: yes
-    state: "restarted"
-    daemon_reload: yes
+    state: "stopped"
+  listen:
+    - Restart libvirt-bin
+
+- name: Enable sockets when needed
+  service:
+    name: "{{ item.name | default(item) }}"
+    state: "{{ item.condition | default(False) | ternary('started', 'stopped') }}"
+    enabled: "{{ item.condition | default(False) }}"
+    masked: no
+  when:
+    - libvirtd_version is version('5.7', '>=')
+  with_items:
+    - name: libvirtd-tls.socket
+      condition: "{{ nova_libvirtd_listen_tls | bool }}"
+    - name: libvirtd-tcp.socket
+      condition: "{{ nova_libvirtd_listen_tcp | bool }}"
+  listen:
+    - Restart libvirt-bin
+
+- name: Start libvirt-bin
+  service:
+    name: "{{ libvirt_service_name }}"
+    enabled: yes
+    state: "started"
+  listen:
+    - Restart libvirt-bin

 - name: Stop services
  service:
--- a/tasks/drivers/kvm/nova_compute_kvm.yml
+++ b/tasks/drivers/kvm/nova_compute_kvm.yml
@ -17,6 +17,25 @@
  tags:
    - nova-install

+- name: Check libvirtd version
+  command: "libvirtd --version"
+  register: _libvirtd_version_cmd
+  changed_when: false
+  tags:
+    - nova-install
+    - nova-config
+    - nova-kvm
+    - nova-libvirt
+
+- name: Set libvirtd version
+  set_fact:
+    libvirtd_version: "{{ _libvirtd_version_cmd['stdout'].split()[-1] }}"
+  tags:
+    - nova-install
+    - nova-config
+    - nova-kvm
+    - nova-libvirt
+
 - name: Set nested kvm virt
  copy:
    src: kvm.conf
@ -81,14 +100,30 @@
    - nova-kvm
    - nova-libvirt

- name: Set libvirt runtime options when listening on tcp (Ubuntu)
+- name: Set libvirt runtime options (Ubuntu)
  lineinfile:
    dest: "/etc/default/libvirtd"
    line: 'libvirtd_opts="-l"'
    regexp: "^libvirtd_opts="
    backup: "yes"
  when:
-    - nova_libvirtd_listen_tcp == 1
+    - (nova_libvirtd_listen_tcp == 1) or (nova_libvirtd_listen_tls == 1)
+    - libvirtd_version is version('5.7', '<')
+    - ansible_pkg_mgr == 'apt'
+  notify: Restart libvirt-bin
+  tags:
+    - nova-config
+    - nova-kvm
+    - nova-libvirt
+
+- name: Unset libvirt runtime options (Ubuntu)
+  lineinfile:
+    dest: "/etc/default/libvirtd"
+    line: 'libvirtd_opts=""'
+    regexp: "^libvirtd_opts="
+    backup: "yes"
+  when:
+    - (nova_libvirtd_listen_tcp == 0 and nova_libvirtd_listen_tls == 0) or libvirtd_version is version('5.7', '>=')
    - ansible_pkg_mgr == 'apt'
  notify: Restart libvirt-bin
  tags:
@ -103,7 +138,8 @@
    regexp: "^(#)?LIBVIRTD_ARGS=*"
    backup: "yes"
  when:
-    - nova_libvirtd_listen_tcp == 1
+    - (nova_libvirtd_listen_tcp == 1) or (nova_libvirtd_listen_tls == 1)
+    - libvirtd_version is version('5.7', '<')
    - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
  notify: Restart libvirt-bin
  tags:
@ -111,14 +147,14 @@
    - nova-kvm
    - nova-libvirt

- name: Set libvirt runtime options (RPM)
+- name: Unset libvirt runtime options (RPM)
  lineinfile:
    dest: "/etc/sysconfig/libvirtd"
    line: 'LIBVIRTD_ARGS=""'
    regexp: "^(#)?LIBVIRTD_ARGS=*"
    backup: "yes"
  when:
-    - nova_libvirtd_listen_tcp == 0
+    - (nova_libvirtd_listen_tcp == 0 and nova_libvirtd_listen_tls == 0) or libvirtd_version is version('5.7', '>=')
    - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
  notify: Restart libvirt-bin
  tags: