Remove hardcoded config drive enforcement

This change removes the forced use of config drive to ensure that a user can choose to use config drive as needed. This adds ability to disable/enable config drive and allows libvirt to listen for connections on tcp as needed for live migrations (prohibited otherwise by config drive). The following new variables were added to os_nova role: nova_force_config_drive nova_libvirtd_listen_tls: 1 nova_libvirtd_listen_tcp: 0 nova_libvirtd_auth_tcp: sasl Change-Id: I1de35a4b3611b8bc33a21930dae3fd38f9aaa151 Closes-Bug: #1468514 DocImpact
2015-06-24 22:51:41 -05:00 · 2015-06-24 22:51:41 -05:00 · e65066cf12
commit e65066cf12
parent a19a6a7a48
4 changed files with 53 additions and 1 deletions
--- a/playbooks/roles/os_nova/defaults/main.yml
+++ b/playbooks/roles/os_nova/defaults/main.yml
@ -173,6 +173,8 @@ nova_cert_program_name: nova-cert
 ## Nova compute
 nova_enable_instance_password: True
 nova_compute_program_name: nova-compute
+# TODO: This defaults to 'False' upstream, we should set this to 'False' in Liberty
+nova_force_config_drive: True

 ## Nova conductor
 nova_conductor_program_name: nova-conductor
@ -267,6 +269,10 @@ nova_ceph_client_uuid: 517a4663-3927-44bc-9ea7-4a90e1cd4c66
 #  "compute:create": ""
 #  "compute:create:attach_network": ""

+## libvirtd config options
+nova_libvirtd_listen_tls: 1
+nova_libvirtd_listen_tcp: 0
+nova_libvirtd_auth_tcp: sasl

 ## Service Names
 nova_service_names:
--- a/playbooks/roles/os_nova/tasks/nova_compute_kvm.yml
+++ b/playbooks/roles/os_nova/tasks/nova_compute_kvm.yml
@ -28,4 +28,40 @@
  tags:
    - nova-kvm

+- name: Set libvirtd config
+  template: >
+    src=libvirtd.conf.j2
+    dest=/etc/libvirt/libvirtd.conf
+    owner="root"
+    group="root"
+    mode=0644
+  notify: Restart libvirt-bin
+  tags:
+    - nova-kvm
+    - nova-libvirt
+
+- name: Set libvirt runtime options
+  lineinfile:
+    dest: "/etc/default/libvirt-bin"
+    line: 'libvirtd_opts="-d -l"'
+    regexp: "^libvirtd_opts="
+    backup: "yes"
+  when: nova_libvirtd_listen_tcp == 1
+  notify: Restart libvirt-bin
+  tags:
+    - nova-kvm
+    - nova-libvirt
+
+- name: Set libvirt runtime options
+  lineinfile:
+    dest: "/etc/default/libvirt-bin"
+    line: 'libvirtd_opts="-d"'
+    regexp: "^libvirtd_opts="
+    backup: "yes"
+  when: nova_libvirtd_listen_tcp == 0
+  notify: Restart libvirt-bin
+  tags:
+    - nova-kvm
+    - nova-libvirt
+
 - include: nova_compute_kvm_virsh_net_remove.yml
--- a/playbooks/roles/os_nova/templates/libvirtd.conf.j2
+++ b/playbooks/roles/os_nova/templates/libvirtd.conf.j2
@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+listen_tls = {{ nova_libvirtd_listen_tls }}
+listen_tcp = {{ nova_libvirtd_listen_tcp }}
+unix_sock_group = "libvirtd"
+unix_sock_ro_perms = "0777"
+unix_sock_rw_perms = "0770"
+auth_unix_ro = "none"
+auth_unix_rw = "none"
+auth_tcp = "{{ nova_libvirtd_auth_tcp }}"
--- a/playbooks/roles/os_nova/templates/nova.conf.j2
+++ b/playbooks/roles/os_nova/templates/nova.conf.j2
@ -108,7 +108,7 @@ vif_plugging_is_fatal = False
 default_ephemeral_format = ext4

 # Configdrive
-force_config_drive = always
+force_config_drive = {{ nova_force_config_drive }}

 # Policy
 max_age = {{ nova_max_age }}