From 87f2437bdce84f46c8180d30acaec32d472669ba Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 26 May 2020 09:22:22 +0900 Subject: [PATCH] Use systemd units to enable tcp/tls in libvirt Since v5.7.0, libvirt requires that proper socket unit is used to listen on tcp/tls, and the usage of --listen option is forbidden by default[1]. This patch makes puppet-nova depend on socket units instead of listen option, to avoid failure when systemd tries to start libvrit service. [1] https://github.com/libvirt/libvirt/commit/3a6a725b8f575890ee6c151ad1f46ea0ceea1f3b Change-Id: I902169f54ff723c8f35ce12a7909950f61b4b7c6 Closes-Bug: #1880619 --- manifests/compute/libvirt/version.pp | 4 +- manifests/migration/libvirt.pp | 45 ++++++++++++++++--- ...systemd-socket-units-f7b0fc3a4f3c5219.yaml | 7 +++ spec/classes/nova_migration_libvirt_spec.rb | 39 ++++++++++++---- 4 files changed, 78 insertions(+), 17 deletions(-) create mode 100644 releasenotes/notes/libvirt-systemd-socket-units-f7b0fc3a4f3c5219.yaml diff --git a/manifests/compute/libvirt/version.pp b/manifests/compute/libvirt/version.pp index c6494ff50..f89e9bfc1 100644 --- a/manifests/compute/libvirt/version.pp +++ b/manifests/compute/libvirt/version.pp @@ -11,7 +11,9 @@ class nova::compute::libvirt::version { 'RedHat': { case $facts['os']['name'] { 'RedHat', 'CentOS': { - if versioncmp($facts['os']['release']['full'], '7.6') >= 0 { + if versioncmp($facts['os']['release']['full'], '8.1') >= 0 { + $default = '5.6' + } elsif versioncmp($facts['os']['release']['full'], '7.6') >= 0 { $default = '4.5' } else { $default = '3.9' diff --git a/manifests/migration/libvirt.pp b/manifests/migration/libvirt.pp index a778074bf..81e1fb723 100644 --- a/manifests/migration/libvirt.pp +++ b/manifests/migration/libvirt.pp @@ -89,6 +89,11 @@ # "transport" option. # Defaults to undef # +# [*libvirt_version*] +# (optional) installed libvirt version. Default is automatic detected depending +# of the used OS installed via ::nova::compute::libvirt::version::default . +# Defaults to ::nova::compute::libvirt::version::default +# class nova::migration::libvirt( $transport = undef, $auth = 'none', @@ -105,7 +110,8 @@ class nova::migration::libvirt( $client_extraparams = {}, $ca_file = undef, $crl_file = undef, -){ + $libvirt_version = $::nova::compute::libvirt::version::default, +) inherits nova::compute::libvirt::version { include nova::deps @@ -233,12 +239,37 @@ class nova::migration::libvirt( case $::osfamily { 'RedHat': { - if $transport_real != 'ssh' { - file_line { '/etc/sysconfig/libvirtd libvirtd args': - path => '/etc/sysconfig/libvirtd', - line => 'LIBVIRTD_ARGS="--listen"', - match => '^LIBVIRTD_ARGS=', - tag => 'libvirt-file_line', + if versioncmp($libvirt_version, '5.6') >= 0 { + $manage_services = pick($::nova::compute::libvirt::manage_libvirt_services, true) + + if $manage_services { + if $transport_real == 'tls' { + service { 'libvirtd-tls': + ensure => 'running', + name => 'libvirtd-tls.socket', + enable => true, + require => Anchor['nova::config::end'] + } + Service['libvirtd-tls'] -> Service<| title == 'libvirt' |> + } elsif $transport_real == 'tcp' { + service { 'libvirtd-tcp': + ensure => 'running', + name => 'libvirtd-tcp.socket', + enable => true, + require => Anchor['nova::config::end'] + } + Service['libvirtd-tcp'] -> Service<| title == 'libvirt' |> + } + } + + } else { + if $transport_real != 'ssh' { + file_line { '/etc/sysconfig/libvirtd libvirtd args': + path => '/etc/sysconfig/libvirtd', + line => 'LIBVIRTD_ARGS="--listen"', + match => '^LIBVIRTD_ARGS=', + tag => 'libvirt-file_line', + } } } } diff --git a/releasenotes/notes/libvirt-systemd-socket-units-f7b0fc3a4f3c5219.yaml b/releasenotes/notes/libvirt-systemd-socket-units-f7b0fc3a4f3c5219.yaml new file mode 100644 index 000000000..e112d9c26 --- /dev/null +++ b/releasenotes/notes/libvirt-systemd-socket-units-f7b0fc3a4f3c5219.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Now puppet-nova supports configuration of libvirtd-tls.socket and + libvirtd-tcp.socket, which should be enabled according to the transport + protocol when libvirt is running under systemd. This feature is enforced + since libvirt v5.8. diff --git a/spec/classes/nova_migration_libvirt_spec.rb b/spec/classes/nova_migration_libvirt_spec.rb index 69d80ced4..6f1b542d0 100644 --- a/spec/classes/nova_migration_libvirt_spec.rb +++ b/spec/classes/nova_migration_libvirt_spec.rb @@ -239,6 +239,36 @@ describe 'nova::migration::libvirt' do end + shared_examples_for 'nova migration with libvirt in Debian' do + it { is_expected.to contain_file_line('/etc/default/libvirtd libvirtd opts').with(:line => 'libvirtd_opts="-l"') } + end + + shared_examples_for 'nova migration with libvirt in RedHat' do + context 'with tls transport' do + let(:params) do + { :transport => 'tls' } + end + + it { is_expected.to contain_service('libvirtd-tls').with( + :name => 'libvirtd-tls.socket', + :ensure => 'running', + :enable => true, + )} + end + + context 'with tls transport' do + let(:params) do + { :transport => 'tcp' } + end + + it { is_expected.to contain_service('libvirtd-tcp').with( + :name => 'libvirtd-tcp.socket', + :ensure => 'running', + :enable => true, + )} + end + end + on_supported_os({ :supported_os => OSDefaults.get_supported_os }).each do |os,facts| @@ -247,15 +277,6 @@ describe 'nova::migration::libvirt' do facts.merge!(OSDefaults.get_facts({ :os_workers => 5 })) end - let (:platform_params) do - case facts[:osfamily] - when 'Debian' - it { is_expected.to contain_file_line('/etc/default/libvirtd libvirtd opts').with(:line => 'libvirtd_opts="-l"') } - when 'RedHat' - it { is_expected.to contain_file_line('/etc/sysconfig/libvirtd libvirtd args').with(:line => 'LIBVIRTD_ARGS="--listen"') } - end - end - it_configures 'nova migration with libvirt' end end