Browse Source

Use systemd units to enable tcp/tls in libvirt

Since v5.7.0, libvirt requires that proper socket unit is used to
listen on tcp/tls, and the usage of --listen option is forbidden
by default[1].
This patch makes puppet-nova depend on socket units instead of listen
option, to avoid failure when systemd tries to start libvrit service.

[1] 3a6a725b8f

Change-Id: I902169f54ff723c8f35ce12a7909950f61b4b7c6
Closes-Bug: #1880619
(cherry picked from commit 87f2437bdc)
(cherry picked from commit 5dd7c20fa0)
tags/15.6.0
Takashi Kajinami 1 month ago
committed by Tobias Urdin
parent
commit
9d933a3e31
4 changed files with 78 additions and 17 deletions
  1. +3
    -1
      manifests/compute/libvirt/version.pp
  2. +38
    -7
      manifests/migration/libvirt.pp
  3. +7
    -0
      releasenotes/notes/libvirt-systemd-socket-units-f7b0fc3a4f3c5219.yaml
  4. +30
    -9
      spec/classes/nova_migration_libvirt_spec.rb

+ 3
- 1
manifests/compute/libvirt/version.pp View File

@@ -11,7 +11,9 @@ class nova::compute::libvirt::version {
'RedHat': {
case $facts['os']['name'] {
'RedHat', 'CentOS': {
if versioncmp($facts['os']['release']['full'], '7.6') >= 0 {
if versioncmp($facts['os']['release']['full'], '8.1') >= 0 {
$default = '5.6'
} elsif versioncmp($facts['os']['release']['full'], '7.6') >= 0 {
$default = '4.5'
} else {
$default = '3.9'


+ 38
- 7
manifests/migration/libvirt.pp View File

@@ -89,6 +89,11 @@
# "transport" option.
# Defaults to undef
#
# [*libvirt_version*]
# (optional) installed libvirt version. Default is automatic detected depending
# of the used OS installed via ::nova::compute::libvirt::version::default .
# Defaults to ::nova::compute::libvirt::version::default
#
class nova::migration::libvirt(
$transport = undef,
$auth = 'none',
@@ -105,7 +110,8 @@ class nova::migration::libvirt(
$client_extraparams = {},
$ca_file = undef,
$crl_file = undef,
){
$libvirt_version = $::nova::compute::libvirt::version::default,
) inherits nova::compute::libvirt::version {

include ::nova::deps

@@ -233,12 +239,37 @@ class nova::migration::libvirt(

case $::osfamily {
'RedHat': {
if $transport_real != 'ssh' {
file_line { '/etc/sysconfig/libvirtd libvirtd args':
path => '/etc/sysconfig/libvirtd',
line => 'LIBVIRTD_ARGS="--listen"',
match => '^LIBVIRTD_ARGS=',
tag => 'libvirt-file_line',
if versioncmp($libvirt_version, '5.6') >= 0 {
$manage_services = pick($::nova::compute::libvirt::manage_libvirt_services, true)

if $manage_services {
if $transport_real == 'tls' {
service { 'libvirtd-tls':
ensure => 'running',
name => 'libvirtd-tls.socket',
enable => true,
require => Anchor['nova::config::end']
}
Service['libvirtd-tls'] -> Service<| title == 'libvirt' |>
} elsif $transport_real == 'tcp' {
service { 'libvirtd-tcp':
ensure => 'running',
name => 'libvirtd-tcp.socket',
enable => true,
require => Anchor['nova::config::end']
}
Service['libvirtd-tcp'] -> Service<| title == 'libvirt' |>
}
}

} else {
if $transport_real != 'ssh' {
file_line { '/etc/sysconfig/libvirtd libvirtd args':
path => '/etc/sysconfig/libvirtd',
line => 'LIBVIRTD_ARGS="--listen"',
match => '^LIBVIRTD_ARGS=',
tag => 'libvirt-file_line',
}
}
}
}


+ 7
- 0
releasenotes/notes/libvirt-systemd-socket-units-f7b0fc3a4f3c5219.yaml View File

@@ -0,0 +1,7 @@
---
features:
- |
Now puppet-nova supports configuration of libvirtd-tls.socket and
libvirtd-tcp.socket, which should be enabled according to the transport
protocol when libvirt is running under systemd. This feature is enforced
since libvirt v5.8.

+ 30
- 9
spec/classes/nova_migration_libvirt_spec.rb View File

@@ -239,6 +239,36 @@ describe 'nova::migration::libvirt' do

end

shared_examples_for 'nova migration with libvirt in Debian' do
it { is_expected.to contain_file_line('/etc/default/libvirtd libvirtd opts').with(:line => 'libvirtd_opts="-l"') }
end

shared_examples_for 'nova migration with libvirt in RedHat' do
context 'with tls transport' do
let(:params) do
{ :transport => 'tls' }
end

it { is_expected.to contain_service('libvirtd-tls').with(
:name => 'libvirtd-tls.socket',
:ensure => 'running',
:enable => true,
)}
end

context 'with tls transport' do
let(:params) do
{ :transport => 'tcp' }
end

it { is_expected.to contain_service('libvirtd-tcp').with(
:name => 'libvirtd-tcp.socket',
:ensure => 'running',
:enable => true,
)}
end
end

on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
@@ -247,15 +277,6 @@ describe 'nova::migration::libvirt' do
facts.merge!(OSDefaults.get_facts({ :os_workers => 5 }))
end

let (:platform_params) do
case facts[:osfamily]
when 'Debian'
it { is_expected.to contain_file_line('/etc/default/libvirtd libvirtd opts').with(:line => 'libvirtd_opts="-l"') }
when 'RedHat'
it { is_expected.to contain_file_line('/etc/sysconfig/libvirtd libvirtd args').with(:line => 'LIBVIRTD_ARGS="--listen"') }
end
end

it_configures 'nova migration with libvirt'
end
end


Loading…
Cancel
Save