puppet-nova/manifests/migration/libvirt.pp

# == Class: nova::migration::libvirt
#
# Sets libvirt config that is required for migration
#
# === Parameters:
#
# [*use_tls*]
#   (optional) Use tls for remote connections to libvirt
#   Defaults to false
#
# [*auth*]
#   (optional) Use this authentication scheme for remote libvirt connections.
#   Valid options are none and sasl.
#   Defaults to 'none'
#
# [*listen_address*]
#   (optional) Bind libvirtd tcp/tls socket to the given address.
#   Defaults to undef (bind to all addresses)
#
# [*live_migration_tunnelled*]
#   (optional) Whether to use tunnelled migration, where migration data is
#   transported over the libvirtd connection.
#   If True, we use the VIR_MIGRATE_TUNNELLED migration flag, avoiding the
#   need to configure the network to allow direct hypervisor to hypervisor
#   communication.
#   If False, use the native transport.
#   If not set, Nova will choose a sensible default based on, for example
#   the availability of native encryption support in the hypervisor.
#   Defaults to $::os_service_default
#
# [*live_migration_completion_timeout*]
#   (optional) Time to wait, in seconds, for migration to successfully complete
#   transferring data before aborting the operation. Value is per GiB of guest
#   RAM + disk to be transferred, with lower bound of a minimum of 2 GiB. Set
#   to 0 to disable timeouts.
#   Defaults to $::os_service_default
#
# [*live_migration_progress_timeout*]
#   (optional) Time to wait, in seconds, for migration to make forward progress
#   in transferring data before aborting the operation. Set to 0 to disable
#   timeouts.
#   Defaults to $::os_service_default
#
# [*override_uuid*]
#   (optional) Set uuid not equal to output from dmidecode (boolean)
#   Defaults to false
#
# [*configure_libvirt*]
#   (optional) Whether or not configure libvirt bits.
#   Defaults to true.
#
# [*configure_nova*]
#   (optional) Whether or not configure libvirt bits.
#   Defaults to true.
#
class nova::migration::libvirt(
  $use_tls                           = false,
  $auth                              = 'none',
  $listen_address                    = undef,
  $live_migration_tunnelled          = $::os_service_default,
  $live_migration_completion_timeout = $::os_service_default,
  $live_migration_progress_timeout   = $::os_service_default,
  $override_uuid                     = false,
  $configure_libvirt                 = true,
  $configure_nova                    = true,
){

  include ::nova::deps

  validate_re($auth, [ '^sasl$', '^none$' ], 'Valid options for auth are none and sasl.')

  if $use_tls {
    $listen_tls = '1'
    $listen_tcp = '0'
  } else {
    $listen_tls = '0'
    $listen_tcp = '1'
  }

  if $configure_nova {
    if $use_tls {
      nova_config {
        'libvirt/live_migration_uri': value => 'qemu+tls://%s/system';
      }
    }

    nova_config {
      'libvirt/live_migration_tunnelled':          value => $live_migration_tunnelled;
      'libvirt/live_migration_completion_timeout': value => $live_migration_completion_timeout;
      'libvirt/live_migration_progress_timeout':   value => $live_migration_progress_timeout;
    }
  }

  if $configure_libvirt {
    Anchor['nova::config::begin']
    -> File_line<| tag == 'libvirt-file_line'|>
    -> Anchor['nova::config::end']

    File_line<| tag == 'libvirt-file_line' |>
    ~> Service['libvirt']

    if $override_uuid {
      if ! $::libvirt_uuid {
        $host_uuid = generate('/bin/cat', '/proc/sys/kernel/random/uuid')
        file { '/etc/libvirt/libvirt_uuid':
          content => $host_uuid,
          require => Package['libvirt'],
        }
      } else {
        $host_uuid = $::libvirt_uuid
      }

      augeas { 'libvirt-conf-uuid':
        context => '/files/etc/libvirt/libvirtd.conf',
        changes => [
          "set host_uuid ${host_uuid}",
        ],
        notify  => Service['libvirt'],
        require => Package['libvirt'],
      }
    }

    case $::osfamily {
      'RedHat': {
        file_line { '/etc/libvirt/libvirtd.conf listen_tls':
          path  => '/etc/libvirt/libvirtd.conf',
          line  => "listen_tls = ${listen_tls}",
          match => 'listen_tls =',
          tag   => 'libvirt-file_line',
        }

        file_line { '/etc/libvirt/libvirtd.conf listen_tcp':
          path  => '/etc/libvirt/libvirtd.conf',
          line  => "listen_tcp = ${listen_tcp}",
          match => 'listen_tcp =',
          tag   => 'libvirt-file_line',
        }

        if $use_tls {
          file_line { '/etc/libvirt/libvirtd.conf auth_tls':
            path  => '/etc/libvirt/libvirtd.conf',
            line  => "auth_tls = \"${auth}\"",
            match => 'auth_tls =',
            tag   => 'libvirt-file_line',
          }
        } else {
          file_line { '/etc/libvirt/libvirtd.conf auth_tcp':
            path  => '/etc/libvirt/libvirtd.conf',
            line  => "auth_tcp = \"${auth}\"",
            match => 'auth_tcp =',
            tag   => 'libvirt-file_line',
          }
        }

        if $listen_address {
          file_line { '/etc/libvirt/libvirtd.conf listen_address':
            path  => '/etc/libvirt/libvirtd.conf',
            line  => "listen_addr = \"${listen_address}\"",
            match => 'listen_addr =',
            tag   => 'libvirt-file_line',
          }
        }

        file_line { '/etc/sysconfig/libvirtd libvirtd args':
          path  => '/etc/sysconfig/libvirtd',
          line  => 'LIBVIRTD_ARGS="--listen"',
          match => 'LIBVIRTD_ARGS=',
          tag   => 'libvirt-file_line',
        }
      }

      'Debian': {
        file_line { '/etc/libvirt/libvirtd.conf listen_tls':
          path  => '/etc/libvirt/libvirtd.conf',
          line  => "listen_tls = ${listen_tls}",
          match => 'listen_tls =',
          tag   => 'libvirt-file_line',
        }

        file_line { '/etc/libvirt/libvirtd.conf listen_tcp':
          path  => '/etc/libvirt/libvirtd.conf',
          line  => "listen_tcp = ${listen_tcp}",
          match => 'listen_tcp =',
          tag   => 'libvirt-file_line',
        }

        if $use_tls {
          file_line { '/etc/libvirt/libvirtd.conf auth_tls':
            path  => '/etc/libvirt/libvirtd.conf',
            line  => "auth_tls = \"${auth}\"",
            match => 'auth_tls =',
            tag   => 'libvirt-file_line',
          }
        } else {
          file_line { '/etc/libvirt/libvirtd.conf auth_tcp':
            path  => '/etc/libvirt/libvirtd.conf',
            line  => "auth_tcp = \"${auth}\"",
            match => 'auth_tcp =',
            tag   => 'libvirt-file_line',
          }
        }

        if $listen_address {
          file_line { '/etc/libvirt/libvirtd.conf listen_address':
            path  => '/etc/libvirt/libvirtd.conf',
            line  => "listen_addr = \"${listen_address}\"",
            match => 'listen_addr =',
            tag   => 'libvirt-file_line',
          }
        }

        if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemmajrelease, '16') >= 0 {
          # If systemd is being used then libvirtd is already being launched correctly and
          # adding -d causes a second consecutive start to fail which causes puppet to fail.
          $libvirtd_opts = 'libvirtd_opts="-l"'
        } else {
          $libvirtd_opts = 'libvirtd_opts="-d -l"'
        }

        file_line { "/etc/default/${::nova::compute::libvirt::libvirt_service_name} libvirtd opts":
          path  => "/etc/default/${::nova::compute::libvirt::libvirt_service_name}",
          line  => $libvirtd_opts,
          match => 'libvirtd_opts=',
          tag   => 'libvirt-file_line',
        }
      }

      default:  {
        warning("Unsupported osfamily: ${::osfamily}, make sure you are configuring this yourself")
      }
    }
  }
}