Allow permissive access to non_root_user files

Openvswitch ports cannot be connected to unprivileged libvirt guests, so the only way to use OVS on the undercloud host at the moment is to run the guests with privileges. In this case, the root user is used to launch the VMs, and the new option added in this patch can be used to give access to the image files owned by the non_root_user. Change-Id: Ife7f10df3d89798d3c5753f5ddc9a06eda5ef8d9
2017-01-10 15:04:16 +11:00 · 2017-01-10 15:04:16 +11:00 · a2110ff5c8
parent 6ff6c12faa
commit a2110ff5c8
2 changed files with 17 additions and 0 deletions
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@ -188,3 +188,10 @@ libvirt_volume_path: "{{ working_dir }}/pool"

 libvirt_uri: qemu:///session

+# Whether to give permissive access to files owned by the non_root_user.
+# This is required if the non_root_user is not used to run libvirt tasks.
+# The most common case for this is when openvswitch is used for networks
+# on the virthost. This requires running libvirt tasks as the root user so
+# that they have sufficient privileges to connect to ovs bridges.
+non_root_chown: false
+
--- a/roles/libvirt/setup/undercloud/tasks/main.yml
+++ b/roles/libvirt/setup/undercloud/tasks/main.yml
@ -273,6 +273,16 @@
    xml: "{{ lookup('template', 'undercloudvm.xml.j2') }}"
    uri: "{{ libvirt_uri }}"

+- name: Ensure file permissions if root used as task runner
+  file:
+    path: "{{ working_dir }}"
+    owner: "{{ non_root_user }}"
+    group: "{{ non_root_user }}"
+    mode: "a+x"
+    recurse: yes
+    state: 'directory'
+  when: non_root_chown|bool
+
 # Start the undercloud virtual machine.
 - name: Start undercloud vm
  virt: