Add patch to libvirt setup script

On Debian this libvirt and qemu users/groups setup changed and it
seems to be easier to maintain now, so we can drop a libvirt script
setup step.

Previously, on CentOS, there was no mismatch between the container kvm
GID and the host kvm GID because both had our qemu rpm installed and
it was forcing the GID to 36 [1]. On Debian it was removed at all [2],
relying now on the debian/systemd patch [3][4] that already creates
the group and sets the device (/dev/kvm) permissions and ownership
accordingly.

Since on Debian sytemd is already creating the kvm group and handling
the /dev/kvm permission and ownership, we can remove this step from our
libvirt container setup script and rely on Debian installation defaults.

[1] https://opendev.org/starlingx/integ/src/branch/master/virt/qemu/centos/qemu-kvm.spec#L722
[2] cb8737ef48
[3] 4fc3fa53bf
[4] https://bugs.launchpad.net/ubuntu/+source/gnome-boxes/+bug/1767302/comments/18

Test Plan:
PASS - Build openstack-helm-infra
PASS - Build stx-openstack-fluxcd package
PASS - Build stx-openstack helm charts
PASS - Upload/Apply/Remove the application
PASS - Check that the script skipped the kvm device permission set
PASS - Check that the host kvm device has the correct permissions and
       ownership.
PASS - Check the container and host users and groups

Partial-Bug: 1999445

Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I47e5be5f34989f932902d2b7f97ef23bedac3260
This commit is contained in:
Thales Elero Cervi 2022-12-20 09:47:32 -03:00
parent 115b211ac9
commit 39f75382fa
2 changed files with 41 additions and 0 deletions
openstack-helm-infra/debian/deb_folder/patches

@ -0,0 +1,40 @@
From 06de2b1f1b1de06cda47ffac6577794447e7562b Mon Sep 17 00:00:00 2001
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Date: Mon, 19 Dec 2022 17:19:34 -0300
Subject: [PATCH] Update libvirt configuration script for Debian
Update the libvirt.sh template including a conditional check for the
Linux distribution before setting the kvm device permission and
ownership.
This was necessary when the libvirt image was stx-centos based but
now that it is stx-debian based, the newest package versions for both
libvirt and qemu rely on Debian systemd [1] to manage the it.
[1] https://salsa.debian.org/systemd-team/systemd/-/commit/4fc3fa53bfa6e16ceb6cd312f49003839b56144a
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: Ib2c3b0cbd0666ffd5dd310103c3f1a75b36c330c
---
libvirt/templates/bin/_libvirt.sh.tpl | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libvirt/templates/bin/_libvirt.sh.tpl b/libvirt/templates/bin/_libvirt.sh.tpl
index c419997e..d8085f5e 100644
--- a/libvirt/templates/bin/_libvirt.sh.tpl
+++ b/libvirt/templates/bin/_libvirt.sh.tpl
@@ -33,9 +33,11 @@ fi
rm -f /var/run/libvirtd.pid
-if [[ -c /dev/kvm ]]; then
+if [ "$(cat /etc/os-release | grep -w NAME= | grep -w CentOS)" ]; then
+ if [[ -c /dev/kvm ]]; then
chmod 660 /dev/kvm
chown root:kvm /dev/kvm
+ fi
fi
#Setup Cgroups to use when breaking out of Kubernetes defined groups
--
2.25.1

@ -16,3 +16,4 @@
0023-Update-RabbitMQ-probes.patch
0024-Update-openstack-Ingress-for-networking-api-v1.patch
0025-Update-templates-syntax-for-fluxcd-helm-v3.patch
0026-Update-libvirt-configuration-script-for-Debian.patch