From 39f75382fa7b59d9433bfd1c812d9c6b31f762b2 Mon Sep 17 00:00:00 2001 From: Thales Elero Cervi Date: Tue, 20 Dec 2022 09:47:32 -0300 Subject: [PATCH] Add patch to libvirt setup script On Debian this libvirt and qemu users/groups setup changed and it seems to be easier to maintain now, so we can drop a libvirt script setup step. Previously, on CentOS, there was no mismatch between the container kvm GID and the host kvm GID because both had our qemu rpm installed and it was forcing the GID to 36 [1]. On Debian it was removed at all [2], relying now on the debian/systemd patch [3][4] that already creates the group and sets the device (/dev/kvm) permissions and ownership accordingly. Since on Debian sytemd is already creating the kvm group and handling the /dev/kvm permission and ownership, we can remove this step from our libvirt container setup script and rely on Debian installation defaults. [1] https://opendev.org/starlingx/integ/src/branch/master/virt/qemu/centos/qemu-kvm.spec#L722 [2] https://salsa.debian.org/qemu-team/qemu/-/commit/cb8737ef48a37eddf12ac199b46f9034273ba6d3 [3] https://salsa.debian.org/systemd-team/systemd/-/commit/4fc3fa53bfa6e16ceb6cd312f49003839b56144a [4] https://bugs.launchpad.net/ubuntu/+source/gnome-boxes/+bug/1767302/comments/18 Test Plan: PASS - Build openstack-helm-infra PASS - Build stx-openstack-fluxcd package PASS - Build stx-openstack helm charts PASS - Upload/Apply/Remove the application PASS - Check that the script skipped the kvm device permission set PASS - Check that the host kvm device has the correct permissions and ownership. PASS - Check the container and host users and groups Partial-Bug: 1999445 Signed-off-by: Thales Elero Cervi Change-Id: I47e5be5f34989f932902d2b7f97ef23bedac3260 --- ...virt-configuration-script-for-Debian.patch | 40 +++++++++++++++++++ .../debian/deb_folder/patches/series | 1 + 2 files changed, 41 insertions(+) create mode 100644 openstack-helm-infra/debian/deb_folder/patches/0026-Update-libvirt-configuration-script-for-Debian.patch diff --git a/openstack-helm-infra/debian/deb_folder/patches/0026-Update-libvirt-configuration-script-for-Debian.patch b/openstack-helm-infra/debian/deb_folder/patches/0026-Update-libvirt-configuration-script-for-Debian.patch new file mode 100644 index 00000000..943c155d --- /dev/null +++ b/openstack-helm-infra/debian/deb_folder/patches/0026-Update-libvirt-configuration-script-for-Debian.patch @@ -0,0 +1,40 @@ +From 06de2b1f1b1de06cda47ffac6577794447e7562b Mon Sep 17 00:00:00 2001 +From: Thales Elero Cervi +Date: Mon, 19 Dec 2022 17:19:34 -0300 +Subject: [PATCH] Update libvirt configuration script for Debian + +Update the libvirt.sh template including a conditional check for the +Linux distribution before setting the kvm device permission and +ownership. +This was necessary when the libvirt image was stx-centos based but +now that it is stx-debian based, the newest package versions for both +libvirt and qemu rely on Debian systemd [1] to manage the it. + +[1] https://salsa.debian.org/systemd-team/systemd/-/commit/4fc3fa53bfa6e16ceb6cd312f49003839b56144a + +Signed-off-by: Thales Elero Cervi +Change-Id: Ib2c3b0cbd0666ffd5dd310103c3f1a75b36c330c +--- + libvirt/templates/bin/_libvirt.sh.tpl | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libvirt/templates/bin/_libvirt.sh.tpl b/libvirt/templates/bin/_libvirt.sh.tpl +index c419997e..d8085f5e 100644 +--- a/libvirt/templates/bin/_libvirt.sh.tpl ++++ b/libvirt/templates/bin/_libvirt.sh.tpl +@@ -33,9 +33,11 @@ fi + + rm -f /var/run/libvirtd.pid + +-if [[ -c /dev/kvm ]]; then ++if [ "$(cat /etc/os-release | grep -w NAME= | grep -w CentOS)" ]; then ++ if [[ -c /dev/kvm ]]; then + chmod 660 /dev/kvm + chown root:kvm /dev/kvm ++ fi + fi + + #Setup Cgroups to use when breaking out of Kubernetes defined groups +-- +2.25.1 + diff --git a/openstack-helm-infra/debian/deb_folder/patches/series b/openstack-helm-infra/debian/deb_folder/patches/series index d19e5c63..4067187f 100644 --- a/openstack-helm-infra/debian/deb_folder/patches/series +++ b/openstack-helm-infra/debian/deb_folder/patches/series @@ -16,3 +16,4 @@ 0023-Update-RabbitMQ-probes.patch 0024-Update-openstack-Ingress-for-networking-api-v1.patch 0025-Update-templates-syntax-for-fluxcd-helm-v3.patch +0026-Update-libvirt-configuration-script-for-Debian.patch