a12f996778
The libvirt log filter settings match against the filename of the libvirt source emitting the log message. Normally these file names are relative to the source tree root, but in the Ubuntu binary packages these have somehow ended up as absolute filenames from the OS root. This means that a log filter of '1:libvirt' which is only intended to match src/libvirt.c will in fact match every single file. This caused enourmous log files on Ubuntu hosts running the gate. The fix is to use '1:libvirt.c' as a more specific filename match, but we can't do this unconditionally because libvirt >= 1.2.3 does not use filenames for log filter matching anymore. So only change the match on Ubuntu hosts for now, since that's where the original problem lies. While doing this, also turn off the logging of object ref and unref operations, since those pollute the logs with lots of noise. Change-Id: I71b67507a4e68a7bff0c358857aaaac08ef0c420
146 lines
5.0 KiB
Plaintext
146 lines
5.0 KiB
Plaintext
# lib/nova_plugins/functions-libvirt
|
|
# Common libvirt configuration functions
|
|
|
|
# Dependencies:
|
|
# ``functions`` file
|
|
# ``STACK_USER`` has to be defined
|
|
|
|
# Save trace setting
|
|
LV_XTRACE=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
# Defaults
|
|
# -------
|
|
|
|
# if we should turn on massive libvirt debugging
|
|
DEBUG_LIBVIRT=$(trueorfalse False $DEBUG_LIBVIRT)
|
|
|
|
# Installs required distro-specific libvirt packages.
|
|
function install_libvirt {
|
|
if is_ubuntu; then
|
|
install_package qemu-kvm
|
|
install_package libvirt-bin
|
|
install_package python-libvirt
|
|
install_package python-guestfs
|
|
elif is_fedora || is_suse; then
|
|
install_package kvm
|
|
install_package libvirt
|
|
install_package libvirt-python
|
|
install_package python-libguestfs
|
|
fi
|
|
|
|
# Restart firewalld after install of libvirt to avoid a problem
|
|
# with polkit, which libvirtd brings in. See
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1099031
|
|
|
|
# Note there is a difference between F20 rackspace cloud images
|
|
# and HP images used in the gate; rackspace has firewalld but hp
|
|
# cloud doesn't. RHEL6 doesn't have firewalld either. So we
|
|
# don't care if it fails.
|
|
if is_fedora; then
|
|
sudo service firewalld restart || true
|
|
fi
|
|
}
|
|
|
|
# Configures the installed libvirt system so that is accessible by
|
|
# STACK_USER via qemu:///system with management capabilities.
|
|
function configure_libvirt {
|
|
if is_service_enabled neutron && is_neutron_ovs_base_plugin && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF; then
|
|
# Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces
|
|
cat <<EOF | sudo tee -a $QEMU_CONF
|
|
cgroup_device_acl = [
|
|
"/dev/null", "/dev/full", "/dev/zero",
|
|
"/dev/random", "/dev/urandom",
|
|
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
|
"/dev/rtc", "/dev/hpet","/dev/net/tun",
|
|
]
|
|
EOF
|
|
fi
|
|
|
|
if is_ubuntu; then
|
|
LIBVIRT_DAEMON=libvirt-bin
|
|
else
|
|
LIBVIRT_DAEMON=libvirtd
|
|
fi
|
|
|
|
if is_fedora || is_suse; then
|
|
if is_fedora && [[ $DISTRO =~ (rhel6) || "$os_RELEASE" -le "17" ]]; then
|
|
cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
|
|
[libvirt Management Access]
|
|
Identity=unix-group:$LIBVIRT_GROUP
|
|
Action=org.libvirt.unix.manage
|
|
ResultAny=yes
|
|
ResultInactive=yes
|
|
ResultActive=yes
|
|
EOF
|
|
elif is_suse && [[ $os_RELEASE = 12.2 || "$os_VENDOR" = "SUSE LINUX" ]]; then
|
|
# openSUSE < 12.3 or SLE
|
|
# Work around the fact that polkit-default-privs overrules pklas
|
|
# with 'unix-group:$group'.
|
|
cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
|
|
[libvirt Management Access]
|
|
Identity=unix-user:$STACK_USER
|
|
Action=org.libvirt.unix.manage
|
|
ResultAny=yes
|
|
ResultInactive=yes
|
|
ResultActive=yes
|
|
EOF
|
|
else
|
|
# Starting with fedora 18 and opensuse-12.3 enable stack-user to
|
|
# virsh -c qemu:///system by creating a policy-kit rule for
|
|
# stack-user using the new Javascript syntax
|
|
rules_dir=/etc/polkit-1/rules.d
|
|
sudo mkdir -p $rules_dir
|
|
cat <<EOF | sudo tee $rules_dir/50-libvirt-$STACK_USER.rules
|
|
polkit.addRule(function(action, subject) {
|
|
if (action.id == 'org.libvirt.unix.manage' &&
|
|
subject.user == '$STACK_USER') {
|
|
return polkit.Result.YES;
|
|
}
|
|
});
|
|
EOF
|
|
unset rules_dir
|
|
fi
|
|
fi
|
|
|
|
# The user that nova runs as needs to be member of **libvirtd** group otherwise
|
|
# nova-compute will be unable to use libvirt.
|
|
if ! getent group $LIBVIRT_GROUP >/dev/null; then
|
|
sudo groupadd $LIBVIRT_GROUP
|
|
fi
|
|
add_user_to_group $STACK_USER $LIBVIRT_GROUP
|
|
|
|
# Enable server side traces for libvirtd
|
|
if [[ "$DEBUG_LIBVIRT" = "True" ]] ; then
|
|
if is_ubuntu; then
|
|
# Unexpectedly binary package builds in ubuntu get fully qualified
|
|
# source file paths, not relative paths. This screws with the matching
|
|
# of '1:libvirt' making everything turn on. So use libvirt.c for now.
|
|
# This will have to be re-visited when Ubuntu ships libvirt >= 1.2.3
|
|
local log_filters="1:libvirt.c 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util"
|
|
else
|
|
local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util"
|
|
fi
|
|
local log_outputs="1:file:/var/log/libvirt/libvirtd.log"
|
|
if ! grep -q "log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then
|
|
echo "log_filters=\"$log_filters\"" | sudo tee -a /etc/libvirt/libvirtd.conf
|
|
fi
|
|
if ! grep -q "log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then
|
|
echo "log_outputs=\"$log_outputs\"" | sudo tee -a /etc/libvirt/libvirtd.conf
|
|
fi
|
|
fi
|
|
|
|
# libvirt detects various settings on startup, as we potentially changed
|
|
# the system configuration (modules, filesystems), we need to restart
|
|
# libvirt to detect those changes.
|
|
restart_service $LIBVIRT_DAEMON
|
|
}
|
|
|
|
|
|
# Restore xtrace
|
|
$LV_XTRACE
|
|
|
|
# Local variables:
|
|
# mode: shell-script
|
|
# End:
|