diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml index 7aaa1b8268..9c54a4a062 100644 --- a/ansible/roles/nova-cell/defaults/main.yml +++ b/ansible/roles/nova-cell/defaults/main.yml @@ -413,6 +413,11 @@ libvirt_tls_manage_certs: true # ability for people to override the hostname to use. migration_hostname: "{{ ansible_nodename }}" +# NOTE(yoctozepto): Part of bug #1681461 fix. +# We can't get the id too effectively from the images so hardcoding here. +# It does not change that often (in fact, most likely never ever). +qemu_user_gid: 42427 + #################### # Kolla #################### diff --git a/ansible/roles/nova-cell/tasks/config-host.yml b/ansible/roles/nova-cell/tasks/config-host.yml index 2737d4ab57..650def7270 100644 --- a/ansible/roles/nova-cell/tasks/config-host.yml +++ b/ansible/roles/nova-cell/tasks/config-host.yml @@ -13,3 +13,30 @@ when: - set_sysctl | bool - inventory_hostname in groups[nova_cell_compute_group] + +# NOTE(yoctozepto): Part of bug #1681461 fix. +# This part can actually run on any distro and lets us drop the hardcoded +# chown and chmod from the nova-libvirt image extend_start and make the process +# more robust. +- name: Install udev kolla kvm rules + become: true + template: + src: "99-kolla-kvm.rules.j2" + dest: "/etc/udev/rules.d/99-kolla-kvm.rules" + mode: "0644" + when: + - nova_compute_virt_type == 'kvm' + - inventory_hostname in groups[nova_cell_compute_group] + +# NOTE(yoctozepto): Part of bug #1681461 fix. +# This part only really makes sense on Ubuntu and would end up being confusing +# on others. This service changes /dev/kvm permissions. +- name: Mask qemu-kvm service + become: true + systemd: + name: qemu-kvm.service + masked: true + when: + - nova_compute_virt_type == 'kvm' + - ansible_distribution == 'Ubuntu' + - inventory_hostname in groups[nova_cell_compute_group] diff --git a/ansible/roles/nova-cell/templates/99-kolla-kvm.rules.j2 b/ansible/roles/nova-cell/templates/99-kolla-kvm.rules.j2 new file mode 100644 index 0000000000..6b528d10f3 --- /dev/null +++ b/ansible/roles/nova-cell/templates/99-kolla-kvm.rules.j2 @@ -0,0 +1,4 @@ +# Part of Kolla Ansible OpenStack Nova deployment. + +# This ensures the /dev/kvm has proper permissions. +KERNEL=="kvm", GROUP="{{ qemu_user_gid }}", MODE="0660" diff --git a/releasenotes/notes/bug-1681461-761f0cdf71bcb962.yaml b/releasenotes/notes/bug-1681461-761f0cdf71bcb962.yaml new file mode 100644 index 0000000000..32397535ca --- /dev/null +++ b/releasenotes/notes/bug-1681461-761f0cdf71bcb962.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes handling of `/dev/kvm` permissions to be more robust against + host-level actions. + `LP#1681461 `__