openstack/kolla-ansible
Code Issues Proposed changes

Make /dev/kvm permissions handling more robust

Browse Source 
This makes use of udev rules to make it smarter and override
host-level packages settings.
Additionally, this masks Ubuntu-only service that is another
pain point in terms of /dev/kvm permissions.
Fingers crossed for no further surprises.

Change-Id: I61235b51e2e1325b8a9b4f85bf634f663c7ec3cc
Closes-bug: #1681461
This commit is contained in:
Radosław Piliszek 2020-06-13 21:03:59 +02:00
parent f2a5d374ca
commit 202365e702
4 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ansible/roles/nova-cell/defaults/main.yml
View File

@ -413,6 +413,11 @@ libvirt_tls_manage_certs: true
# ability for people to override the hostname to use. # ability for people to override the hostname to use.
migration_hostname: "{{ ansible_nodename }}" migration_hostname: "{{ ansible_nodename }}"
# NOTE(yoctozepto): Part of bug #1681461 fix.
# We can't get the id too effectively from the images so hardcoding here.
# It does not change that often (in fact, most likely never ever).
qemu_user_gid: 42427
#################### ####################
# Kolla # Kolla
#################### ####################

27
ansible/roles/nova-cell/tasks/config-host.yml
View File

@ -13,3 +13,30 @@
when: when:
- set_sysctl | bool - set_sysctl | bool
- inventory_hostname in groups[nova_cell_compute_group] - inventory_hostname in groups[nova_cell_compute_group]
# NOTE(yoctozepto): Part of bug #1681461 fix.
# This part can actually run on any distro and lets us drop the hardcoded
# chown and chmod from the nova-libvirt image extend_start and make the process
# more robust.
- name: Install udev kolla kvm rules
become: true
template:
src: "99-kolla-kvm.rules.j2"
dest: "/etc/udev/rules.d/99-kolla-kvm.rules"
mode: "0644"
when:
- nova_compute_virt_type == 'kvm'
- inventory_hostname in groups[nova_cell_compute_group]
# NOTE(yoctozepto): Part of bug #1681461 fix.
# This part only really makes sense on Ubuntu and would end up being confusing
# on others. This service changes /dev/kvm permissions.
- name: Mask qemu-kvm service
become: true
systemd:
name: qemu-kvm.service
masked: true
when:
- nova_compute_virt_type == 'kvm'
- ansible_distribution == 'Ubuntu'
- inventory_hostname in groups[nova_cell_compute_group]

4
ansible/roles/nova-cell/templates/99-kolla-kvm.rules.j2 Normal file
View File

@ -0,0 +1,4 @@
# Part of Kolla Ansible OpenStack Nova deployment.
# This ensures the /dev/kvm has proper permissions.
KERNEL=="kvm", GROUP="{{ qemu_user_gid }}", MODE="0660"

6
releasenotes/notes/bug-1681461-761f0cdf71bcb962.yaml Normal file
View File

@ -0,0 +1,6 @@
---
fixes:
- |
Fixes handling of `/dev/kvm` permissions to be more robust against
host-level actions.
`LP#1681461 <https://launchpad.net/bugs/1681461>`__