Skip to content

CIRCLE / salt

Go to a project
Commit fad5b516 by Bach Dániel
Options

add vmdriver

parent e262f40f
Showing with 255 additions and 0 deletions
pillar/top.sls
......@@ -5,4 +5,5 @@ base:
- storagedriver
- vncproxy
- monitor-client
- vmdriver
- common
pillar/vmdriver.sls 0 → 100644
vmdriver:
repo_name: https://git.ik.bme.hu/circle/vmdriver.git
repo_revision: master
salt/agentdriver/configuration.sls
......@@ -22,3 +22,6 @@
/var/lib/libvirt/serial:
file.directory:
- makedirs: True
- user: libvirt-qemu
- group: kvm
- mode: 755
salt/vmdriver/configuration.sls 0 → 100644
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/bin/postactivate:
file.managed:
- source: salt://vmdriver/files/postactivate
- template: jinja
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- mode: 700
/etc/init/vmcelery.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/vmcelery.conf
/etc/init/netcelery.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/netcelery.conf
/etc/init/node.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/node.conf
ovs-bridge:
cmd.run:
- name: ovs-vsctl add-br cloud
- unless: ovs-vsctl list-br | grep "^cloud$"
/etc/sudoers.d/netdriver:
file.managed:
- source: salt://vmdriver/files/sudoers
- template: jinja
- user: root
- group: root
- mode: 600
salt/vmdriver/files/apparmor-libvirt 0 → 100644
#
# This profile is for the domain whose UUID matches this file.
#
#include <tunables/global>
profile LIBVIRT_TEMPLATE {
#include <abstractions/libvirt-qemu>
/var/lib/libvirt/serial/** rwk,
/dev/vhost-net rw,
}
salt/vmdriver/files/postactivate 0 → 100644
export AMQP_URI=amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }}
export CACHE_URI={{ pillar['cache'] }}
export LIBVIRT_URI=qemu:///system
export HYPERVISOR_TYPE=kvm
export NATIVE_OVS=True
salt/vmdriver/files/sudoers 0 → 100644
pillar['user'] ALL = (ALL) NOPASSWD: /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /sbin/ip link set *
salt/vmdriver/files/usr.lib.libvirt.virt-aa-helper 0 → 100644
# Last Modified: Mon Jul 06 17:22:37 2009
#include <tunables/global>
/usr/lib/libvirt/virt-aa-helper {
#include <abstractions/base>
#include <abstractions/user-tmp>
# needed for searching directories
capability dac_override,
capability dac_read_search,
# needed for when disk is on a network filesystem
network inet,
deny @{PROC}/[0-9]*/mounts r,
@{PROC}/[0-9]*/net/psched r,
owner @{PROC}/[0-9]*/status r,
@{PROC}/filesystems r,
# for hostdev
/sys/devices/ r,
/sys/devices/** r,
/sys/bus/usb/devices/ r,
/sys/bus/usb/devices/** r,
deny /dev/sd* r,
deny /dev/dm-* r,
deny /dev/mapper/ r,
deny /dev/mapper/* r,
/usr/lib/libvirt/virt-aa-helper mr,
/sbin/apparmor_parser Ux,
/etc/apparmor.d/libvirt/* r,
/etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
# For backingstore, virt-aa-helper needs to peek inside the disk image, so
# allow access to non-hidden files in @{HOME} as well as storage pools, and
# removable media and filesystems, and certain file extentions. A
# virt-aa-helper failure when checking a disk for backinsgstore is non-fatal
# (but obviously the backingstore won't be added).
audit deny @{HOME}/.* mrwkl,
audit deny @{HOME}/.*/ rw,
audit deny @{HOME}/.*/** mrwkl,
@{HOME}/ r,
@{HOME}/** r,
@{HOME}/.Private/** mrwlk,
@{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk,
/var/lib/libvirt/images/ r,
/var/lib/libvirt/images/** r,
/var/lib/nova/images/** r,
/var/lib/nova/instances/_base/** r,
/var/lib/nova/instances/snapshots/** r,
/var/lib/eucalyptus/instances/**/disk* r,
/var/lib/eucalyptus/instances/**/loader* r,
/var/lib/uvtool/libvirt/images/** r,
/{media,mnt,opt,srv}/** r,
/**.img r,
/**.qcow{,2} r,
/**.qed r,
/**.vmdk r,
/**.[iI][sS][oO] r,
/**/disk{,.*} r,
/datastore/** r,
}
salt/vmdriver/gitrepo.sls 0 → 100644
include:
- common
gitrepo_vmdriver:
git.latest:
- name: {{ pillar['vmdriver']['repo_name'] }}
- rev: {{ pillar['vmdriver']['repo_revision'] }}
- target: /home/{{ pillar['user'] }}/vmdriver
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- require:
- pkg: git
salt/vmdriver/init.sls 0 → 100644
include:
- vmdriver.libvirt
- vmdriver.gitrepo
- vmdriver.virtualenv
- vmdriver.configuration
vmdriver:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- python-dev
- python-augeas
- ntp
- wget
- openvswitch-common
- openvswitch-switch
- openvswitch-controller
- libvirt-bin
- python-libvirt
- libxml2-dev
- libmemcached-dev
- libxslt1-dev
- zlib1g-dev
- qemu-kvm
- qemu-utils
- require_in:
- service: libvirt-bin
- git: gitrepo_vmdriver
- virtualenv: virtualenv_vmdriver
node:
service:
- running
- watch:
- pkg: vmdriver
- sls: vmdriver.gitrepo
- sls: vmdriver.virtualenv
- sls: vmdriver.configuration
salt/vmdriver/libvirt.sls 0 → 100644
libvirtconf:
augeas.setvalue:
- prefix: /files/etc/libvirt/libvirtd.conf
- changes:
- listen_tcp: 1
- listen_tls: 0
- auth_tcp: "none"
/etc/default/libvirt-bin:
file.append:
- text: libvirtd_opts="-d -l"
libvirt-bin:
service:
- running
- watch:
- file: /etc/default/libvirt-bin
- augeas: libvirtconf
/etc/apparmor.d/libvirt/TEMPLATE:
file.managed:
- source: salt://vmdriver/files/apparmor-libvirt
- template: jinja
- mode: 644
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper:
file.managed:
- source: salt://vmdriver/files/usr.lib.libvirt.virt-aa-helper
- template: jinja
- mode: 644
salt/vmdriver/virtualenv.sls 0 → 100644
virtualenv_vmdriver:
virtualenv.managed:
- name: /home/{{ pillar['user'] }}/.virtualenvs/vmdriver
- requirements: /home/{{ pillar['user'] }}/vmdriver/requirements/production.txt
- runas: {{ pillar['user'] }}
- no_chown: true
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages//libvirtmod_qemu.so:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirtmod_qemu.so
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages//libvirtmod.so:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirtmod.so
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt_qemu.py:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt_qemu.py
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt.py:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt.py
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt_qemu.pyc:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt_qemu.pyc
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt.pyc:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt.pyc
- require:
- virtualenv: virtualenv_vmdriver
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment