[libvirt] Add user and groups to run libvirt

author: Manuel Bentele 2021-02-08 10:07:38 +0100
committer: Manuel Bentele 2021-02-08 10:07:38 +0100
commit: bd52d04d486fafb7b781b3d7ee4eff936a17c53a (patch)
tree: 02459721bfabba4e16d93e649b34b1ad3c6a58a4
parent: [libvirt] Remove default network configuration (diff)
download: mltk-bd52d04d486fafb7b781b3d7ee4eff936a17c53a.tar.gz
mltk-bd52d04d486fafb7b781b3d7ee4eff936a17c53a.tar.xz
mltk-bd52d04d486fafb7b781b3d7ee4eff936a17c53a.zip
1 files changed, 78 insertions, 0 deletions
diff --git a/core/modules/libvirt/data/addon-init b/core/modules/libvirt/data/addon-init
index 8070d171..034eb22a 100755
--- a/core/modules/libvirt/data/addon-init
+++ b/core/modules/libvirt/data/addon-init
@@ -1,4 +1,82 @@
 #!/bin/ash
 
+#
+# allocated UID and GID for libvirt-qemu
+#
+LIBVIRT_QEMU_UID=64055
+LIBVIRT_QEMU_GID=64055
+
+#
+# add groups to run libvirt
+#
+if ! getent group libvirt >/dev/null; then
+	addgroup --quiet --system libvirt
+fi
+
+if ! getent group kvm >/dev/null; then
+	addgroup --quiet --system kvm
+fi
+
+#
+# add user and group libvirt runs qemu/kvm instances with
+#
+if ! getent passwd libvirt-qemu >/dev/null; then
+
+	# set uid if available (expected); don't fail otherwise.
+	PARAMETER_UID=''
+	if ! getent passwd $LIBVIRT_QEMU_UID >/dev/null; then
+		PARAMETER_UID="--uid $LIBVIRT_QEMU_UID"
+	fi
+
+	adduser --quiet \
+			--system \
+			--ingroup kvm \
+			--quiet \
+			--disabled-login \
+			--disabled-password \
+			--home /var/lib/libvirt \
+			--no-create-home \
+			--gecos "Libvirt Qemu" \
+			$PARAMETER_UID \
+			libvirt-qemu
+fi
+
+if ! getent group libvirt-qemu >/dev/null; then
+
+	# set gid if available (expected); don't fail otherwise.
+	PARAMETER_GID=''
+	if ! getent group $LIBVIRT_QEMU_GID >/dev/null; then
+		PARAMETER_GID="--gid $LIBVIRT_QEMU_GID"
+	fi
+
+	addgroup --quiet --system $PARAMETER_GID libvirt-qemu
+	adduser --quiet libvirt-qemu libvirt-qemu
+fi
+
+#
+# add each sudo user to the libvirt group
+#
+for u in $(getent group sudo | sed -e "s/^.*://" -e "s/,/ /g"); do
+	adduser "$u" libvirt >/dev/null || true
+done
+
+if ! getent group libvirt-dnsmasq >/dev/null; then
+	addgroup --quiet --system libvirt-dnsmasq
+fi
+if ! getent passwd libvirt-dnsmasq >/dev/null; then
+	adduser --quiet \
+			--system \
+			--ingroup libvirt-dnsmasq \
+			--disabled-login \
+			--disabled-password \
+			--home /var/lib/libvirt/dnsmasq \
+			--no-create-home \
+			--gecos "Libvirt Dnsmasq" \
+			libvirt-dnsmasq
+fi
+
+#
+# register and start libvirt service
+#
 systemctl daemon-reload
 systemctl start libvirtd.service
author	Manuel Bentele	2021-02-08 10:07:38 +0100
committer	Manuel Bentele	2021-02-08 10:07:38 +0100
commit	bd52d04d486fafb7b781b3d7ee4eff936a17c53a (patch)
tree	02459721bfabba4e16d93e649b34b1ad3c6a58a4
parent	[libvirt] Remove default network configuration (diff)
download	mltk-bd52d04d486fafb7b781b3d7ee4eff936a17c53a.tar.gz mltk-bd52d04d486fafb7b781b3d7ee4eff936a17c53a.tar.xz mltk-bd52d04d486fafb7b781b3d7ee4eff936a17c53a.zip