From 288523c21e7560e3b97608e9f463f1e7ffeab069 Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Thu, 4 Feb 2021 12:00:25 +0100
Subject: [libvirt] Add Libvirt virtualization daemon as new module
---
core/modules/libvirt/data/addon-init | 4 ++++
1 file changed, 4 insertions(+)
create mode 100755 core/modules/libvirt/data/addon-init
(limited to 'core/modules/libvirt/data/addon-init')
diff --git a/core/modules/libvirt/data/addon-init b/core/modules/libvirt/data/addon-init
new file mode 100755
index 00000000..8070d171
--- /dev/null
+++ b/core/modules/libvirt/data/addon-init
@@ -0,0 +1,4 @@
+#!/bin/ash
+
+systemctl daemon-reload
+systemctl start libvirtd.service
--
cgit v1.2.3-55-g7522
From bd52d04d486fafb7b781b3d7ee4eff936a17c53a Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Mon, 8 Feb 2021 10:07:38 +0100
Subject: [libvirt] Add user and groups to run libvirt
---
core/modules/libvirt/data/addon-init | 78 ++++++++++++++++++++++++++++++++++++
1 file changed, 78 insertions(+)
(limited to 'core/modules/libvirt/data/addon-init')
diff --git a/core/modules/libvirt/data/addon-init b/core/modules/libvirt/data/addon-init
index 8070d171..034eb22a 100755
--- a/core/modules/libvirt/data/addon-init
+++ b/core/modules/libvirt/data/addon-init
@@ -1,4 +1,82 @@
#!/bin/ash
+#
+# allocated UID and GID for libvirt-qemu
+#
+LIBVIRT_QEMU_UID=64055
+LIBVIRT_QEMU_GID=64055
+
+#
+# add groups to run libvirt
+#
+if ! getent group libvirt >/dev/null; then
+ addgroup --quiet --system libvirt
+fi
+
+if ! getent group kvm >/dev/null; then
+ addgroup --quiet --system kvm
+fi
+
+#
+# add user and group libvirt runs qemu/kvm instances with
+#
+if ! getent passwd libvirt-qemu >/dev/null; then
+
+ # set uid if available (expected); don't fail otherwise.
+ PARAMETER_UID=''
+ if ! getent passwd $LIBVIRT_QEMU_UID >/dev/null; then
+ PARAMETER_UID="--uid $LIBVIRT_QEMU_UID"
+ fi
+
+ adduser --quiet \
+ --system \
+ --ingroup kvm \
+ --quiet \
+ --disabled-login \
+ --disabled-password \
+ --home /var/lib/libvirt \
+ --no-create-home \
+ --gecos "Libvirt Qemu" \
+ $PARAMETER_UID \
+ libvirt-qemu
+fi
+
+if ! getent group libvirt-qemu >/dev/null; then
+
+ # set gid if available (expected); don't fail otherwise.
+ PARAMETER_GID=''
+ if ! getent group $LIBVIRT_QEMU_GID >/dev/null; then
+ PARAMETER_GID="--gid $LIBVIRT_QEMU_GID"
+ fi
+
+ addgroup --quiet --system $PARAMETER_GID libvirt-qemu
+ adduser --quiet libvirt-qemu libvirt-qemu
+fi
+
+#
+# add each sudo user to the libvirt group
+#
+for u in $(getent group sudo | sed -e "s/^.*://" -e "s/,/ /g"); do
+ adduser "$u" libvirt >/dev/null || true
+done
+
+if ! getent group libvirt-dnsmasq >/dev/null; then
+ addgroup --quiet --system libvirt-dnsmasq
+fi
+if ! getent passwd libvirt-dnsmasq >/dev/null; then
+ adduser --quiet \
+ --system \
+ --ingroup libvirt-dnsmasq \
+ --disabled-login \
+ --disabled-password \
+ --home /var/lib/libvirt/dnsmasq \
+ --no-create-home \
+ --gecos "Libvirt Dnsmasq" \
+ libvirt-dnsmasq
+fi
+
+#
+# register and start libvirt service
+#
systemctl daemon-reload
systemctl start libvirtd.service
--
cgit v1.2.3-55-g7522
From d25c4cabcf687115c0580ccc5eb52d3ca632af9d Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Fri, 25 Jun 2021 12:16:33 +0200
Subject: [libvirt] Remove build support for MiniLinux
---
core/modules/libvirt/data/addon-init | 3 +-
.../libvirt/data/etc/libvirt/qemu/networks/br0.xml | 1 +
.../data/etc/libvirt/qemu/networks/nat1.xml | 1 +
.../data/etc/libvirt/qemu/networks/vsw2.xml | 1 +
core/modules/libvirt/module.build | 7 +--
core/modules/libvirt/module.conf | 58 ++--------------------
core/modules/libvirt/module.conf.debian | 2 +
core/modules/libvirt/module.conf.ubuntu | 14 ++++++
core/modules/libvirt/module.conf.ubuntu.18.04 | 8 ---
core/modules/libvirt/module.conf.ubuntu.20.04 | 12 -----
10 files changed, 25 insertions(+), 82 deletions(-)
create mode 100644 core/modules/libvirt/module.conf.ubuntu
delete mode 100644 core/modules/libvirt/module.conf.ubuntu.18.04
delete mode 100644 core/modules/libvirt/module.conf.ubuntu.20.04
(limited to 'core/modules/libvirt/data/addon-init')
diff --git a/core/modules/libvirt/data/addon-init b/core/modules/libvirt/data/addon-init
index 034eb22a..49c9b7b0 100755
--- a/core/modules/libvirt/data/addon-init
+++ b/core/modules/libvirt/data/addon-init
@@ -76,7 +76,8 @@ if ! getent passwd libvirt-dnsmasq >/dev/null; then
fi
#
-# register and start libvirt service
+# register and start libvirt services
#
systemctl daemon-reload
systemctl start libvirtd.service
+systemctl start libvirt-guests.service
diff --git a/core/modules/libvirt/data/etc/libvirt/qemu/networks/br0.xml b/core/modules/libvirt/data/etc/libvirt/qemu/networks/br0.xml
index cf0876dc..14acd6ec 100644
--- a/core/modules/libvirt/data/etc/libvirt/qemu/networks/br0.xml
+++ b/core/modules/libvirt/data/etc/libvirt/qemu/networks/br0.xml
@@ -2,4 +2,5 @@
br0
+
diff --git a/core/modules/libvirt/data/etc/libvirt/qemu/networks/nat1.xml b/core/modules/libvirt/data/etc/libvirt/qemu/networks/nat1.xml
index 3411fbbb..689b3640 100644
--- a/core/modules/libvirt/data/etc/libvirt/qemu/networks/nat1.xml
+++ b/core/modules/libvirt/data/etc/libvirt/qemu/networks/nat1.xml
@@ -2,4 +2,5 @@
nat1
+
diff --git a/core/modules/libvirt/data/etc/libvirt/qemu/networks/vsw2.xml b/core/modules/libvirt/data/etc/libvirt/qemu/networks/vsw2.xml
index cc40a0c3..a2c43fea 100644
--- a/core/modules/libvirt/data/etc/libvirt/qemu/networks/vsw2.xml
+++ b/core/modules/libvirt/data/etc/libvirt/qemu/networks/vsw2.xml
@@ -2,4 +2,5 @@
vsw2
+
diff --git a/core/modules/libvirt/module.build b/core/modules/libvirt/module.build
index 141e076e..dd868159 100644
--- a/core/modules/libvirt/module.build
+++ b/core/modules/libvirt/module.build
@@ -4,16 +4,11 @@ fetch_source() {
}
build() {
- COPYLIST="list_dpkg_output"
- [ -e "${COPYLIST}" ] && rm "${COPYLIST}"
- list_packet_files >> "${COPYLIST}"
- tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}"
+ :
}
post_copy() {
- #
# remove default network configuration
- #
rm "${MODULE_BUILD_DIR}/etc/libvirt/qemu/networks/default.xml"
rm "${MODULE_BUILD_DIR}/etc/libvirt/qemu/networks/autostart/default.xml"
}
diff --git a/core/modules/libvirt/module.conf b/core/modules/libvirt/module.conf
index bcc4b9f4..668ddf88 100644
--- a/core/modules/libvirt/module.conf
+++ b/core/modules/libvirt/module.conf
@@ -1,57 +1,5 @@
#!/bin/bash
-REQUIRED_BINARIES="
- libvirtd
- virtlockd
- virtlogd
- virt-sanlock-cleanup
- remote-viewer
- virsh
- virt-admin
- virt-host-validate
- virt-login-shell
- virt-pki-validate
- virt-viewer
- virt-xml-validate
- libvirt-guests.sh
- libvirt_iohelper
- libvirt_leaseshelper
- libvirt_lxc
- libvirt_parthelper
- libvirt_sanlock_helper
- virt-aa-helper
- virt-login-shell-helper
-"
-REQUIRED_FILES="
- /usr/lib/x86_64-linux-gnu/libvirt/connection-driver/libvirt_driver_interface.so
- /usr/lib/x86_64-linux-gnu/libvirt/connection-driver/libvirt_driver_network.so
- /usr/lib/x86_64-linux-gnu/libvirt/connection-driver/libvirt_driver_nodedev.so
- /usr/lib/x86_64-linux-gnu/libvirt/connection-driver/libvirt_driver_nwfilter.so
- /usr/lib/x86_64-linux-gnu/libvirt/connection-driver/libvirt_driver_secret.so
- /usr/lib/x86_64-linux-gnu/libvirt/connection-driver/libvirt_driver_storage.so
- /usr/lib/x86_64-linux-gnu/libvirt/lock-driver/lockd.so
- /usr/lib/x86_64-linux-gnu/libvirt/storage-backend/libvirt_storage_backend_disk.so
- /usr/lib/x86_64-linux-gnu/libvirt/storage-backend/libvirt_storage_backend_fs.so
- /usr/lib/x86_64-linux-gnu/libvirt/storage-backend/libvirt_storage_backend_iscsi.so
- /usr/lib/x86_64-linux-gnu/libvirt/storage-backend/libvirt_storage_backend_logical.so
- /usr/lib/x86_64-linux-gnu/libvirt/storage-backend/libvirt_storage_backend_mpath.so
- /usr/lib/x86_64-linux-gnu/libvirt/storage-backend/libvirt_storage_backend_scsi.so
- /usr/lib/x86_64-linux-gnu/libvirt/storage-file/libvirt_storage_file_fs.so
-"
-REQUIRED_DIRECTORIES="
- /etc
- /usr/lib/libvirt
- /usr/lib/systemd
- /usr/share/mime
- /usr/share/icons
- /usr/share/systemtap
- /usr/share/apport
- /usr/share/augeas
- /usr/share/bash-completion
- /usr/share/polkit-1
- /usr/share/appdata
- /usr/share/bug
- /usr/share/locale
- /usr/share/applications
- /var
-"
+REQUIRED_BINARIES=""
+REQUIRED_LIBRARIES=""
+REQUIRED_DIRECTORIES=""
diff --git a/core/modules/libvirt/module.conf.debian b/core/modules/libvirt/module.conf.debian
index 9248faf4..84be983c 100644
--- a/core/modules/libvirt/module.conf.debian
+++ b/core/modules/libvirt/module.conf.debian
@@ -3,10 +3,12 @@ REQUIRED_INSTALLED_PACKAGES="
libvirt-daemon-system
libvirt-daemon
libvirt-clients
+ ebtables
"
REQUIRED_CONTENT_PACKAGES="
libvirt-daemon-system
libvirt-daemon
libvirt-clients
+ ebtables
"
diff --git a/core/modules/libvirt/module.conf.ubuntu b/core/modules/libvirt/module.conf.ubuntu
new file mode 100644
index 00000000..84be983c
--- /dev/null
+++ b/core/modules/libvirt/module.conf.ubuntu
@@ -0,0 +1,14 @@
+#!/bin/bash
+REQUIRED_INSTALLED_PACKAGES="
+ libvirt-daemon-system
+ libvirt-daemon
+ libvirt-clients
+ ebtables
+"
+
+REQUIRED_CONTENT_PACKAGES="
+ libvirt-daemon-system
+ libvirt-daemon
+ libvirt-clients
+ ebtables
+"
diff --git a/core/modules/libvirt/module.conf.ubuntu.18.04 b/core/modules/libvirt/module.conf.ubuntu.18.04
deleted file mode 100644
index 7838878b..00000000
--- a/core/modules/libvirt/module.conf.ubuntu.18.04
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-REQUIRED_INSTALLED_PACKAGES="
- libvirt-bin
-"
-
-REQUIRED_CONTENT_PACKAGES="
- libvirt-bin
-"
diff --git a/core/modules/libvirt/module.conf.ubuntu.20.04 b/core/modules/libvirt/module.conf.ubuntu.20.04
deleted file mode 100644
index 9248faf4..00000000
--- a/core/modules/libvirt/module.conf.ubuntu.20.04
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-REQUIRED_INSTALLED_PACKAGES="
- libvirt-daemon-system
- libvirt-daemon
- libvirt-clients
-"
-
-REQUIRED_CONTENT_PACKAGES="
- libvirt-daemon-system
- libvirt-daemon
- libvirt-clients
-"
--
cgit v1.2.3-55-g7522
From b70886d3df3a93daa7aab2285ecc1a80867690f5 Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Fri, 25 Jun 2021 12:36:25 +0200
Subject: [libvirt] Enforce libvirt UIDs/GIDs to not collide with LDAP
UIDs/GIDs
---
core/modules/libvirt-users/module.build | 43 ++++++++++++++++++
core/modules/libvirt-users/module.conf | 5 +++
core/modules/libvirt/data/addon-init | 77 ---------------------------------
core/modules/libvirt/module.conf | 4 ++
core/targets/qemu/libvirt-users | 1 +
5 files changed, 53 insertions(+), 77 deletions(-)
create mode 100644 core/modules/libvirt-users/module.build
create mode 100644 core/modules/libvirt-users/module.conf
create mode 120000 core/targets/qemu/libvirt-users
(limited to 'core/modules/libvirt/data/addon-init')
diff --git a/core/modules/libvirt-users/module.build b/core/modules/libvirt-users/module.build
new file mode 100644
index 00000000..cab41b98
--- /dev/null
+++ b/core/modules/libvirt-users/module.build
@@ -0,0 +1,43 @@
+#!/bin/bash
+fetch_source() {
+ :
+}
+
+build() {
+ :
+}
+
+post_copy() {
+ # Create libvirt users before installing libvirt packages since the
+ # libvirt DEB package hook script will create system users with an
+ # UID/GID greater or equal than 1000. Those default libvirt UIDs/GIDs
+ # are not allowed since they will collide with LDAP UIDs/GIDs.
+
+ # add system groups to run libvirt
+ if ! getent group libvirt-qemu >/dev/null; then
+ addgroup --quiet --system libvirt-qemu
+ fi
+
+ if ! getent group kvm >/dev/null; then
+ addgroup --quiet --system kvm
+ fi
+
+ # add system user libvirt runs qemu/kvm instances with
+ if ! getent passwd libvirt-qemu >/dev/null; then
+ adduser --quiet \
+ --system \
+ --ingroup kvm \
+ --quiet \
+ --disabled-login \
+ --disabled-password \
+ --home /var/lib/libvirt \
+ --no-create-home \
+ --gecos "Libvirt Qemu" \
+ libvirt-qemu
+ fi
+
+ # add libvirt system user to the libvirt system group
+ if ! getent group libvirt-qemu >/dev/null; then
+ adduser --quiet libvirt-qemu libvirt-qemu
+ fi
+}
diff --git a/core/modules/libvirt-users/module.conf b/core/modules/libvirt-users/module.conf
new file mode 100644
index 00000000..668ddf88
--- /dev/null
+++ b/core/modules/libvirt-users/module.conf
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+REQUIRED_BINARIES=""
+REQUIRED_LIBRARIES=""
+REQUIRED_DIRECTORIES=""
diff --git a/core/modules/libvirt/data/addon-init b/core/modules/libvirt/data/addon-init
index 49c9b7b0..131a03f7 100755
--- a/core/modules/libvirt/data/addon-init
+++ b/core/modules/libvirt/data/addon-init
@@ -1,83 +1,6 @@
#!/bin/ash
-#
-# allocated UID and GID for libvirt-qemu
-#
-LIBVIRT_QEMU_UID=64055
-LIBVIRT_QEMU_GID=64055
-
-#
-# add groups to run libvirt
-#
-if ! getent group libvirt >/dev/null; then
- addgroup --quiet --system libvirt
-fi
-
-if ! getent group kvm >/dev/null; then
- addgroup --quiet --system kvm
-fi
-
-#
-# add user and group libvirt runs qemu/kvm instances with
-#
-if ! getent passwd libvirt-qemu >/dev/null; then
-
- # set uid if available (expected); don't fail otherwise.
- PARAMETER_UID=''
- if ! getent passwd $LIBVIRT_QEMU_UID >/dev/null; then
- PARAMETER_UID="--uid $LIBVIRT_QEMU_UID"
- fi
-
- adduser --quiet \
- --system \
- --ingroup kvm \
- --quiet \
- --disabled-login \
- --disabled-password \
- --home /var/lib/libvirt \
- --no-create-home \
- --gecos "Libvirt Qemu" \
- $PARAMETER_UID \
- libvirt-qemu
-fi
-
-if ! getent group libvirt-qemu >/dev/null; then
-
- # set gid if available (expected); don't fail otherwise.
- PARAMETER_GID=''
- if ! getent group $LIBVIRT_QEMU_GID >/dev/null; then
- PARAMETER_GID="--gid $LIBVIRT_QEMU_GID"
- fi
-
- addgroup --quiet --system $PARAMETER_GID libvirt-qemu
- adduser --quiet libvirt-qemu libvirt-qemu
-fi
-
-#
-# add each sudo user to the libvirt group
-#
-for u in $(getent group sudo | sed -e "s/^.*://" -e "s/,/ /g"); do
- adduser "$u" libvirt >/dev/null || true
-done
-
-if ! getent group libvirt-dnsmasq >/dev/null; then
- addgroup --quiet --system libvirt-dnsmasq
-fi
-if ! getent passwd libvirt-dnsmasq >/dev/null; then
- adduser --quiet \
- --system \
- --ingroup libvirt-dnsmasq \
- --disabled-login \
- --disabled-password \
- --home /var/lib/libvirt/dnsmasq \
- --no-create-home \
- --gecos "Libvirt Dnsmasq" \
- libvirt-dnsmasq
-fi
-
-#
# register and start libvirt services
-#
systemctl daemon-reload
systemctl start libvirtd.service
systemctl start libvirt-guests.service
diff --git a/core/modules/libvirt/module.conf b/core/modules/libvirt/module.conf
index 668ddf88..d67344f7 100644
--- a/core/modules/libvirt/module.conf
+++ b/core/modules/libvirt/module.conf
@@ -1,5 +1,9 @@
#!/bin/bash
+REQUIRED_MODULES="
+ libvirt-users
+"
+
REQUIRED_BINARIES=""
REQUIRED_LIBRARIES=""
REQUIRED_DIRECTORIES=""
diff --git a/core/targets/qemu/libvirt-users b/core/targets/qemu/libvirt-users
new file mode 120000
index 00000000..6f799d72
--- /dev/null
+++ b/core/targets/qemu/libvirt-users
@@ -0,0 +1 @@
+../../modules/libvirt-users
\ No newline at end of file
--
cgit v1.2.3-55-g7522