commit 1681c69dbeaf04335db05cf045c3de6f2e662462 Author: Antoine Date: Sun Jul 26 18:00:42 2020 +0200 create libvirtd container, this container could setup default pool and network diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a952cc4 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.swp +*.code-workspace \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..f067040 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,21 @@ +FROM fedora + +ENV container docker + +ENV LIBVIRTD_DEFAULT_POOL_PATH "" +ENV LIBVIRTD_DEFAULT_NETWORK "" + +RUN yum install -y \ + libvirt-daemon-kvm \ + libvirt-daemon-qemu \ + libvirt-client \ + selinux-policy selinux-policy-targeted \ + augeas + +COPY augconf /augconf +COPY libvirtd.sh /libvirtd.sh + +RUN augtool -f /augconf && \ + chmod a+x /libvirtd.sh + +CMD ["/libvirtd.sh"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f19d61c --- /dev/null +++ b/Makefile @@ -0,0 +1,22 @@ +.PHONY: imageLibvirtd test + +REGISTRY_IP=docker.registry + +## build + +shell_build_image = docker build -t $(REGISTRY_IP):5000/$(1) .; \ + docker push $(REGISTRY_IP):5000/$(1); + +imageLibvirtd: + $(call shell_build_image,libvirtd) + +test: + docker-compose up -d + +clean: + docker-compose down + +## management + +status: + @curl -s $(REGISTRY_IP):5000/v2/_catalog | jq \ No newline at end of file diff --git a/augconf b/augconf new file mode 100644 index 0000000..0dd29ee --- /dev/null +++ b/augconf @@ -0,0 +1,22 @@ +# Enable unauthenticated tcp +set /files/etc/libvirt/libvirtd.conf/listen_tls 0 +set /files/etc/libvirt/libvirtd.conf/listen_tcp 1 +set /files/etc/libvirt/libvirtd.conf/auth_tcp none + +# Listen on all interfaces for now +set /files/etc/libvirt/qemu.conf/stdio_handler logd +set /files/etc/libvirt/qemu.conf/spice_listen 0.0.0.0 +set /files/etc/libvirt/qemu.conf/vnc_listen 0.0.0.0 +set /files/etc/libvirt/qemu.conf/vnc_tls 0 +set /files/etc/libvirt/qemu.conf/vnc_sasl 0 + +# Fixate user and group +set /files/etc/libvirt/qemu.conf/user qemu +set /files/etc/libvirt/qemu.conf/group qemu +set /files/etc/libvirt/qemu.conf/dynamic_ownership 1 + +# Have virtlogd log to stderr +set /files/etc/libvirt/virtlogd.conf/log_outputs 2:stderr + +# Important to save +save diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..60018dc --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,22 @@ +version: "3.8" + +services: + libvirtd: + image: docker.registry:5000/libvirtd:latest + container_name: "libvirtd" + ipc: host + network_mode: host + pid: host + user: root + privileged: true + ports: + - "8080:8080" + environment: + LIBVIRTD_DEFAULT_NETWORK: "true" + LIBVIRTD_DEFAULT_POOL_PATH: "/var/lib/libvirt/images" + volumes: + - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket + - libvirt-images:/var/lib/libvirt/images + - /:/host:Z +volumes: + libvirt-images: diff --git a/libvirtd.sh b/libvirtd.sh new file mode 100644 index 0000000..c29fffa --- /dev/null +++ b/libvirtd.sh @@ -0,0 +1,115 @@ +#!/usr/bin/bash + +set -xe + +# HACK +# Use hosts's /dev to see new devices and allow macvtap +mkdir /dev.container && { + mount --rbind /dev /dev.container + mount --rbind /host/dev /dev + + # Keep some devices from the containerinal /dev + keep() { mount --rbind /dev.container/$1 /dev/$1 ; } + keep shm + keep mqueue + # Keep ptmx/pts for pty creation + keep pts + mount --rbind /dev/pts/ptmx /dev/ptmx + # Use the container /dev/kvm if available + [[ -e /dev.container/kvm ]] && keep kvm +} + +mkdir /sys.net.container && { + mount --rbind /sys/class/net /sys.net.container + mount --rbind /host/sys/class/net /sys/class/net +} + +mkdir /sys.devices.container && { + mount --rbind /sys/devices /sys.devices.container + mount --rbind /host/sys/devices /sys/devices +} + +# load modules +modprobe ip6_tables -d /host + +# If no cpuacct,cpu is present, symlink it to cpu,cpuacct +# Otherwise libvirt and our emulator get confused +if [ ! -d "/host/sys/fs/cgroup/cpuacct,cpu" ]; then + echo "Creating cpuacct,cpu cgroup symlink" + mount -o remount,rw /host/sys/fs/cgroup + cd /host/sys/fs/cgroup + ln -s cpu,cpuacct cpuacct,cpu + mount -o remount,ro /host/sys/fs/cgroup +fi + +mount --rbind /host/sys/fs/cgroup /sys/fs/cgroup + +mkdir -p /var/log/libvirt +touch /var/log/libvirt/qemu.log +chown qemu:qemu /var/log/libvirt/qemu.log + +# We create the network on a file basis to not +# have to wait for libvirtd to come up +if [[ -n "$LIBVIRTD_DEFAULT_NETWORK" ]]; then + mkdir -p /etc/libvirt/qemu/networks/autostart + cat > /etc/libvirt/qemu/networks/default.xml < + + default + + + + + + + + + +EOX + ln -s /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml +fi + +# We create the storage pool on a file basis to not +# have to wait for libvirtd to come up +if [[ -n "$LIBVIRTD_DEFAULT_POOL_PATH" ]]; then + mkdir -p /etc/libvirt/storage/autostart + cat > /etc/libvirt/storage/default.xml < + + default + + $LIBVIRTD_DEFAULT_POOL_PATH + + +EOX + ln -s /etc/libvirt/storage/default.xml /etc/libvirt/storage/autostart/default.xml +fi + +echo "cgroup_controllers = []" >> /etc/libvirt/qemu.conf +echo "namespaces = []" >> /etc/libvirt/qemu.conf + +/usr/sbin/virtlogd & + + +#Define cleanup procedure +cleanup() { + echo "Container stopped, performing cleanup..." + + if [[ -n "$LIBVIRTD_DEFAULT_NETWORK" ]]; then + echo "Container stopped, destroy default network ..." + virsh net-destroy default + fi +} + +#Trap SIGTERM +trap 'cleanup' SIGTERM + +#Execute command +# "${@}" & +/usr/sbin/libvirtd -ld + +#Wait +wait $! + +#Cleanup +cleanup \ No newline at end of file