create libvirtd container, this container could setup default pool and network

2020-07-26 18:00:42 +02:00 · 2020-07-26 18:00:42 +02:00 · 1681c69dbe
commit 1681c69dbe
6 changed files with 204 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+*.swp
+*.code-workspace
--- a/21
+++ b/21
@ -0,0 +1,21 @@
+FROM fedora
+
+ENV container docker
+
+ENV LIBVIRTD_DEFAULT_POOL_PATH ""
+ENV LIBVIRTD_DEFAULT_NETWORK ""
+
+RUN yum install -y \
+  libvirt-daemon-kvm \
+  libvirt-daemon-qemu \
+  libvirt-client \
+  selinux-policy selinux-policy-targeted \
+  augeas
+
+COPY augconf /augconf
+COPY libvirtd.sh /libvirtd.sh
+
+RUN augtool -f /augconf && \
+    chmod a+x /libvirtd.sh
+
+CMD ["/libvirtd.sh"]
--- a/22
+++ b/22
@ -0,0 +1,22 @@
+.PHONY: imageLibvirtd test
+
+REGISTRY_IP=docker.registry
+
+## build
+
+shell_build_image = docker build -t $(REGISTRY_IP):5000/$(1) .; \
+        docker push $(REGISTRY_IP):5000/$(1);
+
+imageLibvirtd:
+	$(call shell_build_image,libvirtd)
+
+test:
+	docker-compose up -d
+
+clean:
+	docker-compose down
+
+## management
+
+status:
+	@curl -s $(REGISTRY_IP):5000/v2/_catalog | jq
--- a/22
+++ b/22
@ -0,0 +1,22 @@
+# Enable unauthenticated tcp
+set /files/etc/libvirt/libvirtd.conf/listen_tls 0
+set /files/etc/libvirt/libvirtd.conf/listen_tcp 1
+set /files/etc/libvirt/libvirtd.conf/auth_tcp none
+
+# Listen on all interfaces for now
+set /files/etc/libvirt/qemu.conf/stdio_handler logd
+set /files/etc/libvirt/qemu.conf/spice_listen 0.0.0.0
+set /files/etc/libvirt/qemu.conf/vnc_listen 0.0.0.0
+set /files/etc/libvirt/qemu.conf/vnc_tls 0
+set /files/etc/libvirt/qemu.conf/vnc_sasl 0
+
+# Fixate user and group
+set /files/etc/libvirt/qemu.conf/user qemu
+set /files/etc/libvirt/qemu.conf/group qemu
+set /files/etc/libvirt/qemu.conf/dynamic_ownership 1
+
+# Have virtlogd log to stderr
+set /files/etc/libvirt/virtlogd.conf/log_outputs 2:stderr
+
+# Important to save
+save
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,22 @@
+version: "3.8"
+
+services:
+  libvirtd:
+    image: docker.registry:5000/libvirtd:latest
+    container_name: "libvirtd"
+    ipc: host
+    network_mode: host
+    pid: host
+    user: root
+    privileged: true
+    ports:
+      - "8080:8080"
+    environment:
+      LIBVIRTD_DEFAULT_NETWORK: "true"
+      LIBVIRTD_DEFAULT_POOL_PATH: "/var/lib/libvirt/images"
+    volumes:
+      - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket
+      - libvirt-images:/var/lib/libvirt/images
+      - /:/host:Z
+volumes:
+  libvirt-images:
--- a/libvirtd.sh
+++ b/libvirtd.sh
@ -0,0 +1,115 @@
+#!/usr/bin/bash
+
+set -xe
+
+# HACK
+# Use hosts's /dev to see new devices and allow macvtap
+mkdir /dev.container && {
+  mount --rbind /dev /dev.container
+  mount --rbind /host/dev /dev
+
+  # Keep some devices from the containerinal /dev
+  keep() { mount --rbind /dev.container/$1 /dev/$1 ; }
+  keep shm
+  keep mqueue
+  # Keep ptmx/pts for pty creation
+  keep pts
+  mount --rbind /dev/pts/ptmx /dev/ptmx
+  # Use the container /dev/kvm if available
+  [[ -e /dev.container/kvm ]] && keep kvm
+}
+
+mkdir /sys.net.container && {
+  mount --rbind /sys/class/net /sys.net.container
+  mount --rbind /host/sys/class/net /sys/class/net
+}
+
+mkdir /sys.devices.container && {
+  mount --rbind /sys/devices /sys.devices.container
+  mount --rbind /host/sys/devices /sys/devices
+}
+
+# load modules
+modprobe ip6_tables -d /host
+
+# If no cpuacct,cpu is present, symlink it to cpu,cpuacct
+# Otherwise libvirt and our emulator get confused
+if [ ! -d "/host/sys/fs/cgroup/cpuacct,cpu" ]; then
+  echo "Creating cpuacct,cpu cgroup symlink"
+  mount -o remount,rw /host/sys/fs/cgroup
+  cd /host/sys/fs/cgroup
+  ln -s cpu,cpuacct cpuacct,cpu
+  mount -o remount,ro /host/sys/fs/cgroup
+fi
+
+mount --rbind /host/sys/fs/cgroup /sys/fs/cgroup
+
+mkdir -p /var/log/libvirt
+touch /var/log/libvirt/qemu.log
+chown qemu:qemu /var/log/libvirt/qemu.log
+
+# We create the network on a file basis to not
+# have to wait for libvirtd to come up
+if [[ -n "$LIBVIRTD_DEFAULT_NETWORK" ]]; then
+  mkdir -p /etc/libvirt/qemu/networks/autostart
+  cat > /etc/libvirt/qemu/networks/default.xml <<EOX
+<!-- Generated by libvirtd.sh container script -->
+<network>
+  <name>default</name>
+  <!-- spanning tree on and 0 forward delay-->
+  <bridge name='virbr0' stp='on' delay='0'/>
+  <forward mode='nat'/>
+  <ip address='192.168.122.1' netmask='255.255.255.0'>
+    <dhcp>
+      <range start='192.168.122.2' end='192.168.122.254'/>
+    </dhcp>
+  </ip>
+</network>
+EOX
+  ln -s /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml
+fi
+
+# We create the storage pool on a file basis to not
+# have to wait for libvirtd to come up
+if [[ -n "$LIBVIRTD_DEFAULT_POOL_PATH" ]]; then
+  mkdir -p /etc/libvirt/storage/autostart
+  cat > /etc/libvirt/storage/default.xml <<EOX
+<!-- Generated by libvirtd.sh container script -->
+<pool type='dir'>
+  <name>default</name>
+  <target>
+    <path>$LIBVIRTD_DEFAULT_POOL_PATH</path>
+  </target>
+</pool>
+EOX
+  ln -s /etc/libvirt/storage/default.xml /etc/libvirt/storage/autostart/default.xml
+fi
+
+echo "cgroup_controllers = []" >> /etc/libvirt/qemu.conf
+echo "namespaces = []" >> /etc/libvirt/qemu.conf
+
+/usr/sbin/virtlogd &
+
+
+#Define cleanup procedure
+cleanup() {
+    echo "Container stopped, performing cleanup..."
+
+    if [[ -n "$LIBVIRTD_DEFAULT_NETWORK" ]]; then
+      echo "Container stopped, destroy default network ..."
+      virsh net-destroy default
+    fi
+}
+
+#Trap SIGTERM
+trap 'cleanup' SIGTERM
+
+#Execute command
+# "${@}" &
+/usr/sbin/libvirtd -ld
+
+#Wait
+wait $!
+
+#Cleanup
+cleanup