Merge pull request #202 from stackhpc/libvirt-on-host

Support running libvirt on the host

Author: markgoddard

ansible/group_vars/all.yml

@@ -692,6 +692,7 @@ enable_neutron_trunk: "no"
 enable_neutron_metering: "no"
 enable_neutron_infoblox_ipam_agent: "no"
 enable_neutron_port_forwarding: "no"
+enable_nova_libvirt_container: "{{ nova_compute_virt_type in ['kvm', 'qemu'] }}"
 enable_nova_serialconsole_proxy: "no"
 enable_nova_ssh: "yes"
 enable_octavia: "no"
@@ -1027,7 +1028,7 @@ nova_backend_ceph: "no"
 nova_backend: "{{ 'rbd' if nova_backend_ceph | bool else 'default' }}"
 # Valid options are [ kvm, qemu, vmware ]
 nova_compute_virt_type: "kvm"
-nova_instance_datadir_volume: "nova_compute"
+nova_instance_datadir_volume: "{{ 'nova_compute' if enable_nova_libvirt_container | bool else '/var/lib/nova' }}"
 nova_safety_upgrade: "no"
 # Valid options are [ none, novnc, spice ]
 nova_console: "novnc"

ansible/nova-libvirt-cleanup.yml

@@ -0,0 +1,14 @@
+---
+- import_playbook: gather-facts.yml
+
+- name: Remove nova_libvirt container
+  gather_facts: false
+  hosts:
+    - compute
+  serial: '{{ kolla_serial|default("0") }}'
+  tags:
+    - nova-libvirt-cleanup
+  tasks:
+    - import_role:
+        name: nova-cell
+        tasks_from: libvirt-cleanup.yml

ansible/roles/baremetal/defaults/main.yml

@@ -68,13 +68,13 @@ redhat_pkg_install:
 ubuntu_pkg_removals:
  - lxd
  - lxc
- - libvirt-bin
+ - "{% if enable_nova_libvirt_container | bool %}libvirt-bin{% endif %}"
  - open-iscsi
  - "{% if enable_chrony | bool %}chrony{% endif %}"
 
 redhat_pkg_removals:
- - libvirt
- - libvirt-daemon
+ - "{% if enable_nova_libvirt_container | bool %}libvirt{% endif %}"
+ - "{% if enable_nova_libvirt_container | bool %}libvirt-daemon{% endif %}"
  - iscsi-initiator-utils
  - "{% if enable_chrony | bool %}chrony{% endif %}"
 
@@ -86,3 +86,6 @@ virtualenv:
 # directory. This is typically required for modules such as yum and apt which
 # are not available on PyPI.
 virtualenv_site_packages: True
+
+# Whether to remove the AppArmor libvirt profile on Ubuntu hosts.
+apparmor_remove_libvirt_profile: "{{ enable_nova_libvirt_container | bool }}"

ansible/roles/baremetal/tasks/post-install.yml

@@ -188,29 +188,30 @@
     daemon_reload: yes
   register: docker_reloaded
 
-- name: Get stat of libvirtd apparmor profile
-  stat:
-    path: /etc/apparmor.d/usr.sbin.libvirtd
-  register: apparmor_libvirtd_profile
-  when: ansible_facts.distribution == "Ubuntu"
-
-- name: Get stat of libvirtd apparmor disable profile
-  stat:
-    path: /etc/apparmor.d/disable/usr.sbin.libvirtd
-  register: apparmor_libvirtd_disable_profile
-  when: ansible_facts.distribution == "Ubuntu"
-
-- name: Remove apparmor profile for libvirt
-  shell: |
-    apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
-    ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
-  args:
-    executable: /bin/bash
-  become: True
+- block:
+    - name: Get stat of libvirtd apparmor profile
+      stat:
+        path: /etc/apparmor.d/usr.sbin.libvirtd
+      register: apparmor_libvirtd_profile
+
+    - name: Get stat of libvirtd apparmor disable profile
+      stat:
+        path: /etc/apparmor.d/disable/usr.sbin.libvirtd
+      register: apparmor_libvirtd_disable_profile
+
+    - name: Remove apparmor profile for libvirt
+      shell: |
+        apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
+        ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
+      args:
+        executable: /bin/bash
+      become: True
+      when:
+        - apparmor_libvirtd_profile.stat.exists
+        - not apparmor_libvirtd_disable_profile.stat.exists
   when:
     - ansible_facts.distribution == "Ubuntu"
-    - apparmor_libvirtd_profile.stat.exists
-    - not apparmor_libvirtd_disable_profile.stat.exists
+    - apparmor_remove_libvirt_profile | bool
 
 - name: Get stat of chronyd apparmor profile
   stat:

ansible/roles/ceilometer/defaults/main.yml

@@ -78,7 +78,7 @@ ceilometer_compute_default_volumes:
   - "/run/:/run/:shared"
   - "ceilometer:/var/lib/ceilometer/"
   - "kolla_logs:/var/log/kolla/"
-  - "nova_libvirt:/var/lib/libvirt"
+  - "{{ ceilometer_libvirt_volume }}:/var/lib/libvirt"
   - "{{ kolla_dev_repos_directory ~ '/ceilometer/ceilometer:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ceilometer' if ceilometer_dev_mode | bool else '' }}"
 ceilometer_ipmi_default_volumes:
   - "{{ node_config_directory }}/ceilometer-ipmi/:{{ container_config_directory }}/:ro"
@@ -94,6 +94,8 @@ ceilometer_central_extra_volumes: "{{ ceilometer_extra_volumes }}"
 ceilometer_compute_extra_volumes: "{{ ceilometer_extra_volumes }}"
 ceilometer_ipmi_extra_volumes: "{{ ceilometer_extra_volumes }}"
 
+ceilometer_libvirt_volume: "{{ 'nova_libvirt' if enable_nova_libvirt_container | bool else '/var/lib/libvirt' }}"
+
 ####################
 # OpenStack
 ####################

ansible/roles/cinder/tasks/external_ceph.yml

@@ -20,7 +20,7 @@
     - Restart {{ item.key }} container
 
 - name: Copy over Ceph keyring files for cinder-volume
-  copy:
+  template:
     src: "{{ node_custom_config }}/cinder/cinder-volume/{{ ceph_cinder_keyring }}"
     dest: "{{ node_config_directory }}/cinder-volume/"
     mode: "0660"
@@ -33,7 +33,7 @@
     - Restart cinder-volume container
 
 - name: Copy over Ceph keyring files for cinder-backup
-  copy:
+  template:
     src: "{{ node_custom_config }}/cinder/{{ item }}"
     dest: "{{ node_config_directory }}/cinder-backup/"
     mode: "0660"

ansible/roles/common/tasks/config.yml

@@ -128,7 +128,7 @@
       - name: "conf/input/04-openstack-wsgi.conf.j2"
         enabled: true
       - name: "conf/input/05-libvirt.conf.j2"
-        enabled: true
+        enabled: "{{ enable_nova | bool and enable_nova_libvirt_container | bool }}"
       - name: "conf/input/06-zookeeper.conf.j2"
         enabled: true
       - name: "conf/input/07-kafka.conf.j2"
@@ -222,7 +222,7 @@
       - { name: "neutron", enabled: "{{ enable_neutron | bool }}" }
       - { name: "neutron-tls-proxy", enabled: "{{ neutron_enable_tls_backend | bool }}" }
       - { name: "nova", enabled: "{{ enable_nova | bool }}" }
-      - { name: "nova-libvirt", enabled: "{{ enable_nova | bool and nova_compute_virt_type in ['kvm', 'qemu'] }}" }
+      - { name: "nova-libvirt", enabled: "{{ enable_nova | bool and enable_nova_libvirt_container | bool }}" }
       - { name: "octavia", enabled: "{{ enable_octavia | bool }}" }
       - { name: "openvswitch", enabled: "{{ enable_openvswitch | bool }}" }
       - { name: "outward-rabbitmq", enabled: "{{ enable_outward_rabbitmq | bool }}" }

ansible/roles/glance/tasks/external_ceph.yml

@@ -10,7 +10,7 @@
     - Restart glance-api container
 
 - name: Copy over ceph Glance keyring
-  copy:
+  template:
     src: "{{ node_custom_config }}/glance/{{ ceph_glance_keyring }}"
     dest: "{{ node_config_directory }}/glance-api/{{ ceph_glance_keyring }}"
     mode: "0660"

ansible/roles/gnocchi/tasks/external_ceph.yml

@@ -14,7 +14,7 @@
     - Restart {{ item }} container
 
 - name: Copy over ceph gnocchi keyring
-  copy:
+  template:
     src: "{{ node_custom_config }}/gnocchi/{{ ceph_gnocchi_keyring }}"
     dest: "{{ node_config_directory }}/{{ item }}/{{ ceph_gnocchi_keyring }}"
     mode: "0660"

ansible/roles/manila/tasks/external_ceph.yml

@@ -11,7 +11,7 @@
     - Restart manila-share container
 
 - name: Copy over Ceph keyring files for manila
-  copy:
+  template:
     src: "{{ node_custom_config }}/manila/{{ ceph_manila_keyring }}"
     dest: "{{ node_config_directory }}/manila-share/{{ ceph_manila_keyring }}"
     mode: "0600"