Francesco Romani has uploaded a new change for review. Change subject: serial console: add code to prepare the path ......................................................................
serial console: add code to prepare the path Add support for vmconsole path preparation. The new supervdsm method ensures that the unix domain socket directory needed by ovirt-vmconsole integration exists and has the following permissions, ownership and SELinux attributes: /var/run/ovirt-vmconsole-console/ drwxrwxr-x. vdsm qemu system_u:object_r:qemu_var_run_t:s0 Since /var/run is supposed to be on tmpfs, this is enforced at every startup. Added a new tunable, default to on, to optionally disable this feature. Change-Id: I6f851d7f7233265d33896b3aad5604e84c8af53b Signed-off-by: Francesco Romani <[email protected]> --- M lib/vdsm/config.py.in M lib/vdsm/constants.py.in M vdsm/clientIF.py M vdsm/supervdsmServer M vdsm/vdsm 5 files changed, 32 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/96/41896/1 diff --git a/lib/vdsm/config.py.in b/lib/vdsm/config.py.in index 03a63c8..49f18cc 100644 --- a/lib/vdsm/config.py.in +++ b/lib/vdsm/config.py.in @@ -195,6 +195,9 @@ ('ssl_protocol', 'sslv23', 'SSL protocol used by encrypted connection'), + + ('vm_console_enable', 'true', + 'Enable VM serial console access using ovirt-vmconsole.'), ]), # Section: [mom] diff --git a/lib/vdsm/constants.py.in b/lib/vdsm/constants.py.in index 2890f3e..44a7ad4 100644 --- a/lib/vdsm/constants.py.in +++ b/lib/vdsm/constants.py.in @@ -67,6 +67,7 @@ # Path definitions # P_LIBVIRT_VMCHANNELS = '/var/lib/libvirt/qemu/channels/' +P_OVIRT_VMCONSOLES = '/var/run/ovirt-vmconsole-console/' P_VDSM = '@VDSMDIR@/' P_VDSM_RPC = '@VDSMDIR@/rpc/' P_VDSM_HOOKS = '@HOOKSDIR@/' diff --git a/vdsm/clientIF.py b/vdsm/clientIF.py index b2bb119..6cfabd7 100644 --- a/vdsm/clientIF.py +++ b/vdsm/clientIF.py @@ -121,6 +121,18 @@ self.mom.stop() raise + def prepareVmConsoleDir(self): + if config.getboolean('vars', 'vm_console_enable'): + self.log.debug('preparing vmconsole directory: %s', + constants.P_OVIRT_VMCONSOLES) + + try: + supervdsm.getProxy().prepareVmConsolePath( + constants.P_OVIRT_VMCONSOLES) + except OSError as e: + if e.errno != os.errno.EEXIST: + raise + def getVMs(self): """ Get a snapshot of the currently registered VMs. diff --git a/vdsm/supervdsmServer b/vdsm/supervdsmServer index ef7a710..fbd810e 100755 --- a/vdsm/supervdsmServer +++ b/vdsm/supervdsmServer @@ -31,6 +31,9 @@ import signal import logging import logging.config + +import selinux + from vdsm.infra import sigutils import numaUtils @@ -86,6 +89,10 @@ _UDEV_RULE_FILE_NAME_VFIO = os.path.join( _UDEV_RULE_FILE_DIR, _UDEV_RULE_FILE_PREFIX + "iommu_group_%s" + _UDEV_RULE_FILE_EXT) + + +_SELINUX_VIRT_VMCONSOLE_LABEL = 'system_u:object_r:qemu_var_run_t:s0' + RUN_AS_TIMEOUT = config.getint("irs", "process_pool_timeout") @@ -207,6 +214,13 @@ def changeNumvfs(self, device_name, numvfs): return changeNumvfs(device_name, numvfs) + @logDecorator + def prepareVmConsolePath(self, consoleDir): + os.makedirs(consoleDir, mode=0o775) + chown(consoleDir, VDSM_USER, QEMU_PROCESS_GROUP) + if selinux.is_selinux_enabled(): + selinux.chcon(consoleDir, _SELINUX_VIRT_VMCONSOLE_LABEL) + def _runAs(self, user, groups, func, args=(), kwargs={}): def child(pipe): res = ex = None diff --git a/vdsm/vdsm b/vdsm/vdsm index 67f21a4..c319d57 100755 --- a/vdsm/vdsm +++ b/vdsm/vdsm @@ -94,6 +94,8 @@ install_manhole({'irs': irs, 'cif': cif}) + cif.prepareVmConsoleDir() + cif.start() periodic.start(cif) try: -- To view, visit https://gerrit.ovirt.org/41896 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6f851d7f7233265d33896b3aad5604e84c8af53b Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Francesco Romani <[email protected]> _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
