Skip to content

Commit

Permalink
Merge pull request #810 from Mirantis/jell/libvirt
Browse files Browse the repository at this point in the history
Use Mirantis hardened version of libvirt
  • Loading branch information
ivan4th authored Nov 27, 2018
2 parents f9f9823 + 8d9607b commit 9b43b4d
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 40 deletions.
2 changes: 1 addition & 1 deletion images/Dockerfile.build
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# TODO: generate this tag. unfortunately can't use ARG:
# https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
# (but add a note about it here for the future)
FROM mirantis/virtlet-build:v1-6f9c7ae7a63974b239cb6967e80521e4
FROM mirantis/virtlet-build:v1-c646263e8c2fa2e6430f0c48a2acff60
MAINTAINER Ivan Shvedunov <ishvedunov@mirantis.com>

LABEL virtlet.image="build"
Expand Down
2 changes: 1 addition & 1 deletion images/Dockerfile.build-base
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# TODO: generate this tag. unfortunately can't use ARG:
# https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
# (but add a note about it here for the future)
FROM mirantis/virtlet-base:v1-6f4014188b63faf8b6d48642ad29752f
FROM mirantis/virtlet-base:v1-25f4a227ec03c377ca90c433733c3ff5
MAINTAINER Ivan Shvedunov <ishvedunov@mirantis.com>

LABEL virtlet.image="build-base"
Expand Down
2 changes: 1 addition & 1 deletion images/Dockerfile.virtlet
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# TODO: generate this tag. unfortunately can't use ARG:
# https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
# (but add a note about it here for the future)
FROM mirantis/virtlet-base:v1-6f4014188b63faf8b6d48642ad29752f
FROM mirantis/virtlet-base:v1-25f4a227ec03c377ca90c433733c3ff5
MAINTAINER Ivan Shvedunov <ishvedunov@mirantis.com>

LABEL virtlet.image="virtlet"
Expand Down
42 changes: 8 additions & 34 deletions images/Dockerfile.virtlet-base
Original file line number Diff line number Diff line change
@@ -1,38 +1,18 @@
FROM ubuntu:16.04
MAINTAINER Ivan Shvedunov <ishvedunov@mirantis.com>

# BUMP 24.05.2018
# BUMP 23.11.2018

ENV DEBIAN_FRONTEND noninteractive

RUN echo deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted >>/etc/apt/sources.list && \
echo deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted >>/etc/apt/sources.list
RUN echo deb-src http://archive.ubuntu.com/ubuntu/ xenial main universe restricted >>/etc/apt/sources.list && \
echo deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main universe restricted >>/etc/apt/sources.list

RUN apt-get -y update && \
apt-get -y build-dep libvirt && \
apt-get -y build-dep libguestfs && \
apt-get -y build-dep supermin && \
apt-get -y install git libjansson-dev libhivex-ocaml-dev

RUN git clone https://github.com/libvirt/libvirt.git /libvirt && \
cd /libvirt && \
git checkout v3.7.0 && \
./autogen.sh --prefix=/usr/local \
--localstatedir=/var \
--sysconfdir=/etc \
--without-polkit \
--without-esx \
--without-vbox \
--without-xen \
--without-libxl \
--with-qemu \
--with-qemu-user=libvirt-qemu \
--with-qemu-group=kvm \
--without-lxc \
--without-nwfilter && \
make -j$(grep -c ^processor /proc/cpuinfo) && \
make -j$(grep -c ^processor /proc/cpuinfo) install

RUN git clone https://github.com/libguestfs/supermin.git && \
cd supermin && \
git checkout v5.1.19 && \
Expand All @@ -57,8 +37,11 @@ COPY --from=0 /usr/local /usr/local

ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && \
apt-get install -y bridge-utils \
RUN apt-get update && apt-get install -y curl && \
echo deb http://mirror.mirantis.com/proposed/openstack-queens/xenial xenial main >>/etc/apt/sources.list && \
curl http://mirror.mirantis.com/proposed/openstack-queens/xenial/archive-queens.key | apt-key add - && \
apt-get update && \
apt-get install -y libvirt-bin libvirt-daemon libvirt-dev bridge-utils \
openssl qemu-kvm \
netbase iptables ebtables vncsnapshot \
socat netcat-openbsd \
Expand All @@ -77,15 +60,6 @@ RUN apt-get update && \
dnsmasq libpcap0.8 libnetcf1 dmidecode && \
apt-get clean

RUN if ! getent group libvirtd >/dev/null; then addgroup --system libvirtd; fi && \
for u in $(getent group admin | sed -e "s/^.*://" -e "s/,/ /g"); do adduser "$u" libvirtd >/dev/null || true; done && \
for u in $(getent group sudo | sed -e "s/^.*://" -e "s/,/ /g"); do adduser "$u" libvirtd >/dev/null || true; done && \
if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm; fi && \
adduser --quiet --system --ingroup kvm --quiet --disabled-login --disabled-password \
--home /var/lib/libvirt --no-create-home -gecos "Libvirt Qemu" --uid 64055 libvirt-qemu && \
adduser --quiet --system --ingroup libvirtd --quiet --disabled-login --disabled-password \
--home /var/lib/libvirt/dnsmasq --no-create-home -gecos "Libvirt Dnsmasq" libvirt-dnsmasq

# TODO: try to go back to alpine
# TODO: check which libs are really needed for libvirt / libguestfs / supermin
# and which aren't
4 changes: 2 additions & 2 deletions images/image_skel/libvirt.sh
Original file line number Diff line number Diff line change
Expand Up @@ -59,11 +59,11 @@ chmod ug+s /vmwrapper
if [[ ${testmode} ]]; then
# leftover socket prevents libvirt from initializing correctly
rm -f /var/lib/libvirt/qemu/capabilities.monitor.sock
/usr/local/sbin/libvirtd --listen --daemon
/usr/sbin/libvirtd --listen --daemon
else
# FIXME: try using exec liveness probe instead
while true; do
/usr/local/sbin/libvirtd --listen
/usr/sbin/libvirtd --listen
sleep 1
done
fi
3 changes: 2 additions & 1 deletion tests/e2e/resources_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@ var _ = Describe("VM resources", func() {
Expect(m).To(HaveLen(2))
total += do(strconv.Atoi(m[1])).(int)
}
Expect(total).To(Equal(1024*(*memoryLimit) - 128))
Expect(total).To(BeNumerically(">", 1024*(*memoryLimit-1)))
Expect(total).To(BeNumerically("<", 1024*(*memoryLimit)))
})

It("Should grow the root volume size if requested", func() {
Expand Down

0 comments on commit 9b43b4d

Please sign in to comment.