Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:redwil:15.4
kvm-server-container
container.obscpio
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File container.obscpio of Package kvm-server-container
07070100000000000081a40000000000000000000000016538743500000161000000000000000000000000000000000000001e00000000container/default_network.xml<network> <name>default_network</name> <uuid>f243d94b-bd5b-415d-b4c7-ccb78ec3dc9e</uuid> <forward mode='nat'/> <bridge name='virbr5' stp='on' delay='0'/> <mac address='52:54:00:d0:61:e9'/> <ip address='192.168.10.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.10.2' end='192.168.10.254'/> </dhcp> </ip> </network> 07070100000001000081ed0000000000000000000000016538743500001846000000000000000000000000000000000000001c00000000container/kvm-server-manage#!/bin/bash N='\033[0m' G='\033[0;32m' Y='\033[1;33m' R='\033[0;31m' SYM='\xe2\x97\x8f' SUCCESS='\xe2\x9c\x85' FAIL='\xe2\x9d\x8c' COMMAND=$1 LIBVIRTD_STATE=$(systemctl is-active libvirtd.socket) CONTAINER_STATE=$(systemctl is-active kvm-server-container.service) if [ "$EUID" != 0 ]; then sudo -S "$0" "$@" exit $? fi show_help() { cat <<EOF Usage: kvm-server-manage <command> Commands: enable: Disables and stops monolithic libvirtd service if present Starts the KVM server container only if it isn't already running Enables and (re)starts the modular libvirt services restart: Performs the same actions as 'enable' but will also restart the KVM server container if active Warning: Running VMs will be stopped before the container is restarted disable: Disables and stops the modular libvirt daemons Disables and stops the KVM server container stop: Stops the KVM Container Will be started again on next host boot unless 'disable' is called verify: Prints whether the KVM server container and all required services are currently active Otherwise, prints inactive services that need to be addressed help: Prints this help message EOF } if [[ "$COMMAND" = "enable" || "$COMMAND" = "restart" ]]; then # Disable the libvirtd monolithic daemon if present if [ "$LIBVIRTD_STATE" = "active" ]; then systemctl stop libvirtd.service && \ echo -e "${G}${SYM} ${N}Stopped libvirtd.service" || \ echo -e "${R}${SYM} ${N}Failed to stop libvirtd.service" systemctl stop libvirtd{,-ro,-admin,-tcp,-tls}.socket systemctl disable libvirtd.service systemctl disable libvirtd{,-ro,-admin,-tcp,-tls}.socket fi # (Re)Start the kvm server container if [[ "$CONTAINER_STATE" != "active" || "$COMMAND" = "restart" ]]; then echo -e "${Y}${SYM} ${N}Starting KVM Container" systemctl daemon-reload systemctl enable kvm-server-container.service systemctl restart kvm-server-container.service && \ echo -e "${G}${SYM} ${N}KVM Container Started" || \ echo -e "${R}${SYM} ${N}KVM Container Failed to Start" fi # Enable modular libvirt daemons on the host for drv in log lock do systemctl enable container-virt${drv}d.service systemctl enable virt${drv}d{,-admin}.socket systemctl restart virt${drv}d{,-admin}.socket systemctl restart container-virt${drv}d.service && \ echo -e "${G}${SYM} ${N}Started container-virt${drv}d.service" || \ echo -e "${R}${SYM} ${N}Failed to start container-virt${drv}d.service" done for drv in qemu network nodedev nwfilter proxy secret storage do systemctl unmask container-virt${drv}d.service systemctl unmask virt${drv}d{,-ro,-admin}.socket systemctl enable container-virt${drv}d.service systemctl enable virt${drv}d{,-ro,-admin}.socket systemctl restart virt${drv}d{,-ro,-admin}.socket systemctl restart container-virt${drv}d.service && \ echo -e "${G}${SYM} ${N}Started container-virt${drv}d.service" || \ echo -e "${R}${SYM} ${N}Failed to start container-virt${drv}d.service" done elif [[ "$CONTAINER_STATE" = "active" && ( "$COMMAND" = "stop" || "$COMMAND" = "disable" ) ]]; then # Disable modular libvirt daemons on the host if [ "$COMMAND" = "disable" ]; then for drv in qemu network nodedev nwfilter proxy secret storage do systemctl stop container-virt${drv}d.service && \ echo -e "${G}${SYM} ${N}Stopped container-virt${drv}d.service" || \ echo -e "${R}${SYM} ${N}Failed to stop container-virt${drv}d.service" systemctl stop virt${drv}d{,-ro,-admin}.socket systemctl disable container-virt${drv}d.service systemctl disable virt${drv}d{,-ro,-admin}.socket done for drv in log lock do systemctl stop container-virt${drv}d.service && \ echo -e "${G}${SYM} ${N}Stopped container-virt${drv}d.service" || \ echo -e "${R}${SYM} ${N}Failed to stop container-virt${drv}d.service" systemctl stop virt${drv}d{,-admin}.socket systemctl disable container-virt${drv}d.service systemctl disable virt${drv}d{,-admin}.socket done # Disable container service systemctl disable kvm-server-container.service fi # Stop the kvm server container. Stop the container for both "stop" and "disable" echo -e "${Y}${SYM} ${N}Stopping KVM Container" systemctl stop kvm-server-container.service && \ echo -e "${G}${SYM} ${N}KVM Container Stopped" || \ echo -e "${R}${SYM} ${N}KVM Container Failed to Stop" # No-op stop and disable if the container has already been stopped. Needed for uninstall script elif [[ "$CONTAINER_STATE" != "active" && ( "$COMMAND" = "stop" || "$COMMAND" = "disable" ) ]]; then echo "KVM Container already stopped. Nothing to do" elif [ "$COMMAND" = "verify" ]; then # Account for libvirt services plus kvm-server-container service count=-1 daemons=(qemu network nodedev nwfilter proxy secret storage log lock) if [ "$(systemctl is-active kvm-server-container.service)" = "active" ]; then let "count++" else echo -e "${R}${SYM} ${N}kvm-server-container.service is not active. See 'journalctl -xeu kvm-server-container.service' for more info" fi for drv in "${daemons[@]}" do if [ "$(systemctl is-active container-virt${drv}d.service)" = "active" ]; then let "count++" else echo -e "${R}${SYM} ${N}container-virt${drv}d.service is not active. See 'journalctl -xeu container-virt${drv}d.service' for more info" fi done if [ "${count}" -eq "${#daemons[@]}" ]; then echo -e "${G}${SUCCESS} ${N}All required services are currently active" else echo -e "${R}${FAIL} ${N}One or more required services are inactive" fi elif [[ "$COMMAND" = "help" || "$COMMAND" = "--help" ]]; then show_help else echo "kvm-server-manage: Unknown command \"$COMMAND\"" show_help fi 07070100000002000081a40000000000000000000000016538743500000410000000000000000000000000000000000000001a00000000container/kvm-server.conf# CONTAINER CONTAINER_NAME=kvm-server # OFFICIAL image IMAGE=registry.opensuse.org/suse/alp/workloads/tumbleweed_containerfiles/suse/alp/workloads/kvm-server:latest # For Dev builds #IMAGE=registry.opensuse.org/virtualization/containerfile/suse/alp/workloads/kvm-server:latest #IMAGE=localhost/kvmlocal:latest # TODO: These Vars should be brought in by EnvironmentFile= in the systemd units but they never resolve correctly # VARS DATA=/var/lib/libvirt/images ETCLIBVIRT=/etc/libvirt VARRUNLIBVIRT=/var/run/libvirt QEMUFIRMWARE=/usr/share/qemu # Virtual Machine configuration # currently only 'OpenStack' contain cloud-init #https://download.opensuse.org/tumbleweed/appliances/openSUSE-Tumbleweed-Minimal-VM.x86_64-kvm-and-xen.qcow2 APPLIANCE_MIRROR=https://download.opensuse.org/tumbleweed/appliances APPLIANCE=openSUSE-Tumbleweed-Minimal-VM.x86_64-kvm-and-xen BACKING_DIR=${DATA} BACKING_FORMAT=qcow2 BACKING_STORE=${BACKING_DIR}/${APPLIANCE}.${BACKING_FORMAT} DOMAIN=Tumbleweed-JeOS BRIDGEIF=virbr5 DISKSIZE=8 VMMEMORY=1024 VCPU=1 07070100000003000081a4000000000000000000000001653874350000098d000000000000000000000000000000000000001800000000container/label-install#!/bin/bash # This is the install script for kvm when run in a privileged # container. CONTAINER=kvm-server # ETC MAINCONF=${CONTAINER}.conf NETCONF=libvirt/qemu/networks/default_network.xml QEMUCONF=libvirt/qemu.conf # BIN VIRTINSTALLDEMO=virt-install-demo.sh MANAGE=${CONTAINER}-manage # Check for read only root filesystem is_read_only() { [[ -n $(awk '$2 ~ /\/host$/ && $4 ~ /(^|,)ro($|,)/' /host/proc/mounts) ]] } # Install/update scripts on the host BIN_INSTALL_PATH=$(is_read_only && echo "/host/usr/local/bin" || echo "/host/usr/bin") SYSTEMD_INSTALL_PATH=$(is_read_only && echo "/host/usr/local/lib/systemd/system" || echo "/host/usr/lib/systemd/system") QEMU_FIRM_PATH=$(is_read_only && echo "/host/usr/local/share/qemu" || echo "/host/usr/share/qemu") install_common() { mkdir -p /host/etc/libvirt mkdir -p /host/var/lib/libvirt/images mkdir -p /host/etc/libvirt/qemu/networks mkdir -p ${QEMU_FIRM_PATH} mkdir -p ${SYSTEMD_INSTALL_PATH} } install_bin() { SCRIPT=$1 cp -a /container/${SCRIPT} ${BIN_INSTALL_PATH}/ # ensure the script is executable in bin dir chmod 755 ${BIN_INSTALL_PATH}/${SCRIPT} } # Install but don't update config files install_config() { CONF=$1 if [ ! -e /host/etc/${CONF} ]; then cp -a /container/$(basename ${CONF}) /host/etc/${CONF} else echo "/host/etc/${CONF} already exist, will not update it" fi } install_units() { cp -a /container/systemd/* ${SYSTEMD_INSTALL_PATH}/ } # "Export" the QEMU firmware directory for use by the kvm-client container # It would be nice to put this in a named volume but that would involve calling # podman from inside the container install_firmware() { cp -ra /usr/share/qemu/* ${QEMU_FIRM_PATH}/ } ## MAIN echo "Running Install Label" install_common install_config ${MAINCONF} install_config ${NETCONF} install_config ${QEMUCONF} install_bin ${VIRTINSTALLDEMO} install_bin ${MANAGE} install_units install_firmware # save the image path for the container that was used to run the install # as the default container image to use for the libvirtd service. The # image path to use should be available in the IMAGE environment variable. INSTALL_IMAGE=${IMAGE} source /host/etc/${MAINCONF} # IMAGE is now exported from /host/etc/${MAINCONF} and potentially different if [ "${INSTALL_IMAGE}" != "${IMAGE}" ]; then sed -i "s|^IMAGE=.*$|DEFAULT_IMAGE=${IMAGE}\nIMAGE=${INSTALL_IMAGE}|" host/etc/${MAINCONF} fi 07070100000004000081a400000000000000000000000165387435000008a0000000000000000000000000000000000000001a00000000container/label-uninstall#!/bin/bash # This is the uninstall script for kvm when run in a privileged # container. CONTAINER=kvm-server # Check for read only root filesystem is_read_only() { [[ -n $(awk '$2 ~ /\/host$/ && $4 ~ /(^|,)ro($|,)/' /host/proc/mounts) ]] } delete_file() { PATH=$1 FILE=$2 if [ ! -z "${PATH}/${FILE}" ]; then if [ ! -e "${PATH}/${FILE}" ]; then echo "${FILE} not present, nothing to remove" else /usr/bin/rm -f ${PATH}/${FILE} fi fi } BIN_INSTALL_PATH=$(is_read_only && echo "/host/usr/local/bin" || echo "/host/usr/bin") SYSTEMD_INSTALL_PATH=$(is_read_only && echo "/host/usr/local/lib/systemd/system" || echo "/host/usr/lib/systemd/system") QEMU_FIRM_PATH=$(is_read_only && echo "/host/usr/local/share/qemu" || echo "/host/usr/share/qemu") # removing installed files echo "LABEL UNINSTALL: Removing all files" delete_file /host/etc ${CONTAINER}.conf delete_file /host/etc/libvirt/qemu/networks default_network.xml delete_file ${BIN_INSTALL_PATH} virt-install-demo.sh delete_file ${BIN_INSTALL_PATH} ${CONTAINER}-manage # Remove systemd unit files from host for drv in qemu network nodedev nwfilter proxy secret storage; do delete_file ${SYSTEMD_INSTALL_PATH} container-virt${drv}d.service delete_file ${SYSTEMD_INSTALL_PATH} virt${drv}d.socket delete_file ${SYSTEMD_INSTALL_PATH} virt${drv}d-ro.socket delete_file ${SYSTEMD_INSTALL_PATH} virt${drv}d-admin.socket done for drv in log lock; do delete_file ${SYSTEMD_INSTALL_PATH} container-virt${drv}d.service delete_file ${SYSTEMD_INSTALL_PATH} virt${drv}d.socket delete_file ${SYSTEMD_INSTALL_PATH} virt${drv}d-admin.socket done delete_file ${SYSTEMD_INSTALL_PATH} virtproxyd-tls.socket delete_file ${SYSTEMD_INSTALL_PATH} virtproxyd-tcp.socket delete_file ${SYSTEMD_INSTALL_PATH} libvirtd.socket delete_file ${SYSTEMD_INSTALL_PATH} libvirtd-ro.socket delete_file ${SYSTEMD_INSTALL_PATH} libvirtd-admin.socket delete_file ${SYSTEMD_INSTALL_PATH} libvirtd-tls.socket delete_file ${SYSTEMD_INSTALL_PATH} libvirtd-tcp.socket delete_file ${SYSTEMD_INSTALL_PATH} kvm-server-container.service # Remove installed libvirt configs /usr/bin/rm -rf /host/etc/libvirt # Remove qemu data dir /usr/bin/rm -rf ${QEMU_FIRM_PATH} 07070100000005000081a40000000000000000000000016538743500000028000000000000000000000000000000000000001400000000container/qemu.confcgroup_controllers = [] namespaces = [] 07070100000006000081a400000000000000000000000165387435000003f2000000000000000000000000000000000000002e00000000container/systemd/container-virtlockd.service[Unit] Description=Virtual machine lock manager Conflicts=libvirtd.service virtlockd.service Requires=virtlockd.socket Requires=virtlockd-admin.socket Before=container-virtqemud.service After=kvm-server-container.service BindsTo=kvm-server-container.service Documentation=man:virtlockd(8) Documentation=https://libvirt.org [Service] Type=forking Environment=VIRTLOCKD_ARGS="" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/sysconfig/container-virtlockd EnvironmentFile=-/etc/kvm-server.conf ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtlockd $VIRTLOCKD_ARGS Restart=on-failure RestartSec=2 # Losing the locks is a really bad thing that will # cause the machine to be fenced (rebooted), so make # sure we discourage OOM killer OOMScoreAdjust=-900 # Needs to allow for max guests * average disks per guest # libvirtd.service written to expect 4096 guests, so if we # allow for 10 disks per guest, we get: LimitNOFILE=40960 [Install] Also=virtlockd.socket 07070100000007000081a40000000000000000000000016538743500000476000000000000000000000000000000000000002d00000000container/systemd/container-virtlogd.service[Unit] Description=Virtual machine log manager Conflicts=libvirtd.service virtlogd.service Requires=virtlogd.socket Requires=virtlogd-admin.socket Before=container-virtqemud.service After=kvm-server-container.service BindsTo=kvm-server-container.service Documentation=man:virtlogd(8) Documentation=https://libvirt.org [Service] Type=forking Environment=VIRTLOGD_ARGS="" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/sysconfig/container-virtlogd EnvironmentFile=-/etc/kvm-server.conf ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtlogd $VIRTLOGD_ARGS Restart=on-failure RestartSec=2 # Losing the logs is a really bad thing that will # cause the machine to be fenced (rebooted), so make # sure we discourage OOM killer OOMScoreAdjust=-900 # Need to have at least one file open per guest (eg QEMU # stdio log), but might be more (eg serial console logs) # A common case is OpenStack which often has up to 4 file # handles per guest. # libvirtd.service written to expect 4096 guests, so if we # guess at 4 files per guest here that is 16k: LimitNOFILE=16384 [Install] Also=virtlogd.socket 07070100000008000081a400000000000000000000000165387435000003b3000000000000000000000000000000000000003100000000container/systemd/container-virtnetworkd.service[Unit] Description=Virtualization network daemon Conflicts=libvirtd.service virtnetworkd.service Requires=virtnetworkd.socket Requires=virtnetworkd-ro.socket Requires=virtnetworkd-admin.socket After=network.target After=firewalld.service After=iptables.service After=ip6tables.service After=dbus.service After=apparmor.service After=local-fs.target After=kvm-server-container.service BindsTo=kvm-server-container.service Documentation=man:virtnetworkd(8) Documentation=https://libvirt.org [Service] Type=forking Environment=VIRTNETWORKD_ARGS="" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/kvm-server.conf EnvironmentFile=-/etc/sysconfig/container-virtnetworkd ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtnetworkd $VIRTNETWORKD_ARGS Restart=on-failure RestartSec=2 [Install] WantedBy=multi-user.target Also=virtnetworkd.socket Also=virtnetworkd-ro.socket Also=virtnetworkd-admin.socket 07070100000009000081a4000000000000000000000001653874350000036b000000000000000000000000000000000000003100000000container/systemd/container-virtnodedevd.service[Unit] Description=Virtualization nodedev daemon Conflicts=libvirtd.service virtnodedevd.service Requires=virtnodedevd.socket Requires=virtnodedevd-ro.socket Requires=virtnodedevd-admin.socket After=network.target After=dbus.service After=apparmor.service After=local-fs.target After=kvm-server-container.service BindsTo=kvm-server-container.service Documentation=man:virtnodedevd(8) Documentation=https://libvirt.org [Service] Type=forking Environment=VIRTNODEDEVD_ARGS="" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/sysconfig/container-virtnodedevd EnvironmentFile=-/etc/kvm-server.conf ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtnodedevd $VIRTNODEDEVD_ARGS Restart=on-failure RestartSec=2 [Install] WantedBy=multi-user.target Also=virtnodedevd.socket Also=virtnodedevd-ro.socket Also=virtnodedevd-admin.socket 0707010000000a000081a40000000000000000000000016538743500000378000000000000000000000000000000000000003200000000container/systemd/container-virtnwfilterd.service[Unit] Description=Virtualization nwfilter daemon Conflicts=libvirtd.service virtnwfilterd.service Requires=virtnwfilterd.socket Requires=virtnwfilterd-ro.socket Requires=virtnwfilterd-admin.socket After=network.target After=dbus.service After=apparmor.service After=local-fs.target After=kvm-server-container.service BindsTo=kvm-server-container.service Documentation=man:virtnwfilterd(8) Documentation=https://libvirt.org [Service] Type=forking Environment=VIRTNWFILTERD_ARGS="" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/sysconfig/container-virtnwfilterd EnvironmentFile=-/etc/kvm-server.conf ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtnwfilterd $VIRTNWFILTERD_ARGS Restart=on-failure RestartSec=2 [Install] WantedBy=multi-user.target Also=virtnwfilterd.socket Also=virtnwfilterd-ro.socket Also=virtnwfilterd-admin.socket 0707010000000b000081a4000000000000000000000001653874350000034b000000000000000000000000000000000000002f00000000container/systemd/container-virtproxyd.service[Unit] Description=Virtualization daemon Conflicts=libvirtd.service virtproxyd.service Requires=virtproxyd.socket Requires=virtproxyd-ro.socket Requires=virtproxyd-admin.socket After=network.target After=dbus.service After=apparmor.service After=local-fs.target After=kvm-server-container.service BindsTo=kvm-server-container.service Documentation=man:virtproxyd(8) Documentation=https://libvirt.org [Service] Type=forking Environment=VIRTPROXYD_ARGS="" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/sysconfig/container-virtproxyd EnvironmentFile=-/etc/kvm-server.conf ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtproxyd $VIRTPROXYD_ARGS Restart=on-failure RestartSec=2 [Install] WantedBy=multi-user.target Also=virtproxyd.socket Also=virtproxyd-ro.socket Also=virtproxyd-admin.socket 0707010000000c000081a4000000000000000000000001653874350000070b000000000000000000000000000000000000002e00000000container/systemd/container-virtqemud.service[Unit] Description=Virtualization qemu daemon Conflicts=libvirtd.service virtqemud.service Requires=virtlogd.socket Requires=virtlockd.socket Requires=virtqemud.socket Requires=virtqemud-ro.socket Requires=virtqemud-admin.socket Wants=systemd-machined.service Before=libvirt-guests.service After=kvm-server-container.service BindsTo=kvm-server-container.service Documentation=man:virtqemud(8) Documentation=https://libvirt.org [Service] Type=forking Environment=VIRTQEMUD_ARGS="" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/sysconfig/container-virtqemud EnvironmentFile=-/etc/kvm-server.conf ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtqemud $VIRTQEMUD_ARGS Restart=on-failure RestartSec=2 # At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent). # eg if we want to support 4096 guests, we'll typically need 8192 FDs # If changing this, also consider container-virtlogd.service & container-virtlockd.service # limits which are also related to number of guests LimitNOFILE=8192 # The cgroups pids controller can limit the number of tasks started by # the daemon, which can limit the number of domains for some hypervisors. # A conservative default of 8 tasks per guest results in a TasksMax of # 32k to support 4096 guests. TasksMax=32768 # With cgroups v2 there is no devices controller anymore, we have to use # eBPF to control access to devices. In order to do that we create a eBPF # hash MAP which locks memory. The default map size for 64 devices together # with program takes 12k per guest. After rounding up we will get 64M to # support 4096 guests. LimitMEMLOCK=64M [Install] WantedBy=multi-user.target Also=virtlogd.socket Also=virtlockd.socket Also=virtqemud.socket Also=virtqemud-ro.socket Also=virtqemud-admin.socket 0707010000000d000081a4000000000000000000000001653874350000035e000000000000000000000000000000000000003000000000container/systemd/container-virtsecretd.service[Unit] Description=Virtualization secret daemon Conflicts=libvirtd.service virtsecretd.service Requires=virtsecretd.socket Requires=virtsecretd-ro.socket Requires=virtsecretd-admin.socket After=network.target After=dbus.service After=apparmor.service After=local-fs.target After=kvm-server-container.service BindsTo=kvm-server-container.service Documentation=man:virtsecretd(8) Documentation=https://libvirt.org [Service] Type=forking Environment=VIRTSECRETD_ARGS="" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/sysconfig/container-virtsecretd EnvironmentFile=-/etc/kvm-server.conf ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtsecretd $VIRTSECRETD_ARGS Restart=on-failure RestartSec=2 [Install] WantedBy=multi-user.target Also=virtsecretd.socket Also=virtsecretd-ro.socket Also=virtsecretd-admin.socket 0707010000000e000081a40000000000000000000000016538743500000397000000000000000000000000000000000000003100000000container/systemd/container-virtstoraged.service[Unit] Description=Virtualization storage daemon Conflicts=libvirtd.service virtstoraged.service Requires=virtstoraged.socket Requires=virtstoraged-ro.socket Requires=virtstoraged-admin.socket After=network.target After=dbus.service After=iscsid.service After=apparmor.service After=local-fs.target After=remote-fs.target After=kvm-server-container.service BindsTo=kvm-server-container.service Documentation=man:virtstoraged(8) Documentation=https://libvirt.org [Service] Type=forking Environment=VIRTSTORAGED_ARGS="" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/sysconfig/container-virtstoraged EnvironmentFile=-/etc/kvm-server.conf ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtstoraged $VIRTSTORAGED_ARGS Restart=on-failure RestartSec=2 [Install] WantedBy=multi-user.target Also=virtstoraged.socket Also=virtstoraged-ro.socket Also=virtstoraged-admin.socket 0707010000000f000081a40000000000000000000000016538743500000693000000000000000000000000000000000000002f00000000container/systemd/kvm-server-container.service[Unit] Description=Meta service for containerized virtualization daemon Conflicts=libvirtd.service Wants=systemd-machined.service Before=container-virtlogd.service Before=container-virtlockd.service Before=container-virtqemud.service Before=container-virtnetworkd.service Before=container-virtnwfilterd.service Before=container-virtnodedevd.service Before=container-virtsecretd.service Before=container-virtstoraged.service After=network-online.target After=dbus.service After=apparmor.service After=local-fs.target After=remote-fs.target After=systemd-logind.service After=systemd-machined.service [Service] Type=notify NotifyAccess=all Environment=IMAGE="registry.opensuse.org/suse/alp/workloads/tumbleweed_containerfiles/suse/alp/workloads/kvm-server:latest" Environment=CONTAINER_NAME="kvm-server" EnvironmentFile=-/etc/sysconfig/kvm-server-container EnvironmentFile=-/etc/kvm-server.conf ExecStartPre=/bin/rm -f %t/%n.pid %t/%n.ctr-id ExecStartPre=/usr/bin/mkdir -p /run/libvirt ExecStart=/usr/bin/podman run --conmon-pidfile %t/%n.pid --cidfile %t/%n.ctr-id --cgroups=no-conmon --sdnotify=conmon --init --detach --replace --rm --net=host --privileged --cgroupns=host -e IMAGE=${IMAGE} -v /:/host -v /run/libvirt:/run/libvirt -v /etc/libvirt:/etc/libvirt -v /var/lib/libvirt/images:/var/lib/libvirt/images --name ${CONTAINER_NAME} ${IMAGE} /usr/bin/sleep infinity ExecStop=-+virsh -c qemu:///system stop --all ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%n.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%n.ctr-id KillMode=control-group Restart=on-failure TimeoutStartSec=70 TimeoutStopSec=120 RestartSec=1 [Install] WantedBy=multi-user.target 07070100000010000081a40000000000000000000000016538743500000120000000000000000000000000000000000000002900000000container/systemd/virtlockd-admin.socket[Unit] Description=Virtual machine lock manager admin socket Before=container-virtqemud.service BindsTo=virtlockd.socket After=virtlockd.socket [Socket] ListenStream=/run/libvirt/virtlockd-admin-sock Service=container-virtlockd.service SocketMode=0600 [Install] WantedBy=sockets.target 07070100000011000081a40000000000000000000000016538743500000107000000000000000000000000000000000000002300000000container/systemd/virtlockd.socket[Unit] Description=Virtual machine lock manager socket Before=container-virtqemud.service Before=container-virtlockd.service [Socket] ListenStream=/run/libvirt/virtlockd-sock Service=container-virtlockd.service SocketMode=0600 [Install] WantedBy=sockets.target 07070100000012000081a40000000000000000000000016538743500000115000000000000000000000000000000000000002800000000container/systemd/virtlogd-admin.socket[Unit] Description=Virtual machine log manager socket Before=container-virtqemud.service BindsTo=virtlogd.socket After=virtlogd.socket [Socket] ListenStream=/run/libvirt/virtlogd-admin-sock Service=container-virtlogd.service SocketMode=0600 [Install] WantedBy=sockets.target 07070100000013000081a40000000000000000000000016538743500000103000000000000000000000000000000000000002200000000container/systemd/virtlogd.socket[Unit] Description=Virtual machine log manager socket Before=container-virtqemud.service Before=container-virtlogd.service [Socket] ListenStream=/run/libvirt/virtlogd-sock Service=container-virtlogd.service SocketMode=0600 [Install] WantedBy=sockets.target 07070100000014000081a40000000000000000000000016538743500000123000000000000000000000000000000000000002c00000000container/systemd/virtnetworkd-admin.socket[Unit] Description=Libvirt network admin socket Before=container-virtnetworkd.service BindsTo=virtnetworkd.socket After=virtnetworkd.socket [Socket] ListenStream=/run/libvirt/virtnetworkd-admin-sock Service=container-virtnetworkd.service SocketMode=0600 [Install] WantedBy=sockets.target 07070100000015000081a4000000000000000000000001653874350000012a000000000000000000000000000000000000002900000000container/systemd/virtnetworkd-ro.socket[Unit] Description=Libvirt network local read-only socket Before=container-virtnetworkd.service BindsTo=virtnetworkd.socket After=virtnetworkd.socket [Socket] ListenStream=/run/libvirt/virtnetworkd-sock-ro Service=container-virtnetworkd.service SocketMode=0666 [Install] WantedBy=sockets.target 07070100000016000081a400000000000000000000000165387435000000f8000000000000000000000000000000000000002600000000container/systemd/virtnetworkd.socket[Unit] Description=Libvirt network local socket Before=container-virtnetworkd.service [Socket] ListenStream=/run/libvirt/virtnetworkd-sock Service=container-virtnetworkd.service SocketMode=0666 RemoveOnStop=yes [Install] WantedBy=sockets.target 07070100000017000081a40000000000000000000000016538743500000123000000000000000000000000000000000000002c00000000container/systemd/virtnodedevd-admin.socket[Unit] Description=Libvirt nodedev admin socket Before=container-virtnodedevd.service BindsTo=virtnodedevd.socket After=virtnodedevd.socket [Socket] ListenStream=/run/libvirt/virtnodedevd-admin-sock Service=container-virtnodedevd.service SocketMode=0600 [Install] WantedBy=sockets.target 07070100000018000081a4000000000000000000000001653874350000012a000000000000000000000000000000000000002900000000container/systemd/virtnodedevd-ro.socket[Unit] Description=Libvirt nodedev local read-only socket Before=container-virtnodedevd.service BindsTo=virtnodedevd.socket After=virtnodedevd.socket [Socket] ListenStream=/run/libvirt/virtnodedevd-sock-ro Service=container-virtnodedevd.service SocketMode=0666 [Install] WantedBy=sockets.target 07070100000019000081a400000000000000000000000165387435000000f8000000000000000000000000000000000000002600000000container/systemd/virtnodedevd.socket[Unit] Description=Libvirt nodedev local socket Before=container-virtnodedevd.service [Socket] ListenStream=/run/libvirt/virtnodedevd-sock Service=container-virtnodedevd.service SocketMode=0666 RemoveOnStop=yes [Install] WantedBy=sockets.target 0707010000001a000081a40000000000000000000000016538743500000129000000000000000000000000000000000000002d00000000container/systemd/virtnwfilterd-admin.socket[Unit] Description=Libvirt nwfilter admin socket Before=container-virtnwfilterd.service BindsTo=virtnwfilterd.socket After=virtnwfilterd.socket [Socket] ListenStream=/run/libvirt/virtnwfilterd-admin-sock Service=container-virtnwfilterd.service SocketMode=0600 [Install] WantedBy=sockets.target 0707010000001b000081a40000000000000000000000016538743500000130000000000000000000000000000000000000002a00000000container/systemd/virtnwfilterd-ro.socket[Unit] Description=Libvirt nwfilter local read-only socket Before=container-virtnwfilterd.service BindsTo=virtnwfilterd.socket After=virtnwfilterd.socket [Socket] ListenStream=/run/libvirt/virtnwfilterd-sock-ro Service=container-virtnwfilterd.service SocketMode=0666 [Install] WantedBy=sockets.target 0707010000001c000081a400000000000000000000000165387435000000fc000000000000000000000000000000000000002700000000container/systemd/virtnwfilterd.socket[Unit] Description=Libvirt nwfilter local socket Before=container-virtnwfilterd.service [Socket] ListenStream=/run/libvirt/virtnwfilterd-sock Service=container-virtnwfilterd.service SocketMode=0666 RemoveOnStop=yes [Install] WantedBy=sockets.target 0707010000001d000081a40000000000000000000000016538743500000181000000000000000000000000000000000000002a00000000container/systemd/virtproxyd-admin.socket[Unit] Description=Libvirt proxy admin socket Before=container-virtproxyd.service BindsTo=virtproxyd.socket After=virtproxyd.socket Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket [Socket] ListenStream=/run/libvirt/virtproxyd-admin-sock Service=container-virtproxyd.service SocketMode=0600 [Install] WantedBy=sockets.target 0707010000001e000081a40000000000000000000000016538743500000188000000000000000000000000000000000000002700000000container/systemd/virtproxyd-ro.socket[Unit] Description=Libvirt proxy local read-only socket Before=container-virtproxyd.service BindsTo=virtproxyd.socket After=virtproxyd.socket Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket [Socket] ListenStream=/run/libvirt/virtproxyd-sock-ro Service=container-virtproxyd.service SocketMode=0666 [Install] WantedBy=sockets.target 0707010000001f000081a40000000000000000000000016538743500000159000000000000000000000000000000000000002800000000container/systemd/virtproxyd-tcp.socket[Unit] Description=Libvirt proxy non-TLS IP socket Before=container-virtproxyd.service BindsTo=virtproxyd.socket After=virtproxyd.socket Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket [Socket] ListenStream=16509 Service=container-virtproxyd.service [Install] WantedBy=sockets.target 07070100000020000081a40000000000000000000000016538743500000155000000000000000000000000000000000000002800000000container/systemd/virtproxyd-tls.socket[Unit] Description=Libvirt proxy TLS IP socket Before=container-virtproxyd.service BindsTo=virtproxyd.socket After=virtproxyd.socket Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket [Socket] ListenStream=16514 Service=container-virtproxyd.service [Install] WantedBy=sockets.target 07070100000021000081a4000000000000000000000001653874350000015a000000000000000000000000000000000000002400000000container/systemd/virtproxyd.socket[Unit] Description=Libvirt proxy local socket Before=container-virtproxyd.service Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket [Socket] ListenStream=/run/libvirt/virtproxyd-sock Service=container-virtproxyd.service SocketMode=0666 RemoveOnStop=yes [Install] WantedBy=sockets.target 07070100000022000081a40000000000000000000000016538743500000111000000000000000000000000000000000000002900000000container/systemd/virtqemud-admin.socket[Unit] Description=Libvirt qemu admin socket Before=container-virtqemud.service BindsTo=virtqemud.socket After=virtqemud.socket [Socket] ListenStream=/run/libvirt/virtqemud-admin-sock Service=container-virtqemud.service SocketMode=0600 [Install] WantedBy=sockets.target 07070100000023000081a40000000000000000000000016538743500000118000000000000000000000000000000000000002600000000container/systemd/virtqemud-ro.socket[Unit] Description=Libvirt qemu local read-only socket Before=container-virtqemud.service BindsTo=virtqemud.socket After=virtqemud.socket [Socket] ListenStream=/run/libvirt/virtqemud-sock-ro Service=container-virtqemud.service SocketMode=0666 [Install] WantedBy=sockets.target 07070100000024000081a400000000000000000000000165387435000000ec000000000000000000000000000000000000002300000000container/systemd/virtqemud.socket[Unit] Description=Libvirt qemu local socket Before=container-virtqemud.service [Socket] ListenStream=/run/libvirt/virtqemud-sock Service=container-virtqemud.service SocketMode=0666 RemoveOnStop=yes [Install] WantedBy=sockets.target 07070100000025000081a4000000000000000000000001653874350000011d000000000000000000000000000000000000002b00000000container/systemd/virtsecretd-admin.socket[Unit] Description=Libvirt secret admin socket Before=container-virtsecretd.service BindsTo=virtsecretd.socket After=virtsecretd.socket [Socket] ListenStream=/run/libvirt/virtsecretd-admin-sock Service=container-virtsecretd.service SocketMode=0600 [Install] WantedBy=sockets.target 07070100000026000081a40000000000000000000000016538743500000124000000000000000000000000000000000000002800000000container/systemd/virtsecretd-ro.socket[Unit] Description=Libvirt secret local read-only socket Before=container-virtsecretd.service BindsTo=virtsecretd.socket After=virtsecretd.socket [Socket] ListenStream=/run/libvirt/virtsecretd-sock-ro Service=container-virtsecretd.service SocketMode=0666 [Install] WantedBy=sockets.target 07070100000027000081a400000000000000000000000165387435000000f4000000000000000000000000000000000000002500000000container/systemd/virtsecretd.socket[Unit] Description=Libvirt secret local socket Before=container-virtsecretd.service [Socket] ListenStream=/run/libvirt/virtsecretd-sock Service=container-virtsecretd.service SocketMode=0666 RemoveOnStop=yes [Install] WantedBy=sockets.target 07070100000028000081a40000000000000000000000016538743500000123000000000000000000000000000000000000002c00000000container/systemd/virtstoraged-admin.socket[Unit] Description=Libvirt storage admin socket Before=container-virtstoraged.service BindsTo=virtstoraged.socket After=virtstoraged.socket [Socket] ListenStream=/run/libvirt/virtstoraged-admin-sock Service=container-virtstoraged.service SocketMode=0600 [Install] WantedBy=sockets.target 07070100000029000081a4000000000000000000000001653874350000012a000000000000000000000000000000000000002900000000container/systemd/virtstoraged-ro.socket[Unit] Description=Libvirt storage local read-only socket Before=container-virtstoraged.service BindsTo=virtstoraged.socket After=virtstoraged.socket [Socket] ListenStream=/run/libvirt/virtstoraged-sock-ro Service=container-virtstoraged.service SocketMode=0666 [Install] WantedBy=sockets.target 0707010000002a000081a400000000000000000000000165387435000000f7000000000000000000000000000000000000002600000000container/systemd/virtstoraged.socket[Unit] Description=Libvirt storage local socket Before=container-virtstoraged.service [Socket] ListenStream=/run/libvirt/virtstoraged-sock Service=container-virtstoraged.service SocketMode=0666 RemoveOnStop=yes [Install] WantedBy=sockets.target 0707010000002b000041ed0000000000000000000000016538743500000000000000000000000000000000000000000000001200000000container/systemd0707010000002c000081a40000000000000000000000016538743500000788000000000000000000000000000000000000001f00000000container/virt-install-demo.sh#!/bin/bash set -eo pipefail if [ -z ${CONF} ]; then CONF=/etc/kvm-server.conf; fi if [ -z ${DEFAULT_CONF} ]; then DEFAULT_CONF=/etc/default/kvm-server; fi echo "using ${CONF} as configuration file" # Check for read only root filesystem BIN_INSTALL_PATH=$([[ -n $(awk '$2 ~ /\/$/ && $4 ~ /(^|,)ro($|,)/' /proc/mounts) ]] && echo "/usr/local/bin" || echo "/usr/bin") check_load_config_file() { if [ -f ${CONF} ]; then source ${CONF} else echo "!! ${CONF} not found in path !!" exit 1 fi if [ -e ${DEFAULT_CONF} ]; then source ${DEFAULT_CONF} fi } get_disk_image() { if [ ! -f ${DATA}/${APPLIANCE}.${BACKING_FORMAT} ]; then pushd ${DATA} curl -L -o ${DATA}/${APPLIANCE}.${BACKING_FORMAT} ${APPLIANCE_MIRROR}/${APPLIANCE}.${BACKING_FORMAT} popd fi } start_default_network() { ${BIN_INSTALL_PATH}/virsh net-list --inactive --name | grep -qF "default_network" && ${BIN_INSTALL_PATH}/virsh net-start default_network || echo "default_network already started" } get_vm_name() { RANDOMSTRING=`openssl rand -hex 5` VMNAME=${DOMAIN}_${RANDOMSTRING} } # ignition is not used right now #cp -v VM_config.ign ${DATA} create_vm() { ${BIN_INSTALL_PATH}/virt-install \ --connect qemu:///system \ --import \ --name ${VMNAME} \ --osinfo opensusetumbleweed \ --virt-type kvm --hvm \ --machine q35 --boot uefi \ --cpu host-passthrough \ --video vga \ --console pty,target.type=virtio \ --autoconsole text \ --network network=default_network \ --rng /dev/urandom \ --vcpu ${VCPU} --memory ${VMMEMORY} \ --cloud-init \ --disk path=${BACKING_STORE},bus=virtio,cache=none \ --graphics vnc,listen=0.0.0.0,port=5950 # ignition needs another variant of image # --sysinfo type=fwcfg,entry0.name="opt/com.coreos/config",entry0.file="${BACKING_DIR}/VM_config.ign" \ } check_load_config_file get_disk_image get_vm_name start_default_network create_vm 0707010000002d000041ed0000000000000000000000016538743500000000000000000000000000000000000000000000000a00000000container07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor