diff options
| author | Erik Skultety <eskultet@redhat.com> | 2023-05-23 14:39:41 +0200 |
|---|---|---|
| committer | Erik Skultety <eskultet@redhat.com> | 2023-06-22 12:05:04 +0000 |
| commit | 8f4511a42b9fa9b3f95f470ff9509fbf8dbd8e89 (patch) | |
| tree | 4a98657411e36c70906aed5bfa78ce322abeff20 | |
| parent | 1e8d54478179d36e5416d7d937a58ee6fbd8c744 (diff) | |
| download | libvirt-ci-8f4511a42b9fa9b3f95f470ff9509fbf8dbd8e89.zip libvirt-ci-8f4511a42b9fa9b3f95f470ff9509fbf8dbd8e89.tar.gz libvirt-ci-8f4511a42b9fa9b3f95f470ff9509fbf8dbd8e89.tar.bz2 | |
install: Create the top-level volumes ourselves with custom permissions
Lcitool defaults to creating VMs using libvirt's system connection
which has many benefits for developers over plain session connection.
Lcitool itself relies on one such benefit being libvirt's NSS module
for SSH connections. The problem we're facing with the system connection
here is that if not specified, the file storage volume which
virt-install creates automatically with libvirt defaults to libvirt's
daemon UNIX ownership and its own umask, i.e. 0600 root:root which is a
problem if we want to allow automatic template image creations with
non-superuser rights. Therefore, we need to create the resulting volume
ourselves, along with linking its backing store, and only tell
virt-install of its existence.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
| -rw-r--r-- | lcitool/install/install.py | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/lcitool/install/install.py b/lcitool/install/install.py index 68449e6..a6ef147 100644 --- a/lcitool/install/install.py +++ b/lcitool/install/install.py @@ -4,6 +4,7 @@ import errno import logging +import os import subprocess from pathlib import Path @@ -110,6 +111,16 @@ class VirtInstall: conf_size = config.values["install"]["disk_size"] conf_pool = config.values["install"]["storage_pool"] + # To force user/group permissions on the target volume, we have to + # create it ourselves as virt-install doesn't accept file permissions + # or mode for the file-based volumes it creates + libvirt_pool = LibvirtWrapper().pool_by_name(conf_pool) + storage_vol = libvirt_pool.create_volume(runner.name + ".qcow2", + conf_size, units="G", + owner=str(os.getuid()), + group=str(os.getgid()), + backing_store=baseimg_path) + # Dump the edited cloud-init template for virt-install to use ssh_keypair = util.SSHKeyPair(config.values["install"]["ssh_key"]) ssh_pubkey_str = str(ssh_keypair.public_key) @@ -123,12 +134,7 @@ class VirtInstall: fd.write(cloud_config.dump()) runner.args.extend(["--cloud-init", f"user-data={fd.name}"]) - baseimg_path_str = baseimg_path.as_posix() - disk_arg = (f"size={conf_size}," - f"pool={conf_pool}," - f"backing_store={baseimg_path_str}," - f"bus=virtio") - + disk_arg = (f"vol={libvirt_pool.name}/{storage_vol.name},bus=virtio") runner.args.extend(["--import", "--disk", disk_arg]) runner.args.extend(runner._get_common_args(config)) |