[PATCH] Add PPC console configuration to guest XML
When creating a VM from template, add PPC console configuration to xml. Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- src/kimchi/vmtemplate.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/kimchi/vmtemplate.py b/src/kimchi/vmtemplate.py index cfc46f6..d18fc59 100644 --- a/src/kimchi/vmtemplate.py +++ b/src/kimchi/vmtemplate.py @@ -409,6 +409,16 @@ drive=drive-%(bus)s0-1-0,id=%(bus)s0-1-0'/> </devices> </domain> """ % params + + # Adding PPC console configuration + if params['arch'] in ['ppc', 'ppc64']: + ppc_console = """<memballoon model='virtio' /> + <console type='pty'> + <target type='serial' port='1'/> + <address type='spapr-vio' reg='0x30001000'/> + </console>""" + xml = xml.replace("<memballoon model='virtio' />", ppc_console) + return xml def validate(self): -- 1.9.3
From: Mark Wu <wudxw@linux.vnet.ibm.com> This patches adds a sos plugin to collect kimchi's configuration, log files and other information for diagnosis. Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com> Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com> --- contrib/kimchi.spec.fedora.in | 3 +++ src/kimchi/Makefile.am | 4 +++- src/kimchi/sos.py | 43 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 src/kimchi/sos.py diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 236c862..d58f3eb 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -80,6 +80,8 @@ make %install rm -rf %{buildroot} make DESTDIR=%{buildroot} install +install -Dm 0644 src/kimchi/sos.py \ + %{buildroot}/%{python_sitelib}/sos/plugins/kimchi.py %if 0%{?with_systemd} # Install the systemd scripts @@ -161,6 +163,7 @@ rm -rf $RPM_BUILD_ROOT %{python_sitelib}/kimchi/xmlutils/*.py* %{python_sitelib}/kimchi/API.json %{python_sitelib}/kimchi/plugins/*.py* +%{python_sitelib}/sos/plugins/kimchi.py* %{_datadir}/kimchi/doc/API.md %{_datadir}/kimchi/doc/README.md %{_datadir}/kimchi/doc/README-federation.md diff --git a/src/kimchi/Makefile.am b/src/kimchi/Makefile.am index 5c204e0..c28e92d 100644 --- a/src/kimchi/Makefile.am +++ b/src/kimchi/Makefile.am @@ -19,10 +19,12 @@ SUBDIRS = control model xmlutils -kimchi_PYTHON = $(filter-out config.py, $(wildcard *.py)) +kimchi_PYTHON = $(filter-out config.py sos.py, $(wildcard *.py)) nodist_kimchi_PYTHON = config.py +dist_noinst_PYTHON = sos.py + EXTRA_DIST = \ API.json \ config.py.in diff --git a/src/kimchi/sos.py b/src/kimchi/sos.py new file mode 100644 index 0000000..5d1fa3f --- /dev/null +++ b/src/kimchi/sos.py @@ -0,0 +1,43 @@ +# +# Project Kimchi +# +# Copyright IBM, Corp. 2014 +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +from sos.plugins import Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin +from sos.utilities import sos_get_command_output + + +class Kimchi(Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin): + """ + kimchi-related information + """ + + plugin_name = 'kimchi' + + def setup(self): + self.add_copy_specs([ + "/etc/kimchi/", + "/var/log/kimchi*" + ]) + self.add_cmd_output("virsh pool-list --details") + rc, out, _ = sos_get_command_output('virsh pool-list') + if rc == 0: + for pool in out.splitlines()[2:]: + if pool: + pool_name = pool.split()[0] + self.add_cmd_output("virsh vol-list --pool %s --details" + % pool_name) -- 1.9.3
Just a minor comment: The configuration files are under /src (firewalld.xml, nginx.conf.in, etc) as /src/kimchi as reserved to Kimchi code. On 10/30/2014 02:44 PM, Rodrigo Trujillo wrote:
From: Mark Wu <wudxw@linux.vnet.ibm.com>
This patches adds a sos plugin to collect kimchi's configuration, log files and other information for diagnosis.
Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com> Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com> --- contrib/kimchi.spec.fedora.in | 3 +++ src/kimchi/Makefile.am | 4 +++- src/kimchi/sos.py | 43 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 src/kimchi/sos.py
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 236c862..d58f3eb 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -80,6 +80,8 @@ make %install rm -rf %{buildroot} make DESTDIR=%{buildroot} install +install -Dm 0644 src/kimchi/sos.py \ + %{buildroot}/%{python_sitelib}/sos/plugins/kimchi.py
%if 0%{?with_systemd} # Install the systemd scripts @@ -161,6 +163,7 @@ rm -rf $RPM_BUILD_ROOT %{python_sitelib}/kimchi/xmlutils/*.py* %{python_sitelib}/kimchi/API.json %{python_sitelib}/kimchi/plugins/*.py* +%{python_sitelib}/sos/plugins/kimchi.py* %{_datadir}/kimchi/doc/API.md %{_datadir}/kimchi/doc/README.md %{_datadir}/kimchi/doc/README-federation.md diff --git a/src/kimchi/Makefile.am b/src/kimchi/Makefile.am index 5c204e0..c28e92d 100644 --- a/src/kimchi/Makefile.am +++ b/src/kimchi/Makefile.am @@ -19,10 +19,12 @@
SUBDIRS = control model xmlutils
-kimchi_PYTHON = $(filter-out config.py, $(wildcard *.py)) +kimchi_PYTHON = $(filter-out config.py sos.py, $(wildcard *.py))
nodist_kimchi_PYTHON = config.py
+dist_noinst_PYTHON = sos.py + EXTRA_DIST = \ API.json \ config.py.in diff --git a/src/kimchi/sos.py b/src/kimchi/sos.py new file mode 100644 index 0000000..5d1fa3f --- /dev/null +++ b/src/kimchi/sos.py @@ -0,0 +1,43 @@ +# +# Project Kimchi +# +# Copyright IBM, Corp. 2014 +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +from sos.plugins import Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin +from sos.utilities import sos_get_command_output + + +class Kimchi(Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin): + """ + kimchi-related information + """ + + plugin_name = 'kimchi' + + def setup(self): + self.add_copy_specs([ + "/etc/kimchi/", + "/var/log/kimchi*" + ]) + self.add_cmd_output("virsh pool-list --details") + rc, out, _ = sos_get_command_output('virsh pool-list') + if rc == 0: + for pool in out.splitlines()[2:]: + if pool: + pool_name = pool.split()[0] + self.add_cmd_output("virsh vol-list --pool %s --details" + % pool_name)
From: Paulo Vital <pvital@linux.vnet.ibm.com> Kimchi lists all RPM packages to be updated when the Host tab is selected, but even after disable some YUM repository and refresh the content of this tab, the previous packages from the disabled repository are still present in list. This patch "deletes" the YumBase object after get the list of packages to be updated. With this, every time the Host tab is selected, a new list will be generated. Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com> Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- src/kimchi/swupdate.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/kimchi/swupdate.py b/src/kimchi/swupdate.py index 85cdfd6..40af8f3 100644 --- a/src/kimchi/swupdate.py +++ b/src/kimchi/swupdate.py @@ -154,6 +154,7 @@ class YumUpdate(object): yb.doLock() self._pkgs = yb.doPackageLists('updates') yb.doUnlock() + del yb except Exception, e: kimchiLock.release() raise OperationFailed('KCHPKGUPD0003E', {'err': str(e)}) -- 1.9.3
Reviewed-by: Aline Manera <alinefm@linux.vnet.ibm.com> On 10/30/2014 02:44 PM, Rodrigo Trujillo wrote:
From: Paulo Vital <pvital@linux.vnet.ibm.com>
Kimchi lists all RPM packages to be updated when the Host tab is selected, but even after disable some YUM repository and refresh the content of this tab, the previous packages from the disabled repository are still present in list.
This patch "deletes" the YumBase object after get the list of packages to be updated. With this, every time the Host tab is selected, a new list will be generated.
Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com> Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- src/kimchi/swupdate.py | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/kimchi/swupdate.py b/src/kimchi/swupdate.py index 85cdfd6..40af8f3 100644 --- a/src/kimchi/swupdate.py +++ b/src/kimchi/swupdate.py @@ -154,6 +154,7 @@ class YumUpdate(object): yb.doLock() self._pkgs = yb.doPackageLists('updates') yb.doUnlock() + del yb except Exception, e: kimchiLock.release() raise OperationFailed('KCHPKGUPD0003E', {'err': str(e)})
From: Paulo Vital <pvital@linux.vnet.ibm.com> Add selinux/kimchid.te describing the SELinux policy to allow nginx and kimchid. Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com> --- Makefile.am | 1 + selinux/kimchid.te | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 selinux/kimchid.te diff --git a/Makefile.am b/Makefile.am index 0740438..6a31cd7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -31,6 +31,7 @@ EXTRA_DIST = \ CONTRIBUTE.md \ VERSION \ build-aux/pkg-version \ + selinux/kimchid.te \ $(NULL) diff --git a/selinux/kimchid.te b/selinux/kimchid.te new file mode 100644 index 0000000..36c20ea --- /dev/null +++ b/selinux/kimchid.te @@ -0,0 +1,20 @@ +module kimchid 1.0.1; +require { + type var_run_t; + type httpd_t; + type unreserved_port_t; + type soundd_port_t; + class tcp_socket { name_bind name_connect }; + class file unlink; +} + +#============= httpd_t ============== +allow httpd_t soundd_port_t:tcp_socket name_bind; + +#!!!! This avc is allowed in the current policy +allow httpd_t unreserved_port_t:tcp_socket name_bind; + +#!!!! This avc can be allowed using one of the these booleans: +# nis_enabled, httpd_can_network_connect +allow httpd_t unreserved_port_t:tcp_socket name_connect; +allow httpd_t var_run_t:file unlink; -- 1.9.3
On 10/30/2014 02:44 PM, Rodrigo Trujillo wrote:
From: Paulo Vital <pvital@linux.vnet.ibm.com>
Add selinux/kimchid.te describing the SELinux policy to allow nginx and kimchid.
Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com> --- Makefile.am | 1 + selinux/kimchid.te | 20 ++++++++++++++++++++
You can put under /src with the other config files You also need to update the spec files to properly install this file.
2 files changed, 21 insertions(+) create mode 100644 selinux/kimchid.te
diff --git a/Makefile.am b/Makefile.am index 0740438..6a31cd7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -31,6 +31,7 @@ EXTRA_DIST = \ CONTRIBUTE.md \ VERSION \ build-aux/pkg-version \ + selinux/kimchid.te \ $(NULL)
diff --git a/selinux/kimchid.te b/selinux/kimchid.te new file mode 100644 index 0000000..36c20ea --- /dev/null +++ b/selinux/kimchid.te @@ -0,0 +1,20 @@ +module kimchid 1.0.1; +require { + type var_run_t; + type httpd_t; + type unreserved_port_t; + type soundd_port_t; + class tcp_socket { name_bind name_connect }; + class file unlink; +} + +#============= httpd_t ============== +allow httpd_t soundd_port_t:tcp_socket name_bind; + +#!!!! This avc is allowed in the current policy +allow httpd_t unreserved_port_t:tcp_socket name_bind; + +#!!!! This avc can be allowed using one of the these booleans: +# nis_enabled, httpd_can_network_connect +allow httpd_t unreserved_port_t:tcp_socket name_connect; +allow httpd_t var_run_t:file unlink;
From: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com> Fixing a problem in the JS files where getHostPCIDevices was being used to show the FC devices. Signed-off-by: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com> --- ui/js/src/kimchi.api.js | 2 +- ui/js/src/kimchi.storagepool_add_main.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js index 8a6e416..78ce3ed 100644 --- a/ui/js/src/kimchi.api.js +++ b/ui/js/src/kimchi.api.js @@ -1018,7 +1018,7 @@ var kimchi = { }); }, - getHostPCIDevices: function(suc, err) { + getHostFCDevices: function(suc, err) { var url = kimchi.url+'host/devices?_cap=fc_host'; kimchi.requestJSON({ url : url, diff --git a/ui/js/src/kimchi.storagepool_add_main.js b/ui/js/src/kimchi.storagepool_add_main.js index ffe8fb6..5ef84af 100644 --- a/ui/js/src/kimchi.storagepool_add_main.js +++ b/ui/js/src/kimchi.storagepool_add_main.js @@ -142,7 +142,7 @@ kimchi.initStorageAddPage = function() { $('.host-partition').addClass('text-help'); }); - kimchi.getHostPCIDevices(function(data){ + kimchi.getHostFCDevices(function(data){ if(data.length>0){ for(var i=0;i<data.length;i++){ data[i].label = data[i].name; -- 1.9.3
Reviewed-by: Aline Manera <alinefm@linux.vnet.ibm.com> On 10/30/2014 02:44 PM, Rodrigo Trujillo wrote:
From: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
Fixing a problem in the JS files where getHostPCIDevices was being used to show the FC devices.
Signed-off-by: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com> --- ui/js/src/kimchi.api.js | 2 +- ui/js/src/kimchi.storagepool_add_main.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js index 8a6e416..78ce3ed 100644 --- a/ui/js/src/kimchi.api.js +++ b/ui/js/src/kimchi.api.js @@ -1018,7 +1018,7 @@ var kimchi = { }); },
- getHostPCIDevices: function(suc, err) { + getHostFCDevices: function(suc, err) { var url = kimchi.url+'host/devices?_cap=fc_host'; kimchi.requestJSON({ url : url, diff --git a/ui/js/src/kimchi.storagepool_add_main.js b/ui/js/src/kimchi.storagepool_add_main.js index ffe8fb6..5ef84af 100644 --- a/ui/js/src/kimchi.storagepool_add_main.js +++ b/ui/js/src/kimchi.storagepool_add_main.js @@ -142,7 +142,7 @@ kimchi.initStorageAddPage = function() { $('.host-partition').addClass('text-help'); });
- kimchi.getHostPCIDevices(function(data){ + kimchi.getHostFCDevices(function(data){ if(data.length>0){ for(var i=0;i<data.length;i++){ data[i].label = data[i].name;
This patch adds kimchi.py (SOSREPORT plugin) to right location when creating a deb package. Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- Makefile.am | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile.am b/Makefile.am index ec88787..0740438 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,10 +70,13 @@ install-deb: install cp -R $(top_srcdir)/contrib/DEBIAN $(DESTDIR)/ $(MKDIR_P) $(DESTDIR)/etc/init $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services + $(MKDIR_P) $(DESTDIR)/usr/share/sosreport/sos/plugins cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf cp -R $(top_srcdir)/src/firewalld.xml \ $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml + cp -R $(top_srcdir)/src/kimchi/sos.py \ + $(DESTDIR)/usr/share/sosreport/sos/plugins/kimchi.py deb: contrib/make-deb.sh -- 1.9.3
Join this patch with "[PATCH 1/2] Add sos plugin for kimchi" On 10/30/2014 02:44 PM, Rodrigo Trujillo wrote:
This patch adds kimchi.py (SOSREPORT plugin) to right location when creating a deb package.
Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- Makefile.am | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/Makefile.am b/Makefile.am index ec88787..0740438 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,10 +70,13 @@ install-deb: install cp -R $(top_srcdir)/contrib/DEBIAN $(DESTDIR)/ $(MKDIR_P) $(DESTDIR)/etc/init $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services + $(MKDIR_P) $(DESTDIR)/usr/share/sosreport/sos/plugins cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf cp -R $(top_srcdir)/src/firewalld.xml \ $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml + cp -R $(top_srcdir)/src/kimchi/sos.py \ + $(DESTDIR)/usr/share/sosreport/sos/plugins/kimchi.py
deb: contrib/make-deb.sh
This patch changes kimchi.fedora.spec.in in order to build, install and remove kimchid.pp, which contains selinux rules to open ports to Kimchi. Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- contrib/kimchi.spec.fedora.in | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index d58f3eb..37ec4a7 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -27,12 +27,14 @@ Requires: python-lxml Requires: nfs-utils Requires: nginx Requires: iscsi-initiator-utils +Requires: policycoreutils Requires: policycoreutils-python Requires: python-libguestfs Requires: libguestfs-tools BuildRequires: libxslt BuildRequires: python-lxml BuildRequires: python-requests +BuildRequires: selinux-policy-devel %if 0%{?rhel} == 6 || 0%{?fedora} >= 19 Requires: spice-html5 @@ -75,7 +77,9 @@ Web server application to manage KVM/Qemu virtual machines %configure --with-spice-html5 %endif make - +# Build "kimchi.pp" +cd selinux +make -f /usr/share/selinux/devel/Makefile %install rm -rf %{buildroot} @@ -83,6 +87,8 @@ make DESTDIR=%{buildroot} install install -Dm 0644 src/kimchi/sos.py \ %{buildroot}/%{python_sitelib}/sos/plugins/kimchi.py +install -Dm 0744 selinux/kimchid.pp %{buildroot}%{_datadir}/kimchi/selinux/kimchid.pp + %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service @@ -120,8 +126,8 @@ iptables -I INPUT -p tcp --dport 8001 -j ACCEPT iptables -I INPUT -p tcp --dport 64667 -j ACCEPT service iptables save >/dev/null 2>&1 %endif -# Add SELinux rules to "open" Kimchi ports -semanage permissive -a httpd_t +# Install SELinux policy +semodule -i %{_datadir}/kimchi/selinux/kimchid.pp %preun @@ -146,9 +152,10 @@ if [ "$1" -ge 1 ] ; then /bin/systemctl try-restart kimchid.service >/dev/null 2>&1 || : fi exit 0 -# Rollback SELinux rules -semanage permissive -d httpd_t - +if [ $1 -eq 0 ] ; then + # Remove the SELinux policy, only during uninstall of the package + semodule -r kimchid +fi %clean rm -rf $RPM_BUILD_ROOT @@ -183,6 +190,7 @@ rm -rf $RPM_BUILD_ROOT %if 0%{?with_systemd} %{_unitdir}/kimchid.service %{_prefix}/lib/firewalld/services/kimchid.xml +%{_datadir}/kimchi/selinux/kimchid.pp %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf -- 1.9.3
Join this patch with "[PATCH 1/2] SELinux policy to allow nginx and kimchid." And more comments below: On 10/30/2014 02:44 PM, Rodrigo Trujillo wrote:
This patch changes kimchi.fedora.spec.in in order to build, install and remove kimchid.pp, which contains selinux rules to open ports to Kimchi.
Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- contrib/kimchi.spec.fedora.in | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index d58f3eb..37ec4a7 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -27,12 +27,14 @@ Requires: python-lxml Requires: nfs-utils Requires: nginx Requires: iscsi-initiator-utils +Requires: policycoreutils Requires: policycoreutils-python Requires: python-libguestfs Requires: libguestfs-tools BuildRequires: libxslt BuildRequires: python-lxml BuildRequires: python-requests +BuildRequires: selinux-policy-devel
%if 0%{?rhel} == 6 || 0%{?fedora} >= 19 Requires: spice-html5 @@ -75,7 +77,9 @@ Web server application to manage KVM/Qemu virtual machines %configure --with-spice-html5 %endif make - +# Build "kimchi.pp" +cd selinux +make -f /usr/share/selinux/devel/Makefile
%install rm -rf %{buildroot} @@ -83,6 +87,8 @@ make DESTDIR=%{buildroot} install install -Dm 0644 src/kimchi/sos.py \ %{buildroot}/%{python_sitelib}/sos/plugins/kimchi.py
+install -Dm 0744 selinux/kimchid.pp %{buildroot}%{_datadir}/kimchi/selinux/kimchid.pp + %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service @@ -120,8 +126,8 @@ iptables -I INPUT -p tcp --dport 8001 -j ACCEPT iptables -I INPUT -p tcp --dport 64667 -j ACCEPT service iptables save >/dev/null 2>&1 %endif
-# Add SELinux rules to "open" Kimchi ports -semanage permissive -a httpd_t +# Install SELinux policy +semodule -i %{_datadir}/kimchi/selinux/kimchid.pp
The idea on spec file is only install files and don't run any additional commands. I know there are a lot of commands in our spec files but the idea is remove all them.
%preun
@@ -146,9 +152,10 @@ if [ "$1" -ge 1 ] ; then /bin/systemctl try-restart kimchid.service >/dev/null 2>&1 || : fi exit 0
-# Rollback SELinux rules -semanage permissive -d httpd_t - +if [ $1 -eq 0 ] ; then + # Remove the SELinux policy, only during uninstall of the package + semodule -r kimchid +fi
Same commented above.
%clean rm -rf $RPM_BUILD_ROOT @@ -183,6 +190,7 @@ rm -rf $RPM_BUILD_ROOT %if 0%{?with_systemd} %{_unitdir}/kimchid.service %{_prefix}/lib/firewalld/services/kimchid.xml +%{_datadir}/kimchi/selinux/kimchid.pp %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf
On 10/30/2014 02:44 PM, Rodrigo Trujillo wrote:
When creating a VM from template, add PPC console configuration to xml.
Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- src/kimchi/vmtemplate.py | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/src/kimchi/vmtemplate.py b/src/kimchi/vmtemplate.py index cfc46f6..d18fc59 100644 --- a/src/kimchi/vmtemplate.py +++ b/src/kimchi/vmtemplate.py @@ -409,6 +409,16 @@ drive=drive-%(bus)s0-1-0,id=%(bus)s0-1-0'/> </devices> </domain> """ % params +
+ # Adding PPC console configuration + if params['arch'] in ['ppc', 'ppc64']: + ppc_console = """<memballoon model='virtio' /> + <console type='pty'> + <target type='serial' port='1'/> + <address type='spapr-vio' reg='0x30001000'/> + </console>""" + xml = xml.replace("<memballoon model='virtio' />", ppc_console) +
When params['arch'] will be set? Just this code does not change the Template for a PPC host.
return xml
def validate(self):
On 10/30/2014 04:20 PM, Aline Manera wrote:
On 10/30/2014 02:44 PM, Rodrigo Trujillo wrote:
When creating a VM from template, add PPC console configuration to xml.
Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- src/kimchi/vmtemplate.py | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/src/kimchi/vmtemplate.py b/src/kimchi/vmtemplate.py index cfc46f6..d18fc59 100644 --- a/src/kimchi/vmtemplate.py +++ b/src/kimchi/vmtemplate.py @@ -409,6 +409,16 @@ drive=drive-%(bus)s0-1-0,id=%(bus)s0-1-0'/> </devices> </domain> """ % params +
+ # Adding PPC console configuration + if params['arch'] in ['ppc', 'ppc64']: + ppc_console = """<memballoon model='virtio' /> + <console type='pty'> + <target type='serial' port='1'/> + <address type='spapr-vio' reg='0x30001000'/> + </console>""" + xml = xml.replace("<memballoon model='virtio' />", ppc_console) +
When params['arch'] will be set? Just this code does not change the Template for a PPC host.
Hi Aline, this piece of code runs when to_vm_xml from VMTemplate is called while creating a new VM. params{} comes from VMTemplate.info (self.info), which in turns is populated from "args" which has the template information retrieved from the sqlite database. The arch info is stored there for each template, when you create a new template.
return xml
def validate(self):
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
On 11/06/2014 11:20 AM, Rodrigo Trujillo wrote:
On 10/30/2014 04:20 PM, Aline Manera wrote:
On 10/30/2014 02:44 PM, Rodrigo Trujillo wrote:
When creating a VM from template, add PPC console configuration to xml.
Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> --- src/kimchi/vmtemplate.py | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/src/kimchi/vmtemplate.py b/src/kimchi/vmtemplate.py index cfc46f6..d18fc59 100644 --- a/src/kimchi/vmtemplate.py +++ b/src/kimchi/vmtemplate.py @@ -409,6 +409,16 @@ drive=drive-%(bus)s0-1-0,id=%(bus)s0-1-0'/> </devices> </domain> """ % params +
+ # Adding PPC console configuration + if params['arch'] in ['ppc', 'ppc64']: + ppc_console = """<memballoon model='virtio' /> + <console type='pty'> + <target type='serial' port='1'/> + <address type='spapr-vio' reg='0x30001000'/> + </console>""" + xml = xml.replace("<memballoon model='virtio' />", ppc_console) +
When params['arch'] will be set? Just this code does not change the Template for a PPC host.
Hi Aline, this piece of code runs when to_vm_xml from VMTemplate is called while creating a new VM. params{} comes from VMTemplate.info (self.info), which in turns is populated from "args" which has the template information retrieved from the sqlite database. The arch info is stored there for each template, when you create a new template.
Well remembered! Thanks, Rodrigo!
return xml
def validate(self):
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
participants (2)
-
Aline Manera -
Rodrigo Trujillo