With Go 1.14 the handling of modules has improved in the sense that all the subcommands `go {test, generate}` now use the vendor when available by default. This makes it easier for us to run generate using the vendored tools like controller-tools etc. as it now uses the checked in vendor.
In newer libvirtd that ships the "libvirt-tcp.socket" unit files for
socket activation, the --listen argument to libvirtd should not be
used. Enabling both socket activation and the --listen argument will
cause libvirtd to exit with an error about mutually exclusive
configuration options.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
A connection to libvirtd gives the client application privileges that
are equivalent to those of a root shell. IOW, disabling authentication
and encryption in libvirtd is akin to running a telnet server with no
root password. This implication is not obvious to users following the
guide, so should be spelt out explicitly, so they understand it is
critical to correctly apply the firewall rules listed later in the
install guide.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The "libvirt" RPM is a meta package which depends on every single other
libvirt RPM. It is undesirable to install this because it pulls in a
huge chain of dependencies, which are irrelevant for accomplishing the
steps described in this document. The main interesting thing it was
likely needed for is the "virsh" client, and can thus be replaced by
the "libvirt-client" RPM
The "libvirt-daemon-kvm" RPM pulls in everything needed for a typical
libvirt installation that will be used for running KVM guests, and is
the recommended option for scenarios that don't need to go to extreme
to minimize features installed.
The "qemu-kvm" RPM does not need to be listed explicitly, since it is
already a dependancy of "libvirt-daemon-kvm".
Further information to help understand the libvirt RPM choices is
present at https://libvirt.org/kbase/rpm-deployment.html
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Issue: https://github.com/code-ready/snc/issues/112 have been raised. It
is for permission denied errors that was caused by selinux. Selinux
isn't available on Debian/Ubuntu, and should be disabled in `qemu.conf`.
This is a bit more accessible than pointing folks at Godocs, since it
allows us to focus on the YAML property names (while Godocs
understandably focus on Go property names) and YAML renderings. Also
break up our old "one big example" install-config.yaml into a minimal
per-platform example and a series of small extentions excercising
groups of properties.
The vSphere docs are based heavily on [1].
Also drop proxy.md. It was added in e7edbf71fd (Add proxy
configuration to bootstrap node, 2019-06-24, #1832), but:
* Proxy testing and Squid configuration information belongs in
openshift/release, not in the installer repository.
* docs/user/customization.md now contains a more complete proxy-config
fragment.
OpenStack computeFlavor precedence is based on [2].
[1]: https://github.com/openshift/openshift-docs/blob/enterprise-4.2/modules/installation-vsphere-config-yaml.adoc
Last touched by commit openshift/openshift-docs@25afc7626d , 2019-08-19
[2]: https://github.com/openshift/installer/pull/2162#discussion_r322410878
The documents outlines the proposal and details for using alternate source/repositories for release-image.
The proposal is driven by the fact that, only flows using the `oc adm release mirror` to create the alternate sources for release-image will be supported.
Modification of `bootstrapTemplateData` struct to include proxy requirements.
Modification of `getTemplateData` and `addStorageFiles` to support proxy
Modification of proxy manifests
Added:
- /etc/profile.d/proxy.sh.template
- /etc/systemd/system.conf.d/10-default-env.conf.template
There are some significant firewalld zone differences between Fedora
Workstation and RHEL8. This commit takes this into account, and adjusts
the Fedora instructions so that the libvirt port does not get exposed
externally.
Since by default the installer uses qemu+tcp://192.168.122.1 and we
document to disable auth on tcp connections, the policykit step is not
required for the installer.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Commit 30b1ae8e4 changed the subnet the cluster will use from
192.168.124.0 to 192.168.126.0. However, it also changed mentions of the default
libvirt from 192.168.122.0 to 192.168.124.0.
This commit revert the last part of the change as 192.168.122.0 is more
likely to be used as it's the upstream libvirt default.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Currently cluster created by libvirt not able to resolve the auth route
and because of that console doesn't comeup. This troubleshooting doc entry
direct users to make some modification before running the cluster so that
auth route can be resolved by the cluster. Fix #1007
This is to give ownership of libvirt backend of Installer to CRC team. For
now I've only added two members from CRC team (myself and Praveen). I also
added two members of Installer team who seem to have been the most active
devs developing the relevant code.
We don't add `libvirt-approvers` for `pkg/types/libvirt`. For reasons:
https://github.com/openshift/installer/pull/1662#issuecomment-485895942
Instead of modifying the main NetworkManager configuration, let's add a
separate configuration file for our purposes.
Based on a patch from Colin Walters <walters@verbum.org>
Previously, destroy support was behind TAGS=libvirt_destroy and create
support was always built in. But since 3fb4400c (terraform/plugins:
add `libvirt`, `aws`, `ignition`, `openstack` to KnownPlugins,
2018-12-14, #919), the bundled libvirt Terraform provider has also
been behind libvirt_destroy. That leads to cluster creation failing
with:
$ openshift-install create cluster
...
ERROR Missing required providers.
ERROR
ERROR The following provider constraints are not met by the currently-installed
ERROR provider plugins:
ERROR
ERROR * libvirt (any version)
ERROR
ERROR Terraform can automatically download and install plugins to meet the given
ERROR constraints, but this step was skipped due to the use of -get-plugins=false
ERROR and/or -plugin-dir on the command line.
...
With this commit, folks trying to 'create cluster' without libvirt
compiled in will get:
FATAL failed to fetch Common Manifests: failed to load asset "Install Config": invalid "install-config.yaml" file: platform: Invalid value: types.Platform{AWS:(*aws.Platform)(nil), Libvirt:(*libvirt.Platform)(0xc4209511f0), OpenStack:(*openstack.Platform)(nil)}: platform must be one of: aws, openstack
before we get to Terraform.
Now that the build tag guards both creation and deletion, I've renamed
it from 'libvirt_destroy' to the unqualified 'libvirt'.
I've also adjusted the install-config validation testing to use
regular expressions so we can distinguish between failures because
libvirt was not compiled in as a valid platform and failures because
some portion of the libvirt configuration was broken. In order to get
stable error messages for comparison, I've added some strings.Sort
calls for various allowed-value string-slice computations.
The long forms are less likely to exist in the user's environment
since 6be4c253 (*: remove support for environment variables,
2018-12-10, #861), and we no longer need the context to distinguish
from all the other environment variables on a user's system.
The environment variables were originally added to make CI testing a
little easier, since the installer didn't support consumption of
provided assets (e.g. the install config). Now that the installer
supports consumption, there is no need for most of the environment
variables anymore. The variables have actually been confusing to users,
so their removal should simplify the mental model.
