forked from mirrors/nixpkgs
0bfd27535f
This fixes the issue when the LXC emulator binary is garbage collected and breaks libvirtd containers, because libvirtd XML file still refers to GC'ed store path. We already have a fix for QEMU, this commit extends the fix to cover LXC too.
191 lines
5.9 KiB
Nix
191 lines
5.9 KiB
Nix
# Systemd services for libvirtd.
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfg = config.virtualisation.libvirtd;
|
|
vswitch = config.virtualisation.vswitch;
|
|
configFile = pkgs.writeText "libvirtd.conf" ''
|
|
unix_sock_group = "libvirtd"
|
|
unix_sock_rw_perms = "0770"
|
|
auth_unix_ro = "none"
|
|
auth_unix_rw = "none"
|
|
${cfg.extraConfig}
|
|
'';
|
|
|
|
in
|
|
|
|
{
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
virtualisation.libvirtd.enable =
|
|
mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description =
|
|
''
|
|
This option enables libvirtd, a daemon that manages
|
|
virtual machines. Users in the "libvirtd" group can interact with
|
|
the daemon (e.g. to start or stop VMs) using the
|
|
<command>virsh</command> command line tool, among others.
|
|
'';
|
|
};
|
|
|
|
virtualisation.libvirtd.enableKVM =
|
|
mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description =
|
|
''
|
|
This option enables support for QEMU/KVM in libvirtd.
|
|
'';
|
|
};
|
|
|
|
virtualisation.libvirtd.extraConfig =
|
|
mkOption {
|
|
type = types.lines;
|
|
default = "";
|
|
description =
|
|
''
|
|
Extra contents appended to the libvirtd configuration file,
|
|
libvirtd.conf.
|
|
'';
|
|
};
|
|
|
|
virtualisation.libvirtd.onShutdown =
|
|
mkOption {
|
|
type = types.enum ["shutdown" "suspend" ];
|
|
default = "suspend";
|
|
description =
|
|
''
|
|
When shutting down / restarting the host what method should
|
|
be used to gracefully halt the guests. Setting to "shutdown"
|
|
will cause an ACPI shutdown of each guest. "suspend" will
|
|
attempt to save the state of the guests ready to restore on boot.
|
|
'';
|
|
};
|
|
|
|
|
|
};
|
|
|
|
|
|
###### implementation
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
environment.systemPackages =
|
|
[ pkgs.libvirt pkgs.netcat-openbsd ]
|
|
++ optional cfg.enableKVM pkgs.qemu_kvm;
|
|
|
|
boot.kernelModules = [ "tun" ];
|
|
|
|
systemd.services.libvirtd =
|
|
{ description = "Libvirt Virtual Machine Management Daemon";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "systemd-udev-settle.service" ]
|
|
++ optional vswitch.enable "vswitchd.service";
|
|
|
|
path = [
|
|
pkgs.bridge_utils
|
|
pkgs.dmidecode
|
|
pkgs.dnsmasq
|
|
pkgs.ebtables
|
|
]
|
|
++ optional cfg.enableKVM pkgs.qemu_kvm
|
|
++ optional vswitch.enable vswitch.package;
|
|
|
|
preStart =
|
|
''
|
|
mkdir -p /var/log/libvirt/qemu -m 755
|
|
rm -f /var/run/libvirtd.pid
|
|
|
|
mkdir -p /var/lib/libvirt
|
|
mkdir -p /var/lib/libvirt/dnsmasq
|
|
|
|
chmod 755 /var/lib/libvirt
|
|
chmod 755 /var/lib/libvirt/dnsmasq
|
|
|
|
# Libvirt unfortunately writes mutable state (such as
|
|
# runtime changes to VM, network or filter configurations)
|
|
# to /etc. So we can't use environment.etc to make the
|
|
# default network and filter definitions available, since
|
|
# libvirt will then modify the originals in the Nix store.
|
|
# So here we copy them instead. Ugly.
|
|
for i in $(cd ${pkgs.libvirt}/etc && echo \
|
|
libvirt/qemu/networks/*.xml libvirt/qemu/networks/autostart/*.xml \
|
|
libvirt/nwfilter/*.xml );
|
|
do
|
|
mkdir -p /etc/$(dirname $i) -m 755
|
|
cp -fpd ${pkgs.libvirt}/etc/$i /etc/$i
|
|
done
|
|
|
|
# libvirtd puts the full path of the emulator binary in the machine
|
|
# config file. But this path can unfortunately be garbage collected
|
|
# while still being used by the virtual machine. So update the
|
|
# emulator path on each startup to something valid (re-scan $PATH).
|
|
for file in /etc/libvirt/qemu/*.xml /etc/libvirt/lxc/*.xml; do
|
|
test -f "$file" || continue
|
|
# get (old) emulator path from config file
|
|
emulator=$(grep "^[[:space:]]*<emulator>" "$file" | sed 's,^[[:space:]]*<emulator>\(.*\)</emulator>.*,\1,')
|
|
# get a (definitely) working emulator path by re-scanning $PATH
|
|
new_emulator=$(PATH=${pkgs.libvirt}/libexec:$PATH command -v $(basename "$emulator"))
|
|
# write back
|
|
sed -i "s,^[[:space:]]*<emulator>.*, <emulator>$new_emulator</emulator> <!-- WARNING: emulator dirname is auto-updated by the nixos libvirtd module -->," "$file"
|
|
done
|
|
''; # */
|
|
|
|
serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose'';
|
|
serviceConfig.Type = "forking";
|
|
serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone
|
|
|
|
# Wait until libvirtd is ready to accept requests.
|
|
postStart =
|
|
''
|
|
for ((i = 0; i < 60; i++)); do
|
|
if ${pkgs.libvirt}/bin/virsh list > /dev/null; then exit 0; fi
|
|
sleep 1
|
|
done
|
|
exit 1 # !!! seems to be ignored
|
|
'';
|
|
};
|
|
|
|
jobs."libvirt-guests" =
|
|
{ description = "Libvirt Virtual Machines";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
wants = [ "libvirtd.service" ];
|
|
after = [ "libvirtd.service" ];
|
|
|
|
restartIfChanged = false;
|
|
|
|
path = [ pkgs.gettext pkgs.libvirt pkgs.gawk ];
|
|
|
|
preStart =
|
|
''
|
|
mkdir -p /var/lock/subsys -m 755
|
|
${pkgs.libvirt}/etc/rc.d/init.d/libvirt-guests start || true
|
|
'';
|
|
|
|
postStop =
|
|
''
|
|
export PATH=${pkgs.gettext}/bin:$PATH
|
|
export ON_SHUTDOWN=${cfg.onShutdown}
|
|
${pkgs.libvirt}/etc/rc.d/init.d/libvirt-guests stop
|
|
'';
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
serviceConfig.RemainAfterExit = true;
|
|
};
|
|
|
|
users.extraGroups.libvirtd.gid = config.ids.gids.libvirtd;
|
|
|
|
};
|
|
|
|
}
|