From ada2bec68be25fa421117c058a555bf139b7a523 Mon Sep 17 00:00:00 2001 From: Liora Milbaum Date: Fri, 16 Nov 2018 19:45:51 +0200 Subject: [PATCH 1/5] libvirtd image --- libvirtd/centos7/Dockerfile | 37 +++++++++++++++++ libvirtd/centos7/README.md | 47 ++++++++++++++++++++++ libvirtd/centos7/customlibvirtpost.service | 10 +++++ libvirtd/centos7/customlibvirtpost.sh | 5 +++ libvirtd/centos7/network.xml | 16 ++++++++ 5 files changed, 115 insertions(+) create mode 100644 libvirtd/centos7/Dockerfile create mode 100644 libvirtd/centos7/README.md create mode 100644 libvirtd/centos7/customlibvirtpost.service create mode 100755 libvirtd/centos7/customlibvirtpost.sh create mode 100644 libvirtd/centos7/network.xml diff --git a/libvirtd/centos7/Dockerfile b/libvirtd/centos7/Dockerfile new file mode 100644 index 00000000..b7bb1c09 --- /dev/null +++ b/libvirtd/centos7/Dockerfile @@ -0,0 +1,37 @@ +FROM centos/systemd + +RUN yum -y install libvirt-daemon-driver-* libvirt-daemon \ + libvirt-daemon-kvm qemu-kvm && yum clean all; \ +RUN systemctl enable libvirtd; systemctl enable virtlockd + +RUN yum install -y openssh-server openssh-clients arpwatch + +RUN echo "root:root" |chpasswd +RUN systemctl enable sshd +RUN sed -i 's|[#]*PermitRootLogin no|PermitRootLogin yes|g' /etc/ssh/sshd_config +RUN sed -i 's|[#]*PasswordAuthentication no|PasswordAuthentication yes|g' /etc/ssh/sshd_config +RUN sed -i 's|[#]*ChallengeResponseAuthentication no|ChallengeResponseAuthentication yes|g' /etc/ssh/sshd_config +RUN sed -i 's|UsePAM no|UsePAM yes|g' /etc/ssh/sshd_config + +RUN echo "listen_tls = 0" >> /etc/libvirt/libvirtd.conf; \ +echo 'listen_tcp = 1' >> /etc/libvirt/libvirtd.conf; \ +echo 'tls_port = "16514"' >> /etc/libvirt/libvirtd.conf; \ +echo 'tcp_port = "16509"' >> /etc/libvirt/libvirtd.conf; \ +echo 'auth_tcp = "none"' >> /etc/libvirt/libvirtd.conf + +RUN echo 'vnc_listen = "0.0.0.0"' >> /etc/libvirt/qemu.conf + +RUN echo 'LIBVIRTD_ARGS="--listen"' >> /etc/sysconfig/libvirtd + +ADD customlibvirtpost.service /usr/lib/systemd/system/customlibvirtpost.service +ADD customlibvirtpost.sh /customlibvirtpost.sh +RUN chmod a+x /customlibvirtpost.sh +Add network.xml /network.xml +RUN systemctl enable customlibvirtpost + +EXPOSE 22 +EXPOSE 16509 +EXPOSE 5900 + +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/usr/sbin/init"] diff --git a/libvirtd/centos7/README.md b/libvirtd/centos7/README.md new file mode 100644 index 00000000..53267601 --- /dev/null +++ b/libvirtd/centos7/README.md @@ -0,0 +1,47 @@ +# Official CentOS libvirtd docker container + +Credits to +https://github.com/fuzzyhandle/libvirtd-in-docker +https://github.com/projectatomic/docker-image-examples/blob/master/rhel-libvirt/libvirtd/Dockerfile +http://www.projectatomic.io/blog/2014/10/libvirtd_in_containers/ +The Container supports running qemu hypervisor out of the box. However to leverage hardware acceleration, the underlying host needs to support Visualization Technology (VT). + +Running KVM in libvirtd in a container +For running VMs using hardware acceleration, the docker host will need to have have a processor flag to support nested visualization + +Check your processor supports VT +For more info refer http://www.howtogeek.com/howto/linux/linux-tip-how-to-tell-if-your-processor-supports-vt/ + +Run + +egrep ‘(vmx|svm)’ /proc/cpuinfo +The output should show vmx (in case of Intel Processor) or svm (in case of AMD Processor) + +E.g. + +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr lahf_lm +Enable the setting for Nested KVM +Assuming the processor supports VT, you can enable the VT support to nested VMs. + +Create/Edit file /etc/modprobe.d/kvm-nested.conf with contents + +options kvm_intel nested=1 +Unload and reload the module + +modprobe -r kvm_intel +modprobe kvm_intel +The output of this command is + +cat /sys/module/kvm_intel/parameters/nested +should show + +Y +Running the container +This image needs to be run in privileged mode + +E.g. + +docker run -d --privileged -d -e 'container=docker' -v /sys/fs/cgroup:/sys/fs/cgroup:rw centos/libvirtd +You can also forward ports to connect to the libvirtd service from remote machines + +docker run -d --privileged -d -e 'container=docker'-p 10001:16509 -p 10002:22 -p 10003:5900 -v /sys/fs/cgroup:/sys/fs/cgroup:rw centos/libvirtd; diff --git a/libvirtd/centos7/customlibvirtpost.service b/libvirtd/centos7/customlibvirtpost.service new file mode 100644 index 00000000..1a75be17 --- /dev/null +++ b/libvirtd/centos7/customlibvirtpost.service @@ -0,0 +1,10 @@ +[Unit] +Description=Setup Devices and directories and environment needed for libvirtd to fuction correctly +After=libvirtd.service + +[Service] +Type=oneshot +ExecStart=/bin/sh /customlibvirtpost.sh + +[Install] +WantedBy=multi-user.target diff --git a/libvirtd/centos7/customlibvirtpost.sh b/libvirtd/centos7/customlibvirtpost.sh new file mode 100755 index 00000000..0dbc0833 --- /dev/null +++ b/libvirtd/centos7/customlibvirtpost.sh @@ -0,0 +1,5 @@ +#/bin/bash + +chmod 666 /dev/kvm +virsh net-define /network.xml +virsh net-start default diff --git a/libvirtd/centos7/network.xml b/libvirtd/centos7/network.xml new file mode 100644 index 00000000..ac7e0875 --- /dev/null +++ b/libvirtd/centos7/network.xml @@ -0,0 +1,16 @@ + + default + + + + + + + + + + + + + + From f76405d2cbc5b522c695f94b38ab1d6ac5894eea Mon Sep 17 00:00:00 2001 From: Liora Milbaum Date: Fri, 16 Nov 2018 20:21:49 +0200 Subject: [PATCH 2/5] fix typo --- libvirtd/centos7/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvirtd/centos7/Dockerfile b/libvirtd/centos7/Dockerfile index b7bb1c09..d6dee229 100644 --- a/libvirtd/centos7/Dockerfile +++ b/libvirtd/centos7/Dockerfile @@ -1,7 +1,7 @@ FROM centos/systemd RUN yum -y install libvirt-daemon-driver-* libvirt-daemon \ - libvirt-daemon-kvm qemu-kvm && yum clean all; \ + libvirt-daemon-kvm qemu-kvm && yum clean all RUN systemctl enable libvirtd; systemctl enable virtlockd RUN yum install -y openssh-server openssh-clients arpwatch From c26240b6fe79d361d93d855bb000ecfb8bfc66e4 Mon Sep 17 00:00:00 2001 From: Liora Milbaum Date: Tue, 27 Nov 2018 21:13:33 +0200 Subject: [PATCH 3/5] USER is required for OSC s2i --- libvirtd/centos7/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/libvirtd/centos7/Dockerfile b/libvirtd/centos7/Dockerfile index d6dee229..d5f03a14 100644 --- a/libvirtd/centos7/Dockerfile +++ b/libvirtd/centos7/Dockerfile @@ -35,3 +35,4 @@ EXPOSE 5900 VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"] +USER 1001 From 5d9cc7296f719b79d8e6d862652836e8b9ba011b Mon Sep 17 00:00:00 2001 From: Liora Milbaum Date: Tue, 27 Nov 2018 21:21:51 +0200 Subject: [PATCH 4/5] USER should be root --- libvirtd/centos7/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvirtd/centos7/Dockerfile b/libvirtd/centos7/Dockerfile index d5f03a14..f8c066e7 100644 --- a/libvirtd/centos7/Dockerfile +++ b/libvirtd/centos7/Dockerfile @@ -35,4 +35,4 @@ EXPOSE 5900 VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"] -USER 1001 +USER 0 From f5c1478608e4829225b2fcba8d9d034b99d7d8ea Mon Sep 17 00:00:00 2001 From: Liora Milbaum Date: Thu, 29 Nov 2018 21:14:26 +0200 Subject: [PATCH 5/5] place the USER command early --- libvirtd/centos7/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libvirtd/centos7/Dockerfile b/libvirtd/centos7/Dockerfile index f8c066e7..800d52e6 100644 --- a/libvirtd/centos7/Dockerfile +++ b/libvirtd/centos7/Dockerfile @@ -1,5 +1,7 @@ FROM centos/systemd +USER 0 + RUN yum -y install libvirt-daemon-driver-* libvirt-daemon \ libvirt-daemon-kvm qemu-kvm && yum clean all RUN systemctl enable libvirtd; systemctl enable virtlockd @@ -35,4 +37,3 @@ EXPOSE 5900 VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"] -USER 0