File container.obscpio of Package kvm-container-modular-libvirt
07070100000000000081a4000000000000000000000001643ff9ad00000161000000000000000000000000000000000000001e00000000container/default_network.xml<network>
<name>default_network</name>
<uuid>f243d94b-bd5b-415d-b4c7-ccb78ec3dc9e</uuid>
<forward mode='nat'/>
<bridge name='virbr5' stp='on' delay='0'/>
<mac address='52:54:00:d0:61:e9'/>
<ip address='192.168.10.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.10.2' end='192.168.10.254'/>
</dhcp>
</ip>
</network>
07070100000001000081a4000000000000000000000001643ff9ad0000014b000000000000000000000000000000000000002200000000container/kvm-container-functions#!/bin/sh
if [ -z ${DEFAULT_CONF} ]; then DEFAULT_CONF=/etc/default/kvm-container; fi
echo "using ${CONF} as configuration file"
check_load_config_file() {
if [ -f ${CONF} ]; then
source ${CONF}
else
echo "!! ${CONF} not found in path !!"
exit 1
fi
if [ -e ${DEFAULT_CONF} ]; then
source ${DEFAULT_CONF}
fi
}
07070100000002000081ed000000000000000000000001643ff9ad00000728000000000000000000000000000000000000002500000000container/kvm-container-host-service#!/bin/bash
if [ "$EUID" != 0 ]; then
sudo -S "$0" "$@"
exit $?
fi
if [ "$1" = "enable" ]; then
# Disable the libvirtd monolithic daemon if present
if [ "$(systemctl is-active libvirtd.service)" = "active" ]; then
systemctl stop libvirtd.service
systemctl stop libvirtd{,-ro,-admin,-tcp,-tls}.socket
systemctl disable libvirtd.service
systemctl disable libvirtd{,-ro,-admin,-tcp,-tls}.socket
echo "Stopping libvirtd.service"
fi
# (Re)Start the kvm-container
systemctl daemon-reload
systemctl restart kvm-container-meta.service
# Enable modular libvirt daemons on the host
for drv in qemu network nodedev nwfilter proxy secret storage
do
systemctl unmask container-virt${drv}d.service
systemctl unmask virt${drv}d{,-ro,-admin}.socket
systemctl enable container-virt${drv}d.service
systemctl enable virt${drv}d{,-ro,-admin}.socket
systemctl restart virt${drv}d{,-ro,-admin}.socket
systemctl restart container-virt${drv}d.service
echo "Attempting to start container-virt${drv}d.service"
done
elif [ "$1" = "disable" ]; then
# Disable modular libvirt daemons on the host
if [ "$(systemctl is-active kvm-container-meta.service)" = "active" ]; then
for drv in qemu network nodedev nwfilter proxy secret storage log lock
do
systemctl stop container-virt${drv}d.service
systemctl stop virt${drv}d{,-ro,-admin}.socket
systemctl disable container-virt${drv}d.service
systemctl disable virt${drv}d{,-ro,-admin}.socket
echo "Disabling container-virt${drv}d.service"
done
# Stop the kvm-container
systemctl stop kvm-container-meta.service
systemctl disable kvm-container-meta.service
fi
else
echo "host_service: Unknown command \"$1\""
fi
07070100000003000081a4000000000000000000000001643ff9ad000003ad000000000000000000000000000000000000001d00000000container/kvm-container.conf# CONTAINER
CONTAINER_NAME=kvm-container
# OFFICIAL image
IMAGE=registry.opensuse.org/suse/alp/workloads/tumbleweed_containerfiles/suse/alp/workloads/kvm-modular-libvirt:latest
# For Dev builds
#IMAGE=registry.opensuse.org/virtualization/containerfile/suse/alp/workloads/kvm-modular-libvirt:latest
#IMAGE=localhost/kvmlocal:latest
# VARS
DATA=/var/lib/libvirt/images
LIBVIRTDQEMU=/etc/libvirt/qemu
VARRUNLIBVIRT=/var/run/libvirt
# Virtual Machine configuration
# currently only 'OpenStack' contain cloud-init
#https://download.opensuse.org/tumbleweed/appliances/openSUSE-Tumbleweed-Minimal-VM.x86_64-kvm-and-xen.qcow2
APPLIANCE_MIRROR=https://download.opensuse.org/tumbleweed/appliances
APPLIANCE=openSUSE-Tumbleweed-Minimal-VM.x86_64-kvm-and-xen
BACKING_DIR=/var/lib/libvirt/images
BACKING_FORMAT=qcow2
BACKING_STORE=${BACKING_DIR}/${APPLIANCE}.${BACKING_FORMAT}
DOMAIN=Tumbleweed-JeOS
BRIDGEIF=virbr5
DISKSIZE=8
VMMEMORY=1024
VCPU=1
07070100000004000081a4000000000000000000000001643ff9ad0000081e000000000000000000000000000000000000001800000000container/label-install#!/bin/bash
# This is the install script for kvm when run in a privileged
# container.
cd /
PATH="/usr/bin:/usr/sbin"
CONTAINER=kvm-container
# ETC
MAINFON=${CONTAINER}-functions
MAINCONF=${CONTAINER}.conf
NETCONF=libvirt/qemu/networks/default_network.xml
QEMUCONF=libvirt/qemu.conf
# BIN
VIRSHSCRIPT=virsh
VIRTINSTALLDEMO=virt-install-demo.sh
VIRTINSTALL=virt-install
HOSTSERVICE=${CONTAINER}-host-service
echo "LABEL INSTALL"
# Install/update scripts on the host
copy_to_usr_local_bin() {
SCRIPT=$1
cp -av /container/${SCRIPT} /host/usr/local/bin/
# ensure the script is executable in bin dir
chmod 755 /host/usr/local/bin/${SCRIPT}
}
# Install but don't update config files
copy_to_etc() {
CONF=$1
if [ ! -e /host/etc/${CONF} ]; then
cp -av /container/${CONF} /host/etc/${CONF}
else
echo "/host/etc/${CONF} already exist, will not update it"
fi
}
copy_systemd_units() {
# Create systemd directory if not present
if [ ! -e /host/etc/systemd/system ]; then
mkdir -p /host/etc/systemd/system
fi
cp -av /container/systemd/* /host/etc/systemd/system/
}
## MAIN
copy_to_etc ${MAINCONF}
copy_to_etc ${MAINFON}
mkdir -p /host/etc/libvirt/qemu/networks
cp -av /container/default_network.xml /host/etc/${NETCONF}
cp -av /container/qemu.conf /host/etc/${QEMUCONF}
copy_to_usr_local_bin ${VIRTINSTALLDEMO}
copy_to_usr_local_bin ${VIRSHSCRIPT}
copy_to_usr_local_bin ${VIRTINSTALL}
copy_to_usr_local_bin ${HOSTSERVICE}
copy_to_usr_local_bin pvirsh
copy_to_usr_local_bin qemu-img
copy_to_usr_local_bin virt-scenario
copy_to_usr_local_bin virt-scenario-launch
copy_to_usr_local_bin virt-xml-validate
copy_systemd_units
# save the image path for the container that was used to run the install
# as the default container image to use for the libvirtd service. The
# image path to use should be available in the IMAGE environment variable.
echo "IMAGE=${IMAGE}" > /host/etc/default/${CONTAINER}
# FIXME: Image location not present on host, is there a better way to do this?
mkdir -p /host/var/lib/libvirt/images
cd /host/usr/local/bin/
07070100000005000081a4000000000000000000000001643ff9ad00000898000000000000000000000000000000000000001a00000000container/label-uninstall#!/bin/bash
# This is the uninstall script for kvm when run in a privileged
# container.
CONTAINER=kvm-container
cd /
PATH="/usr/bin:/usr/sbin"
if [ ! -d /host/etc ] || [ ! -d /host/usr/local/bin ]; then
echo "${CONTAINER}-uninstall: host file system is not mounted at /host"
exit 1
fi
delete_file() {
PATH=$1
FILE=$2
if [ ! -z "${PATH}/${FILE}" ]; then
if [ ! -e "${PATH}/${FILE}" ]; then
echo "${FILE} not present, nothing to remove"
else
/usr/bin/rm -vf ${PATH}/${FILE}
fi
fi
}
# removing installed files
echo "LABEL UNINSTALL: Removing all files"
delete_file /host/etc ${CONTAINER}.conf
delete_file /host/etc ${CONTAINER}-functions
delete_file /host/etc/libvirt/qemu/networks default_network.xml
delete_file /host/usr/local/bin pvirsh
delete_file /host/usr/local/bin qemu-img
delete_file /host/usr/local/bin virt-scenario
delete_file /host/usr/local/bin virt-scenario-launch
delete_file /host/usr/local/bin virt-xml-validate
delete_file /host/usr/local/bin virsh
delete_file /host/usr/local/bin virt-install-demo.sh
delete_file /host/usr/local/bin virt-install
delete_file /host/usr/local/bin ${CONTAINER}-host-service
# Remove systemd unit files from host
for drv in qemu network nodedev nwfilter proxy secret storage; do
delete_file /host/etc/systemd/system container-virt${drv}d.service
delete_file /host/etc/systemd/system virt${drv}d.socket
delete_file /host/etc/systemd/system virt${drv}d-ro.socket
delete_file /host/etc/systemd/system virt${drv}d-admin.socket
done
for drv in log lock; do
delete_file /host/etc/systemd/system container-virt${drv}d.service
delete_file /host/etc/systemd/system virt${drv}d.socket
delete_file /host/etc/systemd/system virt${drv}d-admin.socket
done
delete_file /host/etc/systemd/system virtproxyd-tls.socket
delete_file /host/etc/systemd/system virtproxyd-tcp.socket
delete_file /host/etc/systemd/system libvirtd.socket
delete_file /host/etc/systemd/system libvirtd-ro.socket
delete_file /host/etc/systemd/system libvirtd-admin.socket
delete_file /host/etc/systemd/system libvirtd-tls.socket
delete_file /host/etc/systemd/system libvirtd-tcp.socket
delete_file /host/etc/systemd/system kvm-container-meta.service
07070100000006000081a4000000000000000000000001643ff9ad000001ce000000000000000000000000000000000000001100000000container/pvirsh#!/bin/bash
if [ -f /etc/kvm-container-functions ] ; then
. /etc/kvm-container-functions
elif [ -f `pwd`/kvm-container-functions ]; then
echo "Found local version of kvm-container-functions"
export CONF="`pwd`/kvm-container.conf"
. "`pwd`/kvm-container-functions"
else
echo "! need /etc/kvm-container-functions; Exiting";
exit 1
fi
check_load_config_file
set -euxo pipefail
# Run the domain
podman exec -ti ${CONTAINER_NAME} pvirsh $@
07070100000007000081a4000000000000000000000001643ff9ad000001d0000000000000000000000000000000000000001300000000container/qemu-img#!/bin/bash
if [ -f /etc/kvm-container-functions ] ; then
. /etc/kvm-container-functions
elif [ -f `pwd`/kvm-container-functions ]; then
echo "Found local version of kvm-container-functions"
export CONF="`pwd`/kvm-container.conf"
. "`pwd`/kvm-container-functions"
else
echo "! need /etc/kvm-container-functions; Exiting";
exit 1
fi
check_load_config_file
set -euxo pipefail
# Run the domain
podman exec -ti ${CONTAINER_NAME} qemu-img $@
07070100000008000081a4000000000000000000000001643ff9ad00000028000000000000000000000000000000000000001400000000container/qemu.confcgroup_controllers = []
namespaces = []
07070100000009000081a4000000000000000000000001643ff9ad000003f2000000000000000000000000000000000000002e00000000container/systemd/container-virtlockd.service[Unit]
Description=Virtual machine lock manager
Conflicts=libvirtd.service virtlockd.service
Requires=virtlockd.socket
Requires=virtlockd-admin.socket
Before=container-virtqemud.service
After=kvm-container-meta.service
BindsTo=kvm-container-meta.service
Documentation=man:virtlockd(8)
Documentation=https://libvirt.org
[Service]
Type=forking
Environment=VIRTLOCKD_ARGS=
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/sysconfig/container-virtlockd
EnvironmentFile=-/etc/kvm-container.conf
ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtlockd $VIRTLOCKD_ARGS
Restart=on-failure
RestartSec=2
# Losing the locks is a really bad thing that will
# cause the machine to be fenced (rebooted), so make
# sure we discourage OOM killer
OOMScoreAdjust=-900
# Needs to allow for max guests * average disks per guest
# libvirtd.service written to expect 4096 guests, so if we
# allow for 10 disks per guest, we get:
LimitNOFILE=40960
[Install]
Also=virtlockd.socket
0707010000000a000081a4000000000000000000000001643ff9ad00000478000000000000000000000000000000000000002d00000000container/systemd/container-virtlogd.service[Unit]
Description=Virtual machine log manager
Conflicts=libvirtd.service virtlogd.service
Requires=virtlogd.socket
Requires=virtlogd-admin.socket
Before=container-virtqemud.service
After=kvm-container-meta.service
BindsTo=kvm-container-meta.service
Documentation=man:virtlogd(8)
Documentation=https://libvirt.org
[Service]
Type=forking
Environment=VIRTLOGD_ARGS=""
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/sysconfig/container-virtlogd
EnvironmentFile=-/etc/kvm-container.conf
ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtlogd $VIRTLOGD_ARGS
Restart=on-failure
RestartSec=2
# Losing the logs is a really bad thing that will
# cause the machine to be fenced (rebooted), so make
# sure we discourage OOM killer
OOMScoreAdjust=-900
# Need to have at least one file open per guest (eg QEMU
# stdio log), but might be more (eg serial console logs)
# A common case is OpenStack which often has up to 4 file
# handles per guest.
# libvirtd.service written to expect 4096 guests, so if we
# guess at 4 files per guest here that is 16k:
LimitNOFILE=16384
[Install]
Also=virtlogd.socket
0707010000000b000081a4000000000000000000000001643ff9ad000003b5000000000000000000000000000000000000003100000000container/systemd/container-virtnetworkd.service[Unit]
Description=Virtualization network daemon
Conflicts=libvirtd.service virtnetworkd.service
Requires=virtnetworkd.socket
Requires=virtnetworkd-ro.socket
Requires=virtnetworkd-admin.socket
After=network.target
After=firewalld.service
After=iptables.service
After=ip6tables.service
After=dbus.service
After=apparmor.service
After=local-fs.target
After=kvm-container-meta.service
BindsTo=kvm-container-meta.service
Documentation=man:virtnetworkd(8)
Documentation=https://libvirt.org
[Service]
Type=forking
Environment=VIRTNETWORKD_ARGS=""
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/kvm-container.conf
EnvironmentFile=-/etc/sysconfig/container-virtnetworkd
ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtnetworkd $VIRTNETWORKD_ARGS
Restart=on-failure
RestartSec=2
[Install]
WantedBy=multi-user.target
Also=virtnetworkd.socket
Also=virtnetworkd-ro.socket
Also=virtnetworkd-admin.socket
0707010000000c000081a4000000000000000000000001643ff9ad0000036d000000000000000000000000000000000000003100000000container/systemd/container-virtnodedevd.service[Unit]
Description=Virtualization nodedev daemon
Conflicts=libvirtd.service virtnodedevd.service
Requires=virtnodedevd.socket
Requires=virtnodedevd-ro.socket
Requires=virtnodedevd-admin.socket
After=network.target
After=dbus.service
After=apparmor.service
After=local-fs.target
After=kvm-container-meta.service
BindsTo=kvm-container-meta.service
Documentation=man:virtnodedevd(8)
Documentation=https://libvirt.org
[Service]
Type=forking
Environment=VIRTNODEDEVD_ARGS=""
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/sysconfig/container-virtnodedevd
EnvironmentFile=-/etc/kvm-container.conf
ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtnodedevd $VIRTNODEDEVD_ARGS
Restart=on-failure
RestartSec=2
[Install]
WantedBy=multi-user.target
Also=virtnodedevd.socket
Also=virtnodedevd-ro.socket
Also=virtnodedevd-admin.socket
0707010000000d000081a4000000000000000000000001643ff9ad0000037a000000000000000000000000000000000000003200000000container/systemd/container-virtnwfilterd.service[Unit]
Description=Virtualization nwfilter daemon
Conflicts=libvirtd.service virtnwfilterd.service
Requires=virtnwfilterd.socket
Requires=virtnwfilterd-ro.socket
Requires=virtnwfilterd-admin.socket
After=network.target
After=dbus.service
After=apparmor.service
After=local-fs.target
After=kvm-container-meta.service
BindsTo=kvm-container-meta.service
Documentation=man:virtnwfilterd(8)
Documentation=https://libvirt.org
[Service]
Type=forking
Environment=VIRTNWFILTERD_ARGS=""
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/sysconfig/container-virtnwfilterd
EnvironmentFile=-/etc/kvm-container.conf
ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtnwfilterd $VIRTNWFILTERD_ARGS
Restart=on-failure
RestartSec=2
[Install]
WantedBy=multi-user.target
Also=virtnwfilterd.socket
Also=virtnwfilterd-ro.socket
Also=virtnwfilterd-admin.socket
0707010000000e000081a4000000000000000000000001643ff9ad0000034d000000000000000000000000000000000000002f00000000container/systemd/container-virtproxyd.service[Unit]
Description=Virtualization daemon
Conflicts=libvirtd.service virtproxyd.service
Requires=virtproxyd.socket
Requires=virtproxyd-ro.socket
Requires=virtproxyd-admin.socket
After=network.target
After=dbus.service
After=apparmor.service
After=local-fs.target
After=kvm-container-meta.service
BindsTo=kvm-container-meta.service
Documentation=man:virtproxyd(8)
Documentation=https://libvirt.org
[Service]
Type=forking
Environment=VIRTPROXYD_ARGS=""
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/sysconfig/container-virtproxyd
EnvironmentFile=-/etc/kvm-container.conf
ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtproxyd $VIRTPROXYD_ARGS
Restart=on-failure
RestartSec=2
[Install]
WantedBy=multi-user.target
Also=virtproxyd.socket
Also=virtproxyd-ro.socket
Also=virtproxyd-admin.socket
0707010000000f000081a4000000000000000000000001643ff9ad0000070d000000000000000000000000000000000000002e00000000container/systemd/container-virtqemud.service[Unit]
Description=Virtualization qemu daemon
Conflicts=libvirtd.service virtqemud.service
Requires=virtlogd.socket
Requires=virtlockd.socket
Requires=virtqemud.socket
Requires=virtqemud-ro.socket
Requires=virtqemud-admin.socket
Wants=systemd-machined.service
Before=libvirt-guests.service
After=kvm-container-meta.service
BindsTo=kvm-container-meta.service
Documentation=man:virtqemud(8)
Documentation=https://libvirt.org
[Service]
Type=forking
Environment=VIRTQEMUD_ARGS=""
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/sysconfig/container-virtqemud
EnvironmentFile=-/etc/kvm-container.conf
ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtqemud $VIRTQEMUD_ARGS
Restart=on-failure
RestartSec=2
# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent).
# eg if we want to support 4096 guests, we'll typically need 8192 FDs
# If changing this, also consider container-virtlogd.service & container-virtlockd.service
# limits which are also related to number of guests
LimitNOFILE=8192
# The cgroups pids controller can limit the number of tasks started by
# the daemon, which can limit the number of domains for some hypervisors.
# A conservative default of 8 tasks per guest results in a TasksMax of
# 32k to support 4096 guests.
TasksMax=32768
# With cgroups v2 there is no devices controller anymore, we have to use
# eBPF to control access to devices. In order to do that we create a eBPF
# hash MAP which locks memory. The default map size for 64 devices together
# with program takes 12k per guest. After rounding up we will get 64M to
# support 4096 guests.
LimitMEMLOCK=64M
[Install]
WantedBy=multi-user.target
Also=virtlogd.socket
Also=virtlockd.socket
Also=virtqemud.socket
Also=virtqemud-ro.socket
Also=virtqemud-admin.socket
07070100000010000081a4000000000000000000000001643ff9ad00000360000000000000000000000000000000000000003000000000container/systemd/container-virtsecretd.service[Unit]
Description=Virtualization secret daemon
Conflicts=libvirtd.service virtsecretd.service
Requires=virtsecretd.socket
Requires=virtsecretd-ro.socket
Requires=virtsecretd-admin.socket
After=network.target
After=dbus.service
After=apparmor.service
After=local-fs.target
After=kvm-container-meta.service
BindsTo=kvm-container-meta.service
Documentation=man:virtsecretd(8)
Documentation=https://libvirt.org
[Service]
Type=forking
Environment=VIRTSECRETD_ARGS=""
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/sysconfig/container-virtsecretd
EnvironmentFile=-/etc/kvm-container.conf
ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtsecretd $VIRTSECRETD_ARGS
Restart=on-failure
RestartSec=2
[Install]
WantedBy=multi-user.target
Also=virtsecretd.socket
Also=virtsecretd-ro.socket
Also=virtsecretd-admin.socket
07070100000011000081a4000000000000000000000001643ff9ad00000399000000000000000000000000000000000000003100000000container/systemd/container-virtstoraged.service[Unit]
Description=Virtualization storage daemon
Conflicts=libvirtd.service virtstoraged.service
Requires=virtstoraged.socket
Requires=virtstoraged-ro.socket
Requires=virtstoraged-admin.socket
After=network.target
After=dbus.service
After=iscsid.service
After=apparmor.service
After=local-fs.target
After=remote-fs.target
After=kvm-container-meta.service
BindsTo=kvm-container-meta.service
Documentation=man:virtstoraged(8)
Documentation=https://libvirt.org
[Service]
Type=forking
Environment=VIRTSTORAGED_ARGS=""
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/sysconfig/container-virtstoraged
EnvironmentFile=-/etc/kvm-container.conf
ExecStart=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} /usr/sbin/virtstoraged $VIRTSTORAGED_ARGS
Restart=on-failure
RestartSec=2
[Install]
WantedBy=multi-user.target
Also=virtstoraged.socket
Also=virtstoraged-ro.socket
Also=virtstoraged-admin.socket
07070100000012000081a4000000000000000000000001643ff9ad00000846000000000000000000000000000000000000002d00000000container/systemd/kvm-container-meta.service[Unit]
Description=Meta service for containerized virtualization daemon
Conflicts=libvirtd.service
Wants=systemd-machined.service
Before=container-virtlogd.service
Before=container-virtlockd.service
Before=container-virtqemud.service
Before=container-virtnetworkd.service
Before=container-virtnwfilterd.service
Before=container-virtnodedevd.service
Before=container-virtsecretd.service
Before=container-virtstoraged.service
After=network-online.target
After=dbus.service
After=apparmor.service
After=local-fs.target
After=remote-fs.target
After=systemd-logind.service
After=systemd-machined.service
[Service]
Type=notify
NotifyAccess=all
Environment=IMAGE="registry.opensuse.org/suse/alp/workloads/tumbleweed_containerfiles/suse/alp/workloads/kvm-modular-libvirt:latest"
Environment=CONTAINER_NAME="kvm-container"
EnvironmentFile=-/etc/sysconfig/kvm-container-meta
EnvironmentFile=-/etc/kvm-container.conf
ExecStartPre=/bin/rm -f %t/%n.pid %t/%n.ctr-id
ExecStart=/usr/bin/podman run --conmon-pidfile %t/%n.pid --cidfile %t/%n.ctr-id --cgroups=no-conmon --sdnotify=conmon --init --detach --replace --rm --net=host --privileged --cgroupns=host -e IMAGE=${IMAGE} -v /:/host -v /run/libvirt:/run/libvirt -v /etc/libvirt:/etc/libvirt -v /etc/libvirt/qemu:/etc/libvirt/qemu -v /var/lib/libvirt/images:/var/lib/libvirt/images -v /lib/modules:/lib/modules:ro -v /etc/machine-id:/etc/machine-id:ro --name ${CONTAINER_NAME} ${IMAGE} /usr/bin/sleep infinity
ExecStartPost=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} virsh net-start default_network
ExecStartPost=-/usr/bin/podman network reload -a
ExecStopPre=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} virsh net-destroy default_network
ExecStopPre=/usr/bin/podman exec --detach --privileged ${CONTAINER_NAME} pkill -fe -9 /usr/bin/qemu-system-x86_64
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%n.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%n.ctr-id
ExecStopPost=/usr/bin/ip link delete ${BRIDGEIF}
KillMode=control-group
Restart=on-failure
TimeoutSec=70
RestartSec=1
[Install]
WantedBy=multi-user.target
07070100000013000081a4000000000000000000000001643ff9ad00000120000000000000000000000000000000000000002900000000container/systemd/virtlockd-admin.socket[Unit]
Description=Virtual machine lock manager admin socket
Before=container-virtqemud.service
BindsTo=virtlockd.socket
After=virtlockd.socket
[Socket]
ListenStream=/run/libvirt/virtlockd-admin-sock
Service=container-virtlockd.service
SocketMode=0600
[Install]
WantedBy=sockets.target
07070100000014000081a4000000000000000000000001643ff9ad00000107000000000000000000000000000000000000002300000000container/systemd/virtlockd.socket[Unit]
Description=Virtual machine lock manager socket
Before=container-virtqemud.service
Before=container-virtlockd.service
[Socket]
ListenStream=/run/libvirt/virtlockd-sock
Service=container-virtlockd.service
SocketMode=0600
[Install]
WantedBy=sockets.target
07070100000015000081a4000000000000000000000001643ff9ad00000115000000000000000000000000000000000000002800000000container/systemd/virtlogd-admin.socket[Unit]
Description=Virtual machine log manager socket
Before=container-virtqemud.service
BindsTo=virtlogd.socket
After=virtlogd.socket
[Socket]
ListenStream=/run/libvirt/virtlogd-admin-sock
Service=container-virtlogd.service
SocketMode=0600
[Install]
WantedBy=sockets.target
07070100000016000081a4000000000000000000000001643ff9ad00000103000000000000000000000000000000000000002200000000container/systemd/virtlogd.socket[Unit]
Description=Virtual machine log manager socket
Before=container-virtqemud.service
Before=container-virtlogd.service
[Socket]
ListenStream=/run/libvirt/virtlogd-sock
Service=container-virtlogd.service
SocketMode=0600
[Install]
WantedBy=sockets.target
07070100000017000081a4000000000000000000000001643ff9ad00000123000000000000000000000000000000000000002c00000000container/systemd/virtnetworkd-admin.socket[Unit]
Description=Libvirt network admin socket
Before=container-virtnetworkd.service
BindsTo=virtnetworkd.socket
After=virtnetworkd.socket
[Socket]
ListenStream=/run/libvirt/virtnetworkd-admin-sock
Service=container-virtnetworkd.service
SocketMode=0600
[Install]
WantedBy=sockets.target
07070100000018000081a4000000000000000000000001643ff9ad0000012a000000000000000000000000000000000000002900000000container/systemd/virtnetworkd-ro.socket[Unit]
Description=Libvirt network local read-only socket
Before=container-virtnetworkd.service
BindsTo=virtnetworkd.socket
After=virtnetworkd.socket
[Socket]
ListenStream=/run/libvirt/virtnetworkd-sock-ro
Service=container-virtnetworkd.service
SocketMode=0666
[Install]
WantedBy=sockets.target
07070100000019000081a4000000000000000000000001643ff9ad000000f8000000000000000000000000000000000000002600000000container/systemd/virtnetworkd.socket[Unit]
Description=Libvirt network local socket
Before=container-virtnetworkd.service
[Socket]
ListenStream=/run/libvirt/virtnetworkd-sock
Service=container-virtnetworkd.service
SocketMode=0666
RemoveOnStop=yes
[Install]
WantedBy=sockets.target
0707010000001a000081a4000000000000000000000001643ff9ad00000123000000000000000000000000000000000000002c00000000container/systemd/virtnodedevd-admin.socket[Unit]
Description=Libvirt nodedev admin socket
Before=container-virtnodedevd.service
BindsTo=virtnodedevd.socket
After=virtnodedevd.socket
[Socket]
ListenStream=/run/libvirt/virtnodedevd-admin-sock
Service=container-virtnodedevd.service
SocketMode=0600
[Install]
WantedBy=sockets.target
0707010000001b000081a4000000000000000000000001643ff9ad0000012a000000000000000000000000000000000000002900000000container/systemd/virtnodedevd-ro.socket[Unit]
Description=Libvirt nodedev local read-only socket
Before=container-virtnodedevd.service
BindsTo=virtnodedevd.socket
After=virtnodedevd.socket
[Socket]
ListenStream=/run/libvirt/virtnodedevd-sock-ro
Service=container-virtnodedevd.service
SocketMode=0666
[Install]
WantedBy=sockets.target
0707010000001c000081a4000000000000000000000001643ff9ad000000f8000000000000000000000000000000000000002600000000container/systemd/virtnodedevd.socket[Unit]
Description=Libvirt nodedev local socket
Before=container-virtnodedevd.service
[Socket]
ListenStream=/run/libvirt/virtnodedevd-sock
Service=container-virtnodedevd.service
SocketMode=0666
RemoveOnStop=yes
[Install]
WantedBy=sockets.target
0707010000001d000081a4000000000000000000000001643ff9ad00000129000000000000000000000000000000000000002d00000000container/systemd/virtnwfilterd-admin.socket[Unit]
Description=Libvirt nwfilter admin socket
Before=container-virtnwfilterd.service
BindsTo=virtnwfilterd.socket
After=virtnwfilterd.socket
[Socket]
ListenStream=/run/libvirt/virtnwfilterd-admin-sock
Service=container-virtnwfilterd.service
SocketMode=0600
[Install]
WantedBy=sockets.target
0707010000001e000081a4000000000000000000000001643ff9ad00000130000000000000000000000000000000000000002a00000000container/systemd/virtnwfilterd-ro.socket[Unit]
Description=Libvirt nwfilter local read-only socket
Before=container-virtnwfilterd.service
BindsTo=virtnwfilterd.socket
After=virtnwfilterd.socket
[Socket]
ListenStream=/run/libvirt/virtnwfilterd-sock-ro
Service=container-virtnwfilterd.service
SocketMode=0666
[Install]
WantedBy=sockets.target
0707010000001f000081a4000000000000000000000001643ff9ad000000fc000000000000000000000000000000000000002700000000container/systemd/virtnwfilterd.socket[Unit]
Description=Libvirt nwfilter local socket
Before=container-virtnwfilterd.service
[Socket]
ListenStream=/run/libvirt/virtnwfilterd-sock
Service=container-virtnwfilterd.service
SocketMode=0666
RemoveOnStop=yes
[Install]
WantedBy=sockets.target
07070100000020000081a4000000000000000000000001643ff9ad00000181000000000000000000000000000000000000002a00000000container/systemd/virtproxyd-admin.socket[Unit]
Description=Libvirt proxy admin socket
Before=container-virtproxyd.service
BindsTo=virtproxyd.socket
After=virtproxyd.socket
Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket
[Socket]
ListenStream=/run/libvirt/virtproxyd-admin-sock
Service=container-virtproxyd.service
SocketMode=0600
[Install]
WantedBy=sockets.target
07070100000021000081a4000000000000000000000001643ff9ad00000188000000000000000000000000000000000000002700000000container/systemd/virtproxyd-ro.socket[Unit]
Description=Libvirt proxy local read-only socket
Before=container-virtproxyd.service
BindsTo=virtproxyd.socket
After=virtproxyd.socket
Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket
[Socket]
ListenStream=/run/libvirt/virtproxyd-sock-ro
Service=container-virtproxyd.service
SocketMode=0666
[Install]
WantedBy=sockets.target
07070100000022000081a4000000000000000000000001643ff9ad00000159000000000000000000000000000000000000002800000000container/systemd/virtproxyd-tcp.socket[Unit]
Description=Libvirt proxy non-TLS IP socket
Before=container-virtproxyd.service
BindsTo=virtproxyd.socket
After=virtproxyd.socket
Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket
[Socket]
ListenStream=16509
Service=container-virtproxyd.service
[Install]
WantedBy=sockets.target
07070100000023000081a4000000000000000000000001643ff9ad00000155000000000000000000000000000000000000002800000000container/systemd/virtproxyd-tls.socket[Unit]
Description=Libvirt proxy TLS IP socket
Before=container-virtproxyd.service
BindsTo=virtproxyd.socket
After=virtproxyd.socket
Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket
[Socket]
ListenStream=16514
Service=container-virtproxyd.service
[Install]
WantedBy=sockets.target
07070100000024000081a4000000000000000000000001643ff9ad0000015a000000000000000000000000000000000000002400000000container/systemd/virtproxyd.socket[Unit]
Description=Libvirt proxy local socket
Before=container-virtproxyd.service
Conflicts=libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket
[Socket]
ListenStream=/run/libvirt/virtproxyd-sock
Service=container-virtproxyd.service
SocketMode=0666
RemoveOnStop=yes
[Install]
WantedBy=sockets.target
07070100000025000081a4000000000000000000000001643ff9ad00000111000000000000000000000000000000000000002900000000container/systemd/virtqemud-admin.socket[Unit]
Description=Libvirt qemu admin socket
Before=container-virtqemud.service
BindsTo=virtqemud.socket
After=virtqemud.socket
[Socket]
ListenStream=/run/libvirt/virtqemud-admin-sock
Service=container-virtqemud.service
SocketMode=0600
[Install]
WantedBy=sockets.target
07070100000026000081a4000000000000000000000001643ff9ad00000118000000000000000000000000000000000000002600000000container/systemd/virtqemud-ro.socket[Unit]
Description=Libvirt qemu local read-only socket
Before=container-virtqemud.service
BindsTo=virtqemud.socket
After=virtqemud.socket
[Socket]
ListenStream=/run/libvirt/virtqemud-sock-ro
Service=container-virtqemud.service
SocketMode=0666
[Install]
WantedBy=sockets.target
07070100000027000081a4000000000000000000000001643ff9ad000000ec000000000000000000000000000000000000002300000000container/systemd/virtqemud.socket[Unit]
Description=Libvirt qemu local socket
Before=container-virtqemud.service
[Socket]
ListenStream=/run/libvirt/virtqemud-sock
Service=container-virtqemud.service
SocketMode=0666
RemoveOnStop=yes
[Install]
WantedBy=sockets.target
07070100000028000081a4000000000000000000000001643ff9ad0000011d000000000000000000000000000000000000002b00000000container/systemd/virtsecretd-admin.socket[Unit]
Description=Libvirt secret admin socket
Before=container-virtsecretd.service
BindsTo=virtsecretd.socket
After=virtsecretd.socket
[Socket]
ListenStream=/run/libvirt/virtsecretd-admin-sock
Service=container-virtsecretd.service
SocketMode=0600
[Install]
WantedBy=sockets.target
07070100000029000081a4000000000000000000000001643ff9ad00000124000000000000000000000000000000000000002800000000container/systemd/virtsecretd-ro.socket[Unit]
Description=Libvirt secret local read-only socket
Before=container-virtsecretd.service
BindsTo=virtsecretd.socket
After=virtsecretd.socket
[Socket]
ListenStream=/run/libvirt/virtsecretd-sock-ro
Service=container-virtsecretd.service
SocketMode=0666
[Install]
WantedBy=sockets.target
0707010000002a000081a4000000000000000000000001643ff9ad000000f4000000000000000000000000000000000000002500000000container/systemd/virtsecretd.socket[Unit]
Description=Libvirt secret local socket
Before=container-virtsecretd.service
[Socket]
ListenStream=/run/libvirt/virtsecretd-sock
Service=container-virtsecretd.service
SocketMode=0666
RemoveOnStop=yes
[Install]
WantedBy=sockets.target
0707010000002b000081a4000000000000000000000001643ff9ad00000123000000000000000000000000000000000000002c00000000container/systemd/virtstoraged-admin.socket[Unit]
Description=Libvirt storage admin socket
Before=container-virtstoraged.service
BindsTo=virtstoraged.socket
After=virtstoraged.socket
[Socket]
ListenStream=/run/libvirt/virtstoraged-admin-sock
Service=container-virtstoraged.service
SocketMode=0600
[Install]
WantedBy=sockets.target
0707010000002c000081a4000000000000000000000001643ff9ad0000012a000000000000000000000000000000000000002900000000container/systemd/virtstoraged-ro.socket[Unit]
Description=Libvirt storage local read-only socket
Before=container-virtstoraged.service
BindsTo=virtstoraged.socket
After=virtstoraged.socket
[Socket]
ListenStream=/run/libvirt/virtstoraged-sock-ro
Service=container-virtstoraged.service
SocketMode=0666
[Install]
WantedBy=sockets.target
0707010000002d000081a4000000000000000000000001643ff9ad000000f7000000000000000000000000000000000000002600000000container/systemd/virtstoraged.socket[Unit]
Description=Libvirt storage local socket
Before=container-virtstoraged.service
[Socket]
ListenStream=/run/libvirt/virtstoraged-sock
Service=container-virtstoraged.service
SocketMode=0666
RemoveOnStop=yes
[Install]
WantedBy=sockets.target
0707010000002e000041ed000000000000000000000001643ff9ad00000000000000000000000000000000000000000000001200000000container/systemd0707010000002f000081a4000000000000000000000001643ff9ad000001cd000000000000000000000000000000000000001000000000container/virsh#!/bin/bash
if [ -f /etc/kvm-container-functions ] ; then
. /etc/kvm-container-functions
elif [ -f `pwd`/kvm-container-functions ]; then
echo "Found local version of kvm-container-functions"
export CONF="`pwd`/kvm-container.conf"
. "`pwd`/kvm-container-functions"
else
echo "! need /etc/kvm-container-functions; Exiting";
exit 1
fi
check_load_config_file
set -euxo pipefail
# Run the domain
podman exec -ti ${CONTAINER_NAME} virsh $@
07070100000030000081a4000000000000000000000001643ff9ad000002a0000000000000000000000000000000000000001700000000container/virt-install#!/bin/bash
if [ -f /etc/kvm-container-functions ] ; then
. /etc/kvm-container-functions
elif [ -f `pwd`/kvm-container-functions ]; then
echo "Found local version of kvm-container-functions"
export CONF="`pwd`/kvm-container.conf"
. "`pwd`/kvm-container-functions"
else
echo "! need /etc/kvm-container-functions; Exiting";
exit 1
fi
check_load_config_file
set -euxo pipefail
# Run the domain
cat <<EOF
!! WARNING !!
This is wrapper script to execute virt-install inside the ${CONTAINER_NAME} container
You must put all images/ISO in the
$DATA
path to be able to access it.
EOF
sleep 1
podman exec -ti ${CONTAINER_NAME} virt-install $@
07070100000031000081a4000000000000000000000001643ff9ad0000067d000000000000000000000000000000000000001f00000000container/virt-install-demo.sh#!/bin/bash
set -exo pipefail
if [ -f /etc/kvm-container-functions ] ; then
#export CONF=/etc/kvm-container.conf
. /etc/kvm-container-functions
elif [ -f `pwd`/kvm-container-functions ]; then
echo "Found local version of kvm-container-functions"
export CONF="`pwd`/kvm-container.conf"
. "`pwd`/kvm-container-functions"
else
echo "! need /etc/kvm-container-functions; Exiting";
exit 1
fi
check_load_config_file
if [ ! -f ${DATA}/${APPLIANCE}.${BACKING_FORMAT} ]; then
pushd ${DATA}
curl -L -o ${DATA}/${APPLIANCE}.${BACKING_FORMAT} ${APPLIANCE_MIRROR}/${APPLIANCE}.${BACKING_FORMAT}
popd
fi
RANDOMSTRING=`openssl rand -hex 5`
VMNAME=${DOMAIN}_${RANDOMSTRING}
# ignition is not used right now
#cp -v VM_config.ign ${DATA}
create_vm() {
podman exec -ti ${CONTAINER_NAME} virt-install \
--connect qemu:///system \
--import \
--name ${VMNAME} \
--osinfo opensusetumbleweed \
--virt-type kvm --hvm \
--machine q35 --boot uefi \
--cpu host-passthrough \
--video vga \
--console pty,target.type=virtio \
--autoconsole text \
--network network=default_network \
--rng /dev/urandom \
--vcpu ${VCPU} --memory ${VMMEMORY} \
--cloud-init \
--disk size=${DISKSIZE},backing_store=${BACKING_STORE},backing_format=${BACKING_FORMAT},bus=virtio,cache=none \
--graphics vnc,listen=0.0.0.0,port=5950
# ignition needs another variant of image
# --sysinfo type=fwcfg,entry0.name="opt/com.coreos/config",entry0.file="${BACKING_DIR}/VM_config.ign" \
}
create_vm
cat <<EOF
To connect to the VM in console mode:
virsh console ${VMNAME}
To detach from the console:
crtl + ]
EOF
07070100000032000081a4000000000000000000000001643ff9ad000001d5000000000000000000000000000000000000001800000000container/virt-scenario#!/bin/bash
if [ -f /etc/kvm-container-functions ] ; then
. /etc/kvm-container-functions
elif [ -f `pwd`/kvm-container-functions ]; then
echo "Found local version of kvm-container-functions"
export CONF="`pwd`/kvm-container.conf"
. "`pwd`/kvm-container-functions"
else
echo "! need /etc/kvm-container-functions; Exiting";
exit 1
fi
check_load_config_file
set -euxo pipefail
# Run the domain
podman exec -ti ${CONTAINER_NAME} virt-scenario $@
07070100000033000081a4000000000000000000000001643ff9ad000001dc000000000000000000000000000000000000001f00000000container/virt-scenario-launch#!/bin/bash
if [ -f /etc/kvm-container-functions ] ; then
. /etc/kvm-container-functions
elif [ -f `pwd`/kvm-container-functions ]; then
echo "Found local version of kvm-container-functions"
export CONF="`pwd`/kvm-container.conf"
. "`pwd`/kvm-container-functions"
else
echo "! need /etc/kvm-container-functions; Exiting";
exit 1
fi
check_load_config_file
set -euxo pipefail
# Run the domain
podman exec -ti ${CONTAINER_NAME} virt-scenario-launch $@
07070100000034000081a4000000000000000000000001643ff9ad000001d9000000000000000000000000000000000000001c00000000container/virt-xml-validate#!/bin/bash
if [ -f /etc/kvm-container-functions ] ; then
. /etc/kvm-container-functions
elif [ -f `pwd`/kvm-container-functions ]; then
echo "Found local version of kvm-container-functions"
export CONF="`pwd`/kvm-container.conf"
. "`pwd`/kvm-container-functions"
else
echo "! need /etc/kvm-container-functions; Exiting";
exit 1
fi
check_load_config_file
set -euxo pipefail
# Run the domain
podman exec -ti ${CONTAINER_NAME} virt-xml-validate $@
07070100000035000041ed000000000000000000000001643ff9ad00000000000000000000000000000000000000000000000a00000000container07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!
