search

dmacvicar / terraform-provider-libvirt

Terraform provider to provision infrastructure with Linux's KVM using libvirt
Apache License 2.0
1.61k stars 460 forks source link

"socket" parameter for UNIX domain socket ignored? #1031

Open alexs77 opened 1 year ago

alexs77 commented 1 year ago

System Information

Linux distribution

Red Hat Enterprise Linux release 8.8 (Ootpa)

Terraform version

# terraform -v
Terraform v1.5.7
on linux_amd64
+ provider registry.terraform.io/dmacvicar/libvirt v0.7.1

Provider and libvirt versions

# .terraform/providers/registry.terraform.io/dmacvicar/libvirt/0.7.1/linux_amd64/terraform-provider-libvirt_v0.7.1 -version
.terraform/providers/registry.terraform.io/dmacvicar/libvirt/0.7.1/linux_amd64/terraform-provider-libvirt_v0.7.1 0.7.1

Checklist

Description of Issue/Question

Setup

terraform {
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
      version = "0.7.1"
    }
  }
}

provider "libvirt" {
  uri = "unix:///?socket=/var/run/libvirt/libvirt-sock"
}

resource "libvirt_domain" "default" {
  name = "test"
}

Steps to Reproduce Issue

It seems as if the socket parameter is ignored. It always tries to connect to the default file: defaultUnixSock = "/var/run/libvirt/libvirt-sock".

The directory /var/run/libvirt contains these files:

# ls -la /var/run/libvirt
total 0
drwxr-xr-x. 12 root root  360 Sep 12 06:37 .
drwxr-xr-x. 44 root root 1340 Sep 12 06:37 ..
drwx------.  2 root root   60 Apr 11 06:44 common
drwxr-xr-x.  2 root root   40 Apr  3 13:33 hostdevmgr
drwx------.  2 root root   60 Sep 12 06:37 interface
srw-------.  1 root root    0 Sep 12 06:37 libvirt-admin-sock
srw-rw-rw-.  1 root root    0 Sep 12 06:37 libvirt-sock
srw-rw-rw-.  1 root root    0 Sep 12 06:37 libvirt-sock-ro
drwxr-xr-x.  2 root root  100 Sep 12 06:37 network
drwx------.  2 root root   60 Sep 12 06:37 nodedev
drwx------.  2 root root   60 Sep 12 06:37 nwfilter
drwx------.  2 root root   40 Apr  3 13:33 nwfilter-binding
drwxr-xr-x.  4 root root  240 Sep 12 06:37 qemu
drwx------.  2 root root   60 Sep 12 06:37 secrets
drwxr-xr-x.  2 root root  100 Sep 12 06:37 storage
srw-------.  1 root root    0 Apr  3 13:33 virtlockd-sock
srw-------.  1 root root    0 Apr  3 13:33 virtlogd-admin-sock
srw-------.  1 root root    0 Apr  3 13:33 virtlogd-sock

(Include debug logs if possible and relevant).

tf-debug-trace.log

Additional information:

Do you have SELinux or Apparmor/Firewall enabled? Some special configuration? Have you tried to reproduce the issue without them enabled?

n/a

noderunner commented 1 year ago

I was having a similar issue and looked into this. The default socket URI is hard-coded. Initially, I started working on a patch by adding a new field to schema.Provider in libvirt/provider.go and then modifying libvirt/uri/unix.go to pick up that field if defined. That should work as a viable way to allow the default socket URI to be customized.

But then I dug into how libvirt works a bit more. The reason I had a need to change it is that I'm running libvirtd with qemu in "session" mode so that I don't have to run as root. But after carefully reading https://libvirt.org/daemons.html I switched my config to running qemuvirtd in (modular) instead of libvirtd (monolith) in session mode. Once I enabled virtproxyd as well, it "proxied" the UNIX sock connection from the (old) default /var/run/libvirt/libvirt-sock location to my actual socket location. Everything worked at that point without having to make any modifications to the provider.

scabala commented 3 months ago

Since libvirt introduced modular deamons, I think this is valid feature request to be able to specify socket to connect to.