Properly manage modular libvirtd on rhel-9 and cs-9

[cjeanner]

Hello team,

We're facing some issues while running this project against rhel-9.2 and centos-stream-9 hypervisor. With those releases, libvirt moves to a modular, socket activated architecture instead of the "old" monolithic libvirtd.service.

After a quick check, it seems multiple occurrences of systemctl restart libvirtd and related ansible tasks are present in this project, and it unfortunately conflicts with the new architecture of the service.

While doing the change in the ansible part is easy, it may be slightly more complicated in the bash scripts or, at least, not that straightforward.

Here are the matches:

01_prepare_host.sh:# Restart libvirtd service to get the new group membership loaded
01_prepare_host.sh:  sudo systemctl restart libvirtd
02_configure_host.sh:        # Restart libvirtd.service as suggested here
02_configure_host.sh:        sudo systemctl restart libvirtd.service
02_configure_host.sh:  source disable_apparmor_driver_libvirtd.sh
03_launch_mgmt_cluster.sh:    sudo systemctl restart libvirtd.service
disable_apparmor_driver_libvirtd.sh:sudo systemctl restart libvirtd
vm-setup/roles/libvirt/defaults/main.yml:libvirtd_service: libvirtd
vm-setup/roles/libvirt/tasks/install_setup_tasks.yml:- name: Start libvirtd
vm-setup/roles/libvirt/tasks/install_setup_tasks.yml:    name: "{{ libvirtd_service }}"

Few comments:

• The one in 01_prepare_host.sh isn't actually useful, because we're modifying the current user, not libvirtd user, so restarting the service is mostly pointless. The right thing is to logout and login again, or use gpasswd.
• The one in 02_configure_host.sh is the "usual" one I'd say, that should be replaced by a longer block ensuring socket services are properly enabled and running[1]
• (while at it, disabling SELinux and appArmor is sad, but not the current concern)
• The one in 03_launch_mgmt_cluster.sh is probably as "wrong" as the others, since it conflicts with the new modular services approach
• Then, in ansible, it's "easy" to get things straight for the new modular service.

Would you accept a series of patches removing those libvirtd.service restarts? I can probably get something over this week already - since we're consuming the project, we have to stabilize the virtualization provider asap.

Cheers,

C.

[1] I've done the logic in pure ansible in the ci-framework, an ansible project allowing to deploy OSP on OCP (think "NextGen OSP"): https://github.com/openstack-k8s-operators/ci-framework/blob/main/ci_framework/roles/libvirt_manager/tasks/virsh_checks.yml#L30-L64

[tuminoid]

/cc @Rozzii @lentzi90

[lentzi90]

I would say patches are very welcome!

[cjeanner]

I've opened a PR, let's see how it goes. I focused on the things I know, mostly "modular is for centos-stream-9 and rhel-9+" - meaning I didn't do anything for Ubuntu. It will defaults to the "systemctl restart libvirtd" and related "libvirtd monolithic management". But at least, it should be easy to update the patch later in case of need - I tried to make it as comprehensive as possible.

[Rozzii]

/triage accepted

[Rozzii]

Thanks for the help @cjeanner