def enable_selinux():
'''
All machines should have selinux on by default.
For more info: http://www.crypt.gen.nz/selinux/disable_selinux.html
'''
app.print_verbose("Enable SELinux")
enforcing = grep("/etc/selinux/config", "SELINUX=enforcing")
permissive = grep("/etc/selinux/config", "SELINUX=permissive")
if (enforcing or permissive):
config = scOpen("/etc/selinux/config")
config.replace('^SELINUX=.*$', "SELINUX=enforcing")
config.replace('^SELINUXTYPE=.*$', "SELINUXTYPE=targeted")
else:
app.print_error("SELinux is disabled, more need to be done, read " +
"http://www.crypt.gen.nz/selinux/disable_selinux.html")
def enable_selinux():
'''
All machines should have selinux on by default.
For more info: http://www.crypt.gen.nz/selinux/disable_selinux.html
'''
app.print_verbose("Enable SELinux")
enforcing = grep("/etc/selinux/config", "SELINUX=enforcing")
permissive = grep("/etc/selinux/config", "SELINUX=permissive")
if (enforcing or permissive):
config = scOpen("/etc/selinux/config")
config.replace('^SELINUX=.*$', "SELINUX=enforcing")
config.replace('^SELINUXTYPE=.*$', "SELINUXTYPE=targeted")
else:
app.print_error(
"SELinux is disabled, more need to be done, read " +
"http://www.crypt.gen.nz/selinux/disable_selinux.html"
)
def _enable_ksm():
"""
Start KSM (Kernel Samepage Merging)
http://www.linux-kvm.com/content/using-ksm-kernel-samepage-merging-kvm
"""
if general.grep("/boot/config-" + os.uname()[2], "CONFIG_KSM=y"):
x("service ksm start")
x("chkconfig ksm on")
# 'ksmtuned start' gives a deadlock when using standard x and reading
# on stdout.
x_communicate("service ksmtuned start")
# x("service ksmtuned retune")
x("chkconfig ksmtuned on")
def _enable_ksm():
'''
Start KSM (Kernel Samepage Merging)
http://www.linux-kvm.com/content/using-ksm-kernel-samepage-merging-kvm
'''
if (general.grep("/boot/config-" + os.uname()[2], "CONFIG_KSM=y")):
x("service ksm start")
x("chkconfig ksm on")
# 'ksmtuned start' gives a deadlock when using standard x and reading
# on stdout.
x_communicate("service ksmtuned start")
#x("service ksmtuned retune")
x("chkconfig ksmtuned on")
def install_kvmhost(args):
"""
The actual installation of the kvm host.
"""
app.print_verbose("Install kvm host version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallKvmHost", SCRIPT_VERSION)
version_obj.check_executed()
if not general.grep("/proc/cpuinfo", "vmx|svm"):
app.print_error("CPU don't support virtualization.")
_abort_kvm_host_installation()
if not general.grep("/proc/cpuinfo", "constant_tsc"):
app.print_error("CPU don't have a constant Time Stamp Counter.")
_abort_kvm_host_installation()
# Install the kvm packages
install.package("qemu-kvm")
install.package("libvirt")
install.package("libguestfs-tools")
install.package("avahi")
# Provides the virt-install command for creating virtual machines.
install.package("python-virtinst")
# Before libvirtd starts, create a snapshot partion for qemu.
_create_kvm_snapshot_partition()
# Start services libvirtd depends on.
x("service messagebus restart")
x("service avahi-daemon start")
x("chkconfig avahi-daemon on")
# Start virsh
x("service libvirtd start")
_enable_ksm()
# Looks like we need to wait for the libvirtd to start, otherwise
# the virsh nodeinfo below doesn't work.
time.sleep(1)
# Set selinux
x("setenforce 1")
# Is virsh started?
result = x("virsh nodeinfo")
if "CPU model:" not in result:
app.print_error("virsh not installed.")
_abort_kvm_host_installation()
result = x("virsh -c qemu:///system list")
if "Id" not in result and "Name" not in result:
app.print_error("virsh not installed.")
_abort_kvm_host_installation()
_remove_kvm_virt_networking()
iptables.add_kvm_chain()
iptables.save()
version_obj.mark_executed()
# Set selinux
x("reboot")
# Wait for the reboot to be executed, so the script
# doesn't proceed to next command in install.cfg
time.sleep(1000)
def install_kvmhost(args):
'''
The actual installation of the kvm host.
'''
app.print_verbose("Install kvm host version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallKvmHost", SCRIPT_VERSION)
version_obj.check_executed()
if (not general.grep("/proc/cpuinfo", "vmx|svm")):
app.print_error("CPU doesn't support virtualization.")
_abort_kvm_host_installation()
if (not general.grep("/proc/cpuinfo", "constant_tsc")):
app.print_error("CPU doesn't have a constant Time Stamp Counter.")
_abort_kvm_host_installation()
# Install the kvm packages
install.package("qemu-kvm")
install.package("libvirt")
install.package("libguestfs-tools")
install.package("avahi")
# Provides the virt-install command for creating virtual machines.
install.package("python-virtinst")
# Before libvirtd starts, create a snapshot partion for qemu.
_create_kvm_snapshot_partition()
# Start services libvirtd depends on.
x("service messagebus restart")
x("service avahi-daemon start")
x("chkconfig avahi-daemon on")
# Start virsh
x("service libvirtd start")
_enable_ksm()
# Looks like we need to wait for the libvirtd to start, otherwise
# the virsh nodeinfo below doesn't work.
time.sleep(1)
# Set selinux
x("setenforce 1")
# Is virsh started?
result = x("virsh nodeinfo")
if "CPU model:" not in result:
app.print_error("virsh not installed.")
_abort_kvm_host_installation()
result = x("virsh -c qemu:///system list")
if "Id" not in result and "Name" not in result:
app.print_error("virsh not installed.")
_abort_kvm_host_installation()
_remove_kvm_virt_networking()
iptables.add_kvm_chain()
iptables.save()
_libvirt_init_config()
version_obj.mark_executed()
# Set selinux
x("reboot")
# Wait for the reboot to be executed, so the script
# doesn't proceed to next command in install.cfg
time.sleep(1000)
