On Debian this libvirt and qemu users/groups setup changed a bit and seems to be easier to maintain.
Previously there was no mismatch between the container kvm GID and the host kvm GID because both had our qemu rpm installed and it was forcing the GID to 36 [1].
After a bit of digging around the history of debian/qemu I found the following timeline:
* The kvm group was firstly created by the qemu-system.postinst script [2]
* Then, it was moved to the qemu-system-common.postinst script [3]
* Finally, it was removed at all [4], relying now on the debian/systemd patch [5] that already creates the group and sets the device (/dev/kvm) permissions and ownership accordingly.
Since on Debian sytemd is already creating the kvm group and handling the /dev/kvm permission and ownership, we can remove this step from our libvirt container setup script (libvirt.sh [6]) and rely on Debian installation defaults. Will create an openstack-helm-infra patch for it.
The only thing that I still need to align is the container nova user/group addition to kvm group. I need to understand how it should align with users/groups on the host.
On Debian this libvirt and qemu users/groups setup changed a bit and seems to be easier to maintain.
Previously there was no mismatch between the container kvm GID and the host kvm GID because both had our qemu rpm installed and it was forcing the GID to 36 [1].
After a bit of digging around the history of debian/qemu I found the following timeline:
* The kvm group was firstly created by the qemu-system. postinst script [2] common. postinst script [3]
* Then, it was moved to the qemu-system-
* Finally, it was removed at all [4], relying now on the debian/systemd patch [5] that already creates the group and sets the device (/dev/kvm) permissions and ownership accordingly.
Since on Debian sytemd is already creating the kvm group and handling the /dev/kvm permission and ownership, we can remove this step from our libvirt container setup script (libvirt.sh [6]) and rely on Debian installation defaults. Will create an openstack- helm-infra patch for it.
[1] https:/ /opendev. org/starlingx/ integ/src/ branch/ master/ virt/qemu/ centos/ qemu-kvm. spec#L722 /salsa. debian. org/qemu- team/qemu/ -/commit/ dbb34ed82d28a07 afc24ecbf62ecdd 0dfc34b741 /salsa. debian. org/qemu- team/qemu/ -/blob/ debian/ qemu_2. 1+dfsg- 12+deb8u6/ debian/ qemu-system- common. postinst /salsa. debian. org/qemu- team/qemu/ -/commit/ cb8737ef48a37ed df12ac199b46f90 34273ba6d3 /salsa. debian. org/systemd- team/systemd/ -/commit/ 4fc3fa53bfa6e16 ceb6cd312f49003 839b56144a /github. com/openstack/ openstack- helm-infra/ blob/master/ libvirt/ templates/ bin/_libvirt. sh.tpl# L36
[2] https:/
[3] https:/
[4] https:/
[5] https:/
[6] https:/
The only thing that I still need to align is the container nova user/group addition to kvm group. I need to understand how it should align with users/groups on the host.