Use Mirantis hardened version of libvirt

images/Dockerfile.build

@@ -1,7 +1,7 @@
 # TODO: generate this tag. unfortunately can't use ARG:
 # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
 # (but add a note about it here for the future)
-FROM mirantis/virtlet-build:v1-6f9c7ae7a63974b239cb6967e80521e4
+FROM mirantis/virtlet-build:v1-c646263e8c2fa2e6430f0c48a2acff60
 MAINTAINER Ivan Shvedunov <ishvedunov@mirantis.com>
 
 LABEL virtlet.image="build"

images/Dockerfile.build-base

@@ -1,7 +1,7 @@
 # TODO: generate this tag. unfortunately can't use ARG:
 # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
 # (but add a note about it here for the future)
-FROM mirantis/virtlet-base:v1-6f4014188b63faf8b6d48642ad29752f
+FROM mirantis/virtlet-base:v1-25f4a227ec03c377ca90c433733c3ff5
 MAINTAINER Ivan Shvedunov <ishvedunov@mirantis.com>
 
 LABEL virtlet.image="build-base"

images/Dockerfile.virtlet

@@ -1,7 +1,7 @@
 # TODO: generate this tag. unfortunately can't use ARG:
 # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
 # (but add a note about it here for the future)
-FROM mirantis/virtlet-base:v1-6f4014188b63faf8b6d48642ad29752f
+FROM mirantis/virtlet-base:v1-25f4a227ec03c377ca90c433733c3ff5
 MAINTAINER Ivan Shvedunov <ishvedunov@mirantis.com>
 
 LABEL virtlet.image="virtlet"

images/Dockerfile.virtlet-base

@@ -1,38 +1,18 @@
 FROM ubuntu:16.04
 MAINTAINER Ivan Shvedunov <ishvedunov@mirantis.com>
 
-# BUMP 24.05.2018
+# BUMP 23.11.2018
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN echo deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted >>/etc/apt/sources.list && \
- echo deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted >>/etc/apt/sources.list
+RUN echo deb-src http://archive.ubuntu.com/ubuntu/ xenial main universe restricted >>/etc/apt/sources.list && \
+ echo deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main universe restricted >>/etc/apt/sources.list
 
 RUN apt-get -y update && \
- apt-get -y build-dep libvirt && \
  apt-get -y build-dep libguestfs && \
  apt-get -y build-dep supermin && \
  apt-get -y install git libjansson-dev libhivex-ocaml-dev
 
-RUN git clone https://github.com/libvirt/libvirt.git /libvirt && \
- cd /libvirt && \
- git checkout v3.7.0 && \
- ./autogen.sh --prefix=/usr/local \
- --localstatedir=/var \
- --sysconfdir=/etc \
- --without-polkit \
- --without-esx \
- --without-vbox \
- --without-xen \
- --without-libxl \
- --with-qemu \
- --with-qemu-user=libvirt-qemu \
- --with-qemu-group=kvm \
- --without-lxc \
- --without-nwfilter && \
- make -j$(grep -c ^processor /proc/cpuinfo) && \
- make -j$(grep -c ^processor /proc/cpuinfo) install
-
 RUN git clone https://github.com/libguestfs/supermin.git && \
  cd supermin && \
  git checkout v5.1.19 && \
@@ -57,8 +37,11 @@ COPY --from=0 /usr/local /usr/local
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN apt-get update && \
- apt-get install -y bridge-utils \
+RUN apt-get update && apt-get install -y curl && \
+ echo deb http://mirror.mirantis.com/proposed/openstack-queens/xenial xenial main >>/etc/apt/sources.list && \
+ curl http://mirror.mirantis.com/proposed/openstack-queens/xenial/archive-queens.key | apt-key add - && \
+ apt-get update && \
+ apt-get install -y libvirt-bin libvirt-daemon libvirt-dev bridge-utils \
  openssl qemu-kvm \
  netbase iptables ebtables vncsnapshot \
  socat netcat-openbsd \
@@ -77,15 +60,6 @@ RUN apt-get update && \
  dnsmasq libpcap0.8 libnetcf1 dmidecode && \
  apt-get clean
 
-RUN if ! getent group libvirtd >/dev/null; then addgroup --system libvirtd; fi && \
- for u in $(getent group admin | sed -e "s/^.*://" -e "s/,/ /g"); do adduser "$u" libvirtd >/dev/null || true; done && \
- for u in $(getent group sudo | sed -e "s/^.*://" -e "s/,/ /g"); do adduser "$u" libvirtd >/dev/null || true; done && \
- if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm; fi && \
- adduser --quiet --system --ingroup kvm --quiet --disabled-login --disabled-password \
- --home /var/lib/libvirt --no-create-home -gecos "Libvirt Qemu" --uid 64055 libvirt-qemu && \
- adduser --quiet --system --ingroup libvirtd --quiet --disabled-login --disabled-password \
- --home /var/lib/libvirt/dnsmasq --no-create-home -gecos "Libvirt Dnsmasq" libvirt-dnsmasq
-
 # TODO: try to go back to alpine
 # TODO: check which libs are really needed for libvirt / libguestfs / supermin
 # and which aren't

images/image_skel/libvirt.sh

@@ -59,11 +59,11 @@ chmod ug+s /vmwrapper
 if [[ ${testmode} ]]; then
  # leftover socket prevents libvirt from initializing correctly
  rm -f /var/lib/libvirt/qemu/capabilities.monitor.sock
- /usr/local/sbin/libvirtd --listen --daemon
+ /usr/sbin/libvirtd --listen --daemon
 else
  # FIXME: try using exec liveness probe instead
  while true; do
- /usr/local/sbin/libvirtd --listen
+ /usr/sbin/libvirtd --listen
  sleep 1
  done
 fi

tests/e2e/resources_test.go

@@ -62,7 +62,8 @@ var _ = Describe("VM resources", func() {
  Expect(m).To(HaveLen(2))
  total += do(strconv.Atoi(m[1])).(int)
  }
- Expect(total).To(Equal(1024*(*memoryLimit) - 128))
+ Expect(total).To(BeNumerically(">", 1024*(*memoryLimit-1)))
+ Expect(total).To(BeNumerically("<", 1024*(*memoryLimit)))
  })
 
  It("Should grow the root volume size if requested", func() {