Libvirt is a toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). This driver Salt cloud provider is currently geared towards libvirt with qemu-kvm.
libvirt >= 1.2.18 (older might work)
For every KVM host a provider needs to be set up. The provider currently maps to one libvirt daemon (e.g. one KVM host).
Set up the provider cloud configuration file at
# Set up a provider with qemu+ssh protocol kvm-via-ssh: driver: libvirt url: qemu+ssh://email@example.com/system?socket=/var/run/libvirt/libvirt-sock # Or connect to a local libvirt instance local-kvm: driver: libvirt url: qemu:///system # work around flag for XML validation errors while cloning validate_xml: no
Virtual machines get cloned from so called Cloud Profiles. Profiles can be set up at
Configure a profile to be used:
centos7: # points back at provider configuration provider: local-kvm base_domain: base-centos7-64 ip_source: ip-learning ssh_username: root password: my-very-secret-password # /tmp is mounted noexec.. do workaround deploy_command: sh /tmp/.saltcloud/deploy.sh script_args: -F # grains to add to the minion grains: clones-are-awesome: true # override minion settings minion: master: 192.168.16.1 master_port: 5506
The profile can be realized now with a salt command:
salt-cloud -p centos7 my-centos7-clone
This will create an instance named
my-centos7-clone on the cloud host. Also
the minion id will be set to
If the command was executed on the salt-master, its Salt key will automatically be accepted on the master.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with Salt:
salt my-centos7-clone test.version
The following settings are always required for libvirt:
centos7: provider: local-kvm # the domain to clone base_domain: base-centos7-64
Instead of specifying a password, an authorized key can be used for the minion setup. Ensure that the ssh user of your base image has the public key you want to use in ~/.ssh/authorized_keys. If you want to use a non-root user you will likely want to configure salt-cloud to use sudo.
An example using root:
centos7: provider: local-kvm # the domain to clone base_domain: base-centos7-64 ssh_username: root private_key: /path/to/private/key
An example using a non-root user:
centos7: provider: local-kvm # the domain to clone base_domain: base-centos7-64 ssh_username: centos private_key: /path/to/private/key sudo: True sudo_password: "--redacted--"
centos7: # ssh settings # use forwarded agent instead of a local key ssh_agent: True ssh_port: 4910 # credentials ssh_username: root # password will be used for sudo if defined, use sudo_password if using ssh keys password: my-secret-password private_key: /path/to/private/key sudo: True sudo_password: "--redacted--" # bootstrap options deploy_command: sh /tmp/.saltcloud/deploy.sh script_args: -F # minion config grains: sushi: more tasty # point at the another master at another port minion: master: 192.168.16.1 master_port: 5506 # libvirt settings # clone_strategy: [ quick | full ] # default is full clone_strategy: quick # ip_source: [ ip-learning | qemu-agent ] # default is ip-learning ip_source: qemu-agent # validate_xml: [ false | true ] # default is true validate_xml: false
clone_strategy controls how the clone is done. In case of
full the disks
are copied creating a standalone clone. If
quick is used the disks of the base domain
are used as backing disks for the clone. This results in nearly instantaneous clones at
the expense of slower write performance. The quick strategy has a number of requirements:
The disks must be of type qcow2
The base domain must be turned off
The base domain must not change after creating the clone
ip_source setting controls how the IP address of the cloned instance is determined.
ip-learning the IP is requested from libvirt. This needs a recent libvirt
version and may only work for NAT/routed networks where libvirt runs the dhcp server.
Another option is to use
qemu-agent this requires that the qemu-agent is installed and
configured to run at startup in the base domain.
validate_xml setting is available to disable xml validation by libvirt when cloning.