March 2020 - Devel - libvirt List Archives

[libvirt PATCH] logging: Use default timeout of 120 seconds for virtlogd
by Andrea Bolognani 05 Mar '20

05 Mar '20

This is the same timeout of all other daemons, and just like them virtlogd is socket-activated, so it will automatically be started on demand whenever that's necessary. Signed-off-by: Andrea Bolognani <abologna(a)redhat.com> --- src/logging/virtlogd.sysconf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/virtlogd.sysconf b/src/logging/virtlogd.sysconf index 5886f35110..678af34faf 100644 --- a/src/logging/virtlogd.sysconf +++ b/src/logging/virtlogd.sysconf @@ -1,3 +1,3 @@ # # Pass extra arguments to virtlogd -#VIRTLOGD_ARGS= +VIRTLOGD_ARGS="--timeout 120" -- 2.24.1

2 1

[libvirt PATCH] test: fix leak of authentication info
by Daniel P. Berrangé 05 Mar '20

05 Mar '20

The 'auths' struct in the test driver was not free()d. This was easy to miss because the default XML doesn't include auth info. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/test/test_driver.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/test/test_driver.c b/src/test/test_driver.c index 029d560fb9..73fe1ad6ce 100644 --- a/src/test/test_driver.c +++ b/src/test/test_driver.c @@ -156,6 +156,7 @@ static void testDriverDispose(void *obj) { testDriverPtr driver = obj; + size_t i; virObjectUnref(driver->caps); virObjectUnref(driver->xmlopt); @@ -165,6 +166,11 @@ testDriverDispose(void *obj) virObjectUnref(driver->ifaces); virObjectUnref(driver->pools); virObjectUnref(driver->eventState); + for (i = 0; i < driver->numAuths; i++) { + g_free(driver->auths[i].username); + g_free(driver->auths[i].password); + } + g_free(driver->auths); } typedef struct _testDomainNamespaceDef testDomainNamespaceDef; -- 2.24.1

2 1

[libvirt PATCH 0/2] util: audit: cleanups (include epistles)
by Ján Tomko 05 Mar '20

05 Mar '20

Just a small series this time. Ján Tomko (2): util: audit: drop support for old libaudit util: viraudit: remove unnecessary includes src/util/viraudit.c | 15 --------------- 1 file changed, 15 deletions(-) -- 2.24.1

2 3

[libvirt PATCH 0/3] build fix: more g_autofree refactors
by Ján Tomko 05 Mar '20

05 Mar '20

Ján Tomko (3): virmacmap: Use g_autofree in virMacMapWriteFileLocked vz: use g_autofree in prlsdkConvertCpuInfo aa-helper: use g_autofree in create_profile src/security/virt-aa-helper.c | 45 +++++++++++++---------------------- src/util/virmacmap.c | 12 ++++------ src/vz/vz_sdk.c | 22 +++++++---------- 3 files changed, 30 insertions(+), 49 deletions(-) -- 2.24.1

2 4

[PATCH] src: add pthread_np.h include for FreeBSD
by Daniel P. Berrangé 05 Mar '20

05 Mar '20

On FreeBSD the non-portable pthread APIs need to be obtained via the pthread_np.h header. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- Pushed as a build fix for FreeBSD src/util/virthread.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/util/virthread.c b/src/util/virthread.c index 40792afdc0..37b2cdfbe9 100644 --- a/src/util/virthread.c +++ b/src/util/virthread.c @@ -23,6 +23,10 @@ #include "virthread.h" +#ifdef __FreeBSD__ +# include <pthread_np.h> +#endif + #include <unistd.h> #include <inttypes.h> #if HAVE_SYS_SYSCALL_H -- 2.24.1

1 0

[libvirt PATCH] docs: add page describing the libvirt daemons
by Daniel P. Berrangé 05 Mar '20

05 Mar '20

Now that we have more than just the libvirtd daemon, we should be explaining to users what they are all for & important aspects of their configuration. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- docs/daemons.rst | 682 ++++++++++++++++++++++++++++++++++++++++++++++ docs/docs.html.in | 3 + 2 files changed, 685 insertions(+) create mode 100644 docs/daemons.rst diff --git a/docs/daemons.rst b/docs/daemons.rst new file mode 100644 index 0000000000..a74b228025 --- /dev/null +++ b/docs/daemons.rst @@ -0,0 +1,682 @@ +=============== +Libvirt Daemons +=============== + +.. contents:: + +A libvirt deployment for accessing one of the stateful drivers will require +one or more daemons to be deployed on the virtualization host. There are a +number of ways the daemons can be configured which will be outlined in this +page. + +Architectural options +===================== + +Monolithic vs modular daemons +----------------------------- + +Traditionally libvirt provided a single monolithic daemon called ``libvirtd`` +which exposed support for all the stateful drivers, both primary hypervisor +drivers and secondary supporting drivers. It also enables secure remote access +from clients running off host. + +Work is underway for the monolithic daemon to be replaced by a new set of +modular daemons ``virt${DRIVER}d``, each one servicing a single stateful +driver. A further ``virtproxyd`` daemon will provide secure remote access, as +well as backcompatibility for clients using the UNIX socket path of the +monolithic daemon. + +The change to modular daemons should not affect API functionality used by +management applications. It will, however, have an impact on host provisioning +tools since there are new systemd services and configuration files to be +managed. + +Currently both monolithic and modular daemons are built by default, but the RPC +client still prefers connecting to the monolithic daemon. It is intended to +switch the RPC client to prefer the modular daemons in the near future. At +least 1 year after this switch (but not more than 2 years), the monolithic +daemon will be deleted entirely. + +Operating modes +--------------- + +The libvirt daemons, whether monolithic or modular, can often operate in two +modes + +* *System mode* - the daemon is running as the root user account, enabling + access to its full range of functionality. A read-write connection to + daemons in system mode **typically implies privileges equivalent to having + a root shell**. Suitable `authentication mechanisms <auth.html>`__ **must + be enabled** to secure it against untrustworthy clients/users. + +* *Session mode* - the daemon is running as any non-root user account, + providing access to a more restricted range of functionality. Only client + apps/users running under **the same UID are permitted to connect**, thus a + connection does not imply any elevation of privileges. + + Not all drivers support session mode and as such the corresponding + modular daemon may not support running in this mode + + +Monolithic driver daemon +======================== + +The monolithic daemon is known as ``libvirtd`` and has historically been the +default in libvirt. It is configured via the file ``/etc/libvirt/libvirtd.conf`` + + +Monolithic sockets +------------------ + +When running in system mode, ``libvirtd`` exposes three UNIX domain sockets, and +optionally, one or two TCP sockets + +* ``/var/run/libvirt/libvirt-sock`` - the primary socket for accessing libvirt + APIs, with full read-write privileges. A connection to this socket gives the + client privileges that are equivalent to having a root shell. This is the + socket that most management applications connect to by default. + +* ``/var/run/libvirt/libvirt-sock-ro`` - the secondary socket for accessing + libvirt APIs, with limited read-only privileges. A connection to this socket + gives the ability to query the existance of objects and monitor some aspects + of their operation. This is the socket that most management applications + connect to when requesting read only mode. Typically this is what a + monitoring app would use. + +* ``/var/run/libvirt/libvirt-admin-sock`` - the administrative socket for + controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +* ``TCP 16509`` - the non-TLS socket for remotely accessing the libvirt APIs, + with full read-write privileges. A connection to this socket gives the + client privileges that are equivalent to having a root shell. Since it does + not use TLS, an `authentication mechanism <auth.html>`__ that provides + encryption must be used. Only the GSSAPI/Kerberos mechanism is capable of + satisfying this requirement. In general applications should not use this + socket except for debugging in a development/test environment. + +* ``TCP 16514`` - the TLS socket for remotely accessing the libvirt APIs, + with full read-write privileges. A connection to this socket gives the + client privileges that are equivalent to having a root shell. Access control + can be enforced either through validation of `x509 certificates + <tlscerts.html>`__, and/or by enabling an `authentication mechanism + <auth.html>`__. + +NB, some distros will use ``/run`` instead of ``/var/run``. + +When running in session mode, ``libvirtd`` exposes two UNIX domain sockets + +* ``$XDG_RUNTIME_DIR/libvirt/libvirt-sock`` - the primary socket for accessing + libvirt APIs, with full read-write privileges. A connection to this socket + does not alter the privileges that the client already has. This is the + socket that most management applications connect to by default. + +* ``$XDG_RUNTIME_DIR/libvirt/libvirt-admin-sock`` - the administrative socket + for controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +Notice that the session mode does not have a separate read-only socket. Since +the clients must be running as the same user as the daemon itself, there is +not any security benefit from attempting to enforce a read-only mode. + +``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs, +such as ``/run/user/$UID``. + + +Monolithic Systemd Integration +------------------------------ + +When the ``libvirtd`` daemon is managed by ``systemd`` a number of desirable +features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling libvirtd + +* ``libvirtd.service`` - the main unit file for launching the libvirtd daemon + in system mode. The command line arguments passed can be configured by + editting ``/etc/sysconfig/libvirtd``. This is typically only needed to control + the use of the auto shutdown timeout value. It is recommended that this + service unit be configured to start on boot. This is because various + libvirt drivers support autostart of their objects. If it is known that + autostart is not required, this unit can be left to start on demand. + +* ``libvirtd.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/libvirt-sock``. This socket is recommended to + be started on boot by default. + +* ``libvirtd-ro.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/libvirt-sock-ro``. This socket is recommended + to be started on boot by default. + +* ``libvirtd-admin.socket`` - the unit file corresponding to the administrative + UNIX socket ``/var/run/libvirt/libvirt-admin-sock``. This socket is + recommended to be started on boot by default. + +* ``libvirtd-tcp.socket`` - the unit file corresponding to the TCP 16509 port + for non-TLS remote access. This socket should not be configured to start on + boot until the administrator has configured a suitable authentication + mechanism. + +* ``libvirtd-tls.socket`` - the unit file corresponding to the TCP 16509 port + for TLS remote access. This socket should not be configured to start on boot + until the administrator has deployed x509 certificates and optionally + configured a suitable authentication mechanism. + +The socket unit files are newly introduced in 5.6.0. On newly installed hosts +the UNIX socket units should be enabled by default. When upgrading an existing +host from a previous version of libvirt, the socket unit files will be masked +if libvirtd is currently configured to use the ``--listen`` argument, since the +``--listen`` argument is mutually exclusive with use of socket activation. + +When systemd socket activation is used a number of configuration settings in +``libvirtd.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files + +* ``listen_tcp`` - TCP socket usage is enabled by starting the + ``libvirtd-tcp.socket`` unit file. + +* ``listen_tls`` - TLS socket usage is enabled by starting the + ``libvirtd-tls.socket`` unit file. + +* ``tcp_port`` - Port for the non-TLS TCP socket, controlled via the + ``ListenStream`` parameter in the ``libvirtd-tcp.socket`` unit file. + +* ``tls_port`` - Port for the TLS TCP socket, controlled via the + ``ListenStream`` parameter in the ``libvirtd-tls.socket`` unit file. + +* ``listen_addr`` - IP address to listen on, independently controlled via the + ``ListenStream`` parameter in the ``libvirtd-tcp.socket`` or + ``libvirtd-tls.socket`` unit files. + +* ``unix_sock_group`` - UNIX socket group owner, controlled via the + ``SocketGroup`` parameter in the ``libvirtd.socket`` and + ``libvirtd-ro.socket`` unit files + +* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``libvirtd-ro.socket`` unit file + +* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via + the ``SocketMode`` parameter in the ``libvirtd.socket`` unit file + +* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``libvirtd-admin.socket`` unit file + +* ``unix_sock_dir`` - directory in which all UNIX sockets are created + independently controlled via the ``ListenStream`` parameter in any of the + ``libvirtd.socket``, ``libvirtd-ro.socket`` and ``libvirtd-admin.socket`` unit + files. + +Systemd releases prior to version 227 lacked support for passing the activation +socket unit names into the service. When using these old versions, the +``tcp_port``, ``tls_port`` and ``unix_sock_dir`` settings in ``libvirtd.conf`` +must be changed in lock-step with the equivalent settings in the unit files to +ensure that ``libvirtd`` can identify the sockets. + + +Modular driver daemons +====================== + +The modular daemons are named after the driver which they are running, with +the pattern ``virt${DRIVER}d`` and will become the default in future libvirt. +They are configured via the files ``/etc/libvirt/virt${DRIVER}d.conf`` + +The following modular daemons currently exist for hypervisor drivers + +* ``virtqemud`` - the QEMU management daemon, for running virtual machines + on UNIX platforms, optionally with KVM acceleration, in either system or + session mode +* ``virtxend`` - the Xen management daemon, for running virtual machines + on the Xen hypervisor, in system mode only +* ``virtlxcd`` - the Linux Container management daemon, for running LXC guests + in system mode only +* ``virtbhyved`` - the BHyve management daemon, for running virtual machines + on FreeBSD with the BHyve hypervisor, in system mode. +* ``virtvboxd`` - the VirtualBox management daemon, for running virtual machines + on UNIX platforms. + +The additional modular daemons service secondary drivers + +* ``virtinterfaced`` - the host NIC management daemon, in system mode only +* ``virtnetworkd`` - the virtual network management daemon, in system mode only +* ``virtnodedevd`` - the host physical device management daemon, in system mode + only +* ``virtnwfilterd`` - the host firewall management daemon, in system mode only +* ``virtsecretd`` - the host secret management daemon, in system or session mode +* ``virtstoraged`` - the host storage management daemon, in system or session + mode + + +Modular Sockets +--------------- + +When running in system mode, ``virt${DRIVER}d`` exposes three UNIX domain +sockets: + +* ``/var/run/libvirt/virt${DRIVER}d-sock`` - the primary socket for accessing + libvirt APIs, with full read-write privileges. For many of the daemons, a + connection to this socket gives the client privileges that are equivalent to + having a root shell. This is the socket that most management applications + connect to by default. + +* ``/var/run/libvirt/virt${DRIVER}d-sock-ro`` - the secondary socket for + accessing libvirt APIs, with limited read-only privileges. A connection to + this socket gives the ability to query the existance of objects and monitor + some aspects of their operation. This is the socket that most management + applications connect to when requesting read only mode. Typically this is + what a monitoring app would use. + +* ``/var/run/libvirt/virt${DRIVER}d-admin-sock`` - the administrative socket for + controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +NB, some distros will use ``/run`` instead of ``/var/run``. + +When running in session mode, ``virt${DRIVER}d`` exposes two UNIX domain sockets + +* ``$XDG_RUNTIME_DIR/libvirt/virt${DRIVER}d-sock`` - the primary socket for + accessing libvirt APIs, with full read-write privileges. A connection to this + socket does not alter the privileges that the client already has. This is the + socket that most management applications connect to by default. + +* ``$XDG_RUNTIME_DIR/libvirt/virt${DRIVER}d-admin-sock`` - the administrative + socket for controlling operation of the daemon itself (as opposed to drivers + it is running). This can be used to dynamically reconfigure some aspects of + the daemon and monitor/control connected clients. + +Notice that the session mode does not have a separate read-only socket. Since +the clients must be running as the same user as the daemon itself, there is +not any security benefit from attempting to enforce a read-only mode. + +``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs, +such as ``/run/user/$UID``. + +Modular Systemd Integration +--------------------------- + +When the ``virt${DRIVER}d`` daemon is managed by ``systemd`` a number of +desirable features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling virt${DRIVER}d + +* ``virt${DRIVER}d.service`` - the main unit file for launching the + ``virt${DRIVER}d daemon`` in system mode. The command line arguments passed + can be configured by editting ``/etc/sysconfig/virt${DRIVER}d``. This is + typically only needed to control the use of the auto shutdown timeout value. + It is recommended that this service unit be configured to start on boot. + This is because various libvirt drivers support autostart of their objects. + If it is known that autostart is not required, this unit can be left to start + on demand. + +* ``virt${DRIVER}d.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/virt${DRIVER}d-sock``. This socket is + recommended to be started on boot by default. + +* ``virt${DRIVER}d-ro.socket`` - the unit file corresponding to the main + read-write UNIX socket ``/var/run/libvirt/virt${DRIVER}d-sock-ro``. This + socket is recommended to be started on boot by default. + +* ``virt${DRIVER}d-admin.socket`` - the unit file corresponding to the + administrative UNIX socket ``/var/run/libvirt/virt${DRIVER}d-admin-sock``. + This socket is recommended to be started on boot by default. + +The socket unit files are newly introduced in 5.6.0. On newly installed hosts +the UNIX socket units should be enabled by default. When upgrading an existing +host from a previous version of libvirt, the socket unit files will be masked +if virt${DRIVER}d is currently configured to use the ``--listen`` argument, +since the ``--listen`` argument is mutually exclusive with use of socket +activation. + +When systemd socket activation is used a number of configuration settings in +``virt${DRIVER}d.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files + +* ``unix_sock_group`` - UNIX socket group owner, controlled via the + ``SocketGroup`` parameter in the ``virt${DRIVER}d.socket`` and + ``virt${DRIVER}d-ro.socket`` unit files + +* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virt${DRIVER}d-ro.socket`` unit file + +* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via + the ``SocketMode`` parameter in the ``virt${DRIVER}d.socket`` unit file + +* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virt${DRIVER}d-admin.socket`` unit file + +* ``unix_sock_dir`` - directory in which all UNIX sockets are created + independently controlled via the ``ListenStream`` parameter in any of the + ``virt${DRIVER}d.socket``, ``virt${DRIVER}d-ro.socket`` and + ``virt${DRIVER}d-admin.socket`` unit files. + +Systemd releases prior to version 227 lacked support for passing the activation +socket unit names into the service. When using these old versions, the +``unix_sock_dir`` setting in ``virt${DRIVER}d.conf`` must be changed in +lock-step with the equivalent setting in the unit files to ensure that +``virt${DRIVER}d`` can identify the sockets. + + +Switching to modular daemons +---------------------------- + +If a host is currently set to use the monolithic ``libvirtd`` daemon and needs +to be migrated to the monolithic daemons a number of services need to be +changed. The steps below outline the process on hosts using the systemd init +service. + +While it is technically possible todo this while virtual machines are running, +it is recommended that virtual machines be stopped or live migrated to a new +host first. + +#. Stop the current monolithic daemon and its socket units + + :: + + $ systemctl stop libvirtd.service + $ systemctl stop libvirtd{,-ro,-admin,-tcp,-tls}.socket + +#. Disable future start of the monolithic daemon + + :: + + $ systemctl disable libvirtd.service + $ systemctl disable libvirtd{,-ro,-admin,-tcp,-tls}.socket + + For stronger protection it is valid to use ``mask`` instead of ``disable`` + too. + +#. Enable the new daemons for the particular virtualizationd driver desired, + and any of the secondary drivers to accompany it. The following example + enables the QEMU driver and all the secondary drivers: + + :: + + $ for drv in qemu interface network nodedev nwfilter secret storage + do + systemctl unmask virt${drv}d.service + systemctl unmask virt${drv}d{,-ro,-admin}.socket + systemctl enable virt${drv}d.service + systemctl enable virt${drv}d{,-ro,-admin}.socket + done + +#. Start the sockets for the same set of daemons. There is no need to start the + services as they will get started when the first socket connection is + established + + :: + + $ for drv in qemu network nodedev nwfilter secret storage + do + systemctl start virt${drv}d{,-ro,-admin}.socket + done + +#. If connections from remote hosts need to be supported the proxy daemon + must be enabled and started + + :: + + $ systemctl unmask virtproxyd.service + $ systemctl unmask virtproxyd{,-ro,-admin}.socket + $ systemctl enable virtproxyd.service + $ systemctl enable virtproxyd{,-ro,-admin}.socket + $ systemctl start virtproxyd{,-ro,-admin}.socket + + The UNIX sockets allow for remote access using SSH tunneling. If ``libvirtd`` + had TCP or TLS sockets configured, those should be started too + + :: + + $ systemctl unmask virtproxyd-tls.socket + $ systemctl enable virtproxyd-tls.socket + $ systemctl start virtproxyd-tls.socket + + +Proxy daemon +============ + +The monolithic daemon is known as ``libvirtd`` and has historically been the +default in libvirt. It is configured via the file ``/etc/libvirt/libvirtd.conf`` + + +Proxy sockets +------------- + +When running in system mode, ``virtproxyd`` exposes three UNIX domain sockets, +and optionally, one or two TCP sockets. These sockets are identical to those +provided by the traditional ``libvirtd`` so refer to earlier documentation in +this page. + +When running in session mode, ``virtproxyd`` exposes two UNIX domain sockets, +which are again identical to those provided by ``libvirtd``. + +Proxy Systemd Integration +------------------------- + +When the ``virtproxyd`` daemon is managed by ``systemd`` a number of desirable +features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling virtproxyd + +* ``virtproxyd.service`` - the main unit file for launching the virtproxyd + daemon in system mode. The command line arguments passed can be configured by + editting ``/etc/sysconfig/virtproxyd``. This is typically only needed to + control the use of the auto shutdown timeout value. + +* ``virtproxyd.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/libvirt-sock``. This socket is recommended to + be started on boot by default. + +* ``virtproxyd-ro.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/libvirt-sock-ro``. This socket is recommended + to be started on boot by default. + +* ``virtproxyd-admin.socket`` - the unit file corresponding to the + administrative UNIX socket ``/var/run/libvirt/libvirt-admin-sock``. This + socket is recommended to be started on boot by default. + +* ``virtproxyd-tcp.socket`` - the unit file corresponding to the TCP 16509 port + for non-TLS remote access. This socket should not be configured to start on + boot until the administrator has configured a suitable authentication + mechanism. + +* ``virtproxyd-tls.socket`` - the unit file corresponding to the TCP 16509 port + for TLS remote access. This socket should not be configured to start on boot + until the administrator has deployed x509 certificates and optionally + configured a suitable authentication mechanism. + +The socket unit files are newly introduced in 5.6.0. On newly installed hosts +the UNIX socket units should be enabled by default. When upgrading an existing +host from a previous version of libvirt, the socket unit files will be masked +if virtproxyd is currently configured to use the ``--listen`` argument, since +the ``--listen`` argument is mutually exclusive with use of socket activation. + +When systemd socket activation is used a number of configuration settings in +``virtproxyd.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files. Refer to the earlier documentation on +the ``libvirtd`` service socket configuration for further information. + + +Logging daemon +============== + +The ``virtlogd`` daemon provides a service for managing log files associated +with QEMU virtual machines. The QEMU process is given one or more pipes, the +other end of which are owned by the ``virtlogd`` daemon. It will then write +data on those pipes to log files, while enforcing a maximum file size and +performing log rollover at the size limit. + +Since the daemon holds open anoymous pipe file descriptors, it must never be +stopped while any QEMU virtual machines are running. To enable software updates +to be applied, the daemon is capable of re-executing itself while keeping all +file descriptors open. This can be triggered by sending the daemon ``SIGUSR1`` + +Logging Sockets +--------------- + +When running in system mode, ``virtlogd`` exposes two UNIX domain sockets: + +* ``/var/run/libvirt/virtlogd-sock`` - the primary socket for accessing + libvirt APIs, with full read-write privileges. Access to the socket is + restricted to the root user. + +* ``/var/run/libvirt/virtlogd-admin-sock`` - the administrative socket for + controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +NB, some distros will use ``/run`` instead of ``/var/run``. + +When running in session mode, ``virtlogd`` exposes two UNIX domain sockets + +* ``$XDG_RUNTIME_DIR/libvirt/virtlogd-sock`` - the primary socket for + accessing libvirt APIs, with full read-write privileges. Access to the + socket is restricted to the unprivileged user running the daemon. + +* ``$XDG_RUNTIME_DIR/libvirt/virtlogd-admin-sock`` - the administrative + socket for controlling operation of the daemon itself (as opposed to drivers + it is running). This can be used to dynamically reconfigure some aspects of + the daemon and monitor/control connected clients. + +``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs, +such as ``/run/user/$UID``. + +Logging Systemd Integration +--------------------------- + +When the ``virtlogd`` daemon is managed by ``systemd`` a number of desirable +features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling virtlogd + +* ``virtlogd.service`` - the main unit file for launching the + ``virtlogd daemon`` in system mode. The command line arguments passed + can be configured by editting ``/etc/sysconfig/virtlogd``. This is + typically only needed to control the use of the auto shutdown timeout value. + +* ``virtlogd.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/virtlogd-sock``. This socket is recommended + to be started on boot by default. + +* ``virtlogd-admin.socket`` - the unit file corresponding to the administrative + UNIX socket ``/var/run/libvirt/virtlogd-admin-sock``. This socket is + recommended to be started on boot by default. + +When systemd socket activation is used a number of configuration settings in +``virtlogd.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files + +* ``unix_sock_group`` - UNIX socket group owner, controlled via the + ``SocketGroup`` parameter in the ``virtlogd.socket`` and + ``virtlogd-ro.socket`` unit files + +* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virtlogd-ro.socket`` unit file + +* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via + the ``SocketMode`` parameter in the ``virtlogd.socket`` unit file + +* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virtlogd-admin.socket`` unit file + +* ``unix_sock_dir`` - directory in which all UNIX sockets are created + independently controlled via the ``ListenStream`` parameter in any of the + ``virtlogd.socket`` and ``virtlogd-admin.socket`` unit files. + +Systemd releases prior to version 227 lacked support for passing the activation +socket unit names into the service. When using these old versions, the +``unix_sock_dir`` setting in ``virtlogd.conf`` must be changed in +lock-step with the equivalent setting in the unit files to ensure that +``virtlogd`` can identify the sockets. + +Locking daemon +============== + +The ``virtlockd`` daemon provides a service for holding locks against file +images and devices serving as backing storage for virtual disks. The locks +will be held for as long as there is a QEMU process running with the disk +open. + +To ensure continuity of locking, the daemon holds open anoymous file +descriptors, it must never be stopped while any QEMU virtual machines are +running. To enable software updates to be applied, the daemon is capable of +re-executing itself while keeping all file descriptors open. This can be +triggered by sending the daemon ``SIGUSR1`` + +Locking Sockets +--------------- + +When running in system mode, ``virtlockd`` exposes two UNIX domain sockets: + +* ``/var/run/libvirt/virtlockd-sock`` - the primary socket for accessing + libvirt APIs, with full read-write privileges. Access to the socket is + restricted to the root user. + +* ``/var/run/libvirt/virtlockd-admin-sock`` - the administrative socket for + controlling operation of the daemon itself (as opposed to drivers it is + running). This can be used to dynamically reconfigure some aspects of the + daemon and monitor/control connected clients. + +NB, some distros will use ``/run`` instead of ``/var/run``. + +When running in session mode, ``virtlockd`` exposes two UNIX domain sockets + +* ``$XDG_RUNTIME_DIR/libvirt/virtlockd-sock`` - the primary socket for + accessing libvirt APIs, with full read-write privileges. Access to the + socket is restricted to the unprivileged user running the daemon. + +* ``$XDG_RUNTIME_DIR/libvirt/virtlockd-admin-sock`` - the administrative + socket for controlling operation of the daemon itself (as opposed to drivers + it is running). This can be used to dynamically reconfigure some aspects of + the daemon and monitor/control connected clients. + +``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs, +such as ``/run/user/$UID``. + +Locking Systemd Integration +--------------------------- + +When the ``virtlockd`` daemon is managed by ``systemd`` a number of desirable +features are available, most notably socket activation. + +Libvirt ships a number of unit files for controlling virtlockd + +* ``virtlockd.service`` - the main unit file for launching the + ``virtlockd daemon`` in system mode. The command line arguments passed + can be configured by editting ``/etc/sysconfig/virtlockd``. This is + typically only needed to control the use of the auto shutdown timeout value. + +* ``virtlockd.socket`` - the unit file corresponding to the main read-write + UNIX socket ``/var/run/libvirt/virtlockd-sock``. This socket is recommended + to be started on boot by default. + +* ``virtlockd-admin.socket`` - the unit file corresponding to the administrative + UNIX socket ``/var/run/libvirt/virtlockd-admin-sock``. This socket is + recommended to be started on boot by default. + +When systemd socket activation is used a number of configuration settings in +``virtlockd.conf`` are no longer honoured. Instead these settings must be +controlled via the system unit files + +* ``unix_sock_group`` - UNIX socket group owner, controlled via the + ``SocketGroup`` parameter in the ``virtlockd.socket`` and + ``virtlockd-ro.socket`` unit files + +* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virtlockd-ro.socket`` unit file + +* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via + the ``SocketMode`` parameter in the ``virtlockd.socket`` unit file + +* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the + ``SocketMode`` parameter in the ``virtlockd-admin.socket`` unit file + +* ``unix_sock_dir`` - directory in which all UNIX sockets are created + independently controlled via the ``ListenStream`` parameter in any of the + ``virtlockd.socket`` and ``virtlockd-admin.socket`` unit files. + +Systemd releases prior to version 227 lacked support for passing the activation +socket unit names into the service. When using these old versions, the +``unix_sock_dir`` setting in ``virtlockd.conf`` must be changed in +lock-step with the equivalent setting in the unit files to ensure that +``virtlockd`` can identify the sockets. diff --git a/docs/docs.html.in b/docs/docs.html.in index 004f099a9f..142c79bfa9 100644 --- a/docs/docs.html.in +++ b/docs/docs.html.in @@ -18,6 +18,9 @@ <dt><a href="migration.html">Migration</a></dt> <dd>Migrating guests between machines</dd> + <dt><a href="daemons.html">Daemons</a></dt> + <dd>Overview of the daemons provided by libvirt</dd> + <dt><a href="remote.html">Remote access</a></dt> <dd>Enable remote access over TCP</dd> -- 2.24.1

3 6

[PATCH 0/5] alloc: Don't mask use of uninitialized variables in VIR_FREE
by Peter Krempa 05 Mar '20

05 Mar '20

Neither GCC nor clang report warnings if pointer passed to VIR_FREE is uninitialized. This is probably caused by our internal implementation which mangles the pointer to it. Fix all offenders and replace VIR_FREE's internals with g_clear_pointer. Peter Krempa (5): virNetworkPortDefSaveStatus: Fix potentially uninitialized 'path' by refactoring cleanup virLXCProcessSetupNamespaceName: Fix potential uninitialized free of 'path' cmdDomHostname: Fix uninitialized use of 'hostname' by refactoring cleanup testQemuMonitorJSONqemuMonitorJSONGetTargetArch: Fix uninitialized use of 'arch' VIR_ALLOC: Replace internals by g_clear_pointer src/conf/virnetworkportdef.c | 19 +++++++------------ src/libvirt_private.syms | 1 - src/lxc/lxc_process.c | 3 +-- src/util/viralloc.c | 21 ++------------------- src/util/viralloc.h | 7 +------ tests/qemumonitorjsontest.c | 14 +++++--------- tools/virsh-domain.c | 18 ++++++------------ 7 files changed, 22 insertions(+), 61 deletions(-) -- 2.24.1

2 6

[PATCH 0/2] qemu_shim: Two simple fixes
by Michal Privoznik 05 Mar '20

05 Mar '20

Actually, 2/2 suggests we need to tweak SELinux policy too. Should I file a bug? Michal Prívozník (2): qemu_shim: Allow other users to enter the root dir qemu_shim: Ignore SIGPIPE src/qemu/qemu_shim.c | 7 +++++++ 1 file changed, 7 insertions(+) -- 2.24.1

3 6

Re: GSoC 2020
by Jan Kiszka 05 Mar '20

05 Mar '20

Hi Shiko, On 04.03.20 09:49, ahmed El-Shreif wrote: > Hi, > > my name is Ahmed. I am a Computer Engineering student from Egypt. I am > really interested in contributing this year in GSoC program with Libvirt > . I was a GSoC student last year with LibreOffice. I was working in a > compiler project. I want this year to work in new project. I found your > projects interesting for me. > > > I have skills in c , c++ and python also I know Linux very well. I need > to understand more. where to start or can you recommend some easy bugs > to solve to get comfortable more with the code and to put goals of the > "Libvirt driver for Jailhouse" project. Thanks for your interest in this project! I'm adding the libvirt community because implementation will happen in that context, and libvirt would be the org to host this. Due to that, I would also suggest that some starter tasklet would come from there. To get familiar with Jailhouse and its current user interface, I suggest to build yourself a demo image via https://github.com/siemens/jailhouse-images and play with it. It comes with virtual targets, so you do not need a specific hardware (though, if you happen to have one of the preintegrated boards, that is also recommended). Don't hesitate to ask here if you do not understand something. Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux

1 0

[PATCH] Share Dup Daemon Function *SetupLogging
by Lan 04 Mar '20

04 Mar '20

Create a new function virDaemonSetupLogging (src/util/virdaemon.c) for shared code in virLockDaemonSetupLogging (src/locking/lock_daemon.c) virLogDaemonSetupLogging (src/logging/log_daemon.c) daemonSetupLogging (src/remote/remote_daemon.c) One of the BiteSizedTasks --- src/libvirt_private.syms | 2 + src/locking/lock_daemon.c | 58 ++--------------------------- src/logging/log_daemon.c | 50 ++----------------------- src/remote/remote_daemon.c | 57 ++--------------------------- src/util/Makefile.inc.am | 4 +- src/util/virdaemon.c | 75 ++++++++++++++++++++++++++++++++++++++ src/util/virdaemon.h | 35 ++++++++++++++++++ 7 files changed, 126 insertions(+), 155 deletions(-) create mode 100644 src/util/virdaemon.c create mode 100644 src/util/virdaemon.h diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index de0c7a3133..50cbd6d7af 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1906,6 +1906,8 @@ virCryptoHashBuf; virCryptoHashString; virCryptoHaveCipher; +# util/virdaemon.h +virDaemonSetupLogging; # util/virdbus.h virDBusCallMethod; diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c index 5e5a0c1089..5ba851cb55 100644 --- a/src/locking/lock_daemon.c +++ b/src/locking/lock_daemon.c @@ -46,6 +46,7 @@ #include "virstring.h" #include "virgettext.h" #include "virenum.h" +#include "virdaemon.h" #include "locking/lock_daemon_dispatch.h" #include "locking/lock_protocol.h" @@ -477,59 +478,6 @@ virLockDaemonErrorHandler(void *opaque G_GNUC_UNUSED, } -/* - * Set up the logging environment - * By default if daemonized all errors go to the logfile libvirtd.log, - * but if verbose or error debugging is asked for then also output - * informational and debug messages. Default size if 64 kB. - */ -static int -virLockDaemonSetupLogging(virLockDaemonConfigPtr config, - bool privileged, - bool verbose, - bool godaemon) -{ - virLogReset(); - - /* - * Libvirtd's order of precedence is: - * cmdline > environment > config - * - * Given the precedence, we must process the variables in the opposite - * order, each one overriding the previous. - */ - if (config->log_level != 0) - virLogSetDefaultPriority(config->log_level); - - /* In case the config is empty, both filters and outputs will become empty, - * however we can't start with empty outputs, thus we'll need to define and - * setup a default one. - */ - ignore_value(virLogSetFilters(config->log_filters)); - ignore_value(virLogSetOutputs(config->log_outputs)); - - /* If there are some environment variables defined, use those instead */ - virLogSetFromEnv(); - - /* - * Command line override for --verbose - */ - if ((verbose) && (virLogGetDefaultPriority() > VIR_LOG_INFO)) - virLogSetDefaultPriority(VIR_LOG_INFO); - - /* Define the default output. This is only applied if there was no setting - * from either the config or the environment. - */ - virLogSetDefaultOutput("virtlockd", godaemon, privileged); - - if (virLogGetNbOutputs() == 0) - virLogSetOutputs(virLogGetDefaultOutput()); - - return 0; -} - - - /* Display version information. */ static void virLockDaemonVersion(const char *argv0) @@ -1186,7 +1134,9 @@ int main(int argc, char **argv) { } VIR_FREE(remote_config_file); - if (virLockDaemonSetupLogging(config, privileged, verbose, godaemon) < 0) { + if (virDaemonSetupLogging((virDaemonLogConfigPtr)(&(config->log_level)), + "virtlockd", privileged, + verbose, godaemon)< 0) { VIR_ERROR(_("Can't initialize logging")); exit(EXIT_FAILURE); } diff --git a/src/logging/log_daemon.c b/src/logging/log_daemon.c index 772bbb805b..9f962300ed 100644 --- a/src/logging/log_daemon.c +++ b/src/logging/log_daemon.c @@ -45,6 +45,7 @@ #include "virstring.h" #include "virgettext.h" #include "virenum.h" +#include "virdaemon.h" #include "log_daemon_dispatch.h" #include "log_protocol.h" @@ -419,51 +420,6 @@ virLogDaemonErrorHandler(void *opaque G_GNUC_UNUSED, } -static void -virLogDaemonSetupLogging(virLogDaemonConfigPtr config, - bool privileged, - bool verbose, - bool godaemon) -{ - virLogReset(); - - /* - * Libvirtd's order of precedence is: - * cmdline > environment > config - * - * Given the precedence, we must process the variables in the opposite - * order, each one overriding the previous. - */ - if (config->log_level != 0) - virLogSetDefaultPriority(config->log_level); - - /* In case the config is empty, both filters and outputs will become empty, - * however we can't start with empty outputs, thus we'll need to define and - * setup a default one. - */ - ignore_value(virLogSetFilters(config->log_filters)); - ignore_value(virLogSetOutputs(config->log_outputs)); - - /* If there are some environment variables defined, use those instead */ - virLogSetFromEnv(); - - /* - * Command line override for --verbose - */ - if ((verbose) && (virLogGetDefaultPriority() > VIR_LOG_INFO)) - virLogSetDefaultPriority(VIR_LOG_INFO); - - /* Define the default output. This is only applied if there was no setting - * from either the config or the environment. - */ - virLogSetDefaultOutput("virtlogd", godaemon, privileged); - - if (virLogGetNbOutputs() == 0) - virLogSetOutputs(virLogGetDefaultOutput()); -} - - - /* Display version information. */ static void virLogDaemonVersion(const char *argv0) @@ -957,8 +913,8 @@ int main(int argc, char **argv) { exit(EXIT_FAILURE); } - virLogDaemonSetupLogging(config, privileged, verbose, godaemon); - + virDaemonSetupLogging((virDaemonLogConfigPtr)(&(config->log_level)), + "virtlogd", privileged, verbose, godaemon); if (!pid_file && virPidFileConstructPath(privileged, RUNSTATEDIR, diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 7082460bae..4bbdc255d0 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -57,6 +57,7 @@ #include "util/virnetdevopenvswitch.h" #include "virsystemd.h" #include "virhostuptime.h" +#include "virdaemon.h" #include "driver.h" @@ -606,58 +607,6 @@ daemonSetupNetDevOpenvswitch(struct daemonConfig *config) } -/* - * Set up the logging environment - * By default if daemonized all errors go to journald/a logfile - * but if verbose or error debugging is asked for then also output - * informational and debug messages. Default size if 64 kB. - */ -static int -daemonSetupLogging(struct daemonConfig *config, - bool privileged, - bool verbose, - bool godaemon) -{ - virLogReset(); - - /* - * Logging setup order of precedence is: - * cmdline > environment > config - * - * Given the precedence, we must process the variables in the opposite - * order, each one overriding the previous. - */ - if (config->log_level != 0) - virLogSetDefaultPriority(config->log_level); - - /* In case the config is empty, both filters and outputs will become empty, - * however we can't start with empty outputs, thus we'll need to define and - * setup a default one. - */ - ignore_value(virLogSetFilters(config->log_filters)); - ignore_value(virLogSetOutputs(config->log_outputs)); - - /* If there are some environment variables defined, use those instead */ - virLogSetFromEnv(); - - /* - * Command line override for --verbose - */ - if ((verbose) && (virLogGetDefaultPriority() > VIR_LOG_INFO)) - virLogSetDefaultPriority(VIR_LOG_INFO); - - /* Define the default output. This is only applied if there was no setting - * from either the config or the environment. - */ - virLogSetDefaultOutput(DAEMON_NAME, godaemon, privileged); - - if (virLogGetNbOutputs() == 0) - virLogSetOutputs(virLogGetDefaultOutput()); - - return 0; -} - - static int daemonSetupAccessManager(struct daemonConfig *config) { @@ -1147,7 +1096,9 @@ int main(int argc, char **argv) { exit(EXIT_FAILURE); } - if (daemonSetupLogging(config, privileged, verbose, godaemon) < 0) { + if (virDaemonSetupLogging((virDaemonLogConfigPtr)(&(config->log_level)), + DAEMON_NAME, privileged, + verbose, godaemon) < 0) { VIR_ERROR(_("Can't initialize logging")); exit(EXIT_FAILURE); } diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am index ddb3b43c5f..cf64220b63 100644 --- a/src/util/Makefile.inc.am +++ b/src/util/Makefile.inc.am @@ -42,7 +42,9 @@ UTIL_SOURCES = \ util/virconf.h \ util/vircrypto.c \ util/vircrypto.h \ - util/virdbus.c \ + util/virdaemon.c \ + util/virdaemon.h \ + util/virdbus.c \ util/virdbus.h \ util/virdbuspriv.h \ util/virdevmapper.c \ diff --git a/src/util/virdaemon.c b/src/util/virdaemon.c new file mode 100644 index 0000000000..a2ef48b78b --- /dev/null +++ b/src/util/virdaemon.c @@ -0,0 +1,75 @@ +/* + * virdaemon.c: remote/logging/lock management daemon common code + * + * Copyright (C) 2006-2020 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; If not, see + * <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include "virdaemon.h" +#include "virlog.h" + + +/* + * Set up the logging environment + * By default if daemonized all errors go to journald/a logfile + * but if verbose or error debugging is asked for then also output + * informational and debug messages. Default size if 64 kB. + */ +int +virDaemonSetupLogging(virDaemonLogConfigPtr config, + const char *output_fname, + bool privileged, bool verbose, bool godaemon) +{ + virLogReset(); + + /* + * Libvirtd's order of precedence is: + * cmdline > environment > config + * + * Given the precedence, we must process the variables in the opposite + * order, each one overriding the previous. + */ + if (config->log_level != 0) + virLogSetDefaultPriority(config->log_level); + + /* In case the config is empty, both filters and outputs will become empty, + * however we can't start with empty outputs, thus we'll need to define and + * setup a default one. + */ + ignore_value(virLogSetFilters(config->log_filters)); + ignore_value(virLogSetOutputs(config->log_outputs)); + + /* If there are some environment variables defined, use those instead */ + virLogSetFromEnv(); + + /* + * Command line override for --verbose + */ + if ((verbose) && (virLogGetDefaultPriority() > VIR_LOG_INFO)) + virLogSetDefaultPriority(VIR_LOG_INFO); + + /* Define the default output. This is only applied if there was no setting + * from either the config or the environment. + */ + virLogSetDefaultOutput(output_fname, godaemon, privileged); + + if (virLogGetNbOutputs() == 0) + virLogSetOutputs(virLogGetDefaultOutput()); + + return 0; +} diff --git a/src/util/virdaemon.h b/src/util/virdaemon.h new file mode 100644 index 0000000000..60b4119f08 --- /dev/null +++ b/src/util/virdaemon.h @@ -0,0 +1,35 @@ +/* + * virdaemon.h: remote/logging/lock management daemon common code + * + * Copyright (C) 2006-2020 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; If not, see + * <http://www.gnu.org/licenses/>. + */ + +#pragma once +#include "internal.h" + +typedef struct _virDaemonLogConfig virDaemonLogConfig; +typedef virDaemonLogConfig *virDaemonLogConfigPtr; + +struct _virDaemonLogConfig { + unsigned int log_level; + char *log_filters; + char *log_outputs; +}; + +int virDaemonSetupLogging(virDaemonLogConfigPtr config, + const char *output_fname, + bool privileged, bool verbose, bool godaemon); -- 2.17.1

2 1