[libvirt] [PATCH v3 00/48] Split the libvirtd daemon into per-driver daemons
This is what all the driver refactoring I've done has been about enabling. We gain new daemons for each driver, for the primary virt drivers: virtlibxld virtlxcd virtqemud virtvboxd virtvzd And again for the secondary drivers virtinterfaced virtnetworkd virtnodedevd virtnwfilterd virtsecretd virtstoraged Finally to support IP connectivity, and also the legacy lbivirtd UNIX domain socket (for the old libvirt remote driver SSH tunnelling): virtproxyd The the sake of facilitating upgrades, the existing libvirtd still exists and works the same way it always has. You either run libvirtd, or you run the per-driver daemons, never both. The remote driver will look to see whether libvirtd is running to figure out whether to connect to libvirtd or the new per-driver daemons. When auto-spawning daemons for nonroot users, we default to spawning the per-driver daemons. This can be controlled with a UR parameter "?mode=direct|legacy|auto", where 'direct' means per-driver and 'legacy' means libvirtd (or indirect via virtproxyd if that's running). Changed in v3: - Add identity forwarding between daemons for polkit auth - Make virtxend sockets conditional on Xen kernel - Other misc review fixes Changed in v2: - Added systemd unit files for service & sockets, ensuring conflicts with libvirtd - Fixed proxy to actually handle probing of URIs (still not quite perfect) - Renamed virtlibxld to virtxend as "xen" is the user facing name of the URI - Lazy loading of secondary drivers, so connecting to virtqemud does't auto-spawn all secondary driver daemons, until a relevant API is actually invoked - Actually generated config files / augeas files per daemon - Abort daemon startup if driver fails to load - Many other fixes A few nice to have things, but not merge blocking - MAYBE make it possible to disable build of libvirtd, or of the per-driver daemons so downstream vendors can decide which to ship. Alternatively they can just not include the binary in the package file list ? - Tuning of the daemon defaults for worker threads to better suit the fact that we have per-driver daemons - More work on RPM packaging to allow install of per-driver daemosn without pulling in libvirtd too Daniel P. Berrangé (48): build: make augeas-gentest.pl write to stdout build: collapse rules adding augeas tests to CLEANFILES build: create all augeas test files in same dir as their source build: use a common rule for checking augeas test data files build: centralize rule for handling generated config files remote: stop trying to print help as giant blocks of text remote: conditionalize socket names in libvirtd daemon remote: conditionalize daemon name in libvirtd daemon remote: conditionalize driver loading in libvirtd daemon remote: conditionalize IP socket usage in libvirtd daemon build: use @CONFIG@ instead of ::CONFIG:: in augeas tests remote: conditionalize IP socket config in libvirtd.conf remote: conditionalize IP socket config in augeas definitions remote: refactor & rename variables for building libvirtd build: don't hardcode /etc in the config related files remote: reduce duplication in systemd unit file make rules into one remote: conditionalize systemd socket unit files remote: refactor how list of systemd unit files is built remote: in per-driver daemons ensure that state initialize succeeds remote: introduce virtproxyd daemon to handle IP connectivity secret: introduce virtsecretd daemon network: introduce virtnetworkd daemon interface: introduce virtinterfaced daemon storage: introduce virtstoraged daemon nodedev: introduce virtnodedevd daemon nwfilter: introduce virtnwfilterd daemon libxl: introduce virtxend daemon qemu: introduce virtqemud daemon lxc: introduce virtlxcd daemon vbox: introduce virtvboxd daemon bhyve: introduce virtbhyved daemon vz: introduce virtvzd daemon admin: add ability to connect to the per-driver daemon sockets remote: get rid of bogus ATTRIBUTE_UNUSED annotation client param remote: change generated methods to not directly access connection remote: fix lock ordering mistake in event registration remote: change hand written methods to not directly access connection remote: open secondary drivers via remote driver if needed remote: handle autoprobing of driver within virtproxyd remote: use enum helpers for parsing remote driver transport remote: refactor the code for choosing the UNIX socket path remote: enable connecting to the per-driver daemons api: introduce virConnectSetIdentity for pasing uid, gid, selinux info util: change identity class attribute names util: make generic identity accessors private util: storage identity attrs as virTypedParameter internally util: allow identity to be imported/exported as typed parameters remote: pass identity across to newly opened daemons .gitignore | 62 +- build-aux/augeas-gentest.pl | 22 +- docs/remote.html.in | 18 + include/libvirt/libvirt-host.h | 75 + libvirt.spec.in | 91 ++ m4/virt-driver-remote.m4 | 15 + src/Makefile.am | 30 +- src/access/viraccessdriverpolkit.c | 12 +- src/admin/admin_server.c | 10 +- src/admin/admin_server_dispatch.c | 9 + src/bhyve/Makefile.inc.am | 55 +- src/bhyve/bhyve_driver.c | 10 +- src/bhyve/test_libvirtd_bhyve.aug.in | 2 +- src/driver-hypervisor.h | 7 + src/driver-state.h | 8 +- src/driver.h | 2 + src/interface/Makefile.inc.am | 62 + src/interface/interface_backend_netcf.c | 8 +- src/interface/interface_backend_udev.c | 4 +- src/interface/virtinterfaced.service.in | 24 + src/libvirt-admin.c | 32 +- src/libvirt-host.c | 51 + src/libvirt.c | 42 +- src/libvirt_internal.h | 1 + src/libvirt_private.syms | 29 +- src/libvirt_public.syms | 1 + src/libvirt_remote.syms | 1 + src/libxl/Makefile.inc.am | 80 +- src/libxl/libxl_driver.c | 10 +- src/libxl/test_libvirtd_libxl.aug.in | 2 +- src/libxl/virtxend.service.in | 26 + src/locking/Makefile.inc.am | 77 +- src/locking/test_libvirt_lockd.aug.in | 2 +- src/locking/test_libvirt_sanlock.aug.in | 2 +- src/locking/test_virtlockd.aug.in | 2 +- src/locking/virtlockd.service.in | 2 +- src/logging/Makefile.inc.am | 23 +- src/logging/test_virtlogd.aug.in | 2 +- src/logging/virtlogd.service.in | 2 +- src/lxc/Makefile.inc.am | 77 +- src/lxc/lxc_driver.c | 12 +- src/lxc/test_libvirtd_lxc.aug.in | 2 +- src/lxc/virtlxcd.service.in | 40 + src/network/Makefile.inc.am | 61 + src/network/bridge_driver.c | 4 +- src/network/virtnetworkd.service.in | 25 + src/node_device/Makefile.inc.am | 62 + src/node_device/node_device_hal.c | 12 +- src/node_device/node_device_udev.c | 8 +- src/node_device/virtnodedevd.service.in | 24 + src/nwfilter/Makefile.inc.am | 62 + src/nwfilter/nwfilter_driver.c | 12 +- src/nwfilter/virtnwfilterd.service.in | 24 + src/qemu/Makefile.inc.am | 76 +- src/qemu/qemu_driver.c | 8 +- src/qemu/test_libvirtd_qemu.aug.in | 2 +- src/qemu/virtqemud.service.in | 40 + src/remote/Makefile.inc.am | 285 ++-- src/remote/libvirtd-admin.socket.in | 15 +- src/remote/libvirtd-ro.socket.in | 15 +- src/remote/libvirtd-tcp.socket.in | 13 +- src/remote/libvirtd-tls.socket.in | 13 +- src/remote/{libvirtd.aug => libvirtd.aug.in} | 26 +- .../{libvirtd.conf => libvirtd.conf.in} | 60 +- src/remote/libvirtd.service.in | 2 +- src/remote/libvirtd.socket.in | 11 +- src/remote/remote_daemon.c | 302 ++-- src/remote/remote_daemon.h | 13 + src/remote/remote_daemon_config.c | 47 +- src/remote/remote_daemon_config.h | 10 +- src/remote/remote_daemon_dispatch.c | 1354 ++++++++++------- src/remote/remote_driver.c | 424 ++++-- src/remote/remote_driver.h | 4 - src/remote/remote_protocol.x | 18 +- src/remote/test_libvirtd.aug.in | 24 +- src/remote/virtproxyd.service.in | 24 + src/remote_protocol-structs | 8 + src/rpc/gendispatch.pl | 96 +- src/rpc/virnetserverclient.c | 24 +- src/rpc/virnetserverclient.h | 2 + src/secret/Makefile.inc.am | 62 + src/secret/secret_driver.c | 8 +- src/secret/virtsecretd.service.in | 24 + src/storage/Makefile.inc.am | 61 + src/storage/storage_driver.c | 8 +- src/storage/virtstoraged.service.in | 26 + src/util/viridentity.c | 483 +++--- src/util/viridentity.h | 87 +- src/vbox/Makefile.inc.am | 62 + src/vbox/virtvboxd.service.in | 25 + src/vz/Makefile.inc.am | 62 + src/vz/virtvzd.service.in | 25 + src/vz/vz_driver.c | 14 +- tests/viridentitytest.c | 97 +- tests/virnetserverclienttest.c | 45 +- tools/libvirt-guests.service.in | 2 +- 96 files changed, 3642 insertions(+), 1703 deletions(-) create mode 100644 src/interface/virtinterfaced.service.in create mode 100644 src/libxl/virtxend.service.in create mode 100644 src/lxc/virtlxcd.service.in create mode 100644 src/network/virtnetworkd.service.in create mode 100644 src/node_device/virtnodedevd.service.in create mode 100644 src/nwfilter/virtnwfilterd.service.in create mode 100644 src/qemu/virtqemud.service.in rename src/remote/{libvirtd.aug => libvirtd.aug.in} (89%) rename src/remote/{libvirtd.conf => libvirtd.conf.in} (92%) create mode 100644 src/remote/virtproxyd.service.in create mode 100644 src/secret/virtsecretd.service.in create mode 100644 src/storage/virtstoraged.service.in create mode 100644 src/vbox/virtvboxd.service.in create mode 100644 src/vz/virtvzd.service.in -- 2.21.0
The augeas-gentest.pl program merges a config file into a augeas file, saving the output to a new file. It is going to be useful to further process the output file, and it would be easier if this can be done with a pipeline, so change augeas-gentest.pl to write to stdout instead of a file. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- build-aux/augeas-gentest.pl | 20 ++++++-------------- src/bhyve/Makefile.inc.am | 2 +- src/libxl/Makefile.inc.am | 2 +- src/locking/Makefile.inc.am | 6 +++--- src/logging/Makefile.inc.am | 2 +- src/lxc/Makefile.inc.am | 2 +- src/qemu/Makefile.inc.am | 2 +- src/remote/Makefile.inc.am | 2 +- 8 files changed, 15 insertions(+), 23 deletions(-) diff --git a/build-aux/augeas-gentest.pl b/build-aux/augeas-gentest.pl index 567fc651f3..faf2fd593e 100755 --- a/build-aux/augeas-gentest.pl +++ b/build-aux/augeas-gentest.pl @@ -20,17 +20,10 @@ use strict; use warnings; -die "syntax: $0 CONFIG TEMPLATE AUGTEST\n" unless @ARGV == 3; +die "syntax: $0 CONFIG TEMPLATE\n" unless @ARGV == 2; my $config = shift @ARGV; my $template = shift @ARGV; -my $augtest = shift @ARGV; - -open AUGTEST, ">", $augtest or die "cannot create $augtest: $!"; - -$SIG{__DIE__} = sub { - unlink $augtest; -}; open CONFIG, "<", $config or die "cannot read $config: $!"; open TEMPLATE, "<", $template or die "cannot read $template: $!"; @@ -39,12 +32,12 @@ my $group = 0; while (<TEMPLATE>) { if (/::CONFIG::/) { my $group = 0; - print AUGTEST " let conf = \""; + print " let conf = \""; while (<CONFIG>) { if (/^#\w/) { s/^#//; s/\"/\\\"/g; - print AUGTEST $_; + print $_; $group = /\[\s$/; } elsif ($group) { s/\"/\\\"/g; @@ -53,16 +46,15 @@ while (<TEMPLATE>) { } if (/^#/) { s/^#//; - print AUGTEST $_; + print $_; } } } - print AUGTEST "\"\n"; + print "\"\n"; } else { - print AUGTEST $_; + print $_; } } close TEMPLATE; close CONFIG; -close AUGTEST or die "cannot save $augtest: $!"; diff --git a/src/bhyve/Makefile.inc.am b/src/bhyve/Makefile.inc.am index 36af5d7504..6e8e6ad5d8 100644 --- a/src/bhyve/Makefile.inc.am +++ b/src/bhyve/Makefile.inc.am @@ -55,7 +55,7 @@ AUGEAS_DIRS += bhyve test_libvirtd_bhyve.aug: bhyve/test_libvirtd_bhyve.aug.in \ $(srcdir)/bhyve/bhyve.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/bhyve/bhyve.conf $< $@ + $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/bhyve/bhyve.conf $< > $@ check-augeas-bhyve: test_libvirtd_bhyve.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am index 7f60b449d8..abc65ede2c 100644 --- a/src/libxl/Makefile.inc.am +++ b/src/libxl/Makefile.inc.am @@ -74,7 +74,7 @@ AUGEAS_DIRS += libxl test_libvirtd_libxl.aug: libxl/test_libvirtd_libxl.aug.in \ $(srcdir)/libxl/libxl.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libxl/libxl.conf $< $@ + $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libxl/libxl.conf $< > $@ check-augeas-libxl: test_libvirtd_libxl.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index 46ab11c2a9..c44f74a529 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -228,7 +228,7 @@ if WITH_SANLOCK if WITH_QEMU test_libvirt_sanlock.aug: locking/test_libvirt_sanlock.aug.in \ locking/qemu-sanlock.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< $@ + $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< > $@ check-augeas-sanlock: test_libvirt_sanlock.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ @@ -244,14 +244,14 @@ endif ! WITH_SANLOCK if WITH_QEMU test_libvirt_lockd.aug: locking/test_libvirt_lockd.aug.in \ locking/qemu-lockd.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-lockd.conf $< $@ + $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-lockd.conf $< > $@ else ! WITH_QEMU test_libvirt_lockd.aug: endif ! WITH_QEMU test_virtlockd.aug: locking/test_virtlockd.aug.in \ locking/virtlockd.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/locking/virtlockd.conf $< $@ + $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/locking/virtlockd.conf $< > $@ if WITH_QEMU check-augeas-lockd: test_libvirt_lockd.aug diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am index d57394cbde..8527890eb0 100644 --- a/src/logging/Makefile.inc.am +++ b/src/logging/Makefile.inc.am @@ -101,7 +101,7 @@ augeastest_DATA += test_virtlogd.aug test_virtlogd.aug: logging/test_virtlogd.aug.in \ logging/virtlogd.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/logging/virtlogd.conf $< $@ + $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/logging/virtlogd.conf $< > $@ AUGEAS_DIRS += logging diff --git a/src/lxc/Makefile.inc.am b/src/lxc/Makefile.inc.am index f27827c1e9..1c0b715a2f 100644 --- a/src/lxc/Makefile.inc.am +++ b/src/lxc/Makefile.inc.am @@ -163,7 +163,7 @@ AUGEAS_DIRS += lxc test_libvirtd_lxc.aug: lxc/test_libvirtd_lxc.aug.in \ $(srcdir)/lxc/lxc.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/lxc/lxc.conf $< $@ + $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/lxc/lxc.conf $< > $@ check-augeas-lxc: test_libvirtd_lxc.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am index 254ba07dc0..e8c7d4b5b1 100644 --- a/src/qemu/Makefile.inc.am +++ b/src/qemu/Makefile.inc.am @@ -122,7 +122,7 @@ AUGEAS_DIRS += qemu test_libvirtd_qemu.aug: qemu/test_libvirtd_qemu.aug.in \ $(srcdir)/qemu/qemu.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/qemu/qemu.conf $< $@ + $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/qemu/qemu.conf $< > $@ check-augeas-qemu: test_libvirtd_qemu.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 0cf00cb902..4f706f9743 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -190,7 +190,7 @@ AUGEAS_DIRS += remote test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/remote/libvirtd.conf $< $@ + $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/remote/libvirtd.conf $< > $@ check-augeas-remote: test_libvirtd.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ -- 2.21.0
We already have a variable that lists all augeas test files, so we can add everything to CLEANFILES at once. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/Makefile.am | 1 + src/libxl/Makefile.inc.am | 1 - src/locking/Makefile.inc.am | 4 +--- src/logging/Makefile.inc.am | 2 -- src/lxc/Makefile.inc.am | 1 - src/qemu/Makefile.inc.am | 1 - src/remote/Makefile.inc.am | 2 -- 7 files changed, 2 insertions(+), 10 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 4a8cae11dc..938c119f39 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -149,6 +149,7 @@ augeasdir = $(datadir)/augeas/lenses augeastestdir = $(datadir)/augeas/lenses/tests +CLEANFILES += $(augeastest_DATA) # Internal generic driver infrastructure DATATYPES_SOURCES = datatypes.h datatypes.c diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am index abc65ede2c..cfe136f07e 100644 --- a/src/libxl/Makefile.inc.am +++ b/src/libxl/Makefile.inc.am @@ -68,7 +68,6 @@ libvirt_driver_libxl_impl_la_SOURCES = $(LIBXL_DRIVER_SOURCES) conf_DATA += libxl/libxl.conf augeas_DATA += libxl/libvirtd_libxl.aug augeastest_DATA += test_libvirtd_libxl.aug -CLEANFILES += test_libvirtd_libxl.aug AUGEAS_DIRS += libxl diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index c44f74a529..2c53cff190 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -74,7 +74,7 @@ SYSCONF_FILES += locking/virtlockd.sysconf PODFILES += locking/virtlockd.pod MANINFILES += virtlockd.8.in -CLEANFILES += test_virtlockd.aug $(man8_MANS) +CLEANFILES += $(man8_MANS) MAINTAINERCLEANFILES += $(MANINFILES) SYSTEMD_UNIT_FILES_IN += \ @@ -115,7 +115,6 @@ endif WITH_SASL if WITH_QEMU augeastest_DATA += test_libvirt_lockd.aug -CLEANFILES += test_libvirt_lockd.aug nodist_conf_DATA += locking/qemu-lockd.conf BUILT_SOURCES += locking/qemu-lockd.conf DISTCLEANFILES += locking/qemu-lockd.conf @@ -171,7 +170,6 @@ augeas_DATA += locking/libvirt_sanlock.aug if WITH_QEMU augeastest_DATA += test_libvirt_sanlock.aug -CLEANFILES += test_libvirt_sanlock.aug nodist_conf_DATA += locking/qemu-sanlock.conf BUILT_SOURCES += locking/qemu-sanlock.conf DISTCLEANFILES += locking/qemu-sanlock.conf diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am index 8527890eb0..bf89c47b3b 100644 --- a/src/logging/Makefile.inc.am +++ b/src/logging/Makefile.inc.am @@ -46,8 +46,6 @@ MAINTAINERCLEANFILES += \ $(LOG_DAEMON_GENERATED) \ $(NULL) -CLEANFILES += test_virtlogd.aug - PODFILES += logging/virtlogd.pod MANINFILES += virtlogd.8.in SYSCONF_FILES += logging/virtlogd.sysconf diff --git a/src/lxc/Makefile.inc.am b/src/lxc/Makefile.inc.am index 1c0b715a2f..df8d5db110 100644 --- a/src/lxc/Makefile.inc.am +++ b/src/lxc/Makefile.inc.am @@ -157,7 +157,6 @@ conf_DATA += lxc/lxc.conf augeas_DATA += lxc/libvirtd_lxc.aug augeastest_DATA += test_libvirtd_lxc.aug -CLEANFILES += test_libvirtd_lxc.aug AUGEAS_DIRS += lxc diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am index e8c7d4b5b1..69aaeb46c2 100644 --- a/src/qemu/Makefile.inc.am +++ b/src/qemu/Makefile.inc.am @@ -116,7 +116,6 @@ conf_DATA += qemu/qemu.conf augeas_DATA += qemu/libvirtd_qemu.aug augeastest_DATA += test_libvirtd_qemu.aug -CLEANFILES += test_libvirtd_qemu.aug AUGEAS_DIRS += qemu diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 4f706f9743..7d5c90cff1 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -130,8 +130,6 @@ augeastest_DATA += test_libvirtd.aug conf_DATA += remote/libvirtd.conf -CLEANFILES += test_libvirtd.aug - man8_MANS += libvirtd.8 libvirtd_SOURCES = $(LIBVIRTD_SOURCES) -- 2.21.0
The current make rules are inconsistent about which directory the augeas test files are created in. Put them all in the same dir as their source. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 8 +++++--- src/bhyve/Makefile.inc.am | 8 ++++---- src/libxl/Makefile.inc.am | 8 ++++---- src/locking/Makefile.inc.am | 29 +++++++++++++---------------- src/logging/Makefile.inc.am | 8 ++++---- src/lxc/Makefile.inc.am | 8 ++++---- src/qemu/Makefile.inc.am | 8 ++++---- src/remote/Makefile.inc.am | 8 ++++---- 8 files changed, 42 insertions(+), 43 deletions(-) diff --git a/.gitignore b/.gitignore index 727bfdb6ec..d75b24c743 100644 --- a/.gitignore +++ b/.gitignore @@ -135,6 +135,7 @@ /src/libvirt_lxc /src/libvirtd /src/libvirtd*.logrotate +/src/libxl/test_libvirtd_libxl.aug /src/locking/libxl-lockd.conf /src/locking/libxl-sanlock.conf /src/locking/lock_daemon_dispatch_stubs.h @@ -142,8 +143,11 @@ /src/locking/qemu-lockd.conf /src/locking/qemu-sanlock.conf /src/locking/test_libvirt_sanlock.aug +/src/locking/test_libvirt_lockd.aug +/src/locking/test_virtlockd.aug /src/logging/log_daemon_dispatch_stubs.h /src/logging/log_protocol.[ch] +/src/logging/test_virtlogd.aug /src/lxc/lxc_controller_dispatch.h /src/lxc/lxc_monitor_dispatch.h /src/lxc/lxc_monitor_protocol.c @@ -154,11 +158,9 @@ /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] /src/remote/*_stubs.h +/src/remote/test_libvirtd.aug /src/rpc/virkeepaliveprotocol.[ch] /src/rpc/virnetprotocol.[ch] -/src/test_libvirt*.aug -/src/test_virtlockd.aug -/src/test_virtlogd.aug /src/util/virkeycodetable*.h /src/util/virkeynametable*.h /src/virt-aa-helper diff --git a/src/bhyve/Makefile.inc.am b/src/bhyve/Makefile.inc.am index 6e8e6ad5d8..0aef5e17c7 100644 --- a/src/bhyve/Makefile.inc.am +++ b/src/bhyve/Makefile.inc.am @@ -49,17 +49,17 @@ libvirt_driver_bhyve_impl_la_SOURCES = $(BHYVE_DRIVER_SOURCES) conf_DATA += bhyve/bhyve.conf augeas_DATA += bhyve/libvirtd_bhyve.aug -augeastest_DATA += test_libvirtd_bhyve.aug +augeastest_DATA += bhyve/test_libvirtd_bhyve.aug AUGEAS_DIRS += bhyve -test_libvirtd_bhyve.aug: bhyve/test_libvirtd_bhyve.aug.in \ +bhyve/test_libvirtd_bhyve.aug: bhyve/test_libvirtd_bhyve.aug.in \ $(srcdir)/bhyve/bhyve.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/bhyve/bhyve.conf $< > $@ -check-augeas-bhyve: test_libvirtd_bhyve.aug +check-augeas-bhyve: bhyve/test_libvirtd_bhyve.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/bhyve test_libvirtd_bhyve.aug; \ + '$(AUGPARSE)' -I $(srcdir)/bhyve bhyve/test_libvirtd_bhyve.aug; \ fi endif WITH_BHYVE diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am index cfe136f07e..e73f34db8e 100644 --- a/src/libxl/Makefile.inc.am +++ b/src/libxl/Makefile.inc.am @@ -67,17 +67,17 @@ libvirt_driver_libxl_impl_la_SOURCES = $(LIBXL_DRIVER_SOURCES) conf_DATA += libxl/libxl.conf augeas_DATA += libxl/libvirtd_libxl.aug -augeastest_DATA += test_libvirtd_libxl.aug +augeastest_DATA += libxl/test_libvirtd_libxl.aug AUGEAS_DIRS += libxl -test_libvirtd_libxl.aug: libxl/test_libvirtd_libxl.aug.in \ +libxl/test_libvirtd_libxl.aug: libxl/test_libvirtd_libxl.aug.in \ $(srcdir)/libxl/libxl.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libxl/libxl.conf $< > $@ -check-augeas-libxl: test_libvirtd_libxl.aug +check-augeas-libxl: libxl/test_libvirtd_libxl.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/libxl test_libvirtd_libxl.aug; \ + '$(AUGPARSE)' -I $(srcdir)/libxl libxl/test_libvirtd_libxl.aug; \ fi INSTALL_DATA_DIRS += libxl diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index 2c53cff190..0f284faf25 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -114,7 +114,7 @@ lockd_la_CFLAGS += \ endif WITH_SASL if WITH_QEMU -augeastest_DATA += test_libvirt_lockd.aug +augeastest_DATA += locking/test_libvirt_lockd.aug nodist_conf_DATA += locking/qemu-lockd.conf BUILT_SOURCES += locking/qemu-lockd.conf DISTCLEANFILES += locking/qemu-lockd.conf @@ -169,7 +169,7 @@ sanlock_la_LIBADD = -lsanlock_client libvirt.la ../gnulib/lib/libgnu.la augeas_DATA += locking/libvirt_sanlock.aug if WITH_QEMU -augeastest_DATA += test_libvirt_sanlock.aug +augeastest_DATA += locking/test_libvirt_sanlock.aug nodist_conf_DATA += locking/qemu-sanlock.conf BUILT_SOURCES += locking/qemu-sanlock.conf DISTCLEANFILES += locking/qemu-sanlock.conf @@ -201,8 +201,7 @@ man8_MANS += virtlockd.8 conf_DATA += locking/virtlockd.conf augeas_DATA += locking/virtlockd.aug -augeastest_DATA += test_virtlockd.aug - +augeastest_DATA += locking/test_virtlockd.aug INSTALL_DATA_DIRS += locking @@ -224,13 +223,13 @@ endif WITH_SANLOCK if WITH_SANLOCK if WITH_QEMU -test_libvirt_sanlock.aug: locking/test_libvirt_sanlock.aug.in \ +locking/test_libvirt_sanlock.aug: locking/test_libvirt_sanlock.aug.in \ locking/qemu-sanlock.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< > $@ -check-augeas-sanlock: test_libvirt_sanlock.aug +check-augeas-sanlock: locking/test_libvirt_sanlock.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/locking test_libvirt_sanlock.aug; \ + '$(AUGPARSE)' -I $(srcdir)/locking locking/test_libvirt_sanlock.aug; \ fi else ! WITH_QEMU check-augeas-sanlock: @@ -240,29 +239,27 @@ check-augeas-sanlock: endif ! WITH_SANLOCK if WITH_QEMU -test_libvirt_lockd.aug: locking/test_libvirt_lockd.aug.in \ +locking/test_libvirt_lockd.aug: locking/test_libvirt_lockd.aug.in \ locking/qemu-lockd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-lockd.conf $< > $@ -else ! WITH_QEMU -test_libvirt_lockd.aug: -endif ! WITH_QEMU +endif WITH_QEMU -test_virtlockd.aug: locking/test_virtlockd.aug.in \ +locking/test_virtlockd.aug: locking/test_virtlockd.aug.in \ locking/virtlockd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/locking/virtlockd.conf $< > $@ if WITH_QEMU -check-augeas-lockd: test_libvirt_lockd.aug +check-augeas-lockd: locking/test_libvirt_lockd.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/locking test_libvirt_lockd.aug; \ + '$(AUGPARSE)' -I $(srcdir)/locking locking/test_libvirt_lockd.aug; \ fi else ! WITH_QEMU check-augeas-lockd: endif ! WITH_QEMU -check-augeas-virtlockd: test_virtlockd.aug +check-augeas-virtlockd: locking/test_virtlockd.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/locking test_virtlockd.aug; \ + '$(AUGPARSE)' -I $(srcdir)/locking locking/test_virtlockd.aug; \ fi AUGEAS_DIRS += locking diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am index bf89c47b3b..58a139ec2f 100644 --- a/src/logging/Makefile.inc.am +++ b/src/logging/Makefile.inc.am @@ -95,17 +95,17 @@ endif WITH_SASL conf_DATA += logging/virtlogd.conf augeas_DATA += logging/virtlogd.aug -augeastest_DATA += test_virtlogd.aug +augeastest_DATA += logging/test_virtlogd.aug -test_virtlogd.aug: logging/test_virtlogd.aug.in \ +logging/test_virtlogd.aug: logging/test_virtlogd.aug.in \ logging/virtlogd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/logging/virtlogd.conf $< > $@ AUGEAS_DIRS += logging -check-augeas-logging: test_virtlogd.aug +check-augeas-logging: logging/test_virtlogd.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/logging test_virtlogd.aug; \ + '$(AUGPARSE)' -I $(srcdir)/logging logging/test_virtlogd.aug; \ fi endif WITH_LIBVIRTD diff --git a/src/lxc/Makefile.inc.am b/src/lxc/Makefile.inc.am index df8d5db110..f011d90e95 100644 --- a/src/lxc/Makefile.inc.am +++ b/src/lxc/Makefile.inc.am @@ -156,17 +156,17 @@ endif conf_DATA += lxc/lxc.conf augeas_DATA += lxc/libvirtd_lxc.aug -augeastest_DATA += test_libvirtd_lxc.aug +augeastest_DATA += lxc/test_libvirtd_lxc.aug AUGEAS_DIRS += lxc -test_libvirtd_lxc.aug: lxc/test_libvirtd_lxc.aug.in \ +lxc/test_libvirtd_lxc.aug: lxc/test_libvirtd_lxc.aug.in \ $(srcdir)/lxc/lxc.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/lxc/lxc.conf $< > $@ -check-augeas-lxc: test_libvirtd_lxc.aug +check-augeas-lxc: lxc/test_libvirtd_lxc.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/lxc test_libvirtd_lxc.aug; \ + '$(AUGPARSE)' -I $(srcdir)/lxc lxc/test_libvirtd_lxc.aug; \ fi INSTALL_DATA_DIRS += lxc diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am index 69aaeb46c2..750b8a5c85 100644 --- a/src/qemu/Makefile.inc.am +++ b/src/qemu/Makefile.inc.am @@ -115,17 +115,17 @@ endif WITH_DTRACE_PROBES conf_DATA += qemu/qemu.conf augeas_DATA += qemu/libvirtd_qemu.aug -augeastest_DATA += test_libvirtd_qemu.aug +augeastest_DATA += qemu/test_libvirtd_qemu.aug AUGEAS_DIRS += qemu -test_libvirtd_qemu.aug: qemu/test_libvirtd_qemu.aug.in \ +qemu/test_libvirtd_qemu.aug: qemu/test_libvirtd_qemu.aug.in \ $(srcdir)/qemu/qemu.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/qemu/qemu.conf $< > $@ -check-augeas-qemu: test_libvirtd_qemu.aug +check-augeas-qemu: qemu/test_libvirtd_qemu.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/qemu test_libvirtd_qemu.aug; \ + '$(AUGPARSE)' -I $(srcdir)/qemu qemu/test_libvirtd_qemu.aug; \ fi INSTALL_DATA_DIRS += qemu diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 7d5c90cff1..18519b129d 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -126,7 +126,7 @@ sbin_PROGRAMS += libvirtd augeas_DATA += remote/libvirtd.aug -augeastest_DATA += test_libvirtd.aug +augeastest_DATA += remote/test_libvirtd.aug conf_DATA += remote/libvirtd.conf @@ -186,13 +186,13 @@ uninstall-data-remote: AUGEAS_DIRS += remote -test_libvirtd.aug: remote/test_libvirtd.aug.in \ +remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/remote/libvirtd.conf $< > $@ -check-augeas-remote: test_libvirtd.aug +check-augeas-remote: remote/test_libvirtd.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/remote test_libvirtd.aug; \ + '$(AUGPARSE)' -I $(srcdir)/remote remote/test_libvirtd.aug; \ fi if WITH_SYSCTL -- 2.21.0
Instead of each subdir containing its own custom rule for checking the augeas tests, use common rule for all. The new rule searches both src + build dirs for include files, since some augeas files will be auto-generated very shortly. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/Makefile.am | 18 +++++++++++++----- src/bhyve/Makefile.inc.am | 11 ----------- src/libxl/Makefile.inc.am | 11 ----------- src/locking/Makefile.inc.am | 34 ++-------------------------------- src/logging/Makefile.inc.am | 9 --------- src/lxc/Makefile.inc.am | 8 -------- src/qemu/Makefile.inc.am | 8 -------- src/remote/Makefile.inc.am | 8 -------- 8 files changed, 15 insertions(+), 92 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 938c119f39..6bb33524cf 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -74,7 +74,6 @@ GENERATED_SYM_FILES = augeas_DATA = augeastest_DATA = conf_DATA = -AUGEAS_DIRS = if WITH_DTRACE_PROBES tapset_DATA = endif WITH_DTRACE_PROBES @@ -397,13 +396,22 @@ GENERATED_SYM_FILES += \ - - - +AUG_TEST_NAMES = $(subst /,-, $(augeastest_DATA)) check-local: check-augeas -check-augeas: $(AUGEAS_DIRS:%=check-augeas-%) +check-augeas: $(augeas_DATA) $(augeastest_DATA) + $(AM_V_GEN) \ + if test -x "$(AUGPARSE)"; then \ + for f in $(augeastest_DATA); do \ + DIR=$$(dirname "$$f"); \ + FILE=$$(basename "$$f"); \ + "$(AUGPARSE)" \ + -I "$(srcdir)/$$DIR" -I "$(builddir)/$$DIR" \ + "$$DIR/$$FILE"; \ + done; \ + fi +.PHONY: check-augeas AUG_GENTEST = $(PERL) $(top_srcdir)/build-aux/augeas-gentest.pl diff --git a/src/bhyve/Makefile.inc.am b/src/bhyve/Makefile.inc.am index 0aef5e17c7..8b662e9775 100644 --- a/src/bhyve/Makefile.inc.am +++ b/src/bhyve/Makefile.inc.am @@ -51,17 +51,10 @@ conf_DATA += bhyve/bhyve.conf augeas_DATA += bhyve/libvirtd_bhyve.aug augeastest_DATA += bhyve/test_libvirtd_bhyve.aug -AUGEAS_DIRS += bhyve - bhyve/test_libvirtd_bhyve.aug: bhyve/test_libvirtd_bhyve.aug.in \ $(srcdir)/bhyve/bhyve.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/bhyve/bhyve.conf $< > $@ -check-augeas-bhyve: bhyve/test_libvirtd_bhyve.aug - $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/bhyve bhyve/test_libvirtd_bhyve.aug; \ - fi - endif WITH_BHYVE EXTRA_DIST += \ @@ -69,7 +62,3 @@ EXTRA_DIST += \ bhyve/libvirtd_bhyve.aug \ bhyve/test_libvirtd_bhyve.aug.in \ $(NULL) - -.PHONY: \ - check-augeas-bhyve \ - $(NULL) diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am index e73f34db8e..467c2720b2 100644 --- a/src/libxl/Makefile.inc.am +++ b/src/libxl/Makefile.inc.am @@ -69,17 +69,10 @@ conf_DATA += libxl/libxl.conf augeas_DATA += libxl/libvirtd_libxl.aug augeastest_DATA += libxl/test_libvirtd_libxl.aug -AUGEAS_DIRS += libxl - libxl/test_libvirtd_libxl.aug: libxl/test_libvirtd_libxl.aug.in \ $(srcdir)/libxl/libxl.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libxl/libxl.conf $< > $@ -check-augeas-libxl: libxl/test_libvirtd_libxl.aug - $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/libxl libxl/test_libvirtd_libxl.aug; \ - fi - INSTALL_DATA_DIRS += libxl install-data-libxl: @@ -94,10 +87,6 @@ uninstall-data-libxl: endif WITH_LIBXL -.PHONY: \ - check-augeas-libxl \ - $(NULL) - EXTRA_DIST += \ libxl/libxl.conf \ libxl/libvirtd_libxl.aug \ diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index 0f284faf25..24d83fdd80 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -227,16 +227,8 @@ locking/test_libvirt_sanlock.aug: locking/test_libvirt_sanlock.aug.in \ locking/qemu-sanlock.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< > $@ -check-augeas-sanlock: locking/test_libvirt_sanlock.aug - $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/locking locking/test_libvirt_sanlock.aug; \ - fi -else ! WITH_QEMU -check-augeas-sanlock: -endif ! WITH_QEMU -else ! WITH_SANLOCK -check-augeas-sanlock: -endif ! WITH_SANLOCK +endif WITH_QEMU +endif WITH_SANLOCK if WITH_QEMU locking/test_libvirt_lockd.aug: locking/test_libvirt_lockd.aug.in \ @@ -248,33 +240,11 @@ locking/test_virtlockd.aug: locking/test_virtlockd.aug.in \ locking/virtlockd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/locking/virtlockd.conf $< > $@ -if WITH_QEMU -check-augeas-lockd: locking/test_libvirt_lockd.aug - $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/locking locking/test_libvirt_lockd.aug; \ - fi -else ! WITH_QEMU -check-augeas-lockd: -endif ! WITH_QEMU - -check-augeas-virtlockd: locking/test_virtlockd.aug - $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/locking locking/test_virtlockd.aug; \ - fi - -AUGEAS_DIRS += locking - -check-augeas-locking: check-augeas-virtlockd check-augeas-lockd check-augeas-sanlock - endif WITH_LIBVIRTD .PHONY: \ install-data-locking \ uninstall-data-locking \ - check-augeas-locking \ - check-augeas-virtlockd \ - check-augeas-lockd \ - check-augeas-sanlock \ $(NULL) locking/%-lockd.conf: $(srcdir)/locking/lockd.conf diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am index 58a139ec2f..f0c49330f5 100644 --- a/src/logging/Makefile.inc.am +++ b/src/logging/Makefile.inc.am @@ -101,17 +101,8 @@ logging/test_virtlogd.aug: logging/test_virtlogd.aug.in \ logging/virtlogd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/logging/virtlogd.conf $< > $@ -AUGEAS_DIRS += logging - -check-augeas-logging: logging/test_virtlogd.aug - $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/logging logging/test_virtlogd.aug; \ - fi - endif WITH_LIBVIRTD -.PHONY: check-augeas-logging - logging/log_daemon_dispatch_stubs.h: $(LOG_PROTOCOL) \ $(srcdir)/rpc/gendispatch.pl Makefile.am $(AM_V_GEN)perl -w $(srcdir)/rpc/gendispatch.pl --mode=server \ diff --git a/src/lxc/Makefile.inc.am b/src/lxc/Makefile.inc.am index f011d90e95..0c241fc5c1 100644 --- a/src/lxc/Makefile.inc.am +++ b/src/lxc/Makefile.inc.am @@ -158,17 +158,10 @@ conf_DATA += lxc/lxc.conf augeas_DATA += lxc/libvirtd_lxc.aug augeastest_DATA += lxc/test_libvirtd_lxc.aug -AUGEAS_DIRS += lxc - lxc/test_libvirtd_lxc.aug: lxc/test_libvirtd_lxc.aug.in \ $(srcdir)/lxc/lxc.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/lxc/lxc.conf $< > $@ -check-augeas-lxc: lxc/test_libvirtd_lxc.aug - $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/lxc lxc/test_libvirtd_lxc.aug; \ - fi - INSTALL_DATA_DIRS += lxc install-data-lxc: @@ -196,7 +189,6 @@ lxc/lxc_controller_dispatch.h: $(srcdir)/rpc/gendispatch.pl \ $(srcdir)/lxc/lxc_controller_dispatch.h .PHONY: \ - check-agueas-lxc \ install-data-lxc \ uninstall-data-lxc \ $(NULL) diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am index 750b8a5c85..12236a9e7b 100644 --- a/src/qemu/Makefile.inc.am +++ b/src/qemu/Makefile.inc.am @@ -117,17 +117,10 @@ conf_DATA += qemu/qemu.conf augeas_DATA += qemu/libvirtd_qemu.aug augeastest_DATA += qemu/test_libvirtd_qemu.aug -AUGEAS_DIRS += qemu - qemu/test_libvirtd_qemu.aug: qemu/test_libvirtd_qemu.aug.in \ $(srcdir)/qemu/qemu.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/qemu/qemu.conf $< > $@ -check-augeas-qemu: qemu/test_libvirtd_qemu.aug - $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/qemu qemu/test_libvirtd_qemu.aug; \ - fi - INSTALL_DATA_DIRS += qemu install-data-qemu: @@ -151,7 +144,6 @@ uninstall-data-qemu: endif WITH_QEMU .PHONY: \ - check-augeas-qemu \ install-data-qemu \ uninstall-data-qemu \ $(NULL) diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 18519b129d..0400dabad9 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -184,17 +184,10 @@ install-data-remote: uninstall-data-remote: rmdir "$(DESTDIR)$(localstatedir)/log/libvirt" ||: -AUGEAS_DIRS += remote - remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/remote/libvirtd.conf $< > $@ -check-augeas-remote: remote/test_libvirtd.aug - $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ - '$(AUGPARSE)' -I $(srcdir)/remote remote/test_libvirtd.aug; \ - fi - if WITH_SYSCTL # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on # /usr/lib/sysctl.d/ even when libdir is /usr/lib64 @@ -241,7 +234,6 @@ endif WITH_LIBVIRTD .PHONY: \ install-data-remote \ uninstall-data-remote \ - check-augeas-remote \ $(NULL) # This is needed for clients too, so can't wrap in -- 2.21.0
On Mon, 2019-07-29 at 18:10 +0100, Daniel P. Berrangé wrote:
+++ b/src/Makefile.am @@ -397,13 +396,22 @@ GENERATED_SYM_FILES += \ +AUG_TEST_NAMES = $(subst /,-, $(augeastest_DATA))
AUG_TEST_NAMES is no longer necessary.
-check-augeas: $(AUGEAS_DIRS:%=check-augeas-%) +check-augeas: $(augeas_DATA) $(augeastest_DATA) + $(AM_V_GEN) \ + if test -x "$(AUGPARSE)"; then \ + for f in $(augeastest_DATA); do \ + DIR=$$(dirname "$$f"); \ + FILE=$$(basename "$$f"); \ + "$(AUGPARSE)" \ + -I "$(srcdir)/$$DIR" -I "$(builddir)/$$DIR" \ + "$$DIR/$$FILE"; \ + done; \ + fi +.PHONY: check-augeas
Why didn't you do for the alternative version, the one in https://www.redhat.com/archives/libvir-list/2019-July/msg01609.html which prints the name of each file as they are processed? With either version of the check-augeas rule, and with AUG_TEST_NAMES gone, Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
On Mon, Jul 29, 2019 at 06:10:46PM +0100, Daniel P. Berrangé wrote:
Instead of each subdir containing its own custom rule for checking the augeas tests, use common rule for all.
The new rule searches both src + build dirs for include files, since some augeas files will be auto-generated very shortly.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/Makefile.am | 18 +++++++++++++----- src/bhyve/Makefile.inc.am | 11 ----------- src/libxl/Makefile.inc.am | 11 ----------- src/locking/Makefile.inc.am | 34 ++-------------------------------- src/logging/Makefile.inc.am | 9 --------- src/lxc/Makefile.inc.am | 8 -------- src/qemu/Makefile.inc.am | 8 -------- src/remote/Makefile.inc.am | 8 -------- 8 files changed, 15 insertions(+), 92 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am index 938c119f39..6bb33524cf 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -74,7 +74,6 @@ GENERATED_SYM_FILES = augeas_DATA = augeastest_DATA = conf_DATA = -AUGEAS_DIRS = if WITH_DTRACE_PROBES tapset_DATA = endif WITH_DTRACE_PROBES @@ -397,13 +396,22 @@ GENERATED_SYM_FILES += \
- - - +AUG_TEST_NAMES = $(subst /,-, $(augeastest_DATA))
check-local: check-augeas
-check-augeas: $(AUGEAS_DIRS:%=check-augeas-%) +check-augeas: $(augeas_DATA) $(augeastest_DATA) + $(AM_V_GEN) \ + if test -x "$(AUGPARSE)"; then \ + for f in $(augeastest_DATA); do \ + DIR=$$(dirname "$$f"); \ + FILE=$$(basename "$$f"); \ + "$(AUGPARSE)" \ + -I "$(srcdir)/$$DIR" -I "$(builddir)/$$DIR" \ + "$$DIR/$$FILE"; \ + done; \ + fi +.PHONY: check-augeas
src/Makefile.am:407: DIR=$$(dirname "$$f"); \ src/Makefile.am:408: FILE=$$(basename "$$f"); \ src/Makefile.am:409: "$(AUGPARSE)" \ src/Makefile.am:410: -I "$(srcdir)/$$DIR" -I "$(builddir)/$$DIR" \ src/Makefile.am:411: "$$DIR/$$FILE"; \ maint.mk: found TAB-8-space indentation make: *** [maint.mk:1158: sc_makefile_TAB_only_indentation] Error 1 Jano
Instead of adding generated config files to CLEANFILES and BUILT_SOURCES in each makefile, add them all at once. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/Makefile.am | 3 +++ src/locking/Makefile.inc.am | 8 -------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 6bb33524cf..255e8e2b57 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -144,6 +144,9 @@ moddir = $(libdir)/libvirt/connection-driver confdir = $(sysconfdir)/libvirt conf_DATA += libvirt.conf libvirt-admin.conf +CLEANFILES += $(nodist_conf_DATA) +BUILT_SOURCES += $(nodist_conf_DATA) + augeasdir = $(datadir)/augeas/lenses augeastestdir = $(datadir)/augeas/lenses/tests diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index 24d83fdd80..161410051c 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -116,14 +116,10 @@ endif WITH_SASL if WITH_QEMU augeastest_DATA += locking/test_libvirt_lockd.aug nodist_conf_DATA += locking/qemu-lockd.conf -BUILT_SOURCES += locking/qemu-lockd.conf -DISTCLEANFILES += locking/qemu-lockd.conf endif WITH_QEMU if WITH_LIBXL nodist_conf_DATA += locking/libxl-lockd.conf -BUILT_SOURCES += locking/libxl-lockd.conf -DISTCLEANFILES += locking/libxl-lockd.conf endif WITH_LIBXL sbin_PROGRAMS += virtlockd @@ -171,14 +167,10 @@ augeas_DATA += locking/libvirt_sanlock.aug if WITH_QEMU augeastest_DATA += locking/test_libvirt_sanlock.aug nodist_conf_DATA += locking/qemu-sanlock.conf -BUILT_SOURCES += locking/qemu-sanlock.conf -DISTCLEANFILES += locking/qemu-sanlock.conf endif WITH_QEMU if WITH_LIBXL nodist_conf_DATA += locking/libxl-sanlock.conf -BUILT_SOURCES += locking/libxl-sanlock.conf -DISTCLEANFILES += locking/libxl-sanlock.conf endif WITH_LIBXL libexec_PROGRAMS += libvirt_sanlock_helper -- 2.21.0
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks. Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 128 ++++++++++++++++++------------------- src/remote/remote_driver.h | 1 - 2 files changed, 64 insertions(+), 65 deletions(-) diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index d887b7abfb..69385af1c4 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -859,75 +859,75 @@ daemonSetupHostUUID(const struct daemonConfig *config) return 0; } +typedef struct { + const char *opts; + const char *help; +} virOptionHelp; + /* Print command-line usage. */ static void daemonUsage(const char *argv0, bool privileged) { - fprintf(stderr, - _("\n" - "Usage:\n" - " %s [options]\n" - "\n" - "Options:\n" - " -h | --help Display program help:\n" - " -v | --verbose Verbose messages.\n" - " -d | --daemon Run as a daemon & write PID file.\n" - " -l | --listen Listen for TCP/IP connections.\n" - " -t | --timeout <secs> Exit after timeout period.\n" - " -f | --config <file> Configuration file.\n" - " -V | --version Display version information.\n" - " -p | --pid-file <file> Change name of PID file.\n" - "\n" - "libvirt management daemon:\n"), - argv0); + size_t i; + virOptionHelp opthelp[] = { + { "-h | --help", N_("Display program help") }, + { "-v | --verbose", N_("Verbose messages") }, + { "-d | --daemon", N_("Run as a daemon & write PID file") }, + { "-l | --listen", N_("Listen for TCP/IP connections") }, + { "-t | --timeout <secs>", N_("Exit after timeout period") }, + { "-f | --config <file>", N_("Configuration file") }, + { "-V | --version", N_("Display version information") }, + { "-p | --pid-file <file>", N_("Change name of PID file") }, + }; - if (privileged) { - fprintf(stderr, - _("\n" - " Default paths:\n" - "\n" - " Configuration file (unless overridden by -f):\n" - " %s\n" - "\n" - " Sockets:\n" - " %s\n" - " %s\n" - "\n" - " TLS:\n" - " CA certificate: %s\n" - " Server certificate: %s\n" - " Server private key: %s\n" - "\n" - " PID file (unless overridden by -p):\n" - " %s/run/libvirtd.pid\n" - "\n"), - LIBVIRTD_CONFIGURATION_FILE, - LIBVIRTD_PRIV_UNIX_SOCKET, - LIBVIRTD_PRIV_UNIX_SOCKET_RO, - LIBVIRT_CACERT, - LIBVIRT_SERVERCERT, - LIBVIRT_SERVERKEY, - LOCALSTATEDIR); - } else { - fprintf(stderr, "%s", - _("\n" - " Default paths:\n" - "\n" - " Configuration file (unless overridden by -f):\n" - " $XDG_CONFIG_HOME/libvirt/libvirtd.conf\n" - "\n" - " Sockets:\n" - " $XDG_RUNTIME_DIR/libvirt/libvirt-sock\n" - "\n" - " TLS:\n" - " CA certificate: $HOME/.pki/libvirt/cacert.pem\n" - " Server certificate: $HOME/.pki/libvirt/servercert.pem\n" - " Server private key: $HOME/.pki/libvirt/serverkey.pem\n" - "\n" - " PID file:\n" - " $XDG_RUNTIME_DIR/libvirt/libvirtd.pid\n" - "\n")); - } + fprintf(stderr, "\n"); + fprintf(stderr, "%s:\n", _("Usage")); + fprintf(stderr, " %s [%s]\n", argv0, _("options")); + fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("Options")); + for (i = 0; i < ARRAY_CARDINALITY(opthelp); i++) + fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help)); + fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("libvirt management daemon")); + + fprintf(stderr, "\n"); + fprintf(stderr, " %s:\n", _("Default paths")); + fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("Configuration file (unless overridden by -f)")); + fprintf(stderr, " %s/libvirt/libvirtd.conf\n", + privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME"); + fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("Sockets")); + fprintf(stderr, " %s\n", + privileged ? LOCALSTATEDIR "/run/libvirt/libvirt-sock" : + "$XDG_RUNTIME_DIR/libvirt/libvirt-sock"); + if (privileged) + fprintf(stderr, " %s\n", + LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro"); + fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("TLS")); + fprintf(stderr, " %s: %s\n", + _("CA certificate"), + privileged ? LIBVIRT_CACERT : "$HOME/.pki/libvirt/cacert.pem"); + fprintf(stderr, " %s: %s\n", + _("Server certificate"), + privileged ? LIBVIRT_SERVERCERT : "$HOME/.pki/libvirt/servercert.pem"); + fprintf(stderr, " %s: %s\n", + _("Server private key"), + privileged ? LIBVIRT_SERVERKEY : "$HOME/.pki/libvirt/serverkey.pem"); + fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", + _("PID file (unless overridden by -p)")); + fprintf(stderr, " %s\n", + privileged ? LOCALSTATEDIR "/run/libvirtd.pid": + "$XDG_RUNTIME_DIR/libvirt/libvirtd.pid"); + fprintf(stderr, "\n"); } int main(int argc, char **argv) { diff --git a/src/remote/remote_driver.h b/src/remote/remote_driver.h index 8c7da6b000..132e478ef3 100644 --- a/src/remote/remote_driver.h +++ b/src/remote/remote_driver.h @@ -34,7 +34,6 @@ unsigned long remoteVersion(void); #define LIBVIRTD_PRIV_UNIX_SOCKET LOCALSTATEDIR "/run/libvirt/libvirt-sock" #define LIBVIRTD_PRIV_UNIX_SOCKET_RO LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro" #define LIBVIRTD_USER_UNIX_SOCKET "libvirt-sock" -#define LIBVIRTD_CONFIGURATION_FILE SYSCONFDIR "/libvirt/libvirtd.conf" /* Defaults for PKI directory. */ #define LIBVIRT_PKI_DIR SYSCONFDIR "/pki" -- 2.21.0
Daniel P. Berrangé writes:
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks.
Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 128 ++++++++++++++++++------------------- src/remote/remote_driver.h | 1 - 2 files changed, 64 insertions(+), 65 deletions(-)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index d887b7abfb..69385af1c4 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -859,75 +859,75 @@ daemonSetupHostUUID(const struct daemonConfig *config) return 0; }
+typedef struct { + const char *opts; + const char *help; +} virOptionHelp; + /* Print command-line usage. */ static void daemonUsage(const char *argv0, bool privileged) { - fprintf(stderr, - _("\n" - "Usage:\n" - " %s [options]\n" - "\n" - "Options:\n" - " -h | --help Display program help:\n" - " -v | --verbose Verbose messages.\n" - " -d | --daemon Run as a daemon & write PID file.\n" - " -l | --listen Listen for TCP/IP connections.\n" - " -t | --timeout <secs> Exit after timeout period.\n" - " -f | --config <file> Configuration file.\n" - " -V | --version Display version information.\n" - " -p | --pid-file <file> Change name of PID file.\n" - "\n" - "libvirt management daemon:\n"), - argv0); + size_t i; + virOptionHelp opthelp[] = { + { "-h | --help", N_("Display program help") },
Why use N_ both here and in the printout code (copied below)? fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help)); When is the message translated?
+ { "-v | --verbose", N_("Verbose messages") }, + { "-d | --daemon", N_("Run as a daemon & write PID file") }, + { "-l | --listen", N_("Listen for TCP/IP connections") }, + { "-t | --timeout <secs>", N_("Exit after timeout period") }, + { "-f | --config <file>", N_("Configuration file") }, + { "-V | --version", N_("Display version information") }, + { "-p | --pid-file <file>", N_("Change name of PID file") }, + };
- if (privileged) { - fprintf(stderr, - _("\n" - " Default paths:\n" - "\n" - " Configuration file (unless overridden by -f):\n" - " %s\n" - "\n" - " Sockets:\n" - " %s\n" - " %s\n" - "\n" - " TLS:\n" - " CA certificate: %s\n" - " Server certificate: %s\n" - " Server private key: %s\n" - "\n" - " PID file (unless overridden by -p):\n" - " %s/run/libvirtd.pid\n" - "\n"), - LIBVIRTD_CONFIGURATION_FILE, - LIBVIRTD_PRIV_UNIX_SOCKET, - LIBVIRTD_PRIV_UNIX_SOCKET_RO, - LIBVIRT_CACERT, - LIBVIRT_SERVERCERT, - LIBVIRT_SERVERKEY, - LOCALSTATEDIR); - } else { - fprintf(stderr, "%s", - _("\n" - " Default paths:\n" - "\n" - " Configuration file (unless overridden by -f):\n" - " $XDG_CONFIG_HOME/libvirt/libvirtd.conf\n" - "\n" - " Sockets:\n" - " $XDG_RUNTIME_DIR/libvirt/libvirt-sock\n" - "\n" - " TLS:\n" - " CA certificate: $HOME/.pki/libvirt/cacert.pem\n" - " Server certificate: $HOME/.pki/libvirt/servercert.pem\n" - " Server private key: $HOME/.pki/libvirt/serverkey.pem\n" - "\n" - " PID file:\n" - " $XDG_RUNTIME_DIR/libvirt/libvirtd.pid\n" - "\n")); - } + fprintf(stderr, "\n"); + fprintf(stderr, "%s:\n", _("Usage")); + fprintf(stderr, " %s [%s]\n", argv0, _("options"));
Here, despite your argument regarding formatting, I believe that translators should have a larger context. Also, as the gettext documentation points out, ":" needs a space before in French, so it should be placed within the part to translate. fprintf(stderr, _("Usage:\n %s [options]\n\n"), argv0);
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("Options"));
Same, for localization of whitespace around : it would be better to have fprintf(stderr, _("Options:\n")); This applies to all cases where you have %s: below.
+ for (i = 0; i < ARRAY_CARDINALITY(opthelp); i++) + fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
Based on comment above, replace N_ with _ ?
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("libvirt management daemon"));
+ + fprintf(stderr, "\n"); + fprintf(stderr, " %s:\n", _("Default paths"));
+ fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("Configuration file (unless overridden by -f)"));
+ fprintf(stderr, " %s/libvirt/libvirtd.conf\n", + privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME");
Add a N_ ?
+ fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("Sockets"));
+ fprintf(stderr, " %s\n", + privileged ? LOCALSTATEDIR "/run/libvirt/libvirt-sock" : + "$XDG_RUNTIME_DIR/libvirt/libvirt-sock");
Add N_ ?
+ if (privileged) + fprintf(stderr, " %s\n", + LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro");
Add N_?
+ fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("TLS"));
+ fprintf(stderr, " %s: %s\n", + _("CA certificate"), + privileged ? LIBVIRT_CACERT : "$HOME/.pki/libvirt/cacert.pem"); + fprintf(stderr, " %s: %s\n", + _("Server certificate"), + privileged ? LIBVIRT_SERVERCERT : "$HOME/.pki/libvirt/servercert.pem"); + fprintf(stderr, " %s: %s\n", + _("Server private key"), + privileged ? LIBVIRT_SERVERKEY : "$HOME/.pki/libvirt/serverkey.pem"); + fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", + _("PID file (unless overridden by -p)")); + fprintf(stderr, " %s\n", + privileged ? LOCALSTATEDIR "/run/libvirtd.pid": + "$XDG_RUNTIME_DIR/libvirt/libvirtd.pid"); + fprintf(stderr, "\n"); }
int main(int argc, char **argv) { diff --git a/src/remote/remote_driver.h b/src/remote/remote_driver.h index 8c7da6b000..132e478ef3 100644 --- a/src/remote/remote_driver.h +++ b/src/remote/remote_driver.h @@ -34,7 +34,6 @@ unsigned long remoteVersion(void); #define LIBVIRTD_PRIV_UNIX_SOCKET LOCALSTATEDIR "/run/libvirt/libvirt-sock" #define LIBVIRTD_PRIV_UNIX_SOCKET_RO LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro" #define LIBVIRTD_USER_UNIX_SOCKET "libvirt-sock" -#define LIBVIRTD_CONFIGURATION_FILE SYSCONFDIR "/libvirt/libvirtd.conf"
/* Defaults for PKI directory. */ #define LIBVIRT_PKI_DIR SYSCONFDIR "/pki" -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, Jul 30, 2019 at 11:56:45AM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks.
Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 128 ++++++++++++++++++------------------- src/remote/remote_driver.h | 1 - 2 files changed, 64 insertions(+), 65 deletions(-)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index d887b7abfb..69385af1c4 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -859,75 +859,75 @@ daemonSetupHostUUID(const struct daemonConfig *config) return 0; }
+typedef struct { + const char *opts; + const char *help; +} virOptionHelp; + /* Print command-line usage. */ static void daemonUsage(const char *argv0, bool privileged) { - fprintf(stderr, - _("\n" - "Usage:\n" - " %s [options]\n" - "\n" - "Options:\n" - " -h | --help Display program help:\n" - " -v | --verbose Verbose messages.\n" - " -d | --daemon Run as a daemon & write PID file.\n" - " -l | --listen Listen for TCP/IP connections.\n" - " -t | --timeout <secs> Exit after timeout period.\n" - " -f | --config <file> Configuration file.\n" - " -V | --version Display version information.\n" - " -p | --pid-file <file> Change name of PID file.\n" - "\n" - "libvirt management daemon:\n"), - argv0); + size_t i; + virOptionHelp opthelp[] = { + { "-h | --help", N_("Display program help") },
Why use N_ both here and in the printout code (copied below)?
fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
When is the message translated?
Yeah that's a screwup. The fprintf() should be calling gettext
+ fprintf(stderr, "\n"); + fprintf(stderr, "%s:\n", _("Usage")); + fprintf(stderr, " %s [%s]\n", argv0, _("options"));
Here, despite your argument regarding formatting, I believe that translators should have a larger context. Also, as the gettext documentation points out, ":" needs a space before in French, so it should be placed within the part to translate.
What documentation are you seeing this in ? I'm not come across this suggestion before and want to read more
fprintf(stderr, _("Usage:\n %s [options]\n\n"), argv0);
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("Options"));
Same, for localization of whitespace around : it would be better to have
fprintf(stderr, _("Options:\n"));
This applies to all cases where you have %s: below.
+ for (i = 0; i < ARRAY_CARDINALITY(opthelp); i++) + fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
Based on comment above, replace N_ with _ ?
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("libvirt management daemon"));
+ + fprintf(stderr, "\n"); + fprintf(stderr, " %s:\n", _("Default paths"));
+ fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("Configuration file (unless overridden by -f)"));
+ fprintf(stderr, " %s/libvirt/libvirtd.conf\n", + privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME");
Add a N_ ?
File paths have no translatable text in them. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 30 Jul 2019, at 12:04, Daniel P. Berrangé <berrange@redhat.com> wrote:
On Tue, Jul 30, 2019 at 11:56:45AM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks.
Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 128 ++++++++++++++++++------------------- src/remote/remote_driver.h | 1 - 2 files changed, 64 insertions(+), 65 deletions(-)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index d887b7abfb..69385af1c4 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -859,75 +859,75 @@ daemonSetupHostUUID(const struct daemonConfig *config) return 0; }
+typedef struct { + const char *opts; + const char *help; +} virOptionHelp; + /* Print command-line usage. */ static void daemonUsage(const char *argv0, bool privileged) { - fprintf(stderr, - _("\n" - "Usage:\n" - " %s [options]\n" - "\n" - "Options:\n" - " -h | --help Display program help:\n" - " -v | --verbose Verbose messages.\n" - " -d | --daemon Run as a daemon & write PID file.\n" - " -l | --listen Listen for TCP/IP connections.\n" - " -t | --timeout <secs> Exit after timeout period.\n" - " -f | --config <file> Configuration file.\n" - " -V | --version Display version information.\n" - " -p | --pid-file <file> Change name of PID file.\n" - "\n" - "libvirt management daemon:\n"), - argv0); + size_t i; + virOptionHelp opthelp[] = { + { "-h | --help", N_("Display program help") },
Why use N_ both here and in the printout code (copied below)?
fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
When is the message translated?
Yeah that's a screwup. The fprintf() should be calling gettext
+ fprintf(stderr, "\n"); + fprintf(stderr, "%s:\n", _("Usage")); + fprintf(stderr, " %s [%s]\n", argv0, _("options"));
Here, despite your argument regarding formatting, I believe that translators should have a larger context. Also, as the gettext documentation points out, ":" needs a space before in French, so it should be placed within the part to translate.
What documentation are you seeing this in ? I'm not come across this suggestion before and want to read more
https://www.gnu.org/software/gettext/manual/gettext.html See end of section 4.4, specifically: For example, ‘"%s"’ is an example of string not requiring translation. But ‘"%s: %d"’ does require translation, because in French, unlike in English, it’s customary to put a space before a colon.
fprintf(stderr, _("Usage:\n %s [options]\n\n"), argv0);
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("Options"));
Same, for localization of whitespace around : it would be better to have
fprintf(stderr, _("Options:\n"));
This applies to all cases where you have %s: below.
+ for (i = 0; i < ARRAY_CARDINALITY(opthelp); i++) + fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
Based on comment above, replace N_ with _ ?
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("libvirt management daemon"));
+ + fprintf(stderr, "\n"); + fprintf(stderr, " %s:\n", _("Default paths"));
+ fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("Configuration file (unless overridden by -f)"));
+ fprintf(stderr, " %s/libvirt/libvirtd.conf\n", + privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME");
Add a N_ ?
File paths have no translatable text in them.
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Tue, Jul 30, 2019 at 12:07:35PM +0200, Christophe de Dinechin wrote:
On 30 Jul 2019, at 12:04, Daniel P. Berrangé <berrange@redhat.com> wrote:
On Tue, Jul 30, 2019 at 11:56:45AM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks.
Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 128 ++++++++++++++++++------------------- src/remote/remote_driver.h | 1 - 2 files changed, 64 insertions(+), 65 deletions(-)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index d887b7abfb..69385af1c4 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -859,75 +859,75 @@ daemonSetupHostUUID(const struct daemonConfig *config) return 0; }
+typedef struct { + const char *opts; + const char *help; +} virOptionHelp; + /* Print command-line usage. */ static void daemonUsage(const char *argv0, bool privileged) { - fprintf(stderr, - _("\n" - "Usage:\n" - " %s [options]\n" - "\n" - "Options:\n" - " -h | --help Display program help:\n" - " -v | --verbose Verbose messages.\n" - " -d | --daemon Run as a daemon & write PID file.\n" - " -l | --listen Listen for TCP/IP connections.\n" - " -t | --timeout <secs> Exit after timeout period.\n" - " -f | --config <file> Configuration file.\n" - " -V | --version Display version information.\n" - " -p | --pid-file <file> Change name of PID file.\n" - "\n" - "libvirt management daemon:\n"), - argv0); + size_t i; + virOptionHelp opthelp[] = { + { "-h | --help", N_("Display program help") },
Why use N_ both here and in the printout code (copied below)?
fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
When is the message translated?
Yeah that's a screwup. The fprintf() should be calling gettext
+ fprintf(stderr, "\n"); + fprintf(stderr, "%s:\n", _("Usage")); + fprintf(stderr, " %s [%s]\n", argv0, _("options"));
Here, despite your argument regarding formatting, I believe that translators should have a larger context. Also, as the gettext documentation points out, ":" needs a space before in French, so it should be placed within the part to translate.
What documentation are you seeing this in ? I'm not come across this suggestion before and want to read more
https://www.gnu.org/software/gettext/manual/gettext.html
See end of section 4.4, specifically:
For example, ‘"%s"’ is an example of string not requiring translation. But ‘"%s: %d"’ does require translation, because in French, unlike in English, it’s customary to put a space before a colon.
Thanks, checking the french translation of the current text I'm replacing, I do indeed see this style - the translators have put a unicode non-breaking space (0xc2a0) before each ':'. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 30 Jul 2019, at 12:04, Daniel P. Berrangé <berrange@redhat.com> wrote:
On Tue, Jul 30, 2019 at 11:56:45AM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks.
Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 128 ++++++++++++++++++------------------- src/remote/remote_driver.h | 1 - 2 files changed, 64 insertions(+), 65 deletions(-)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index d887b7abfb..69385af1c4 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -859,75 +859,75 @@ daemonSetupHostUUID(const struct daemonConfig *config) return 0; }
+typedef struct { + const char *opts; + const char *help; +} virOptionHelp; + /* Print command-line usage. */ static void daemonUsage(const char *argv0, bool privileged) { - fprintf(stderr, - _("\n" - "Usage:\n" - " %s [options]\n" - "\n" - "Options:\n" - " -h | --help Display program help:\n" - " -v | --verbose Verbose messages.\n" - " -d | --daemon Run as a daemon & write PID file.\n" - " -l | --listen Listen for TCP/IP connections.\n" - " -t | --timeout <secs> Exit after timeout period.\n" - " -f | --config <file> Configuration file.\n" - " -V | --version Display version information.\n" - " -p | --pid-file <file> Change name of PID file.\n" - "\n" - "libvirt management daemon:\n"), - argv0); + size_t i; + virOptionHelp opthelp[] = { + { "-h | --help", N_("Display program help") },
Why use N_ both here and in the printout code (copied below)?
fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
When is the message translated?
Yeah that's a screwup. The fprintf() should be calling gettext
+ fprintf(stderr, "\n"); + fprintf(stderr, "%s:\n", _("Usage")); + fprintf(stderr, " %s [%s]\n", argv0, _("options"));
Here, despite your argument regarding formatting, I believe that translators should have a larger context. Also, as the gettext documentation points out, ":" needs a space before in French, so it should be placed within the part to translate.
What documentation are you seeing this in ? I'm not come across this suggestion before and want to read more
fprintf(stderr, _("Usage:\n %s [options]\n\n"), argv0);
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("Options"));
Same, for localization of whitespace around : it would be better to have
fprintf(stderr, _("Options:\n"));
This applies to all cases where you have %s: below.
+ for (i = 0; i < ARRAY_CARDINALITY(opthelp); i++) + fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
Based on comment above, replace N_ with _ ?
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("libvirt management daemon"));
+ + fprintf(stderr, "\n"); + fprintf(stderr, " %s:\n", _("Default paths"));
+ fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("Configuration file (unless overridden by -f)"));
+ fprintf(stderr, " %s/libvirt/libvirtd.conf\n", + privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME");
Add a N_ ?
File paths have no translatable text in them.
Well, I’ve always been confused with what “N_” meant exactly, but to me it was a tell to translator “don’t try translating this one”. If there is nothing, the translator might waste time looking at it. Maybe I got that backwards, though. Can’t say the doc is super clear.
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Tue, Jul 30, 2019 at 12:10:23PM +0200, Christophe de Dinechin wrote:
On 30 Jul 2019, at 12:04, Daniel P. Berrangé <berrange@redhat.com> wrote:
On Tue, Jul 30, 2019 at 11:56:45AM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks.
Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 128 ++++++++++++++++++------------------- src/remote/remote_driver.h | 1 - 2 files changed, 64 insertions(+), 65 deletions(-)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index d887b7abfb..69385af1c4 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -859,75 +859,75 @@ daemonSetupHostUUID(const struct daemonConfig *config) return 0; }
+typedef struct { + const char *opts; + const char *help; +} virOptionHelp; + /* Print command-line usage. */ static void daemonUsage(const char *argv0, bool privileged) { - fprintf(stderr, - _("\n" - "Usage:\n" - " %s [options]\n" - "\n" - "Options:\n" - " -h | --help Display program help:\n" - " -v | --verbose Verbose messages.\n" - " -d | --daemon Run as a daemon & write PID file.\n" - " -l | --listen Listen for TCP/IP connections.\n" - " -t | --timeout <secs> Exit after timeout period.\n" - " -f | --config <file> Configuration file.\n" - " -V | --version Display version information.\n" - " -p | --pid-file <file> Change name of PID file.\n" - "\n" - "libvirt management daemon:\n"), - argv0); + size_t i; + virOptionHelp opthelp[] = { + { "-h | --help", N_("Display program help") },
Why use N_ both here and in the printout code (copied below)?
fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
When is the message translated?
Yeah that's a screwup. The fprintf() should be calling gettext
+ fprintf(stderr, "\n"); + fprintf(stderr, "%s:\n", _("Usage")); + fprintf(stderr, " %s [%s]\n", argv0, _("options"));
Here, despite your argument regarding formatting, I believe that translators should have a larger context. Also, as the gettext documentation points out, ":" needs a space before in French, so it should be placed within the part to translate.
What documentation are you seeing this in ? I'm not come across this suggestion before and want to read more
fprintf(stderr, _("Usage:\n %s [options]\n\n"), argv0);
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("Options"));
Same, for localization of whitespace around : it would be better to have
fprintf(stderr, _("Options:\n"));
This applies to all cases where you have %s: below.
+ for (i = 0; i < ARRAY_CARDINALITY(opthelp); i++) + fprintf(stderr, " %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
Based on comment above, replace N_ with _ ?
+ fprintf(stderr, "\n"); + + fprintf(stderr, "%s:\n", _("libvirt management daemon"));
+ + fprintf(stderr, "\n"); + fprintf(stderr, " %s:\n", _("Default paths"));
+ fprintf(stderr, "\n"); + + fprintf(stderr, " %s:\n", _("Configuration file (unless overridden by -f)"));
+ fprintf(stderr, " %s/libvirt/libvirtd.conf\n", + privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME");
Add a N_ ?
File paths have no translatable text in them.
Well, I’ve always been confused with what “N_” meant exactly, but to me it was a tell to translator “don’t try translating this one”. If there is nothing, the translator might waste time looking at it. Maybe I got that backwards, though. Can’t say the doc is super clear.
N_() is basically just a hint for xgettext(). It means extract this string and add to the .po file for translation. In the code it expands to a no-op though, because you're expected to have a separate gettext() call elsewhere to do the actual translation. For non-translatable text we simply don't add any macro at all. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Mon, 2019-07-29 at 18:10 +0100, Daniel P. Berrangé wrote:
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks.
Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 128 ++++++++++++++++++------------------- src/remote/remote_driver.h | 1 - 2 files changed, 64 insertions(+), 65 deletions(-)
While I'm sympathetic to Christophe's plead for being nicer to French users and translators, right now I'd like to avoid another respin of this already pretty big series, so whether you address the changes he asked for before pushing or as a follow-up patch you still get a Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
On 30 Jul 2019, at 12:52, Andrea Bolognani <abologna@redhat.com> wrote:
On Mon, 2019-07-29 at 18:10 +0100, Daniel P. Berrangé wrote:
The remote daemon tries to print out its help text in a couple of giant blocks of text. This has already lead to duplication of the text for the privileged vs unprivileged execution mode. With the introduction of more daemons, this text is going to be duplicated many more times with small variations. This is very unfriendly to translators as they have to translate approximately the same text many times with small tweaks.
Splitting the text up into individual strings to print means that each piece will only need translating once. It also gets rid of all the layout information from the translated strings, so avoids the problem of translators breaking formatting by mistake.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 128 ++++++++++++++++++------------------- src/remote/remote_driver.h | 1 - 2 files changed, 64 insertions(+), 65 deletions(-)
While I'm sympathetic to Christophe's plead for being nicer to French users and translators, right now I'd like to avoid another respin of this already pretty big series, so whether you address the changes he asked for before pushing or as a follow-up patch you still get a Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Fine with me either way.
-- Andrea Bolognani / Red Hat / Virtualization
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Prepare for reusing libvirtd source to create other daemons by making the socket names conditionally defined by the make rules. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 34 +++++++++++++++++++++------------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 0400dabad9..ced940d3c1 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -146,6 +146,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/access \ -I$(srcdir)/conf \ -I$(srcdir)/rpc \ + -DSOCK_PREFIX="\"libvirt\"" \ $(NULL) libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 69385af1c4..f9d923b357 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -221,19 +221,25 @@ daemonUnixSocketPaths(struct daemonConfig *config, char *rundir = NULL; if (config->unix_sock_dir) { - if (virAsprintf(sockfile, "%s/libvirt-sock", config->unix_sock_dir) < 0) + if (virAsprintf(sockfile, "%s/%s-sock", + SOCK_PREFIX, config->unix_sock_dir) < 0) goto cleanup; if (privileged) { - if (virAsprintf(rosockfile, "%s/libvirt-sock-ro", config->unix_sock_dir) < 0 || - virAsprintf(admsockfile, "%s/libvirt-admin-sock", config->unix_sock_dir) < 0) + if (virAsprintf(rosockfile, "%s/%s-sock-ro", + SOCK_PREFIX, config->unix_sock_dir) < 0 || + virAsprintf(admsockfile, "%s/%s-admin-sock", + SOCK_PREFIX, config->unix_sock_dir) < 0) goto cleanup; } } else { if (privileged) { - if (VIR_STRDUP(*sockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock") < 0 || - VIR_STRDUP(*rosockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro") < 0 || - VIR_STRDUP(*admsockfile, LOCALSTATEDIR "/run/libvirt/libvirt-admin-sock") < 0) + if (virAsprintf(sockfile, "%s/run/libvirt/%s-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-sock-ro", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-admin-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0) goto cleanup; } else { mode_t old_umask; @@ -248,8 +254,10 @@ daemonUnixSocketPaths(struct daemonConfig *config, } umask(old_umask); - if (virAsprintf(sockfile, "%s/libvirt-sock", rundir) < 0 || - virAsprintf(admsockfile, "%s/libvirt-admin-sock", rundir) < 0) + if (virAsprintf(sockfile, "%s/%s-sock", + rundir, SOCK_PREFIX) < 0 || + virAsprintf(admsockfile, "%s/%s-admin-sock", + rundir, SOCK_PREFIX) < 0) goto cleanup; } } @@ -902,12 +910,12 @@ daemonUsage(const char *argv0, bool privileged) fprintf(stderr, "\n"); fprintf(stderr, " %s:\n", _("Sockets")); - fprintf(stderr, " %s\n", - privileged ? LOCALSTATEDIR "/run/libvirt/libvirt-sock" : - "$XDG_RUNTIME_DIR/libvirt/libvirt-sock"); + fprintf(stderr, " %s/libvirt/%s-sock\n", + privileged ? LOCALSTATEDIR "/run" : "$XDG_RUNTIME_DIR", + SOCK_PREFIX); if (privileged) - fprintf(stderr, " %s\n", - LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro"); + fprintf(stderr, " %s/run/libvirt/%s-sock-ro\n", + LOCALSTATEDIR, SOCK_PREFIX); fprintf(stderr, "\n"); fprintf(stderr, " %s:\n", _("TLS")); -- 2.21.0
Daniel P. Berrangé writes:
Prepare for reusing libvirtd source to create other daemons by making the socket names conditionally defined by the make rules.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 34 +++++++++++++++++++++------------- 2 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 0400dabad9..ced940d3c1 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -146,6 +146,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/access \ -I$(srcdir)/conf \ -I$(srcdir)/rpc \ + -DSOCK_PREFIX="\"libvirt\"" \ $(NULL)
libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 69385af1c4..f9d923b357 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -221,19 +221,25 @@ daemonUnixSocketPaths(struct daemonConfig *config, char *rundir = NULL;
if (config->unix_sock_dir) { - if (virAsprintf(sockfile, "%s/libvirt-sock", config->unix_sock_dir) < 0) + if (virAsprintf(sockfile, "%s/%s-sock", + SOCK_PREFIX, config->unix_sock_dir) < 0) goto cleanup;
if (privileged) { - if (virAsprintf(rosockfile, "%s/libvirt-sock-ro", config->unix_sock_dir) < 0 || - virAsprintf(admsockfile, "%s/libvirt-admin-sock", config->unix_sock_dir) < 0) + if (virAsprintf(rosockfile, "%s/%s-sock-ro", + SOCK_PREFIX, config->unix_sock_dir) < 0 || + virAsprintf(admsockfile, "%s/%s-admin-sock", + SOCK_PREFIX, config->unix_sock_dir) < 0) goto cleanup; } } else { if (privileged) { - if (VIR_STRDUP(*sockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock") < 0 || - VIR_STRDUP(*rosockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro") < 0 || - VIR_STRDUP(*admsockfile, LOCALSTATEDIR "/run/libvirt/libvirt-admin-sock") < 0) + if (virAsprintf(sockfile, "%s/run/libvirt/%s-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-sock-ro", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-admin-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0) goto cleanup; } else { mode_t old_umask; @@ -248,8 +254,10 @@ daemonUnixSocketPaths(struct daemonConfig *config, } umask(old_umask);
- if (virAsprintf(sockfile, "%s/libvirt-sock", rundir) < 0 || - virAsprintf(admsockfile, "%s/libvirt-admin-sock", rundir) < 0) + if (virAsprintf(sockfile, "%s/%s-sock", + rundir, SOCK_PREFIX) < 0 || + virAsprintf(admsockfile, "%s/%s-admin-sock", + rundir, SOCK_PREFIX) < 0) goto cleanup; } } @@ -902,12 +910,12 @@ daemonUsage(const char *argv0, bool privileged) fprintf(stderr, "\n");
fprintf(stderr, " %s:\n", _("Sockets"));
Localization of : in French suggests you write this as: fprintf(stderr, " %s\n", _("Sockets:"));
- fprintf(stderr, " %s\n", - privileged ? LOCALSTATEDIR "/run/libvirt/libvirt-sock" : - "$XDG_RUNTIME_DIR/libvirt/libvirt-sock"); + fprintf(stderr, " %s/libvirt/%s-sock\n", + privileged ? LOCALSTATEDIR "/run" : "$XDG_RUNTIME_DIR", + SOCK_PREFIX); if (privileged) - fprintf(stderr, " %s\n", - LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro"); + fprintf(stderr, " %s/run/libvirt/%s-sock-ro\n", + LOCALSTATEDIR, SOCK_PREFIX); fprintf(stderr, "\n");
fprintf(stderr, " %s:\n", _("TLS"));
fprintf(stderr, " %s\n", _("TLS:"));
-- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
Daniel P. Berrangé writes:
Prepare for reusing libvirtd source to create other daemons by making the socket names conditionally defined by the make rules.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 34 +++++++++++++++++++++------------- 2 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 0400dabad9..ced940d3c1 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -146,6 +146,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/access \ -I$(srcdir)/conf \ -I$(srcdir)/rpc \ + -DSOCK_PREFIX="\"libvirt\"" \ $(NULL)
libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 69385af1c4..f9d923b357 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -221,19 +221,25 @@ daemonUnixSocketPaths(struct daemonConfig *config, char *rundir = NULL;
if (config->unix_sock_dir) { - if (virAsprintf(sockfile, "%s/libvirt-sock", config->unix_sock_dir) < 0) + if (virAsprintf(sockfile, "%s/%s-sock", + SOCK_PREFIX, config->unix_sock_dir) < 0) goto cleanup;
if (privileged) { - if (virAsprintf(rosockfile, "%s/libvirt-sock-ro", config->unix_sock_dir) < 0 || - virAsprintf(admsockfile, "%s/libvirt-admin-sock", config->unix_sock_dir) < 0) + if (virAsprintf(rosockfile, "%s/%s-sock-ro", + SOCK_PREFIX, config->unix_sock_dir) < 0 || + virAsprintf(admsockfile, "%s/%s-admin-sock", + SOCK_PREFIX, config->unix_sock_dir) < 0) goto cleanup; } } else { if (privileged) { - if (VIR_STRDUP(*sockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock") < 0 || - VIR_STRDUP(*rosockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro") < 0 || - VIR_STRDUP(*admsockfile, LOCALSTATEDIR "/run/libvirt/libvirt-admin-sock") < 0) + if (virAsprintf(sockfile, "%s/run/libvirt/%s-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-sock-ro", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-admin-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0)
Copy-paste error on the variable name (use rosockfile and admsockfile)
goto cleanup; } else { mode_t old_umask; @@ -248,8 +254,10 @@ daemonUnixSocketPaths(struct daemonConfig *config, } umask(old_umask);
- if (virAsprintf(sockfile, "%s/libvirt-sock", rundir) < 0 || - virAsprintf(admsockfile, "%s/libvirt-admin-sock", rundir) < 0) + if (virAsprintf(sockfile, "%s/%s-sock", + rundir, SOCK_PREFIX) < 0 || + virAsprintf(admsockfile, "%s/%s-admin-sock", + rundir, SOCK_PREFIX) < 0) goto cleanup; } } @@ -902,12 +910,12 @@ daemonUsage(const char *argv0, bool privileged) fprintf(stderr, "\n");
fprintf(stderr, " %s:\n", _("Sockets")); - fprintf(stderr, " %s\n", - privileged ? LOCALSTATEDIR "/run/libvirt/libvirt-sock" : - "$XDG_RUNTIME_DIR/libvirt/libvirt-sock"); + fprintf(stderr, " %s/libvirt/%s-sock\n", + privileged ? LOCALSTATEDIR "/run" : "$XDG_RUNTIME_DIR", + SOCK_PREFIX); if (privileged) - fprintf(stderr, " %s\n", - LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro"); + fprintf(stderr, " %s/run/libvirt/%s-sock-ro\n", + LOCALSTATEDIR, SOCK_PREFIX); fprintf(stderr, "\n");
fprintf(stderr, " %s:\n", _("TLS")); -- 2.21.0
-- Cheers, Christophe de Dinechin (IRC c3d)
(Sorry if this is a resend, my earlier email fired up too quickly) Daniel P. Berrangé writes:
Prepare for reusing libvirtd source to create other daemons by making the socket names conditionally defined by the make rules.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 34 +++++++++++++++++++++------------- 2 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 0400dabad9..ced940d3c1 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -146,6 +146,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/access \ -I$(srcdir)/conf \ -I$(srcdir)/rpc \ + -DSOCK_PREFIX="\"libvirt\"" \ $(NULL)
libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 69385af1c4..f9d923b357 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -221,19 +221,25 @@ daemonUnixSocketPaths(struct daemonConfig *config, char *rundir = NULL;
if (config->unix_sock_dir) { - if (virAsprintf(sockfile, "%s/libvirt-sock", config->unix_sock_dir) < 0) + if (virAsprintf(sockfile, "%s/%s-sock", + SOCK_PREFIX, config->unix_sock_dir) < 0) goto cleanup;
if (privileged) { - if (virAsprintf(rosockfile, "%s/libvirt-sock-ro", config->unix_sock_dir) < 0 || - virAsprintf(admsockfile, "%s/libvirt-admin-sock", config->unix_sock_dir) < 0) + if (virAsprintf(rosockfile, "%s/%s-sock-ro", + SOCK_PREFIX, config->unix_sock_dir) < 0 || + virAsprintf(admsockfile, "%s/%s-admin-sock", + SOCK_PREFIX, config->unix_sock_dir) < 0) goto cleanup; } } else { if (privileged) { - if (VIR_STRDUP(*sockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock") < 0 || - VIR_STRDUP(*rosockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro") < 0 || - VIR_STRDUP(*admsockfile, LOCALSTATEDIR "/run/libvirt/libvirt-admin-sock") < 0) + if (virAsprintf(sockfile, "%s/run/libvirt/%s-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-sock-ro", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-admin-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0)
Copy-paste error on sockfile variable name, use rosockfile and admsockfile. Also, there is a memory leak if second or third fails, since the first one is never deallocated. Consider adding a VIR_FREE for *sockfile, *rosockfile and *admsockfile in the cleanup section. Also, to make it real safe, consider adding a NULL-initialization for *sockfile, *rosockfile an d *admsockfile at the top of the function.
goto cleanup; } else { mode_t old_umask; @@ -248,8 +254,10 @@ daemonUnixSocketPaths(struct daemonConfig *config, } umask(old_umask);
- if (virAsprintf(sockfile, "%s/libvirt-sock", rundir) < 0 || - virAsprintf(admsockfile, "%s/libvirt-admin-sock", rundir) < 0) + if (virAsprintf(sockfile, "%s/%s-sock", + rundir, SOCK_PREFIX) < 0 || + virAsprintf(admsockfile, "%s/%s-admin-sock", + rundir, SOCK_PREFIX) < 0) goto cleanup; } } @@ -902,12 +910,12 @@ daemonUsage(const char *argv0, bool privileged) fprintf(stderr, "\n");
fprintf(stderr, " %s:\n", _("Sockets"));
Localization of :
- fprintf(stderr, " %s\n", - privileged ? LOCALSTATEDIR "/run/libvirt/libvirt-sock" : - "$XDG_RUNTIME_DIR/libvirt/libvirt-sock"); + fprintf(stderr, " %s/libvirt/%s-sock\n", + privileged ? LOCALSTATEDIR "/run" : "$XDG_RUNTIME_DIR", + SOCK_PREFIX); if (privileged) - fprintf(stderr, " %s\n", - LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro"); + fprintf(stderr, " %s/run/libvirt/%s-sock-ro\n", + LOCALSTATEDIR, SOCK_PREFIX); fprintf(stderr, "\n");
fprintf(stderr, " %s:\n", _("TLS"));
Localization of :
-- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, 2019-07-30 at 12:24 +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
+++ b/src/remote/remote_daemon.c @@ -221,19 +221,25 @@ daemonUnixSocketPaths(struct daemonConfig *config, if (privileged) { - if (VIR_STRDUP(*sockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock") < 0 || - VIR_STRDUP(*rosockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro") < 0 || - VIR_STRDUP(*admsockfile, LOCALSTATEDIR "/run/libvirt/libvirt-admin-sock") < 0) + if (virAsprintf(sockfile, "%s/run/libvirt/%s-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-sock-ro", + LOCALSTATEDIR, SOCK_PREFIX) < 0 || + virAsprintf(sockfile, "%s/run/libvirt/%s-admin-sock", + LOCALSTATEDIR, SOCK_PREFIX) < 0)
Copy-paste error on sockfile variable name, use rosockfile and admsockfile.
Good catch, this definitely needs to be fixed before pushing.
Also, there is a memory leak if second or third fails, since the first one is never deallocated.
Consider adding a VIR_FREE for *sockfile, *rosockfile and *admsockfile in the cleanup section. Also, to make it real safe, consider adding a NULL-initialization for *sockfile, *rosockfile an d *admsockfile at the top of the function.
We can do this in a follow-up patch, especially since the issue is very much pre-exisisting. With the pastos fixed, Reviewed-by: Andrea Bolognani <abologna@redhat.com> [...]
@@ -902,12 +910,12 @@ daemonUsage(const char *argv0, bool privileged) fprintf(stderr, " %s:\n", _("Sockets"));
Localization of :
fprintf(stderr, " %s:\n", _("TLS"));
Localization of :
Both of these come from the previous patch. -- Andrea Bolognani / Red Hat / Virtualization
Prepare for reusing libvirtd source to create other daemons by making the daemon name conditionally defined by the make rules. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 50 +++++++++++++++++-------------- src/remote/remote_daemon_config.c | 5 ++-- 3 files changed, 31 insertions(+), 25 deletions(-) diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index ced940d3c1..b72186109a 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -147,6 +147,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/conf \ -I$(srcdir)/rpc \ -DSOCK_PREFIX="\"libvirt\"" \ + -DDAEMON_NAME="\"libvirtd\"" \ $(NULL) libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index f9d923b357..f1daaeb944 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -64,7 +64,11 @@ #include "virdbus.h" -VIR_LOG_INIT("daemon.libvirtd"); +VIR_LOG_INIT("daemon." DAEMON_NAME); + +#ifndef SOCK_PREFIX +# define SOCK_PREFIX DAEMON_NAME +#endif #if WITH_SASL virNetSASLContextPtr saslCtxt = NULL; @@ -383,11 +387,11 @@ daemonSetupNetworking(virNetServerPtr srv, int ret = -1; VIR_AUTOPTR(virSystemdActivation) act = NULL; virSystemdActivationMap actmap[] = { - { .name = "libvirtd.socket", .family = AF_UNIX, .path = sock_path }, - { .name = "libvirtd-ro.socket", .family = AF_UNIX, .path = sock_path_ro }, - { .name = "libvirtd-admin.socket", .family = AF_UNIX, .path = sock_path_adm }, - { .name = "libvirtd-tcp.socket", .family = AF_INET }, - { .name = "libvirtd-tls.socket", .family = AF_INET }, + { .name = DAEMON_NAME ".socket", .family = AF_UNIX, .path = sock_path }, + { .name = DAEMON_NAME "-ro.socket", .family = AF_UNIX, .path = sock_path_ro }, + { .name = DAEMON_NAME "-admin.socket", .family = AF_UNIX, .path = sock_path_adm }, + { .name = DAEMON_NAME "-tcp.socket", .family = AF_INET }, + { .name = DAEMON_NAME "-tls.socket", .family = AF_INET }, }; if ((actmap[3].port = virSocketAddrResolveService(config->tcp_port)) < 0) @@ -421,7 +425,7 @@ daemonSetupNetworking(virNetServerPtr srv, if (virNetServerAddServiceUNIX(srv, act, - "libvirtd.socket", + DAEMON_NAME ".socket", sock_path, unix_sock_rw_mask, unix_sock_gid, @@ -434,7 +438,7 @@ daemonSetupNetworking(virNetServerPtr srv, if (sock_path_ro && virNetServerAddServiceUNIX(srv, act, - "libvirtd-ro.socket", + DAEMON_NAME "-ro.socket", sock_path_ro, unix_sock_ro_mask, unix_sock_gid, @@ -448,7 +452,7 @@ daemonSetupNetworking(virNetServerPtr srv, if (sock_path_adm && virNetServerAddServiceUNIX(srvAdm, act, - "libvirtd-admin.socket", + DAEMON_NAME "-admin.socket", sock_path_adm, unix_sock_adm_mask, unix_sock_gid, @@ -462,7 +466,7 @@ daemonSetupNetworking(virNetServerPtr srv, if (((ipsock && config->listen_tcp) || act) && virNetServerAddServiceTCP(srv, act, - "libvirtd-tcp.socket", + DAEMON_NAME "-tcp.socket", config->listen_addr, config->tcp_port, AF_UNSPEC, @@ -519,7 +523,7 @@ daemonSetupNetworking(virNetServerPtr srv, config->listen_addr, config->tls_port); if (virNetServerAddServiceTCP(srv, act, - "libvirtd-tls.socket", + DAEMON_NAME "-tls.socket", config->listen_addr, config->tls_port, AF_UNSPEC, @@ -564,7 +568,7 @@ daemonSetupNetDevOpenvswitch(struct daemonConfig *config) /* * Set up the logging environment - * By default if daemonized all errors go to the logfile libvirtd.log, + * By default if daemonized all errors go to journald/a logfile * but if verbose or error debugging is asked for then also output * informational and debug messages. Default size if 64 kB. */ @@ -577,7 +581,7 @@ daemonSetupLogging(struct daemonConfig *config, virLogReset(); /* - * Libvirtd's order of precedence is: + * Logging setup order of precedence is: * cmdline > environment > config * * Given the precedence, we must process the variables in the opposite @@ -605,7 +609,7 @@ daemonSetupLogging(struct daemonConfig *config, /* Define the default output. This is only applied if there was no setting * from either the config or the environment. */ - if (virLogSetDefaultOutput("libvirtd", godaemon, privileged) < 0) + if (virLogSetDefaultOutput(DAEMON_NAME, godaemon, privileged) < 0) return -1; if (virLogGetNbOutputs() == 0) @@ -717,7 +721,7 @@ static void daemonStopWorker(void *opaque) VIR_DEBUG("Completed stop dmn=%p", dmn); - /* Exit libvirtd cleanly */ + /* Exit daemon cleanly */ virNetDaemonQuit(dmn); } @@ -796,7 +800,7 @@ static void daemonRunStateInit(void *opaque) driversInitialized = true; #ifdef WITH_DBUS - /* Tie the non-privileged libvirtd to the session/shutdown lifecycle */ + /* Tie the non-privileged daemons to the session/shutdown lifecycle */ if (!virNetDaemonIsPrivileged(dmn)) { sessionBus = virDBusGetSessionBus(); @@ -905,8 +909,8 @@ daemonUsage(const char *argv0, bool privileged) fprintf(stderr, "\n"); fprintf(stderr, " %s:\n", _("Configuration file (unless overridden by -f)")); - fprintf(stderr, " %s/libvirt/libvirtd.conf\n", - privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME"); + fprintf(stderr, " %s/libvirt/%s.conf\n", + privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME", DAEMON_NAME); fprintf(stderr, "\n"); fprintf(stderr, " %s:\n", _("Sockets")); @@ -932,9 +936,9 @@ daemonUsage(const char *argv0, bool privileged) fprintf(stderr, " %s:\n", _("PID file (unless overridden by -p)")); - fprintf(stderr, " %s\n", - privileged ? LOCALSTATEDIR "/run/libvirtd.pid": - "$XDG_RUNTIME_DIR/libvirt/libvirtd.pid"); + fprintf(stderr, " %s/%s.pid\n", + privileged ? LOCALSTATEDIR "/run" : "$XDG_RUNTIME_DIR/libvirt", + DAEMON_NAME); fprintf(stderr, "\n"); } @@ -1098,7 +1102,7 @@ int main(int argc, char **argv) { if (!pid_file && virPidFileConstructPath(privileged, LOCALSTATEDIR, - "libvirtd", + DAEMON_NAME, &pid_file) < 0) { VIR_ERROR(_("Can't determine pid file path.")); exit(EXIT_FAILURE); @@ -1178,7 +1182,7 @@ int main(int argc, char **argv) { goto cleanup; } - if (!(srv = virNetServerNew("libvirtd", 1, + if (!(srv = virNetServerNew(DAEMON_NAME, 1, config->min_workers, config->max_workers, config->prio_workers, diff --git a/src/remote/remote_daemon_config.c b/src/remote/remote_daemon_config.c index 537b90a855..3e62b4203f 100644 --- a/src/remote/remote_daemon_config.c +++ b/src/remote/remote_daemon_config.c @@ -77,7 +77,8 @@ int daemonConfigFilePath(bool privileged, char **configfile) { if (privileged) { - if (VIR_STRDUP(*configfile, SYSCONFDIR "/libvirt/libvirtd.conf") < 0) + if (VIR_STRDUP(*configfile, + SYSCONFDIR "/libvirt/" DAEMON_NAME ".conf") < 0) goto error; } else { char *configdir = NULL; @@ -85,7 +86,7 @@ daemonConfigFilePath(bool privileged, char **configfile) if (!(configdir = virGetUserConfigDirectory())) goto error; - if (virAsprintf(configfile, "%s/libvirtd.conf", configdir) < 0) { + if (virAsprintf(configfile, "%s/%s.conf", configdir, DAEMON_NAME) < 0) { VIR_FREE(configdir); goto error; } -- 2.21.0
P. Berrangé writes:
Prepare for reusing libvirtd source to create other daemons by making the daemon name conditionally defined by the make rules.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 50 +++++++++++++++++-------------- src/remote/remote_daemon_config.c | 5 ++-- 3 files changed, 31 insertions(+), 25 deletions(-)
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index ced940d3c1..b72186109a 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -147,6 +147,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/conf \ -I$(srcdir)/rpc \ -DSOCK_PREFIX="\"libvirt\"" \ + -DDAEMON_NAME="\"libvirtd\"" \ $(NULL)
libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index f9d923b357..f1daaeb944 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -64,7 +64,11 @@
#include "virdbus.h"
-VIR_LOG_INIT("daemon.libvirtd"); +VIR_LOG_INIT("daemon." DAEMON_NAME); + +#ifndef SOCK_PREFIX +# define SOCK_PREFIX DAEMON_NAME +#endif
#if WITH_SASL virNetSASLContextPtr saslCtxt = NULL; @@ -383,11 +387,11 @@ daemonSetupNetworking(virNetServerPtr srv, int ret = -1; VIR_AUTOPTR(virSystemdActivation) act = NULL; virSystemdActivationMap actmap[] = { - { .name = "libvirtd.socket", .family = AF_UNIX, .path = sock_path }, - { .name = "libvirtd-ro.socket", .family = AF_UNIX, .path = sock_path_ro }, - { .name = "libvirtd-admin.socket", .family = AF_UNIX, .path = sock_path_adm }, - { .name = "libvirtd-tcp.socket", .family = AF_INET }, - { .name = "libvirtd-tls.socket", .family = AF_INET }, + { .name = DAEMON_NAME ".socket", .family = AF_UNIX, .path = sock_path }, + { .name = DAEMON_NAME "-ro.socket", .family = AF_UNIX, .path = sock_path_ro }, + { .name = DAEMON_NAME "-admin.socket", .family = AF_UNIX, .path = sock_path_adm }, + { .name = DAEMON_NAME "-tcp.socket", .family = AF_INET }, + { .name = DAEMON_NAME "-tls.socket", .family = AF_INET }, };
if ((actmap[3].port = virSocketAddrResolveService(config->tcp_port)) < 0) @@ -421,7 +425,7 @@ daemonSetupNetworking(virNetServerPtr srv,
if (virNetServerAddServiceUNIX(srv, act, - "libvirtd.socket", + DAEMON_NAME ".socket", sock_path, unix_sock_rw_mask, unix_sock_gid, @@ -434,7 +438,7 @@ daemonSetupNetworking(virNetServerPtr srv, if (sock_path_ro && virNetServerAddServiceUNIX(srv, act, - "libvirtd-ro.socket", + DAEMON_NAME "-ro.socket", sock_path_ro, unix_sock_ro_mask, unix_sock_gid, @@ -448,7 +452,7 @@ daemonSetupNetworking(virNetServerPtr srv, if (sock_path_adm && virNetServerAddServiceUNIX(srvAdm, act, - "libvirtd-admin.socket", + DAEMON_NAME "-admin.socket", sock_path_adm, unix_sock_adm_mask, unix_sock_gid, @@ -462,7 +466,7 @@ daemonSetupNetworking(virNetServerPtr srv, if (((ipsock && config->listen_tcp) || act) && virNetServerAddServiceTCP(srv, act, - "libvirtd-tcp.socket", + DAEMON_NAME "-tcp.socket", config->listen_addr, config->tcp_port, AF_UNSPEC, @@ -519,7 +523,7 @@ daemonSetupNetworking(virNetServerPtr srv, config->listen_addr, config->tls_port); if (virNetServerAddServiceTCP(srv, act, - "libvirtd-tls.socket", + DAEMON_NAME "-tls.socket", config->listen_addr, config->tls_port, AF_UNSPEC, @@ -564,7 +568,7 @@ daemonSetupNetDevOpenvswitch(struct daemonConfig *config)
/* * Set up the logging environment - * By default if daemonized all errors go to the logfile libvirtd.log, + * By default if daemonized all errors go to journald/a logfile * but if verbose or error debugging is asked for then also output * informational and debug messages. Default size if 64 kB. */ @@ -577,7 +581,7 @@ daemonSetupLogging(struct daemonConfig *config, virLogReset();
/* - * Libvirtd's order of precedence is: + * Logging setup order of precedence is: * cmdline > environment > config * * Given the precedence, we must process the variables in the opposite @@ -605,7 +609,7 @@ daemonSetupLogging(struct daemonConfig *config, /* Define the default output. This is only applied if there was no setting * from either the config or the environment. */ - if (virLogSetDefaultOutput("libvirtd", godaemon, privileged) < 0) + if (virLogSetDefaultOutput(DAEMON_NAME, godaemon, privileged) < 0) return -1;
if (virLogGetNbOutputs() == 0) @@ -717,7 +721,7 @@ static void daemonStopWorker(void *opaque)
VIR_DEBUG("Completed stop dmn=%p", dmn);
- /* Exit libvirtd cleanly */ + /* Exit daemon cleanly */ virNetDaemonQuit(dmn); }
@@ -796,7 +800,7 @@ static void daemonRunStateInit(void *opaque) driversInitialized = true;
#ifdef WITH_DBUS - /* Tie the non-privileged libvirtd to the session/shutdown lifecycle */ + /* Tie the non-privileged daemons to the session/shutdown lifecycle */ if (!virNetDaemonIsPrivileged(dmn)) {
sessionBus = virDBusGetSessionBus(); @@ -905,8 +909,8 @@ daemonUsage(const char *argv0, bool privileged) fprintf(stderr, "\n");
fprintf(stderr, " %s:\n", _("Configuration file (unless overridden by -f)")); - fprintf(stderr, " %s/libvirt/libvirtd.conf\n", - privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME"); + fprintf(stderr, " %s/libvirt/%s.conf\n", + privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME", DAEMON_NAME); fprintf(stderr, "\n");
fprintf(stderr, " %s:\n", _("Sockets")); @@ -932,9 +936,9 @@ daemonUsage(const char *argv0, bool privileged)
fprintf(stderr, " %s:\n", _("PID file (unless overridden by -p)")); - fprintf(stderr, " %s\n", - privileged ? LOCALSTATEDIR "/run/libvirtd.pid": - "$XDG_RUNTIME_DIR/libvirt/libvirtd.pid"); + fprintf(stderr, " %s/%s.pid\n", + privileged ? LOCALSTATEDIR "/run" : "$XDG_RUNTIME_DIR/libvirt", + DAEMON_NAME); fprintf(stderr, "\n"); }
@@ -1098,7 +1102,7 @@ int main(int argc, char **argv) { if (!pid_file && virPidFileConstructPath(privileged, LOCALSTATEDIR, - "libvirtd", + DAEMON_NAME, &pid_file) < 0) { VIR_ERROR(_("Can't determine pid file path.")); exit(EXIT_FAILURE); @@ -1178,7 +1182,7 @@ int main(int argc, char **argv) { goto cleanup; }
- if (!(srv = virNetServerNew("libvirtd", 1, + if (!(srv = virNetServerNew(DAEMON_NAME, 1, config->min_workers, config->max_workers, config->prio_workers, diff --git a/src/remote/remote_daemon_config.c b/src/remote/remote_daemon_config.c index 537b90a855..3e62b4203f 100644 --- a/src/remote/remote_daemon_config.c +++ b/src/remote/remote_daemon_config.c @@ -77,7 +77,8 @@ int daemonConfigFilePath(bool privileged, char **configfile) { if (privileged) { - if (VIR_STRDUP(*configfile, SYSCONFDIR "/libvirt/libvirtd.conf") < 0)
Maybe cleanup configfile on the error path? Not presently a bug, but might become a leak if additional error exits are added later.
+ if (VIR_STRDUP(*configfile, + SYSCONFDIR "/libvirt/" DAEMON_NAME ".conf") < 0) goto error; } else { char *configdir = NULL; @@ -85,7 +86,7 @@ daemonConfigFilePath(bool privileged, char **configfile) if (!(configdir = virGetUserConfigDirectory())) goto error;
- if (virAsprintf(configfile, "%s/libvirtd.conf", configdir) < 0) { + if (virAsprintf(configfile, "%s/%s.conf", configdir, DAEMON_NAME) < 0) { VIR_FREE(configdir); goto error; } -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
Prepare for reusing libvirtd source to create other daemons by making the driver(s) to load conditionally defined by the make rules. If nothing is set, all drivers will be loaded, ignoring any missing ones as historically done. If MODULE_NAME is set only one driver will be loaded and that one must succeed. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 55 +++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index f1daaeb944..97621884b0 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -311,60 +311,67 @@ static int daemonErrorLogFilter(virErrorPtr err, int priority) static int daemonInitialize(void) { - /* +#ifdef MODULE_NAME + /* This a dedicated per-driver daemon build */ + if (virDriverLoadModule(MODULE_NAME, MODULE_NAME "Register", true) < 0) + return -1; +#else + /* This is the legacy monolithic libvirtd built with all drivers + * * Note that the order is important: the first ones have a higher * priority when calling virStateInitialize. We must register the * network, storage and nodedev drivers before any stateful domain * driver, since their resources must be auto-started before any * domains can be auto-started. */ -#ifdef WITH_NETWORK +# ifdef WITH_NETWORK if (virDriverLoadModule("network", "networkRegister", false) < 0) return -1; -#endif -#ifdef WITH_INTERFACE +# endif +# ifdef WITH_INTERFACE if (virDriverLoadModule("interface", "interfaceRegister", false) < 0) return -1; -#endif -#ifdef WITH_SECRETS +# endif +# ifdef WITH_SECRETS if (virDriverLoadModule("secret", "secretRegister", false) < 0) return -1; -#endif -#ifdef WITH_STORAGE +# endif +# ifdef WITH_STORAGE if (virDriverLoadModule("storage", "storageRegister", false) < 0) return -1; -#endif -#ifdef WITH_NODE_DEVICES +# endif +# ifdef WITH_NODE_DEVICES if (virDriverLoadModule("nodedev", "nodedevRegister", false) < 0) return -1; -#endif -#ifdef WITH_NWFILTER +# endif +# ifdef WITH_NWFILTER if (virDriverLoadModule("nwfilter", "nwfilterRegister", false) < 0) return -1; -#endif -#ifdef WITH_LIBXL +# endif +# ifdef WITH_LIBXL if (virDriverLoadModule("libxl", "libxlRegister", false) < 0) return -1; -#endif -#ifdef WITH_QEMU +# endif +# ifdef WITH_QEMU if (virDriverLoadModule("qemu", "qemuRegister", false) < 0) return -1; -#endif -#ifdef WITH_LXC +# endif +# ifdef WITH_LXC if (virDriverLoadModule("lxc", "lxcRegister", false) < 0) return -1; -#endif -#ifdef WITH_VBOX +# endif +# ifdef WITH_VBOX if (virDriverLoadModule("vbox", "vboxRegister", false) < 0) return -1; -#endif -#ifdef WITH_BHYVE +# endif +# ifdef WITH_BHYVE if (virDriverLoadModule("bhyve", "bhyveRegister", false) < 0) return -1; -#endif -#ifdef WITH_VZ +# endif +# ifdef WITH_VZ if (virDriverLoadModule("vz", "vzRegister", false) < 0) return -1; +# endif #endif return 0; } -- 2.21.0
Do you want to use the "xen" name here too? Daniel P. Berrangé writes:
Prepare for reusing libvirtd source to create other daemons by making the driver(s) to load conditionally defined by the make rules.
If nothing is set, all drivers will be loaded, ignoring any missing ones as historically done.
If MODULE_NAME is set only one driver will be loaded and that one must succeed.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 55 +++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 24 deletions(-)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index f1daaeb944..97621884b0 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -311,60 +311,67 @@ static int daemonErrorLogFilter(virErrorPtr err, int priority)
static int daemonInitialize(void) { - /* +#ifdef MODULE_NAME + /* This a dedicated per-driver daemon build */ + if (virDriverLoadModule(MODULE_NAME, MODULE_NAME "Register", true) < 0) + return -1; +#else + /* This is the legacy monolithic libvirtd built with all drivers + * * Note that the order is important: the first ones have a higher * priority when calling virStateInitialize. We must register the * network, storage and nodedev drivers before any stateful domain * driver, since their resources must be auto-started before any * domains can be auto-started. */ -#ifdef WITH_NETWORK +# ifdef WITH_NETWORK if (virDriverLoadModule("network", "networkRegister", false) < 0) return -1; -#endif -#ifdef WITH_INTERFACE +# endif +# ifdef WITH_INTERFACE if (virDriverLoadModule("interface", "interfaceRegister", false) < 0) return -1; -#endif -#ifdef WITH_SECRETS +# endif +# ifdef WITH_SECRETS if (virDriverLoadModule("secret", "secretRegister", false) < 0) return -1; -#endif -#ifdef WITH_STORAGE +# endif +# ifdef WITH_STORAGE if (virDriverLoadModule("storage", "storageRegister", false) < 0) return -1; -#endif -#ifdef WITH_NODE_DEVICES +# endif +# ifdef WITH_NODE_DEVICES if (virDriverLoadModule("nodedev", "nodedevRegister", false) < 0) return -1; -#endif -#ifdef WITH_NWFILTER +# endif +# ifdef WITH_NWFILTER if (virDriverLoadModule("nwfilter", "nwfilterRegister", false) < 0) return -1; -#endif -#ifdef WITH_LIBXL +# endif +# ifdef WITH_LIBXL if (virDriverLoadModule("libxl", "libxlRegister", false) < 0) return -1; -#endif -#ifdef WITH_QEMU +# endif +# ifdef WITH_QEMU if (virDriverLoadModule("qemu", "qemuRegister", false) < 0) return -1; -#endif -#ifdef WITH_LXC +# endif +# ifdef WITH_LXC if (virDriverLoadModule("lxc", "lxcRegister", false) < 0) return -1; -#endif -#ifdef WITH_VBOX +# endif +# ifdef WITH_VBOX if (virDriverLoadModule("vbox", "vboxRegister", false) < 0) return -1; -#endif -#ifdef WITH_BHYVE +# endif +# ifdef WITH_BHYVE if (virDriverLoadModule("bhyve", "bhyveRegister", false) < 0) return -1; -#endif -#ifdef WITH_VZ +# endif +# ifdef WITH_VZ if (virDriverLoadModule("vz", "vzRegister", false) < 0) return -1; +# endif #endif return 0; } -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, Jul 30, 2019 at 12:40:26PM +0200, Christophe de Dinechin wrote:
Do you want to use the "xen" name here too?
Not yet, the loadable driver is still called 'libvirt_driver_libxl.so', pending a rename of the driver code.
Daniel P. Berrangé writes:
Prepare for reusing libvirtd source to create other daemons by making the driver(s) to load conditionally defined by the make rules.
If nothing is set, all drivers will be loaded, ignoring any missing ones as historically done.
If MODULE_NAME is set only one driver will be loaded and that one must succeed.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.c | 55 +++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 24 deletions(-)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index f1daaeb944..97621884b0 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -311,60 +311,67 @@ static int daemonErrorLogFilter(virErrorPtr err, int priority)
static int daemonInitialize(void) { - /* +#ifdef MODULE_NAME + /* This a dedicated per-driver daemon build */ + if (virDriverLoadModule(MODULE_NAME, MODULE_NAME "Register", true) < 0) + return -1; +#else + /* This is the legacy monolithic libvirtd built with all drivers + * * Note that the order is important: the first ones have a higher * priority when calling virStateInitialize. We must register the * network, storage and nodedev drivers before any stateful domain * driver, since their resources must be auto-started before any * domains can be auto-started. */ -#ifdef WITH_NETWORK +# ifdef WITH_NETWORK if (virDriverLoadModule("network", "networkRegister", false) < 0) return -1; -#endif -#ifdef WITH_INTERFACE +# endif +# ifdef WITH_INTERFACE if (virDriverLoadModule("interface", "interfaceRegister", false) < 0) return -1; -#endif -#ifdef WITH_SECRETS +# endif +# ifdef WITH_SECRETS if (virDriverLoadModule("secret", "secretRegister", false) < 0) return -1; -#endif -#ifdef WITH_STORAGE +# endif +# ifdef WITH_STORAGE if (virDriverLoadModule("storage", "storageRegister", false) < 0) return -1; -#endif -#ifdef WITH_NODE_DEVICES +# endif +# ifdef WITH_NODE_DEVICES if (virDriverLoadModule("nodedev", "nodedevRegister", false) < 0) return -1; -#endif -#ifdef WITH_NWFILTER +# endif +# ifdef WITH_NWFILTER if (virDriverLoadModule("nwfilter", "nwfilterRegister", false) < 0) return -1; -#endif -#ifdef WITH_LIBXL +# endif +# ifdef WITH_LIBXL if (virDriverLoadModule("libxl", "libxlRegister", false) < 0) return -1; -#endif -#ifdef WITH_QEMU +# endif +# ifdef WITH_QEMU if (virDriverLoadModule("qemu", "qemuRegister", false) < 0) return -1; -#endif -#ifdef WITH_LXC +# endif +# ifdef WITH_LXC if (virDriverLoadModule("lxc", "lxcRegister", false) < 0) return -1; -#endif -#ifdef WITH_VBOX +# endif +# ifdef WITH_VBOX if (virDriverLoadModule("vbox", "vboxRegister", false) < 0) return -1; -#endif -#ifdef WITH_BHYVE +# endif +# ifdef WITH_BHYVE if (virDriverLoadModule("bhyve", "bhyveRegister", false) < 0) return -1; -#endif -#ifdef WITH_VZ +# endif +# ifdef WITH_VZ if (virDriverLoadModule("vz", "vzRegister", false) < 0) return -1; +# endif #endif return 0; } -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
-- Cheers, Christophe de Dinechin (IRC c3d)
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Prepare for reusing libvirtd source to create other daemons by making the use of IP sockets conditionally defined by the make rules. The main libvirtd daemon will retain IP listen ability, but all the driver specific daemons will be local UNIX sockets only. Apps needing IP connectivity will connect via the libvirtd daemon which will proxy to the driver specfic daemon. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 39 ++++++++++++++++++++++++++----- src/remote/remote_daemon_config.c | 36 ++++++++++++++++++++-------- src/remote/remote_daemon_config.h | 10 +++++++- 4 files changed, 69 insertions(+), 17 deletions(-) diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index b72186109a..2277bf49d2 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -148,6 +148,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/rpc \ -DSOCK_PREFIX="\"libvirt\"" \ -DDAEMON_NAME="\"libvirtd\"" \ + -DENABLE_IP \ $(NULL) libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 97621884b0..fadfc7c016 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -381,11 +381,13 @@ static int ATTRIBUTE_NONNULL(3) daemonSetupNetworking(virNetServerPtr srv, virNetServerPtr srvAdm, struct daemonConfig *config, +#ifdef ENABLE_IP + bool ipsock, + bool privileged, +#endif /* ! ENABLE_IP */ const char *sock_path, const char *sock_path_ro, - const char *sock_path_adm, - bool ipsock, - bool privileged) + const char *sock_path_adm) { gid_t unix_sock_gid = 0; int unix_sock_ro_mask = 0; @@ -397,15 +399,19 @@ daemonSetupNetworking(virNetServerPtr srv, { .name = DAEMON_NAME ".socket", .family = AF_UNIX, .path = sock_path }, { .name = DAEMON_NAME "-ro.socket", .family = AF_UNIX, .path = sock_path_ro }, { .name = DAEMON_NAME "-admin.socket", .family = AF_UNIX, .path = sock_path_adm }, +#ifdef ENABLE_IP { .name = DAEMON_NAME "-tcp.socket", .family = AF_INET }, { .name = DAEMON_NAME "-tls.socket", .family = AF_INET }, +#endif /* ! ENABLE_IP */ }; +#ifdef ENABLE_IP if ((actmap[3].port = virSocketAddrResolveService(config->tcp_port)) < 0) return -1; if ((actmap[4].port = virSocketAddrResolveService(config->tls_port)) < 0) return -1; +#endif /* ! ENABLE_IP */ if (virSystemdGetActivation(actmap, ARRAY_CARDINALITY(actmap), &act) < 0) return -1; @@ -470,6 +476,7 @@ daemonSetupNetworking(virNetServerPtr srv, config->admin_max_client_requests) < 0) goto cleanup; +#ifdef ENABLE_IP if (((ipsock && config->listen_tcp) || act) && virNetServerAddServiceTCP(srv, act, @@ -544,6 +551,7 @@ daemonSetupNetworking(virNetServerPtr srv, } virObjectUnref(ctxt); } +#endif /* ! ENABLE_IP */ if (act && virSystemdActivationComplete(act) < 0) @@ -892,7 +900,9 @@ daemonUsage(const char *argv0, bool privileged) { "-h | --help", N_("Display program help") }, { "-v | --verbose", N_("Verbose messages") }, { "-d | --daemon", N_("Run as a daemon & write PID file") }, +#ifdef ENABLE_IP { "-l | --listen", N_("Listen for TCP/IP connections") }, +#endif /* ENABLE_IP */ { "-t | --timeout <secs>", N_("Exit after timeout period") }, { "-f | --config <file>", N_("Configuration file") }, { "-V | --version", N_("Display version information") }, @@ -929,6 +939,7 @@ daemonUsage(const char *argv0, bool privileged) LOCALSTATEDIR, SOCK_PREFIX); fprintf(stderr, "\n"); +#ifdef ENABLE_IP fprintf(stderr, " %s:\n", _("TLS")); fprintf(stderr, " %s: %s\n", _("CA certificate"), @@ -940,6 +951,7 @@ daemonUsage(const char *argv0, bool privileged) _("Server private key"), privileged ? LIBVIRT_SERVERKEY : "$HOME/.pki/libvirt/serverkey.pem"); fprintf(stderr, "\n"); +#endif /* ENABLE_IP */ fprintf(stderr, " %s:\n", _("PID file (unless overridden by -p)")); @@ -966,7 +978,9 @@ int main(int argc, char **argv) { int timeout = -1; /* -t: Shutdown timeout */ int verbose = 0; int godaemon = 0; +#ifdef ENABLE_IP int ipsock = 0; +#endif /* ! ENABLE_IP */ struct daemonConfig *config; bool privileged = geteuid() == 0 ? true : false; bool implicit_conf = false; @@ -976,7 +990,9 @@ int main(int argc, char **argv) { struct option opts[] = { { "verbose", no_argument, &verbose, 'v'}, { "daemon", no_argument, &godaemon, 'd'}, +#ifdef ENABLE_IP { "listen", no_argument, &ipsock, 'l'}, +#endif /* ! ENABLE_IP */ { "config", required_argument, NULL, 'f'}, { "timeout", required_argument, NULL, 't'}, { "pid-file", required_argument, NULL, 'p'}, @@ -999,8 +1015,13 @@ int main(int argc, char **argv) { int optidx = 0; int c; char *tmp; +#ifdef ENABLE_IP + const char *optstr = "ldf:p:t:vVh"; +#else /* ! ENABLE_IP */ + const char *optstr = "df:p:t:vVh"; +#endif /* ! ENABLE_IP */ - c = getopt_long(argc, argv, "ldf:p:t:vVh", opts, &optidx); + c = getopt_long(argc, argv, optstr, opts, &optidx); if (c == -1) break; @@ -1015,9 +1036,12 @@ int main(int argc, char **argv) { case 'd': godaemon = 1; break; + +#ifdef ENABLE_IP case 'l': ipsock = 1; break; +#endif /* ! ENABLE_IP */ case 't': if (virStrToLong_i(optarg, &tmp, 10, &timeout) != 0 @@ -1331,10 +1355,13 @@ int main(int argc, char **argv) { if (daemonSetupNetworking(srv, srvAdm, config, +#ifdef ENABLE_IP + ipsock, + privileged, +#endif /* !ENABLE_IP */ sock_file, sock_file_ro, - sock_file_adm, - ipsock, privileged) < 0) { + sock_file_adm) < 0) { ret = VIR_DAEMON_ERR_NETWORK; goto cleanup; } diff --git a/src/remote/remote_daemon_config.c b/src/remote/remote_daemon_config.c index 3e62b4203f..3c5ccd5ba8 100644 --- a/src/remote/remote_daemon_config.c +++ b/src/remote/remote_daemon_config.c @@ -107,12 +107,14 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) if (VIR_ALLOC(data) < 0) return NULL; +#ifdef ENABLE_IP data->listen_tls = 1; data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || VIR_STRDUP(data->tcp_port, LIBVIRTD_TCP_PORT) < 0) goto error; +#endif /* !ENABLE_IP */ /* Only default to PolicyKit if running as root */ #if WITH_POLKIT @@ -133,12 +135,14 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) VIR_STRDUP(data->unix_sock_admin_perms, "0700") < 0) goto error; -#if WITH_SASL +#ifdef ENABLE_IP +# if WITH_SASL data->auth_tcp = REMOTE_AUTH_SASL; -#else +# else data->auth_tcp = REMOTE_AUTH_NONE; -#endif +# endif data->auth_tls = REMOTE_AUTH_NONE; +#endif /* ! ENABLE_IP */ data->min_workers = 5; data->max_workers = 20; @@ -182,9 +186,12 @@ daemonConfigFree(struct daemonConfig *data) if (!data) return; +#ifdef ENABLE_IP VIR_FREE(data->listen_addr); VIR_FREE(data->tls_port); VIR_FREE(data->tcp_port); +#endif /* ! ENABLE_IP */ + tmp = data->access_drivers; while (tmp && *tmp) { VIR_FREE(*tmp); @@ -198,25 +205,28 @@ daemonConfigFree(struct daemonConfig *data) VIR_FREE(data->unix_sock_group); VIR_FREE(data->unix_sock_dir); - tmp = data->tls_allowed_dn_list; + tmp = data->sasl_allowed_username_list; while (tmp && *tmp) { VIR_FREE(*tmp); tmp++; } - VIR_FREE(data->tls_allowed_dn_list); + VIR_FREE(data->sasl_allowed_username_list); - tmp = data->sasl_allowed_username_list; +#ifdef ENABLE_IP + tmp = data->tls_allowed_dn_list; while (tmp && *tmp) { VIR_FREE(*tmp); tmp++; } - VIR_FREE(data->sasl_allowed_username_list); + VIR_FREE(data->tls_allowed_dn_list); + VIR_FREE(data->tls_priority); VIR_FREE(data->key_file); VIR_FREE(data->ca_file); VIR_FREE(data->cert_file); VIR_FREE(data->crl_file); +#endif /* ! ENABLE_IP */ VIR_FREE(data->host_uuid); VIR_FREE(data->host_uuid_source); @@ -231,6 +241,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, const char *filename, virConfPtr conf) { +#ifdef ENABLE_IP if (virConfGetValueBool(conf, "listen_tcp", &data->listen_tcp) < 0) goto error; if (virConfGetValueBool(conf, "listen_tls", &data->listen_tls) < 0) @@ -241,6 +252,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, goto error; if (virConfGetValueString(conf, "listen_addr", &data->listen_addr) < 0) goto error; +#endif /* !ENABLE_IP */ if (remoteConfigGetAuth(conf, filename, "auth_unix_rw", &data->auth_unix_rw) < 0) goto error; @@ -256,10 +268,13 @@ daemonConfigLoadOptions(struct daemonConfig *data, #endif if (remoteConfigGetAuth(conf, filename, "auth_unix_ro", &data->auth_unix_ro) < 0) goto error; + +#ifdef ENABLE_IP if (remoteConfigGetAuth(conf, filename, "auth_tcp", &data->auth_tcp) < 0) goto error; if (remoteConfigGetAuth(conf, filename, "auth_tls", &data->auth_tls) < 0) goto error; +#endif /* ! ENABLE_IP */ if (virConfGetValueStringList(conf, "access_drivers", false, &data->access_drivers) < 0) @@ -277,6 +292,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, if (virConfGetValueString(conf, "unix_sock_dir", &data->unix_sock_dir) < 0) goto error; +#ifdef ENABLE_IP if (virConfGetValueBool(conf, "tls_no_sanity_certificate", &data->tls_no_sanity_certificate) < 0) goto error; if (virConfGetValueBool(conf, "tls_no_verify_certificate", &data->tls_no_verify_certificate) < 0) @@ -295,14 +311,14 @@ daemonConfigLoadOptions(struct daemonConfig *data, &data->tls_allowed_dn_list) < 0) goto error; + if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0) + goto error; +#endif /* ! ENABLE_IP */ if (virConfGetValueStringList(conf, "sasl_allowed_username_list", false, &data->sasl_allowed_username_list) < 0) goto error; - if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0) - goto error; - if (virConfGetValueUInt(conf, "min_workers", &data->min_workers) < 0) goto error; if (virConfGetValueUInt(conf, "max_workers", &data->max_workers) < 0) diff --git a/src/remote/remote_daemon_config.h b/src/remote/remote_daemon_config.h index d580e7d49c..5a54abed85 100644 --- a/src/remote/remote_daemon_config.h +++ b/src/remote/remote_daemon_config.h @@ -27,11 +27,13 @@ struct daemonConfig { char *host_uuid; char *host_uuid_source; +#ifdef ENABLE_IP bool listen_tls; bool listen_tcp; char *listen_addr; char *tls_port; char *tcp_port; +#endif /* ! ENABLE_IP */ char *unix_sock_admin_perms; char *unix_sock_ro_perms; @@ -41,21 +43,27 @@ struct daemonConfig { int auth_unix_rw; int auth_unix_ro; + +#ifdef ENABLE_IP int auth_tcp; int auth_tls; +#endif /* ! ENABLE_IP */ char **access_drivers; +#ifdef ENABLE_IP bool tls_no_verify_certificate; bool tls_no_sanity_certificate; char **tls_allowed_dn_list; - char **sasl_allowed_username_list; char *tls_priority; char *key_file; char *cert_file; char *ca_file; char *crl_file; +#endif /* ! ENABLE_IP */ + + char **sasl_allowed_username_list; unsigned int min_workers; unsigned int max_workers; -- 2.21.0
Daniel P. Berrangé writes:
Prepare for reusing libvirtd source to create other daemons by making the use of IP sockets conditionally defined by the make rules.
The main libvirtd daemon will retain IP listen ability, but all the driver specific daemons will be local UNIX sockets only. Apps needing IP connectivity will connect via the libvirtd daemon which will proxy to the driver specfic daemon.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 39 ++++++++++++++++++++++++++----- src/remote/remote_daemon_config.c | 36 ++++++++++++++++++++-------- src/remote/remote_daemon_config.h | 10 +++++++- 4 files changed, 69 insertions(+), 17 deletions(-)
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index b72186109a..2277bf49d2 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -148,6 +148,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/rpc \ -DSOCK_PREFIX="\"libvirt\"" \ -DDAEMON_NAME="\"libvirtd\"" \ + -DENABLE_IP \
What about using "WITH_IP" to stay consistent with the other enabler macros?
$(NULL)
libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 97621884b0..fadfc7c016 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -381,11 +381,13 @@ static int ATTRIBUTE_NONNULL(3) daemonSetupNetworking(virNetServerPtr srv, virNetServerPtr srvAdm, struct daemonConfig *config, +#ifdef ENABLE_IP
+ bool ipsock, + bool privileged, +#endif /* ! ENABLE_IP */
Absolute nit, but I would move the two bool last to avoid arch-dependent and config-dependent padding in the middle of the struct.
const char *sock_path, const char *sock_path_ro, - const char *sock_path_adm, - bool ipsock, - bool privileged) + const char *sock_path_adm) { gid_t unix_sock_gid = 0; int unix_sock_ro_mask = 0; @@ -397,15 +399,19 @@ daemonSetupNetworking(virNetServerPtr srv, { .name = DAEMON_NAME ".socket", .family = AF_UNIX, .path = sock_path }, { .name = DAEMON_NAME "-ro.socket", .family = AF_UNIX, .path = sock_path_ro }, { .name = DAEMON_NAME "-admin.socket", .family = AF_UNIX, .path = sock_path_adm }, +#ifdef ENABLE_IP { .name = DAEMON_NAME "-tcp.socket", .family = AF_INET }, { .name = DAEMON_NAME "-tls.socket", .family = AF_INET }, +#endif /* ! ENABLE_IP */ };
+#ifdef ENABLE_IP if ((actmap[3].port = virSocketAddrResolveService(config->tcp_port)) < 0) return -1;
if ((actmap[4].port = virSocketAddrResolveService(config->tls_port)) < 0) return -1; +#endif /* ! ENABLE_IP */
if (virSystemdGetActivation(actmap, ARRAY_CARDINALITY(actmap), &act) < 0) return -1; @@ -470,6 +476,7 @@ daemonSetupNetworking(virNetServerPtr srv, config->admin_max_client_requests) < 0) goto cleanup;
+#ifdef ENABLE_IP if (((ipsock && config->listen_tcp) || act) && virNetServerAddServiceTCP(srv, act, @@ -544,6 +551,7 @@ daemonSetupNetworking(virNetServerPtr srv, } virObjectUnref(ctxt); } +#endif /* ! ENABLE_IP */
if (act && virSystemdActivationComplete(act) < 0) @@ -892,7 +900,9 @@ daemonUsage(const char *argv0, bool privileged) { "-h | --help", N_("Display program help") }, { "-v | --verbose", N_("Verbose messages") }, { "-d | --daemon", N_("Run as a daemon & write PID file") }, +#ifdef ENABLE_IP { "-l | --listen", N_("Listen for TCP/IP connections") }, +#endif /* ENABLE_IP */ { "-t | --timeout <secs>", N_("Exit after timeout period") }, { "-f | --config <file>", N_("Configuration file") }, { "-V | --version", N_("Display version information") }, @@ -929,6 +939,7 @@ daemonUsage(const char *argv0, bool privileged) LOCALSTATEDIR, SOCK_PREFIX); fprintf(stderr, "\n");
+#ifdef ENABLE_IP fprintf(stderr, " %s:\n", _("TLS")); fprintf(stderr, " %s: %s\n", _("CA certificate"), @@ -940,6 +951,7 @@ daemonUsage(const char *argv0, bool privileged) _("Server private key"), privileged ? LIBVIRT_SERVERKEY : "$HOME/.pki/libvirt/serverkey.pem"); fprintf(stderr, "\n"); +#endif /* ENABLE_IP */
fprintf(stderr, " %s:\n", _("PID file (unless overridden by -p)")); @@ -966,7 +978,9 @@ int main(int argc, char **argv) { int timeout = -1; /* -t: Shutdown timeout */ int verbose = 0; int godaemon = 0; +#ifdef ENABLE_IP int ipsock = 0; +#endif /* ! ENABLE_IP */ struct daemonConfig *config; bool privileged = geteuid() == 0 ? true : false; bool implicit_conf = false; @@ -976,7 +990,9 @@ int main(int argc, char **argv) { struct option opts[] = { { "verbose", no_argument, &verbose, 'v'}, { "daemon", no_argument, &godaemon, 'd'}, +#ifdef ENABLE_IP { "listen", no_argument, &ipsock, 'l'}, +#endif /* ! ENABLE_IP */ { "config", required_argument, NULL, 'f'}, { "timeout", required_argument, NULL, 't'}, { "pid-file", required_argument, NULL, 'p'}, @@ -999,8 +1015,13 @@ int main(int argc, char **argv) { int optidx = 0; int c; char *tmp; +#ifdef ENABLE_IP + const char *optstr = "ldf:p:t:vVh"; +#else /* ! ENABLE_IP */ + const char *optstr = "df:p:t:vVh"; +#endif /* ! ENABLE_IP */
- c = getopt_long(argc, argv, "ldf:p:t:vVh", opts, &optidx); + c = getopt_long(argc, argv, optstr, opts, &optidx);
if (c == -1) break; @@ -1015,9 +1036,12 @@ int main(int argc, char **argv) { case 'd': godaemon = 1; break; + +#ifdef ENABLE_IP case 'l': ipsock = 1; break; +#endif /* ! ENABLE_IP */
case 't': if (virStrToLong_i(optarg, &tmp, 10, &timeout) != 0 @@ -1331,10 +1355,13 @@ int main(int argc, char **argv) {
if (daemonSetupNetworking(srv, srvAdm, config, +#ifdef ENABLE_IP + ipsock, + privileged, +#endif /* !ENABLE_IP */ sock_file, sock_file_ro, - sock_file_adm, - ipsock, privileged) < 0) { + sock_file_adm) < 0) { ret = VIR_DAEMON_ERR_NETWORK; goto cleanup; } diff --git a/src/remote/remote_daemon_config.c b/src/remote/remote_daemon_config.c index 3e62b4203f..3c5ccd5ba8 100644 --- a/src/remote/remote_daemon_config.c +++ b/src/remote/remote_daemon_config.c @@ -107,12 +107,14 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) if (VIR_ALLOC(data) < 0) return NULL;
+#ifdef ENABLE_IP data->listen_tls = 1; data->listen_tcp = 0;
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || VIR_STRDUP(data->tcp_port, LIBVIRTD_TCP_PORT) < 0) goto error; +#endif /* !ENABLE_IP */
/* Only default to PolicyKit if running as root */ #if WITH_POLKIT @@ -133,12 +135,14 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) VIR_STRDUP(data->unix_sock_admin_perms, "0700") < 0) goto error;
-#if WITH_SASL +#ifdef ENABLE_IP +# if WITH_SASL data->auth_tcp = REMOTE_AUTH_SASL; -#else +# else data->auth_tcp = REMOTE_AUTH_NONE; -#endif +# endif data->auth_tls = REMOTE_AUTH_NONE; +#endif /* ! ENABLE_IP */
data->min_workers = 5; data->max_workers = 20; @@ -182,9 +186,12 @@ daemonConfigFree(struct daemonConfig *data) if (!data) return;
+#ifdef ENABLE_IP VIR_FREE(data->listen_addr); VIR_FREE(data->tls_port); VIR_FREE(data->tcp_port); +#endif /* ! ENABLE_IP */ + tmp = data->access_drivers; while (tmp && *tmp) { VIR_FREE(*tmp); @@ -198,25 +205,28 @@ daemonConfigFree(struct daemonConfig *data) VIR_FREE(data->unix_sock_group); VIR_FREE(data->unix_sock_dir);
- tmp = data->tls_allowed_dn_list; + tmp = data->sasl_allowed_username_list; while (tmp && *tmp) { VIR_FREE(*tmp); tmp++; } - VIR_FREE(data->tls_allowed_dn_list); + VIR_FREE(data->sasl_allowed_username_list);
- tmp = data->sasl_allowed_username_list; +#ifdef ENABLE_IP + tmp = data->tls_allowed_dn_list; while (tmp && *tmp) { VIR_FREE(*tmp); tmp++; } - VIR_FREE(data->sasl_allowed_username_list); + VIR_FREE(data->tls_allowed_dn_list); + VIR_FREE(data->tls_priority);
VIR_FREE(data->key_file); VIR_FREE(data->ca_file); VIR_FREE(data->cert_file); VIR_FREE(data->crl_file); +#endif /* ! ENABLE_IP */
VIR_FREE(data->host_uuid); VIR_FREE(data->host_uuid_source); @@ -231,6 +241,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, const char *filename, virConfPtr conf) { +#ifdef ENABLE_IP if (virConfGetValueBool(conf, "listen_tcp", &data->listen_tcp) < 0) goto error; if (virConfGetValueBool(conf, "listen_tls", &data->listen_tls) < 0) @@ -241,6 +252,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, goto error; if (virConfGetValueString(conf, "listen_addr", &data->listen_addr) < 0) goto error; +#endif /* !ENABLE_IP */
if (remoteConfigGetAuth(conf, filename, "auth_unix_rw", &data->auth_unix_rw) < 0) goto error; @@ -256,10 +268,13 @@ daemonConfigLoadOptions(struct daemonConfig *data, #endif if (remoteConfigGetAuth(conf, filename, "auth_unix_ro", &data->auth_unix_ro) < 0) goto error; + +#ifdef ENABLE_IP if (remoteConfigGetAuth(conf, filename, "auth_tcp", &data->auth_tcp) < 0) goto error; if (remoteConfigGetAuth(conf, filename, "auth_tls", &data->auth_tls) < 0) goto error; +#endif /* ! ENABLE_IP */
if (virConfGetValueStringList(conf, "access_drivers", false, &data->access_drivers) < 0) @@ -277,6 +292,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, if (virConfGetValueString(conf, "unix_sock_dir", &data->unix_sock_dir) < 0) goto error;
+#ifdef ENABLE_IP if (virConfGetValueBool(conf, "tls_no_sanity_certificate", &data->tls_no_sanity_certificate) < 0) goto error; if (virConfGetValueBool(conf, "tls_no_verify_certificate", &data->tls_no_verify_certificate) < 0) @@ -295,14 +311,14 @@ daemonConfigLoadOptions(struct daemonConfig *data, &data->tls_allowed_dn_list) < 0) goto error;
+ if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0) + goto error; +#endif /* ! ENABLE_IP */
if (virConfGetValueStringList(conf, "sasl_allowed_username_list", false, &data->sasl_allowed_username_list) < 0) goto error;
- if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0) - goto error; - if (virConfGetValueUInt(conf, "min_workers", &data->min_workers) < 0) goto error; if (virConfGetValueUInt(conf, "max_workers", &data->max_workers) < 0) diff --git a/src/remote/remote_daemon_config.h b/src/remote/remote_daemon_config.h index d580e7d49c..5a54abed85 100644 --- a/src/remote/remote_daemon_config.h +++ b/src/remote/remote_daemon_config.h @@ -27,11 +27,13 @@ struct daemonConfig { char *host_uuid; char *host_uuid_source;
+#ifdef ENABLE_IP bool listen_tls; bool listen_tcp; char *listen_addr; char *tls_port; char *tcp_port; +#endif /* ! ENABLE_IP */
char *unix_sock_admin_perms; char *unix_sock_ro_perms; @@ -41,21 +43,27 @@ struct daemonConfig {
int auth_unix_rw; int auth_unix_ro; + +#ifdef ENABLE_IP int auth_tcp; int auth_tls; +#endif /* ! ENABLE_IP */
char **access_drivers;
+#ifdef ENABLE_IP bool tls_no_verify_certificate; bool tls_no_sanity_certificate; char **tls_allowed_dn_list; - char **sasl_allowed_username_list; char *tls_priority;
char *key_file; char *cert_file; char *ca_file; char *crl_file; +#endif /* ! ENABLE_IP */ + + char **sasl_allowed_username_list;
unsigned int min_workers; unsigned int max_workers; -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, Jul 30, 2019 at 12:46:31PM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
Prepare for reusing libvirtd source to create other daemons by making the use of IP sockets conditionally defined by the make rules.
The main libvirtd daemon will retain IP listen ability, but all the driver specific daemons will be local UNIX sockets only. Apps needing IP connectivity will connect via the libvirtd daemon which will proxy to the driver specfic daemon.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 39 ++++++++++++++++++++++++++----- src/remote/remote_daemon_config.c | 36 ++++++++++++++++++++-------- src/remote/remote_daemon_config.h | 10 +++++++- 4 files changed, 69 insertions(+), 17 deletions(-)
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index b72186109a..2277bf49d2 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -148,6 +148,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/rpc \ -DSOCK_PREFIX="\"libvirt\"" \ -DDAEMON_NAME="\"libvirtd\"" \ + -DENABLE_IP \
What about using "WITH_IP" to stay consistent with the other enabler macros?
Perhaps. I'll see how much hell that creates with merge conflicts in the later part of the series.
$(NULL)
libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 97621884b0..fadfc7c016 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -381,11 +381,13 @@ static int ATTRIBUTE_NONNULL(3) daemonSetupNetworking(virNetServerPtr srv, virNetServerPtr srvAdm, struct daemonConfig *config, +#ifdef ENABLE_IP
+ bool ipsock, + bool privileged, +#endif /* ! ENABLE_IP */
Absolute nit, but I would move the two bool last to avoid arch-dependent and config-dependent padding in the middle of the struct.
I moved them here, because if you have #ifdef conditional around the last parameter in the function, the formatting gets messy wrt to the closing ')', and need to trim the trailing ',' on the previous parameter.
const char *sock_path, const char *sock_path_ro, - const char *sock_path_adm, - bool ipsock, - bool privileged) + const char *sock_path_adm) {
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Tue, 2019-07-30 at 12:00 +0100, Daniel P. Berrangé wrote:
On Tue, Jul 30, 2019 at 12:46:31PM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
@@ -381,11 +381,13 @@ static int ATTRIBUTE_NONNULL(3) daemonSetupNetworking(virNetServerPtr srv, virNetServerPtr srvAdm, struct daemonConfig *config, +#ifdef ENABLE_IP + bool ipsock, + bool privileged, +#endif /* ! ENABLE_IP */
Absolute nit, but I would move the two bool last to avoid arch-dependent and config-dependent padding in the middle of the struct.
I moved them here, because if you have #ifdef conditional around the last parameter in the function, the formatting gets messy wrt to the closing ')', and need to trim the trailing ',' on the previous parameter.
I think Christophe, despite the fact that he quoted the function signature, was actually referring to struct daemonConfig and the members within. I'm not sure whether we care about the padding and relative alignment in this case, though. -- Andrea Bolognani / Red Hat / Virtualization
On 30 Jul 2019, at 13:15, Andrea Bolognani <abologna@redhat.com> wrote:
On Tue, 2019-07-30 at 12:00 +0100, Daniel P. Berrangé wrote:
On Tue, Jul 30, 2019 at 12:46:31PM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
@@ -381,11 +381,13 @@ static int ATTRIBUTE_NONNULL(3) daemonSetupNetworking(virNetServerPtr srv, virNetServerPtr srvAdm, struct daemonConfig *config, +#ifdef ENABLE_IP + bool ipsock, + bool privileged, +#endif /* ! ENABLE_IP */
Absolute nit, but I would move the two bool last to avoid arch-dependent and config-dependent padding in the middle of the struct.
I moved them here, because if you have #ifdef conditional around the last parameter in the function, the formatting gets messy wrt to the closing ')', and need to trim the trailing ',' on the previous parameter.
I think Christophe, despite the fact that he quoted the function signature, was actually referring to struct daemonConfig and the members within.
Indeed.
I'm not sure whether we care about the padding and relative alignment in this case, though.
“Absolute nit” :-)
-- Andrea Bolognani / Red Hat / Virtualization
On Mon, Jul 29, 2019 at 06:10:52PM +0100, Daniel P. Berrangé wrote:
Prepare for reusing libvirtd source to create other daemons by making the use of IP sockets conditionally defined by the make rules.
The main libvirtd daemon will retain IP listen ability, but all the driver specific daemons will be local UNIX sockets only. Apps needing IP connectivity will connect via the libvirtd daemon which will proxy to the driver specfic daemon.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon.c | 39 ++++++++++++++++++++++++++----- src/remote/remote_daemon_config.c | 36 ++++++++++++++++++++-------- src/remote/remote_daemon_config.h | 10 +++++++- 4 files changed, 69 insertions(+), 17 deletions(-)
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index b72186109a..2277bf49d2 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -148,6 +148,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/rpc \ -DSOCK_PREFIX="\"libvirt\"" \ -DDAEMON_NAME="\"libvirtd\"" \ + -DENABLE_IP \ $(NULL)
libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 97621884b0..fadfc7c016 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -892,7 +900,9 @@ daemonUsage(const char *argv0, bool privileged) { "-h | --help", N_("Display program help") }, { "-v | --verbose", N_("Verbose messages") }, { "-d | --daemon", N_("Run as a daemon & write PID file") }, +#ifdef ENABLE_IP { "-l | --listen", N_("Listen for TCP/IP connections") }, +#endif /* ENABLE_IP */ { "-t | --timeout <secs>", N_("Exit after timeout period") }, { "-f | --config <file>", N_("Configuration file") }, { "-V | --version", N_("Display version information") }, @@ -929,6 +939,7 @@ daemonUsage(const char *argv0, bool privileged) LOCALSTATEDIR, SOCK_PREFIX); fprintf(stderr, "\n");
+#ifdef ENABLE_IP fprintf(stderr, " %s:\n", _("TLS")); fprintf(stderr, " %s: %s\n", _("CA certificate"), @@ -940,6 +951,7 @@ daemonUsage(const char *argv0, bool privileged) _("Server private key"), privileged ? LIBVIRT_SERVERKEY : "$HOME/.pki/libvirt/serverkey.pem"); fprintf(stderr, "\n"); +#endif /* ENABLE_IP */
These two use /* ENABLE_IP */ instead of /* ! ENABLE_IP */ Jano
Using @VARNAME@ is a normal style of automake, so lets match that. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- build-aux/augeas-gentest.pl | 2 +- src/bhyve/test_libvirtd_bhyve.aug.in | 2 +- src/libxl/test_libvirtd_libxl.aug.in | 2 +- src/locking/test_libvirt_lockd.aug.in | 2 +- src/locking/test_libvirt_sanlock.aug.in | 2 +- src/locking/test_virtlockd.aug.in | 2 +- src/logging/test_virtlogd.aug.in | 2 +- src/lxc/test_libvirtd_lxc.aug.in | 2 +- src/qemu/test_libvirtd_qemu.aug.in | 2 +- src/remote/test_libvirtd.aug.in | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/build-aux/augeas-gentest.pl b/build-aux/augeas-gentest.pl index faf2fd593e..65834b533b 100755 --- a/build-aux/augeas-gentest.pl +++ b/build-aux/augeas-gentest.pl @@ -30,7 +30,7 @@ open TEMPLATE, "<", $template or die "cannot read $template: $!"; my $group = 0; while (<TEMPLATE>) { - if (/::CONFIG::/) { + if (/\@CONFIG\@/) { my $group = 0; print " let conf = \""; while (<CONFIG>) { diff --git a/src/bhyve/test_libvirtd_bhyve.aug.in b/src/bhyve/test_libvirtd_bhyve.aug.in index f28e58614d..ec932b4b11 100644 --- a/src/bhyve/test_libvirtd_bhyve.aug.in +++ b/src/bhyve/test_libvirtd_bhyve.aug.in @@ -1,5 +1,5 @@ module Test_libvirtd_bhyve = - ::CONFIG:: + @CONFIG@ test Libvirtd_bhyve.lns get conf = { "firmware_dir" = "/usr/local/share/uefi-firmware" } diff --git a/src/libxl/test_libvirtd_libxl.aug.in b/src/libxl/test_libvirtd_libxl.aug.in index 372a43f94a..ac37de67eb 100644 --- a/src/libxl/test_libvirtd_libxl.aug.in +++ b/src/libxl/test_libvirtd_libxl.aug.in @@ -1,5 +1,5 @@ module Test_libvirtd_libxl = - ::CONFIG:: + @CONFIG@ test Libvirtd_libxl.lns get conf = { "autoballoon" = "1" } diff --git a/src/locking/test_libvirt_lockd.aug.in b/src/locking/test_libvirt_lockd.aug.in index 52b37541cb..0f3b57eb34 100644 --- a/src/locking/test_libvirt_lockd.aug.in +++ b/src/locking/test_libvirt_lockd.aug.in @@ -1,5 +1,5 @@ module Test_libvirt_lockd = - ::CONFIG:: + @CONFIG@ test Libvirt_lockd.lns get conf = { "auto_disk_leases" = "0" } diff --git a/src/locking/test_libvirt_sanlock.aug.in b/src/locking/test_libvirt_sanlock.aug.in index 7f66f8192b..5eabb6726d 100644 --- a/src/locking/test_libvirt_sanlock.aug.in +++ b/src/locking/test_libvirt_sanlock.aug.in @@ -1,5 +1,5 @@ module Test_libvirt_sanlock = - ::CONFIG:: + @CONFIG@ test Libvirt_sanlock.lns get conf = { "auto_disk_leases" = "1" } diff --git a/src/locking/test_virtlockd.aug.in b/src/locking/test_virtlockd.aug.in index f2f6979ef5..fad0c418b9 100644 --- a/src/locking/test_virtlockd.aug.in +++ b/src/locking/test_virtlockd.aug.in @@ -1,5 +1,5 @@ module Test_virtlockd = - ::CONFIG:: + @CONFIG@ test Virtlockd.lns get conf = { "log_level" = "3" } diff --git a/src/logging/test_virtlogd.aug.in b/src/logging/test_virtlogd.aug.in index a29e7e3730..cd5b0d91f8 100644 --- a/src/logging/test_virtlogd.aug.in +++ b/src/logging/test_virtlogd.aug.in @@ -1,5 +1,5 @@ module Test_virtlogd = - ::CONFIG:: + @CONFIG@ test Virtlogd.lns get conf = { "log_level" = "3" } diff --git a/src/lxc/test_libvirtd_lxc.aug.in b/src/lxc/test_libvirtd_lxc.aug.in index 3eb25aa292..68db2e1c86 100644 --- a/src/lxc/test_libvirtd_lxc.aug.in +++ b/src/lxc/test_libvirtd_lxc.aug.in @@ -1,5 +1,5 @@ module Test_libvirtd_lxc = - ::CONFIG:: + @CONFIG@ test Libvirtd_lxc.lns get conf = { "log_with_libvirtd" = "1" } diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in index b3b44d42d9..9f81759cb5 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -1,5 +1,5 @@ module Test_libvirtd_qemu = - ::CONFIG:: + @CONFIG@ test Libvirtd_qemu.lns get conf = { "default_tls_x509_cert_dir" = "/etc/pki/qemu" } diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in index ad6450a569..6c51b7b9e7 100644 --- a/src/remote/test_libvirtd.aug.in +++ b/src/remote/test_libvirtd.aug.in @@ -1,5 +1,5 @@ module Test_libvirtd = - ::CONFIG:: + @CONFIG@ test Libvirtd.lns get conf = { "listen_tls" = "0" } -- 2.21.0
On Mon, 2019-07-29 at 18:10 +0100, Daniel P. Berrangé wrote:
Using @VARNAME@ is a normal style of automake, so lets match that.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- build-aux/augeas-gentest.pl | 2 +- src/bhyve/test_libvirtd_bhyve.aug.in | 2 +- src/libxl/test_libvirtd_libxl.aug.in | 2 +- src/locking/test_libvirt_lockd.aug.in | 2 +- src/locking/test_libvirt_sanlock.aug.in | 2 +- src/locking/test_virtlockd.aug.in | 2 +- src/logging/test_virtlogd.aug.in | 2 +- src/lxc/test_libvirtd_lxc.aug.in | 2 +- src/qemu/test_libvirtd_qemu.aug.in | 2 +- src/remote/test_libvirtd.aug.in | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-)
Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
Prepare for reusing libvirtd config to create other daemons by making the config parameters for IP sockets conditionally defined by the make rules. The main libvirtd daemon will retain IP listen ability, but all the driver specific daemons will be local UNIX sockets only. Apps needing IP connectivity will connect via the libvirtd daemon which will proxy to the driver specfic daemon. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 1 + src/remote/Makefile.inc.am | 16 +++++-- .../{libvirtd.conf => libvirtd.conf.in} | 42 +++++++++++-------- src/remote/test_libvirtd.aug.in | 2 +- 4 files changed, 40 insertions(+), 21 deletions(-) rename src/remote/{libvirtd.conf => libvirtd.conf.in} (95%) diff --git a/.gitignore b/.gitignore index d75b24c743..a09f45af50 100644 --- a/.gitignore +++ b/.gitignore @@ -158,6 +158,7 @@ /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] /src/remote/*_stubs.h +/src/remote/libvirtd.conf /src/remote/test_libvirtd.aug /src/rpc/virkeepaliveprotocol.[ch] /src/rpc/virnetprotocol.[ch] diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 2277bf49d2..93a7a6c14e 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -76,7 +76,7 @@ EXTRA_DIST += \ $(LIBVIRTD_SOURCES) \ remote/test_libvirtd.aug.in \ remote/libvirtd.aug \ - remote/libvirtd.conf \ + remote/libvirtd.conf.in \ remote/libvirtd.policy \ remote/libvirtd.rules \ remote/libvirtd.sasl \ @@ -93,6 +93,9 @@ MAINTAINERCLEANFILES += \ $(REMOTE_DRIVER_GENERATED) \ $(LIBVIRTD_GENERATED) \ $(NULL) +CLEANFILES += \ + remote/libvirtd.conf \ + $(NULL) if WITH_REMOTE noinst_LTLIBRARIES += libvirt_driver_remote.la @@ -128,7 +131,7 @@ augeas_DATA += remote/libvirtd.aug augeastest_DATA += remote/test_libvirtd.aug -conf_DATA += remote/libvirtd.conf +nodist_conf_DATA += remote/libvirtd.conf man8_MANS += libvirtd.8 @@ -179,6 +182,13 @@ libvirtd_LDADD += \ $(LIBSOCKET) \ $(NULL) +remote/libvirtd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ + < $< > $@ + INSTALL_DATA_DIRS += remote install-data-remote: @@ -189,7 +199,7 @@ uninstall-data-remote: remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/remote/libvirtd.conf $< > $@ + $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf $< > $@ if WITH_SYSCTL # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on diff --git a/src/remote/libvirtd.conf b/src/remote/libvirtd.conf.in similarity index 95% rename from src/remote/libvirtd.conf rename to src/remote/libvirtd.conf.in index b63b8d61b7..e351a8c190 100644 --- a/src/remote/libvirtd.conf +++ b/src/remote/libvirtd.conf.in @@ -1,13 +1,14 @@ # Master libvirt daemon configuration file # +@CUT_ENABLE_IP@ ################################################################# # # Network connectivity controls # # Flag listening for secure TLS connections on the public TCP/IP port. -# NB, must pass the --listen flag to the libvirtd process for this to +# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to # have any effect. # # This setting is not required or honoured if using systemd socket @@ -20,7 +21,7 @@ #listen_tls = 0 # Listen for unencrypted TCP connections on the public TCP/IP port. -# NB, must pass the --listen flag to the libvirtd process for this to +# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to # have any effect. # # This setting is not required or honoured if using systemd socket @@ -58,13 +59,14 @@ # This setting is not required or honoured if using systemd socket # activation. # -# If the libvirtd service is started in parallel with network +# If the @DAEMON_NAME@ service is started in parallel with network # startup (e.g. with systemd), binding to addresses other than # the wildcards (0.0.0.0/::) might not be available yet. # #listen_addr = "192.168.0.1" +@END@ ################################################################# # # UNIX socket access controls @@ -157,6 +159,7 @@ # If the unix_sock_rw_perms are changed you may wish to enable # an authentication mechanism here #auth_unix_rw = "none" +@CUT_ENABLE_IP@ # Change the authentication scheme for TCP sockets. # @@ -174,6 +177,7 @@ # It is possible to make use of any SASL authentication # mechanism as well, by using 'sasl' for this option #auth_tls = "none" +@END@ # Change the API access control scheme @@ -182,10 +186,11 @@ # to all APIs. Access drivers can place restrictions # on this. By default the 'nop' driver is enabled, # meaning no access control checks are done once a -# client has authenticated with libvirtd +# client has authenticated with @DAEMON_NAME@ # #access_drivers = [ "polkit" ] +@CUT_ENABLE_IP@ ################################################################# # # TLS x509 certificate configuration @@ -225,15 +230,17 @@ +@END@ ################################################################# # # Authorization controls # +@CUT_ENABLE_IP@ # Flag to disable verification of our own server certificates # -# When libvirtd starts it performs some sanity checks against +# When @DAEMON_NAME@ starts it performs some sanity checks against # its own certificates. # # Default is to always run sanity checks. Uncommenting this @@ -265,6 +272,15 @@ #tls_allowed_dn_list = ["DN1", "DN2"] +# Override the compile time default TLS priority string. The +# default is usually "NORMAL" unless overridden at build time. +# Only set this is it is desired for libvirt to deviate from +# the global default settings. +# +#tls_priority="NORMAL" + + +@END@ # A whitelist of allowed SASL usernames. The format for username # depends on the SASL authentication mechanism. Kerberos usernames # look like username@REALM @@ -282,14 +298,6 @@ #sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ] -# Override the compile time default TLS priority string. The -# default is usually "NORMAL" unless overridden at build time. -# Only set this is it is desired for libvirt to deviate from -# the global default settings. -# -#tls_priority="NORMAL" - - ################################################################# # # Processing controls @@ -417,8 +425,8 @@ # 4: ERROR # # Multiple outputs can be defined, they just need to be separated by spaces. -# e.g. to log all warnings and errors to syslog under the libvirtd ident: -#log_outputs="3:syslog:libvirtd" +# e.g. to log all warnings and errors to syslog under the @DAEMON_NAME@ ident: +#log_outputs="3:syslog:@DAEMON_NAME@" ################################################################## @@ -461,7 +469,7 @@ ################################################################### # Keepalive protocol: -# This allows libvirtd to detect broken client connections or even +# This allows @DAEMON_NAME@ to detect broken client connections or even # dead clients. A keepalive message is sent to a client after # keepalive_interval seconds of inactivity to check if the client is # still responding; keepalive_count is a maximum number of keepalive @@ -470,7 +478,7 @@ # words, the connection is automatically closed approximately after # keepalive_interval * (keepalive_count + 1) seconds since the last # message received from the client. If keepalive_interval is set to -# -1, libvirtd will never send keepalive requests; however clients +# -1, @DAEMON_NAME@ will never send keepalive requests; however clients # can still send them and the daemon will send responses. When # keepalive_count is set to 0, connections will be automatically # closed after keepalive_interval seconds of inactivity without diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in index 6c51b7b9e7..d768b30b55 100644 --- a/src/remote/test_libvirtd.aug.in +++ b/src/remote/test_libvirtd.aug.in @@ -29,11 +29,11 @@ module Test_libvirtd = { "1" = "DN1"} { "2" = "DN2"} } + { "tls_priority" = "NORMAL" } { "sasl_allowed_username_list" { "1" = "joe@EXAMPLE.COM" } { "2" = "fred@EXAMPLE.COM" } } - { "tls_priority" = "NORMAL" } { "max_clients" = "5000" } { "max_queued_clients" = "1000" } { "max_anonymous_clients" = "20" } -- 2.21.0
Daniel P. Berrangé writes:
Prepare for reusing libvirtd config to create other daemons by making the config parameters for IP sockets conditionally defined by the make rules.
The main libvirtd daemon will retain IP listen ability, but all the driver specific daemons will be local UNIX sockets only. Apps needing IP connectivity will connect via the libvirtd daemon which will proxy to the driver specfic daemon.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 1 + src/remote/Makefile.inc.am | 16 +++++-- .../{libvirtd.conf => libvirtd.conf.in} | 42 +++++++++++-------- src/remote/test_libvirtd.aug.in | 2 +- 4 files changed, 40 insertions(+), 21 deletions(-) rename src/remote/{libvirtd.conf => libvirtd.conf.in} (95%)
diff --git a/.gitignore b/.gitignore index d75b24c743..a09f45af50 100644 --- a/.gitignore +++ b/.gitignore @@ -158,6 +158,7 @@ /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] /src/remote/*_stubs.h +/src/remote/libvirtd.conf /src/remote/test_libvirtd.aug /src/rpc/virkeepaliveprotocol.[ch] /src/rpc/virnetprotocol.[ch] diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 2277bf49d2..93a7a6c14e 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -76,7 +76,7 @@ EXTRA_DIST += \ $(LIBVIRTD_SOURCES) \ remote/test_libvirtd.aug.in \ remote/libvirtd.aug \ - remote/libvirtd.conf \ + remote/libvirtd.conf.in \ remote/libvirtd.policy \ remote/libvirtd.rules \ remote/libvirtd.sasl \ @@ -93,6 +93,9 @@ MAINTAINERCLEANFILES += \ $(REMOTE_DRIVER_GENERATED) \ $(LIBVIRTD_GENERATED) \ $(NULL) +CLEANFILES += \ + remote/libvirtd.conf \ + $(NULL)
if WITH_REMOTE noinst_LTLIBRARIES += libvirt_driver_remote.la @@ -128,7 +131,7 @@ augeas_DATA += remote/libvirtd.aug
augeastest_DATA += remote/test_libvirtd.aug
-conf_DATA += remote/libvirtd.conf +nodist_conf_DATA += remote/libvirtd.conf
man8_MANS += libvirtd.8
@@ -179,6 +182,13 @@ libvirtd_LDADD += \ $(LIBSOCKET) \ $(NULL)
+remote/libvirtd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ + < $< > $@ + INSTALL_DATA_DIRS += remote
install-data-remote: @@ -189,7 +199,7 @@ uninstall-data-remote:
remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/remote/libvirtd.conf $< > $@ + $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf $< > $@
if WITH_SYSCTL # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on diff --git a/src/remote/libvirtd.conf b/src/remote/libvirtd.conf.in similarity index 95% rename from src/remote/libvirtd.conf rename to src/remote/libvirtd.conf.in index b63b8d61b7..e351a8c190 100644 --- a/src/remote/libvirtd.conf +++ b/src/remote/libvirtd.conf.in @@ -1,13 +1,14 @@ # Master libvirt daemon configuration file #
+@CUT_ENABLE_IP@ ################################################################# # # Network connectivity controls #
# Flag listening for secure TLS connections on the public TCP/IP port. -# NB, must pass the --listen flag to the libvirtd process for this to +# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to # have any effect. # # This setting is not required or honoured if using systemd socket @@ -20,7 +21,7 @@ #listen_tls = 0
# Listen for unencrypted TCP connections on the public TCP/IP port. -# NB, must pass the --listen flag to the libvirtd process for this to +# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to # have any effect. # # This setting is not required or honoured if using systemd socket @@ -58,13 +59,14 @@ # This setting is not required or honoured if using systemd socket # activation. # -# If the libvirtd service is started in parallel with network +# If the @DAEMON_NAME@ service is started in parallel with network # startup (e.g. with systemd), binding to addresses other than # the wildcards (0.0.0.0/::) might not be available yet. # #listen_addr = "192.168.0.1"
+@END@ ################################################################# # # UNIX socket access controls @@ -157,6 +159,7 @@ # If the unix_sock_rw_perms are changed you may wish to enable # an authentication mechanism here #auth_unix_rw = "none" +@CUT_ENABLE_IP@
# Change the authentication scheme for TCP sockets. # @@ -174,6 +177,7 @@ # It is possible to make use of any SASL authentication # mechanism as well, by using 'sasl' for this option #auth_tls = "none" +@END@
# Change the API access control scheme @@ -182,10 +186,11 @@ # to all APIs. Access drivers can place restrictions # on this. By default the 'nop' driver is enabled, # meaning no access control checks are done once a -# client has authenticated with libvirtd +# client has authenticated with @DAEMON_NAME@ # #access_drivers = [ "polkit" ]
+@CUT_ENABLE_IP@ ################################################################# # # TLS x509 certificate configuration @@ -225,15 +230,17 @@
+@END@ ################################################################# # # Authorization controls #
+@CUT_ENABLE_IP@ # Flag to disable verification of our own server certificates # -# When libvirtd starts it performs some sanity checks against +# When @DAEMON_NAME@ starts it performs some sanity checks against # its own certificates. # # Default is to always run sanity checks. Uncommenting this @@ -265,6 +272,15 @@ #tls_allowed_dn_list = ["DN1", "DN2"]
+# Override the compile time default TLS priority string. The +# default is usually "NORMAL" unless overridden at build time. +# Only set this is it is desired for libvirt to deviate from +# the global default settings. +# +#tls_priority="NORMAL" + + +@END@ # A whitelist of allowed SASL usernames. The format for username # depends on the SASL authentication mechanism. Kerberos usernames # look like username@REALM @@ -282,14 +298,6 @@ #sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
-# Override the compile time default TLS priority string. The -# default is usually "NORMAL" unless overridden at build time. -# Only set this is it is desired for libvirt to deviate from -# the global default settings. -# -#tls_priority="NORMAL" - - ################################################################# # # Processing controls @@ -417,8 +425,8 @@ # 4: ERROR # # Multiple outputs can be defined, they just need to be separated by spaces. -# e.g. to log all warnings and errors to syslog under the libvirtd ident: -#log_outputs="3:syslog:libvirtd" +# e.g. to log all warnings and errors to syslog under the @DAEMON_NAME@ ident: +#log_outputs="3:syslog:@DAEMON_NAME@"
################################################################## @@ -461,7 +469,7 @@
################################################################### # Keepalive protocol: -# This allows libvirtd to detect broken client connections or even +# This allows @DAEMON_NAME@ to detect broken client connections or even # dead clients. A keepalive message is sent to a client after # keepalive_interval seconds of inactivity to check if the client is # still responding; keepalive_count is a maximum number of keepalive @@ -470,7 +478,7 @@ # words, the connection is automatically closed approximately after # keepalive_interval * (keepalive_count + 1) seconds since the last # message received from the client. If keepalive_interval is set to -# -1, libvirtd will never send keepalive requests; however clients +# -1, @DAEMON_NAME@ will never send keepalive requests; however clients # can still send them and the daemon will send responses. When # keepalive_count is set to 0, connections will be automatically # closed after keepalive_interval seconds of inactivity without diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in index 6c51b7b9e7..d768b30b55 100644 --- a/src/remote/test_libvirtd.aug.in +++ b/src/remote/test_libvirtd.aug.in @@ -29,11 +29,11 @@ module Test_libvirtd = { "1" = "DN1"} { "2" = "DN2"} } + { "tls_priority" = "NORMAL" }
I'm curious about this change? Is that because you changed the order in the source code? Does that depend on ENABLE_IP?
{ "sasl_allowed_username_list" { "1" = "joe@EXAMPLE.COM" } { "2" = "fred@EXAMPLE.COM" } } - { "tls_priority" = "NORMAL" } { "max_clients" = "5000" } { "max_queued_clients" = "1000" } { "max_anonymous_clients" = "20" } -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, Jul 30, 2019 at 12:48:03PM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
Prepare for reusing libvirtd config to create other daemons by making the config parameters for IP sockets conditionally defined by the make rules.
The main libvirtd daemon will retain IP listen ability, but all the driver specific daemons will be local UNIX sockets only. Apps needing IP connectivity will connect via the libvirtd daemon which will proxy to the driver specfic daemon.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
diff --git a/src/remote/libvirtd.conf b/src/remote/libvirtd.conf.in similarity index 95% rename from src/remote/libvirtd.conf rename to src/remote/libvirtd.conf.in index b63b8d61b7..e351a8c190 100644 --- a/src/remote/libvirtd.conf +++ b/src/remote/libvirtd.conf.in @@ -1,13 +1,14 @@ # Master libvirt daemon configuration file #
+@CUT_ENABLE_IP@ ################################################################# # # Network connectivity controls #
# Flag listening for secure TLS connections on the public TCP/IP port. -# NB, must pass the --listen flag to the libvirtd process for this to +# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to # have any effect. # # This setting is not required or honoured if using systemd socket @@ -20,7 +21,7 @@ #listen_tls = 0
# Listen for unencrypted TCP connections on the public TCP/IP port. -# NB, must pass the --listen flag to the libvirtd process for this to +# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to # have any effect. # # This setting is not required or honoured if using systemd socket @@ -58,13 +59,14 @@ # This setting is not required or honoured if using systemd socket # activation. # -# If the libvirtd service is started in parallel with network +# If the @DAEMON_NAME@ service is started in parallel with network # startup (e.g. with systemd), binding to addresses other than # the wildcards (0.0.0.0/::) might not be available yet. # #listen_addr = "192.168.0.1"
+@END@ ################################################################# # # UNIX socket access controls @@ -157,6 +159,7 @@ # If the unix_sock_rw_perms are changed you may wish to enable # an authentication mechanism here #auth_unix_rw = "none" +@CUT_ENABLE_IP@
# Change the authentication scheme for TCP sockets. # @@ -174,6 +177,7 @@ # It is possible to make use of any SASL authentication # mechanism as well, by using 'sasl' for this option #auth_tls = "none" +@END@
# Change the API access control scheme @@ -182,10 +186,11 @@ # to all APIs. Access drivers can place restrictions # on this. By default the 'nop' driver is enabled, # meaning no access control checks are done once a -# client has authenticated with libvirtd +# client has authenticated with @DAEMON_NAME@ # #access_drivers = [ "polkit" ]
+@CUT_ENABLE_IP@ ################################################################# # # TLS x509 certificate configuration @@ -225,15 +230,17 @@
+@END@ ################################################################# # # Authorization controls #
+@CUT_ENABLE_IP@ # Flag to disable verification of our own server certificates # -# When libvirtd starts it performs some sanity checks against +# When @DAEMON_NAME@ starts it performs some sanity checks against # its own certificates. # # Default is to always run sanity checks. Uncommenting this @@ -265,6 +272,15 @@ #tls_allowed_dn_list = ["DN1", "DN2"]
+# Override the compile time default TLS priority string. The +# default is usually "NORMAL" unless overridden at build time. +# Only set this is it is desired for libvirt to deviate from +# the global default settings. +# +#tls_priority="NORMAL" + + +@END@ # A whitelist of allowed SASL usernames. The format for username # depends on the SASL authentication mechanism. Kerberos usernames # look like username@REALM @@ -282,14 +298,6 @@ #sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
-# Override the compile time default TLS priority string. The -# default is usually "NORMAL" unless overridden at build time. -# Only set this is it is desired for libvirt to deviate from -# the global default settings. -# -#tls_priority="NORMAL" - - ################################################################# # # Processing controls @@ -417,8 +425,8 @@ # 4: ERROR # # Multiple outputs can be defined, they just need to be separated by spaces. -# e.g. to log all warnings and errors to syslog under the libvirtd ident: -#log_outputs="3:syslog:libvirtd" +# e.g. to log all warnings and errors to syslog under the @DAEMON_NAME@ ident: +#log_outputs="3:syslog:@DAEMON_NAME@"
################################################################## @@ -461,7 +469,7 @@
################################################################### # Keepalive protocol: -# This allows libvirtd to detect broken client connections or even +# This allows @DAEMON_NAME@ to detect broken client connections or even # dead clients. A keepalive message is sent to a client after # keepalive_interval seconds of inactivity to check if the client is # still responding; keepalive_count is a maximum number of keepalive @@ -470,7 +478,7 @@ # words, the connection is automatically closed approximately after # keepalive_interval * (keepalive_count + 1) seconds since the last # message received from the client. If keepalive_interval is set to -# -1, libvirtd will never send keepalive requests; however clients +# -1, @DAEMON_NAME@ will never send keepalive requests; however clients # can still send them and the daemon will send responses. When # keepalive_count is set to 0, connections will be automatically # closed after keepalive_interval seconds of inactivity without diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in index 6c51b7b9e7..d768b30b55 100644 --- a/src/remote/test_libvirtd.aug.in +++ b/src/remote/test_libvirtd.aug.in @@ -29,11 +29,11 @@ module Test_libvirtd = { "1" = "DN1"} { "2" = "DN2"} } + { "tls_priority" = "NORMAL" }
I'm curious about this change? Is that because you changed the order in the source code? Does that depend on ENABLE_IP?
Yes, because I moved the config parameter in libvirtd.conf, this influences the order seen in the augeas unit test here, as its input is auto-generated from from the libvirtd.conf
{ "sasl_allowed_username_list" { "1" = "joe@EXAMPLE.COM" } { "2" = "fred@EXAMPLE.COM" } } - { "tls_priority" = "NORMAL" } { "max_clients" = "5000" } { "max_queued_clients" = "1000" } { "max_anonymous_clients" = "20" } --
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Mon, 2019-07-29 at 18:10 +0100, Daniel P. Berrangé wrote: [...]
+remote/libvirtd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ + < $< > $@
If you're going to respin anyway: $(SED) ... < $< > $@ and $(SED) ... $< > $@ are equivalent. -- Andrea Bolognani / Red Hat / Virtualization
Prepare for reusing libvirtd augeas defintions with other daemons by making the config parameters for IP sockets conditionally defined by the make rules. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 1 + src/remote/Makefile.inc.am | 20 +++++++++++++-- src/remote/{libvirtd.aug => libvirtd.aug.in} | 26 +++++++++++++------- src/remote/test_libvirtd.aug.in | 12 ++++++--- 4 files changed, 45 insertions(+), 14 deletions(-) rename src/remote/{libvirtd.aug => libvirtd.aug.in} (89%) diff --git a/.gitignore b/.gitignore index a09f45af50..4463660c85 100644 --- a/.gitignore +++ b/.gitignore @@ -158,6 +158,7 @@ /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] /src/remote/*_stubs.h +/src/remote/libvirtd.aug /src/remote/libvirtd.conf /src/remote/test_libvirtd.aug /src/rpc/virkeepaliveprotocol.[ch] diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 93a7a6c14e..45dd6cc1cb 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -75,7 +75,7 @@ EXTRA_DIST += \ $(REMOTE_DRIVER_SOURCES) \ $(LIBVIRTD_SOURCES) \ remote/test_libvirtd.aug.in \ - remote/libvirtd.aug \ + remote/libvirtd.aug.in \ remote/libvirtd.conf.in \ remote/libvirtd.policy \ remote/libvirtd.rules \ @@ -133,6 +133,8 @@ augeastest_DATA += remote/test_libvirtd.aug nodist_conf_DATA += remote/libvirtd.conf +CLEANFILES += remote/libvirtd.aug + man8_MANS += libvirtd.8 libvirtd_SOURCES = $(LIBVIRTD_SOURCES) @@ -197,9 +199,23 @@ install-data-remote: uninstall-data-remote: rmdir "$(DESTDIR)$(localstatedir)/log/libvirt" ||: +remote/libvirtd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ + -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ + $< > $@ + remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf $< > $@ + $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ + -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ + > $@ || rm -f $@ if WITH_SYSCTL # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on diff --git a/src/remote/libvirtd.aug b/src/remote/libvirtd.aug.in similarity index 89% rename from src/remote/libvirtd.aug rename to src/remote/libvirtd.aug.in index 0188c23dd7..eec3433f29 100644 --- a/src/remote/libvirtd.aug +++ b/src/remote/libvirtd.aug.in @@ -1,6 +1,6 @@ -(* /etc/libvirt/libvirtd.conf *) +(* /etc/libvirt/@DAEMON_NAME@.conf *) -module Libvirtd = +module @DAEMON_NAME_UC@ = autoload xfm let eol = del /[ \t]*\n/ "\n" @@ -24,11 +24,13 @@ module Libvirtd = (* Config entry grouped by function - same order as example config *) +@CUT_ENABLE_IP@ let network_entry = bool_entry "listen_tls" | bool_entry "listen_tcp" | str_entry "tls_port" | str_entry "tcp_port" | str_entry "listen_addr" +@END@ let sock_acl_entry = str_entry "unix_sock_group" | str_entry "unix_sock_ro_perms" @@ -38,6 +40,7 @@ module Libvirtd = let authentication_entry = str_entry "auth_unix_ro" | str_entry "auth_unix_rw" +@CUT_ENABLE_IP@ | str_entry "auth_tcp" | str_entry "auth_tls" @@ -46,12 +49,14 @@ module Libvirtd = | str_entry "ca_file" | str_entry "crl_file" - let authorization_entry = bool_entry "tls_no_verify_certificate" + let tls_authorization_entry = bool_entry "tls_no_verify_certificate" | bool_entry "tls_no_sanity_certificate" | str_array_entry "tls_allowed_dn_list" - | str_array_entry "sasl_allowed_username_list" - | str_array_entry "access_drivers" | str_entry "tls_priority" +@END@ + + let misc_authorization_entry = str_array_entry "sasl_allowed_username_list" + | str_array_entry "access_drivers" let processing_entry = int_entry "min_workers" | int_entry "max_workers" @@ -87,11 +92,14 @@ module Libvirtd = | int_entry "ovs_timeout" (* Each enty in the config is one of the following three ... *) - let entry = network_entry - | sock_acl_entry + let entry = sock_acl_entry | authentication_entry +@CUT_ENABLE_IP@ + | network_entry | certificate_entry - | authorization_entry + | tls_authorization_entry +@END@ + | misc_authorization_entry | processing_entry | admin_processing_entry | logging_entry @@ -106,7 +114,7 @@ module Libvirtd = let lns = ( record | comment | empty ) * - let filter = incl "/etc/libvirt/libvirtd.conf" + let filter = incl "/etc/libvirt/@DAEMON_NAME@.conf" . Util.stdexcl let xfm = transform lns filter diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in index d768b30b55..2fd809af4a 100644 --- a/src/remote/test_libvirtd.aug.in +++ b/src/remote/test_libvirtd.aug.in @@ -1,12 +1,14 @@ -module Test_libvirtd = +module Test_@DAEMON_NAME@ = @CONFIG@ - test Libvirtd.lns get conf = + test @DAEMON_NAME_UC@.lns get conf = +@CUT_ENABLE_IP@ { "listen_tls" = "0" } { "listen_tcp" = "1" } { "tls_port" = "16514" } { "tcp_port" = "16509" } { "listen_addr" = "192.168.0.1" } +@END@ { "unix_sock_group" = "libvirt" } { "unix_sock_ro_perms" = "0777" } { "unix_sock_rw_perms" = "0770" } @@ -14,11 +16,14 @@ module Test_libvirtd = { "unix_sock_dir" = "/var/run/libvirt" } { "auth_unix_ro" = "none" } { "auth_unix_rw" = "none" } +@CUT_ENABLE_IP@ { "auth_tcp" = "sasl" } { "auth_tls" = "none" } +@END@ { "access_drivers" { "1" = "polkit" } } +@CUT_ENABLE_IP@ { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" } { "cert_file" = "/etc/pki/libvirt/servercert.pem" } { "ca_file" = "/etc/pki/CA/cacert.pem" } @@ -30,6 +35,7 @@ module Test_libvirtd = { "2" = "DN2"} } { "tls_priority" = "NORMAL" } +@END@ { "sasl_allowed_username_list" { "1" = "joe@EXAMPLE.COM" } { "2" = "fred@EXAMPLE.COM" } @@ -48,7 +54,7 @@ module Test_libvirtd = { "admin_max_client_requests" = "5" } { "log_level" = "3" } { "log_filters" = "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" } - { "log_outputs" = "3:syslog:libvirtd" } + { "log_outputs" = "3:syslog:@DAEMON_NAME@" } { "audit_level" = "2" } { "audit_logging" = "1" } { "host_uuid" = "00000000-0000-0000-0000-000000000000" } -- 2.21.0
On Mon, 2019-07-29 at 18:10 +0100, Daniel P. Berrangé wrote: [...]
+remote/libvirtd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ + -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ + $< > $@
See? You use the other form here.
remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf $< > $@ + $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ + -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ + > $@ || rm -f $@
The first -e argument to $(SED) should be on a separate line. -- Andrea Bolognani / Red Hat / Virtualization
The same make variables will be useful for building both libvirtd and the split daemons, so refactor & rename variables to facilitate reuse. Automake gets annoyed if you define a variable ending LDFLAGS: src/remote/Makefile.inc.am:53: warning: variable 'REMOTE_DAEMON_LDFLAGS' is defined but no program or src/remote/Makefile.inc.am:53: library has 'REMOTE_DAEMON' as canonical name (possible typo) So we trick it by using an LD_FLAGS or LD_ADD suffix instead. LIBSOCKET is dropped as it is only set on Windows and we don't build the libvirtd daemon under mingw. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 94 ++++++++++++++++++++------------------ 1 file changed, 50 insertions(+), 44 deletions(-) diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 45dd6cc1cb..0ec7abb880 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -18,13 +18,13 @@ REMOTE_DRIVER_SOURCES = \ $(REMOTE_DRIVER_GENERATED) \ $(NULL) -LIBVIRTD_GENERATED = \ +REMOTE_DAEMON_GENERATED = \ remote/remote_daemon_dispatch_stubs.h \ remote/remote_daemon_dispatch_lxc_stubs.h \ remote/remote_daemon_dispatch_qemu_stubs.h \ $(NULL) -LIBVIRTD_SOURCES = \ +REMOTE_DAEMON_SOURCES = \ remote/remote_daemon.c \ remote/remote_daemon.h \ remote/remote_daemon_config.c \ @@ -33,9 +33,49 @@ LIBVIRTD_SOURCES = \ remote/remote_daemon_dispatch.h \ remote/remote_daemon_stream.c \ remote/remote_daemon_stream.h \ - $(LIBVIRTD_GENERATED) \ + $(REMOTE_DAEMON_GENERATED) \ $(NULL) +REMOTE_DAEMON_CFLAGS = \ + $(LIBXML_CFLAGS) \ + $(GNUTLS_CFLAGS) \ + $(SASL_CFLAGS) \ + $(XDR_CFLAGS) \ + $(DBUS_CFLAGS) \ + $(LIBNL_CFLAGS) \ + $(WARN_CFLAGS) \ + $(PIE_CFLAGS) \ + -I$(srcdir)/access \ + -I$(srcdir)/conf \ + -I$(srcdir)/rpc \ + $(NULL) + +REMOTE_DAEMON_LD_FLAGS = \ + $(RELRO_LDFLAGS) \ + $(PIE_LDFLAGS) \ + $(NO_INDIRECT_LDFLAGS) \ + $(NO_UNDEFINED_LDFLAGS) \ + $(NULL) + +REMOTE_DAEMON_LD_ADD = \ + libvirt_driver_admin.la \ + libvirt-lxc.la \ + libvirt-qemu.la \ + libvirt.la \ + $(LIBXML_LIBS) \ + $(GNUTLS_LIBS) \ + $(SASL_LIBS) \ + $(DBUS_LIBS) \ + $(LIBNL_LIBS) \ + $(NULL) + +if WITH_DTRACE_PROBES +REMOTE_DAEMON_LD_ADD += ../src/libvirt_probes.lo +endif WITH_DTRACE_PROBES + +REMOTE_DAEMON_LD_ADD += \ + ../gnulib/lib/libgnu.la \ + $(NULL) LOGROTATE_FILES_IN += \ remote/libvirtd.qemu.logrotate.in \ @@ -73,7 +113,7 @@ DRIVER_SOURCE_FILES += $(REMOTE_DRIVER_SOURCES) EXTRA_DIST += \ $(REMOTE_DRIVER_PROTOCOL) \ $(REMOTE_DRIVER_SOURCES) \ - $(LIBVIRTD_SOURCES) \ + $(REMOTE_DAEMON_SOURCES) \ remote/test_libvirtd.aug.in \ remote/libvirtd.aug.in \ remote/libvirtd.conf.in \ @@ -87,11 +127,11 @@ EXTRA_DIST += \ # the WITH_REMOTE/WITH_LIBVIRTD conditionals BUILT_SOURCES += \ $(REMOTE_DRIVER_GENERATED) \ - $(LIBVIRTD_GENERATED) \ + $(REMOTE_DAEMON_GENERATED) \ $(NULL) MAINTAINERCLEANFILES += \ $(REMOTE_DRIVER_GENERATED) \ - $(LIBVIRTD_GENERATED) \ + $(REMOTE_DAEMON_GENERATED) \ $(NULL) CLEANFILES += \ remote/libvirtd.conf \ @@ -137,52 +177,18 @@ CLEANFILES += remote/libvirtd.aug man8_MANS += libvirtd.8 -libvirtd_SOURCES = $(LIBVIRTD_SOURCES) +libvirtd_SOURCES = $(REMOTE_DAEMON_SOURCES) libvirtd_CFLAGS = \ - $(LIBXML_CFLAGS) \ - $(GNUTLS_CFLAGS) \ - $(SASL_CFLAGS) \ - $(XDR_CFLAGS) \ - $(DBUS_CFLAGS) \ - $(LIBNL_CFLAGS) \ - $(WARN_CFLAGS) \ - $(PIE_CFLAGS) \ - -I$(srcdir)/access \ - -I$(srcdir)/conf \ - -I$(srcdir)/rpc \ + $(REMOTE_DAEMON_CFLAGS) \ -DSOCK_PREFIX="\"libvirt\"" \ -DDAEMON_NAME="\"libvirtd\"" \ -DENABLE_IP \ $(NULL) -libvirtd_LDFLAGS = \ - $(RELRO_LDFLAGS) \ - $(PIE_LDFLAGS) \ - $(NO_INDIRECT_LDFLAGS) \ - $(NO_UNDEFINED_LDFLAGS) \ - $(NULL) +libvirtd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) -libvirtd_LDADD = \ - libvirt_driver_admin.la \ - libvirt-lxc.la \ - libvirt-qemu.la \ - libvirt.la \ - $(LIBXML_LIBS) \ - $(GNUTLS_LIBS) \ - $(SASL_LIBS) \ - $(DBUS_LIBS) \ - $(LIBNL_LIBS) \ - $(NULL) - -if WITH_DTRACE_PROBES -libvirtd_LDADD += ../src/libvirt_probes.lo -endif WITH_DTRACE_PROBES - -libvirtd_LDADD += \ - ../gnulib/lib/libgnu.la \ - $(LIBSOCKET) \ - $(NULL) +libvirtd_LDADD = $(REMOTE_DAEMON_LD_ADD) remote/libvirtd.conf: remote/libvirtd.conf.in $(AM_V_GEN)$(SED) \ -- 2.21.0
On Mon, 2019-07-29 at 18:10 +0100, Daniel P. Berrangé wrote: [...]
LIBSOCKET is dropped as it is only set on Windows and we don't build the libvirtd daemon under mingw.
Even though you at least mention it in the commit message...
-libvirtd_LDADD += \ - ../gnulib/lib/libgnu.la \ - $(LIBSOCKET) \ - $(NULL)
... I still feel like this should have been its own commit, since it's completely unrelated to what you're doing here. But I'm not going to insist too much, so even if you leave it as-is you still get a Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
Substitute in the @sysconfigdir@ value instead of /etc. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/locking/Makefile.inc.am | 1 + src/locking/virtlockd.service.in | 2 +- src/logging/Makefile.inc.am | 1 + src/logging/virtlogd.service.in | 2 +- src/remote/Makefile.inc.am | 8 ++++++++ src/remote/libvirtd-admin.socket.in | 2 +- src/remote/libvirtd-ro.socket.in | 2 +- src/remote/libvirtd-tcp.socket.in | 2 +- src/remote/libvirtd-tls.socket.in | 2 +- src/remote/libvirtd.aug.in | 4 ++-- src/remote/libvirtd.conf.in | 18 +++++++++--------- src/remote/libvirtd.service.in | 2 +- src/remote/libvirtd.socket.in | 2 +- src/remote/test_libvirtd.aug.in | 8 ++++---- tools/libvirt-guests.service.in | 2 +- 15 files changed, 34 insertions(+), 24 deletions(-) diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index 161410051c..bc1a05549a 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -258,6 +258,7 @@ locking/lock_daemon_dispatch_stubs.h: $(LOCK_PROTOCOL) \ virtlockd.service: locking/virtlockd.service.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]sbindir[@]|$(sbindir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@ diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index 3c9d587032..e7f8057c06 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -7,7 +7,7 @@ Documentation=man:virtlockd(8) Documentation=https://libvirt.org [Service] -EnvironmentFile=-/etc/sysconfig/virtlockd +EnvironmentFile=-@sysconfdir@/sysconfig/virtlockd ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS ExecReload=/bin/kill -USR1 $MAINPID # Loosing the locks is a really bad thing that will diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am index f0c49330f5..18772fde2f 100644 --- a/src/logging/Makefile.inc.am +++ b/src/logging/Makefile.inc.am @@ -122,6 +122,7 @@ virtlogd.8.in: logging/virtlogd.pod virtlogd.service: logging/virtlogd.service.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]sbindir[@]|$(sbindir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@ diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index 3d9ae36150..daff48e67d 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -7,7 +7,7 @@ Documentation=man:virtlogd(8) Documentation=https://libvirt.org [Service] -EnvironmentFile=-/etc/sysconfig/virtlogd +EnvironmentFile=-@sysconfdir@/sysconfig/virtlogd ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS ExecReload=/bin/kill -USR1 $MAINPID # Loosing the logs is a really bad thing that will diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 0ec7abb880..fc04af5cb5 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -194,6 +194,7 @@ remote/libvirtd.conf: remote/libvirtd.conf.in $(AM_V_GEN)$(SED) \ -e '/[@]CUT_ENABLE_IP[@]/d' \ -e '/[@]END[@]/d' \ + -e 's|[@]sysconfdir[@]|@sysconfdir@|' \ -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ < $< > $@ @@ -209,6 +210,7 @@ remote/libvirtd.aug: remote/libvirtd.aug.in $(AM_V_GEN)$(SED) \ -e '/[@]CUT_ENABLE_IP[@]/d' \ -e '/[@]END[@]/d' \ + -e 's|[@]sysconfdir[@]|@sysconfdir@|' \ -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ $< > $@ @@ -219,6 +221,7 @@ remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ $(srcdir)/remote/test_libvirtd.aug.in | \ $(SED) -e '/[@]CUT_ENABLE_IP[@]/d' \ -e '/[@]END[@]/d' \ + -e 's|[@]sysconfdir[@]|@sysconfdir@|' \ -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ > $@ || rm -f $@ @@ -300,30 +303,35 @@ libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status libvirtd.socket: remote/libvirtd.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@ libvirtd-ro.socket: remote/libvirtd-ro.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@ libvirtd-admin.socket: remote/libvirtd-admin.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@ libvirtd-tcp.socket: remote/libvirtd-tcp.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@ libvirtd-tls.socket: remote/libvirtd-tls.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@ diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index 307c9ba24b..bbab4ea355 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -5,7 +5,7 @@ BindsTo=libvirtd.socket After=libvirtd.socket [Socket] -# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting +# The directory must match the @sysconfdir@/libvirt/libvirtd.conf unix_sock_dir setting # when using systemd version < 227 ListenStream=@localstatedir@/run/libvirt/libvirt-admin-sock Service=libvirtd.service diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index 876daf0c9c..5f8b1892d5 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -5,7 +5,7 @@ BindsTo=libvirtd.socket After=libvirtd.socket [Socket] -# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting +# The directory must match the @sysconfdir@/libvirt/libvirtd.conf unix_sock_dir setting # when using systemd version < 227 ListenStream=@localstatedir@/run/libvirt/libvirt-sock-ro Service=libvirtd.service diff --git a/src/remote/libvirtd-tcp.socket.in b/src/remote/libvirtd-tcp.socket.in index 16a4764283..1103036c45 100644 --- a/src/remote/libvirtd-tcp.socket.in +++ b/src/remote/libvirtd-tcp.socket.in @@ -5,7 +5,7 @@ BindsTo=libvirtd.socket After=libvirtd.socket [Socket] -# This must match the /etc/libvirt/libvirtd.conf tcp_port setting +# This must match the @sysconfdir@/libvirt/libvirtd.conf tcp_port setting # when using systemd version < 227 ListenStream=16509 Service=libvirtd.service diff --git a/src/remote/libvirtd-tls.socket.in b/src/remote/libvirtd-tls.socket.in index e904583cf9..e2b1f839de 100644 --- a/src/remote/libvirtd-tls.socket.in +++ b/src/remote/libvirtd-tls.socket.in @@ -5,7 +5,7 @@ BindsTo=libvirtd.socket After=libvirtd.socket [Socket] -# This must match the /etc/libvirt/libvirtd.conf tls_port setting +# This must match the @sysconfdir@/libvirt/libvirtd.conf tls_port setting # when using systemd version < 227 ListenStream=16514 Service=libvirtd.service diff --git a/src/remote/libvirtd.aug.in b/src/remote/libvirtd.aug.in index eec3433f29..23a01c41e2 100644 --- a/src/remote/libvirtd.aug.in +++ b/src/remote/libvirtd.aug.in @@ -1,4 +1,4 @@ -(* /etc/libvirt/@DAEMON_NAME@.conf *) +(* @sysconfdir@/libvirt/@DAEMON_NAME@.conf *) module @DAEMON_NAME_UC@ = autoload xfm @@ -114,7 +114,7 @@ module @DAEMON_NAME_UC@ = let lns = ( record | comment | empty ) * - let filter = incl "/etc/libvirt/@DAEMON_NAME@.conf" + let filter = incl "@sysconfdir@/libvirt/@DAEMON_NAME@.conf" . Util.stdexcl let xfm = transform lns filter diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in index e351a8c190..71c4ce1bfd 100644 --- a/src/remote/libvirtd.conf.in +++ b/src/remote/libvirtd.conf.in @@ -134,7 +134,7 @@ # the network providing auth (eg, TLS/x509 certificates) # # - sasl: use SASL infrastructure. The actual auth scheme is then -# controlled from /etc/sasl2/libvirt.conf. For the TCP +# controlled from @sysconfdir@/sasl2/libvirt.conf. For the TCP # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. # For non-TCP or TLS sockets, any scheme is allowed. # @@ -166,7 +166,7 @@ # If you don't enable SASL, then all TCP traffic is cleartext. # Don't do this outside of a dev/test scenario. For real world # use, always enable SASL and use the GSSAPI or DIGEST-MD5 -# mechanism in /etc/sasl2/libvirt.conf +# mechanism in @sysconfdir@/sasl2/libvirt.conf #auth_tcp = "sasl" # Change the authentication scheme for TLS sockets. @@ -199,10 +199,10 @@ # Use of TLS requires that x509 certificates be issued. The default locations # for the certificate files is as follows: # -# /etc/pki/CA/cacert.pem - The CA master certificate -# /etc/pki/libvirt/servercert.pem - The server certificate signed with +# @sysconfdir@/pki/CA/cacert.pem - The CA master certificate +# @sysconfdir@/pki/libvirt/servercert.pem - The server certificate signed with # the cacert.pem -# /etc/pki/libvirt/private/serverkey.pem - The server private key +# @sysconfdir@/pki/libvirt/private/serverkey.pem - The server private key # # It is possible to override the default locations by altering the 'key_file', # 'cert_file', and 'ca_file' values and uncommenting them below. @@ -213,20 +213,20 @@ # Override the default server key file path # -#key_file = "/etc/pki/libvirt/private/serverkey.pem" +#key_file = "@sysconfdir@/pki/libvirt/private/serverkey.pem" # Override the default server certificate file path # -#cert_file = "/etc/pki/libvirt/servercert.pem" +#cert_file = "@sysconfdir@/pki/libvirt/servercert.pem" # Override the default CA certificate path # -#ca_file = "/etc/pki/CA/cacert.pem" +#ca_file = "@sysconfdir@/pki/CA/cacert.pem" # Specify a certificate revocation list. # # Defaults to not using a CRL, uncomment to enable it -#crl_file = "/etc/pki/CA/crl.pem" +#crl_file = "@sysconfdir@/pki/CA/crl.pem" diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 3ddf0e229b..20d6f84d27 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -20,7 +20,7 @@ Documentation=https://libvirt.org [Service] Type=notify -EnvironmentFile=-/etc/sysconfig/libvirtd +EnvironmentFile=-@sysconfdir@/sysconfig/libvirtd # libvirtd.service is set to run on boot so that autostart of # VMs can be performed. We don't want it to stick around if # unused though, so we set a timeout. The socket activation diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in index 2ee4d7d7a2..872f70eb21 100644 --- a/src/remote/libvirtd.socket.in +++ b/src/remote/libvirtd.socket.in @@ -3,7 +3,7 @@ Description=Libvirt local socket Before=libvirtd.service [Socket] -# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting +# The directory must match the @sysconfdir@/libvirt/libvirtd.conf unix_sock_dir setting # when using systemd version < 227 ListenStream=@localstatedir@/run/libvirt/libvirt-sock Service=libvirtd.service diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in index 2fd809af4a..fc9fb69b67 100644 --- a/src/remote/test_libvirtd.aug.in +++ b/src/remote/test_libvirtd.aug.in @@ -24,10 +24,10 @@ module Test_@DAEMON_NAME@ = { "1" = "polkit" } } @CUT_ENABLE_IP@ - { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" } - { "cert_file" = "/etc/pki/libvirt/servercert.pem" } - { "ca_file" = "/etc/pki/CA/cacert.pem" } - { "crl_file" = "/etc/pki/CA/crl.pem" } + { "key_file" = "@sysconfdir@/pki/libvirt/private/serverkey.pem" } + { "cert_file" = "@sysconfdir@/pki/libvirt/servercert.pem" } + { "ca_file" = "@sysconfdir@/pki/CA/cacert.pem" } + { "crl_file" = "@sysconfdir@/pki/CA/crl.pem" } { "tls_no_sanity_certificate" = "1" } { "tls_no_verify_certificate" = "1" } { "tls_allowed_dn_list" diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in index 491ca62138..10c664016a 100644 --- a/tools/libvirt-guests.service.in +++ b/tools/libvirt-guests.service.in @@ -10,7 +10,7 @@ Documentation=man:libvirtd(8) Documentation=https://libvirt.org [Service] -EnvironmentFile=-/etc/sysconfig/libvirt-guests +EnvironmentFile=-@sysconfdir@/sysconfig/libvirt-guests # Hack just call traditional service until we factor # out the code ExecStart=@libexecdir@/libvirt-guests.sh start -- 2.21.0
LGTM Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> Daniel P. Berrangé writes:
Substitute in the @sysconfigdir@ value instead of /etc.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/locking/Makefile.inc.am | 1 + src/locking/virtlockd.service.in | 2 +- src/logging/Makefile.inc.am | 1 + src/logging/virtlogd.service.in | 2 +- src/remote/Makefile.inc.am | 8 ++++++++ src/remote/libvirtd-admin.socket.in | 2 +- src/remote/libvirtd-ro.socket.in | 2 +- src/remote/libvirtd-tcp.socket.in | 2 +- src/remote/libvirtd-tls.socket.in | 2 +- src/remote/libvirtd.aug.in | 4 ++-- src/remote/libvirtd.conf.in | 18 +++++++++--------- src/remote/libvirtd.service.in | 2 +- src/remote/libvirtd.socket.in | 2 +- src/remote/test_libvirtd.aug.in | 8 ++++---- tools/libvirt-guests.service.in | 2 +- 15 files changed, 34 insertions(+), 24 deletions(-)
diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index 161410051c..bc1a05549a 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -258,6 +258,7 @@ locking/lock_daemon_dispatch_stubs.h: $(LOCK_PROTOCOL) \ virtlockd.service: locking/virtlockd.service.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]sbindir[@]|$(sbindir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@
diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index 3c9d587032..e7f8057c06 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -7,7 +7,7 @@ Documentation=man:virtlockd(8) Documentation=https://libvirt.org
[Service] -EnvironmentFile=-/etc/sysconfig/virtlockd +EnvironmentFile=-@sysconfdir@/sysconfig/virtlockd ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS ExecReload=/bin/kill -USR1 $MAINPID # Loosing the locks is a really bad thing that will diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am index f0c49330f5..18772fde2f 100644 --- a/src/logging/Makefile.inc.am +++ b/src/logging/Makefile.inc.am @@ -122,6 +122,7 @@ virtlogd.8.in: logging/virtlogd.pod virtlogd.service: logging/virtlogd.service.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]sbindir[@]|$(sbindir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@
diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index 3d9ae36150..daff48e67d 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -7,7 +7,7 @@ Documentation=man:virtlogd(8) Documentation=https://libvirt.org
[Service] -EnvironmentFile=-/etc/sysconfig/virtlogd +EnvironmentFile=-@sysconfdir@/sysconfig/virtlogd ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS ExecReload=/bin/kill -USR1 $MAINPID # Loosing the logs is a really bad thing that will diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 0ec7abb880..fc04af5cb5 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -194,6 +194,7 @@ remote/libvirtd.conf: remote/libvirtd.conf.in $(AM_V_GEN)$(SED) \ -e '/[@]CUT_ENABLE_IP[@]/d' \ -e '/[@]END[@]/d' \ + -e 's|[@]sysconfdir[@]|@sysconfdir@|' \ -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ < $< > $@
@@ -209,6 +210,7 @@ remote/libvirtd.aug: remote/libvirtd.aug.in $(AM_V_GEN)$(SED) \ -e '/[@]CUT_ENABLE_IP[@]/d' \ -e '/[@]END[@]/d' \ + -e 's|[@]sysconfdir[@]|@sysconfdir@|' \ -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ $< > $@ @@ -219,6 +221,7 @@ remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ $(srcdir)/remote/test_libvirtd.aug.in | \ $(SED) -e '/[@]CUT_ENABLE_IP[@]/d' \ -e '/[@]END[@]/d' \ + -e 's|[@]sysconfdir[@]|@sysconfdir@|' \ -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ > $@ || rm -f $@ @@ -300,30 +303,35 @@ libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status libvirtd.socket: remote/libvirtd.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@
libvirtd-ro.socket: remote/libvirtd-ro.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@
libvirtd-admin.socket: remote/libvirtd-admin.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@
libvirtd-tcp.socket: remote/libvirtd-tcp.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@
libvirtd-tls.socket: remote/libvirtd-tls.socket.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ < $< > $@-t && \ mv $@-t $@
diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index 307c9ba24b..bbab4ea355 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -5,7 +5,7 @@ BindsTo=libvirtd.socket After=libvirtd.socket
[Socket] -# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting +# The directory must match the @sysconfdir@/libvirt/libvirtd.conf unix_sock_dir setting # when using systemd version < 227 ListenStream=@localstatedir@/run/libvirt/libvirt-admin-sock Service=libvirtd.service diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index 876daf0c9c..5f8b1892d5 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -5,7 +5,7 @@ BindsTo=libvirtd.socket After=libvirtd.socket
[Socket] -# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting +# The directory must match the @sysconfdir@/libvirt/libvirtd.conf unix_sock_dir setting # when using systemd version < 227 ListenStream=@localstatedir@/run/libvirt/libvirt-sock-ro Service=libvirtd.service diff --git a/src/remote/libvirtd-tcp.socket.in b/src/remote/libvirtd-tcp.socket.in index 16a4764283..1103036c45 100644 --- a/src/remote/libvirtd-tcp.socket.in +++ b/src/remote/libvirtd-tcp.socket.in @@ -5,7 +5,7 @@ BindsTo=libvirtd.socket After=libvirtd.socket
[Socket] -# This must match the /etc/libvirt/libvirtd.conf tcp_port setting +# This must match the @sysconfdir@/libvirt/libvirtd.conf tcp_port setting # when using systemd version < 227 ListenStream=16509 Service=libvirtd.service diff --git a/src/remote/libvirtd-tls.socket.in b/src/remote/libvirtd-tls.socket.in index e904583cf9..e2b1f839de 100644 --- a/src/remote/libvirtd-tls.socket.in +++ b/src/remote/libvirtd-tls.socket.in @@ -5,7 +5,7 @@ BindsTo=libvirtd.socket After=libvirtd.socket
[Socket] -# This must match the /etc/libvirt/libvirtd.conf tls_port setting +# This must match the @sysconfdir@/libvirt/libvirtd.conf tls_port setting # when using systemd version < 227 ListenStream=16514 Service=libvirtd.service diff --git a/src/remote/libvirtd.aug.in b/src/remote/libvirtd.aug.in index eec3433f29..23a01c41e2 100644 --- a/src/remote/libvirtd.aug.in +++ b/src/remote/libvirtd.aug.in @@ -1,4 +1,4 @@ -(* /etc/libvirt/@DAEMON_NAME@.conf *) +(* @sysconfdir@/libvirt/@DAEMON_NAME@.conf *)
module @DAEMON_NAME_UC@ = autoload xfm @@ -114,7 +114,7 @@ module @DAEMON_NAME_UC@ =
let lns = ( record | comment | empty ) *
- let filter = incl "/etc/libvirt/@DAEMON_NAME@.conf" + let filter = incl "@sysconfdir@/libvirt/@DAEMON_NAME@.conf" . Util.stdexcl
let xfm = transform lns filter diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in index e351a8c190..71c4ce1bfd 100644 --- a/src/remote/libvirtd.conf.in +++ b/src/remote/libvirtd.conf.in @@ -134,7 +134,7 @@ # the network providing auth (eg, TLS/x509 certificates) # # - sasl: use SASL infrastructure. The actual auth scheme is then -# controlled from /etc/sasl2/libvirt.conf. For the TCP +# controlled from @sysconfdir@/sasl2/libvirt.conf. For the TCP # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. # For non-TCP or TLS sockets, any scheme is allowed. # @@ -166,7 +166,7 @@ # If you don't enable SASL, then all TCP traffic is cleartext. # Don't do this outside of a dev/test scenario. For real world # use, always enable SASL and use the GSSAPI or DIGEST-MD5 -# mechanism in /etc/sasl2/libvirt.conf +# mechanism in @sysconfdir@/sasl2/libvirt.conf #auth_tcp = "sasl"
# Change the authentication scheme for TLS sockets. @@ -199,10 +199,10 @@ # Use of TLS requires that x509 certificates be issued. The default locations # for the certificate files is as follows: # -# /etc/pki/CA/cacert.pem - The CA master certificate -# /etc/pki/libvirt/servercert.pem - The server certificate signed with +# @sysconfdir@/pki/CA/cacert.pem - The CA master certificate +# @sysconfdir@/pki/libvirt/servercert.pem - The server certificate signed with # the cacert.pem -# /etc/pki/libvirt/private/serverkey.pem - The server private key +# @sysconfdir@/pki/libvirt/private/serverkey.pem - The server private key # # It is possible to override the default locations by altering the 'key_file', # 'cert_file', and 'ca_file' values and uncommenting them below. @@ -213,20 +213,20 @@
# Override the default server key file path # -#key_file = "/etc/pki/libvirt/private/serverkey.pem" +#key_file = "@sysconfdir@/pki/libvirt/private/serverkey.pem"
# Override the default server certificate file path # -#cert_file = "/etc/pki/libvirt/servercert.pem" +#cert_file = "@sysconfdir@/pki/libvirt/servercert.pem"
# Override the default CA certificate path # -#ca_file = "/etc/pki/CA/cacert.pem" +#ca_file = "@sysconfdir@/pki/CA/cacert.pem"
# Specify a certificate revocation list. # # Defaults to not using a CRL, uncomment to enable it -#crl_file = "/etc/pki/CA/crl.pem" +#crl_file = "@sysconfdir@/pki/CA/crl.pem"
diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 3ddf0e229b..20d6f84d27 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -20,7 +20,7 @@ Documentation=https://libvirt.org
[Service] Type=notify -EnvironmentFile=-/etc/sysconfig/libvirtd +EnvironmentFile=-@sysconfdir@/sysconfig/libvirtd # libvirtd.service is set to run on boot so that autostart of # VMs can be performed. We don't want it to stick around if # unused though, so we set a timeout. The socket activation diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in index 2ee4d7d7a2..872f70eb21 100644 --- a/src/remote/libvirtd.socket.in +++ b/src/remote/libvirtd.socket.in @@ -3,7 +3,7 @@ Description=Libvirt local socket Before=libvirtd.service
[Socket] -# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting +# The directory must match the @sysconfdir@/libvirt/libvirtd.conf unix_sock_dir setting # when using systemd version < 227 ListenStream=@localstatedir@/run/libvirt/libvirt-sock Service=libvirtd.service diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in index 2fd809af4a..fc9fb69b67 100644 --- a/src/remote/test_libvirtd.aug.in +++ b/src/remote/test_libvirtd.aug.in @@ -24,10 +24,10 @@ module Test_@DAEMON_NAME@ = { "1" = "polkit" } } @CUT_ENABLE_IP@ - { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" } - { "cert_file" = "/etc/pki/libvirt/servercert.pem" } - { "ca_file" = "/etc/pki/CA/cacert.pem" } - { "crl_file" = "/etc/pki/CA/crl.pem" } + { "key_file" = "@sysconfdir@/pki/libvirt/private/serverkey.pem" } + { "cert_file" = "@sysconfdir@/pki/libvirt/servercert.pem" } + { "ca_file" = "@sysconfdir@/pki/CA/cacert.pem" } + { "crl_file" = "@sysconfdir@/pki/CA/crl.pem" } { "tls_no_sanity_certificate" = "1" } { "tls_no_verify_certificate" = "1" } { "tls_allowed_dn_list" diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in index 491ca62138..10c664016a 100644 --- a/tools/libvirt-guests.service.in +++ b/tools/libvirt-guests.service.in @@ -10,7 +10,7 @@ Documentation=man:libvirtd(8) Documentation=https://libvirt.org
[Service] -EnvironmentFile=-/etc/sysconfig/libvirt-guests +EnvironmentFile=-@sysconfdir@/sysconfig/libvirt-guests # Hack just call traditional service until we factor # out the code ExecStart=@libexecdir@/libvirt-guests.sh start -- 2.21.0
-- Cheers, Christophe de Dinechin (IRC c3d)
On Mon, 2019-07-29 at 18:10 +0100, Daniel P. Berrangé wrote:
Substitute in the @sysconfigdir@ value instead of /etc.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/locking/Makefile.inc.am | 1 + src/locking/virtlockd.service.in | 2 +- src/logging/Makefile.inc.am | 1 + src/logging/virtlogd.service.in | 2 +- src/remote/Makefile.inc.am | 8 ++++++++ src/remote/libvirtd-admin.socket.in | 2 +- src/remote/libvirtd-ro.socket.in | 2 +- src/remote/libvirtd-tcp.socket.in | 2 +- src/remote/libvirtd-tls.socket.in | 2 +- src/remote/libvirtd.aug.in | 4 ++-- src/remote/libvirtd.conf.in | 18 +++++++++--------- src/remote/libvirtd.service.in | 2 +- src/remote/libvirtd.socket.in | 2 +- src/remote/test_libvirtd.aug.in | 8 ++++---- tools/libvirt-guests.service.in | 2 +- 15 files changed, 34 insertions(+), 24 deletions(-)
After this patch, and indeed even after the entire series has been applied, there are still a few instances left: src/locking/libvirt_lockd.aug:(* /etc/libvirt/qemu-lockd.conf *) src/locking/libvirt_lockd.aug: let filter = incl "/etc/libvirt/qemu-lockd.conf" src/locking/libvirt_sanlock.aug:(* /etc/libvirt/qemu-sanlock.conf *) src/locking/libvirt_sanlock.aug: let filter = incl "/etc/libvirt/qemu-sanlock.conf" src/locking/virtlockd.aug:(* /etc/libvirt/virtlockd.conf *) src/locking/virtlockd.aug: let filter = incl "/etc/libvirt/virtlockd.conf" src/logging/virtlogd.aug:(* /etc/libvirt/virtlogd.conf *) src/logging/virtlogd.aug: let filter = incl "/etc/libvirt/virtlogd.conf" src/remote/libvirtd.sasl:keytab: /etc/libvirt/krb5.tab src/remote/libvirtd.sasl:#sasldb_path: /etc/libvirt/passwd.db src/remote/libvirtd.sysconf:#KRB5_KTNAME=/etc/libvirt/krb5.tab src/remote/libvirtd.sysconf:# is enabled in /etc/libvirt/qemu.conf Addressing the first bunch would also mean aligning virtlogd and virtlockd with the rest of the daemons, which is a good thing. Ideally we'd switch those files to being generated in a perparatory patch and then update them along with everything else in this one, but if you prefer doing it as a follow-up given how big this series is already I'm okay with that as well. In any case Reviewed-by: Andrea Bolognani <abologna@redhat.com> for these changes. -- Andrea Bolognani / Red Hat / Virtualization
On Mon, 2019-07-29 at 18:10 +0100, Daniel P. Berrangé wrote:
+++ b/src/remote/libvirtd.conf.in # Use of TLS requires that x509 certificates be issued. The default locations # for the certificate files is as follows: # -# /etc/pki/CA/cacert.pem - The CA master certificate -# /etc/pki/libvirt/servercert.pem - The server certificate signed with +# @sysconfdir@/pki/CA/cacert.pem - The CA master certificate +# @sysconfdir@/pki/libvirt/servercert.pem - The server certificate signed with # the cacert.pem
Forgot to point out you just broke alignment for this line. I suggest moving to the same /some/path: description format used in the 'libvirtd --help' output to work around the problem. -- Andrea Bolognani / Red Hat / Virtualization
The make rules for the systemd socket unit files are all essentially identical and can be collapsed into a single generic rule. The service unit file rule can be simplified too. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/Makefile.am | 6 +++++ src/remote/Makefile.inc.am | 49 +++++++------------------------------- 2 files changed, 14 insertions(+), 41 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 255e8e2b57..b4544b12a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -89,6 +89,12 @@ man8_MANS = DRIVER_SOURCES = man7_MANS = +COMMON_UNIT_VARS = \ + -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sbindir[@]|$(sbindir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ + $(NULL) + include util/Makefile.inc.am include conf/Makefile.inc.am include cpu/Makefile.inc.am diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index fc04af5cb5..0c6d859a41 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -292,48 +292,15 @@ INSTALL_DATA_LOCAL += install-sasl UNINSTALL_LOCAL += uninstall-sasl endif WITH_SASL +LIBVIRTD_UNIT_VARS = \ + $(COMMON_UNIT_VARS) \ + $(NULL) + libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sbindir[@]|$(sbindir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd.socket: remote/libvirtd.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd-ro.socket: remote/libvirtd-ro.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd-admin.socket: remote/libvirtd-admin.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd-tcp.socket: remote/libvirtd-tcp.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd-tls.socket: remote/libvirtd-tls.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ + $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +libvirt%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@ virt-guest-shutdown.target: remote/virt-guest-shutdown.target.in \ $(top_builddir)/config.status -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> Daniel P. Berrangé writes:
The make rules for the systemd socket unit files are all essentially identical and can be collapsed into a single generic rule. The service unit file rule can be simplified too.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/Makefile.am | 6 +++++ src/remote/Makefile.inc.am | 49 +++++++------------------------------- 2 files changed, 14 insertions(+), 41 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am index 255e8e2b57..b4544b12a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -89,6 +89,12 @@ man8_MANS = DRIVER_SOURCES = man7_MANS =
+COMMON_UNIT_VARS = \ + -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ + -e 's|[@]sbindir[@]|$(sbindir)|g' \ + -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ + $(NULL) + include util/Makefile.inc.am include conf/Makefile.inc.am include cpu/Makefile.inc.am diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index fc04af5cb5..0c6d859a41 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -292,48 +292,15 @@ INSTALL_DATA_LOCAL += install-sasl UNINSTALL_LOCAL += uninstall-sasl endif WITH_SASL
+LIBVIRTD_UNIT_VARS = \ + $(COMMON_UNIT_VARS) \ + $(NULL) + libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sbindir[@]|$(sbindir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd.socket: remote/libvirtd.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd-ro.socket: remote/libvirtd-ro.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd-admin.socket: remote/libvirtd-admin.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd-tcp.socket: remote/libvirtd-tcp.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ - -libvirtd-tls.socket: remote/libvirtd-tls.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed \ - -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ - -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \ - < $< > $@-t && \ - mv $@-t $@ + $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +libvirt%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@
virt-guest-shutdown.target: remote/virt-guest-shutdown.target.in \ $(top_builddir)/config.status -- 2.21.0
-- Cheers, Christophe de Dinechin (IRC c3d)
Prepare for reusing libvirtd socket unit files with other daemons by making various parts of their config conditionally defined by the make rules. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 4 ++++ src/remote/libvirtd-admin.socket.in | 15 ++++++++------- src/remote/libvirtd-ro.socket.in | 15 ++++++++------- src/remote/libvirtd-tcp.socket.in | 13 +++++++------ src/remote/libvirtd-tls.socket.in | 13 +++++++------ src/remote/libvirtd.socket.in | 11 ++++++----- 6 files changed, 40 insertions(+), 31 deletions(-) diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 0c6d859a41..0e9c0b9e1b 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -294,6 +294,10 @@ endif WITH_SASL LIBVIRTD_UNIT_VARS = \ $(COMMON_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt|g' \ + -e 's|[@]service[@]|libvirtd|g' \ + -e 's|[@]sockprefix[@]|libvirt|g' \ + -e 's|[@]deps[@]||g' \ $(NULL) libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index bbab4ea355..dcce7fdc93 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -1,14 +1,15 @@ [Unit] -Description=Libvirt admin socket -Before=libvirtd.service -BindsTo=libvirtd.socket -After=libvirtd.socket +Description=@name@ admin socket +Before=@service@.service +BindsTo=@service@.socket +After=@service@.socket +@deps@ [Socket] -# The directory must match the @sysconfdir@/libvirt/libvirtd.conf unix_sock_dir setting +# The directory must match the @sysconfdir@/libvirt/@service@.conf unix_sock_dir setting # when using systemd version < 227 -ListenStream=@localstatedir@/run/libvirt/libvirt-admin-sock -Service=libvirtd.service +ListenStream=@localstatedir@/run/libvirt/@sockprefix@-admin-sock +Service=@service@.service SocketMode=0600 [Install] diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index 5f8b1892d5..a287f78201 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -1,14 +1,15 @@ [Unit] -Description=Libvirt local read-only socket -Before=libvirtd.service -BindsTo=libvirtd.socket -After=libvirtd.socket +Description=@name@ local read-only socket +Before=@service@.service +BindsTo=@service@.socket +After=@service@.socket +@deps@ [Socket] -# The directory must match the @sysconfdir@/libvirt/libvirtd.conf unix_sock_dir setting +# The directory must match the @sysconfdir@/libvirt/@service@.conf unix_sock_dir setting # when using systemd version < 227 -ListenStream=@localstatedir@/run/libvirt/libvirt-sock-ro -Service=libvirtd.service +ListenStream=@localstatedir@/run/libvirt/@sockprefix@-sock-ro +Service=@service@.service SocketMode=0666 [Install] diff --git a/src/remote/libvirtd-tcp.socket.in b/src/remote/libvirtd-tcp.socket.in index 1103036c45..dd60317d47 100644 --- a/src/remote/libvirtd-tcp.socket.in +++ b/src/remote/libvirtd-tcp.socket.in @@ -1,14 +1,15 @@ [Unit] -Description=Libvirt non-TLS IP socket -Before=libvirtd.service -BindsTo=libvirtd.socket -After=libvirtd.socket +Description=@name@ non-TLS IP socket +Before=@service@.service +BindsTo=@service@.socket +After=@service@.socket +@deps@ [Socket] -# This must match the @sysconfdir@/libvirt/libvirtd.conf tcp_port setting +# This must match the @sysconfdir@/libvirt/@service@.conf tcp_port setting # when using systemd version < 227 ListenStream=16509 -Service=libvirtd.service +Service=@service@.service [Install] WantedBy=sockets.target diff --git a/src/remote/libvirtd-tls.socket.in b/src/remote/libvirtd-tls.socket.in index e2b1f839de..8b89737fff 100644 --- a/src/remote/libvirtd-tls.socket.in +++ b/src/remote/libvirtd-tls.socket.in @@ -1,14 +1,15 @@ [Unit] -Description=Libvirt TLS IP socket -Before=libvirtd.service -BindsTo=libvirtd.socket -After=libvirtd.socket +Description=@name@ TLS IP socket +Before=@service@.service +BindsTo=@service@.socket +After=@service@.socket +@deps@ [Socket] -# This must match the @sysconfdir@/libvirt/libvirtd.conf tls_port setting +# This must match the @sysconfdir@/libvirt/@service@.conf tls_port setting # when using systemd version < 227 ListenStream=16514 -Service=libvirtd.service +Service=@service@.service [Install] WantedBy=sockets.target diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in index 872f70eb21..cb61409e23 100644 --- a/src/remote/libvirtd.socket.in +++ b/src/remote/libvirtd.socket.in @@ -1,12 +1,13 @@ [Unit] -Description=Libvirt local socket -Before=libvirtd.service +Description=@name@ local socket +Before=@service@.service +@deps@ [Socket] -# The directory must match the @sysconfdir@/libvirt/libvirtd.conf unix_sock_dir setting +# The directory must match the @sysconfdir@/libvirt/@service@.conf unix_sock_dir setting # when using systemd version < 227 -ListenStream=@localstatedir@/run/libvirt/libvirt-sock -Service=libvirtd.service +ListenStream=@localstatedir@/run/libvirt/@sockprefix@-sock +Service=@service@.service SocketMode=0666 [Install] -- 2.21.0
The make logic assumes that the SYSTEMD_UNIT_FILES var can be built from SYSTEMD_UNIT_FILES_IN by simply dropping the directory prefix and the .in suffix. This won't work in future when a single .in unit file can be used to generate multiple different units. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/Makefile.am | 2 +- src/locking/Makefile.inc.am | 5 ++++- src/logging/Makefile.inc.am | 5 ++++- src/remote/Makefile.inc.am | 5 ++++- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index b4544b12a7..5bbd85ecef 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -82,6 +82,7 @@ RPC_PROBE_FILES = LOGROTATE_FILES_IN = PODFILES = MANINFILES = +SYSTEMD_UNIT_FILES = SYSTEMD_UNIT_FILES_IN = SYSCONF_FILES = sbin_PROGRAMS = @@ -838,7 +839,6 @@ if WITH_LIBVIRTD if LIBVIRT_INIT_SCRIPT_SYSTEMD SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system -SYSTEMD_UNIT_FILES = $(notdir $(SYSTEMD_UNIT_FILES_IN:%.in=%)) BUILT_SOURCES += $(SYSTEMD_UNIT_FILES) DISTCLEANFILES += $(SYSTEMD_UNIT_FILES) diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index bc1a05549a..37d0e79f40 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -77,12 +77,15 @@ MANINFILES += virtlockd.8.in CLEANFILES += $(man8_MANS) MAINTAINERCLEANFILES += $(MANINFILES) -SYSTEMD_UNIT_FILES_IN += \ +VIRTLOCKD_UNIT_FILES_IN = \ locking/virtlockd.service.in \ locking/virtlockd.socket.in \ locking/virtlockd-admin.socket.in \ $(NULL) +SYSTEMD_UNIT_FILES += $(notdir $(VIRTLOCKD_UNIT_FILES_IN:%.in=%)) +SYSTEMD_UNIT_FILES_IN += $(VIRTLOCKD_UNIT_FILES_IN) + lockdriverdir = $(libdir)/libvirt/lock-driver lockdriver_LTLIBRARIES = diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am index 18772fde2f..b952021d00 100644 --- a/src/logging/Makefile.inc.am +++ b/src/logging/Makefile.inc.am @@ -50,12 +50,15 @@ PODFILES += logging/virtlogd.pod MANINFILES += virtlogd.8.in SYSCONF_FILES += logging/virtlogd.sysconf -SYSTEMD_UNIT_FILES_IN += \ +VIRTLOGD_UNIT_FILES_IN = \ logging/virtlogd.service.in \ logging/virtlogd.socket.in \ logging/virtlogd-admin.socket.in \ $(NULL) +SYSTEMD_UNIT_FILES += $(notdir $(VIRTLOGD_UNIT_FILES_IN:%.in=%)) +SYSTEMD_UNIT_FILES_IN += $(VIRTLOGD_UNIT_FILES_IN) + if WITH_LIBVIRTD sbin_PROGRAMS += virtlogd diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 0e9c0b9e1b..c9c3c7203a 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -89,7 +89,7 @@ SYSCONF_FILES += remote/libvirtd.sysconf PODFILES += remote/libvirtd.pod MANINFILES += libvirtd.8.in -SYSTEMD_UNIT_FILES_IN += \ +LIBVIRTD_UNIT_FILES_IN = \ remote/libvirtd.service.in \ remote/libvirtd.socket.in \ remote/libvirtd-ro.socket.in \ @@ -99,6 +99,9 @@ SYSTEMD_UNIT_FILES_IN += \ remote/virt-guest-shutdown.target.in \ $(NULL) +SYSTEMD_UNIT_FILES += $(notdir $(LIBVIRTD_UNIT_FILES_IN:%.in=%)) +SYSTEMD_UNIT_FILES_IN += $(LIBVIRTD_UNIT_FILES_IN) + REMOTE_PROTOCOL = $(srcdir)/remote/remote_protocol.x LXC_PROTOCOL = $(srcdir)/remote/lxc_protocol.x QEMU_PROTOCOL = $(srcdir)/remote/qemu_protocol.x -- 2.21.0
When running in libvirtd, we are happy for any of the drivers to simply skip their initialization in virStateInitialize, as other drivers are still potentially useful. When running in per-driver daemons though, we want the daemon to abort startup if the driver cannot initialize itself, as the daemon will be useless without it. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/bhyve/bhyve_driver.c | 10 +++++----- src/driver-state.h | 8 +++++++- src/interface/interface_backend_netcf.c | 8 ++++---- src/interface/interface_backend_udev.c | 4 ++-- src/libvirt.c | 15 ++++++++++++--- src/libvirt_internal.h | 1 + src/libxl/libxl_driver.c | 10 +++++----- src/lxc/lxc_driver.c | 12 ++++++------ src/network/bridge_driver.c | 4 ++-- src/node_device/node_device_hal.c | 12 ++++++------ src/node_device/node_device_udev.c | 8 ++++---- src/nwfilter/nwfilter_driver.c | 12 ++++++------ src/qemu/qemu_driver.c | 8 ++++---- src/remote/remote_daemon.c | 6 ++++++ src/remote/remote_driver.c | 2 +- src/secret/secret_driver.c | 8 ++++---- src/storage/storage_driver.c | 8 ++++---- src/vz/vz_driver.c | 14 +++++++------- 18 files changed, 86 insertions(+), 64 deletions(-) diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c index 5387ac5570..e2c1b00080 100644 --- a/src/bhyve/bhyve_driver.c +++ b/src/bhyve/bhyve_driver.c @@ -1220,16 +1220,16 @@ bhyveStateInitialize(bool privileged, { if (!privileged) { VIR_INFO("Not running privileged, disabling driver"); - return 0; + return VIR_DRV_STATE_INIT_SKIPPED; } if (VIR_ALLOC(bhyve_driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; bhyve_driver->lockFD = -1; if (virMutexInit(&bhyve_driver->lock) < 0) { VIR_FREE(bhyve_driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } if (!(bhyve_driver->closeCallbacks = virCloseCallbacksNew())) @@ -1303,11 +1303,11 @@ bhyveStateInitialize(bool privileged, bhyveAutostartDomains(bhyve_driver); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; cleanup: bhyveStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } unsigned diff --git a/src/driver-state.h b/src/driver-state.h index 974b2252ee..69e2678dfc 100644 --- a/src/driver-state.h +++ b/src/driver-state.h @@ -24,7 +24,13 @@ # error "Don't include this file directly, only use driver.h" #endif -typedef int +typedef enum { + VIR_DRV_STATE_INIT_ERROR = -1, + VIR_DRV_STATE_INIT_SKIPPED, + VIR_DRV_STATE_INIT_COMPLETE, +} virDrvStateInitResult; + +typedef virDrvStateInitResult (*virDrvStateInitialize)(bool privileged, virStateInhibitCallback callback, void *opaque); diff --git a/src/interface/interface_backend_netcf.c b/src/interface/interface_backend_netcf.c index 0000587cee..eb509ccc13 100644 --- a/src/interface/interface_backend_netcf.c +++ b/src/interface/interface_backend_netcf.c @@ -93,10 +93,10 @@ netcfStateInitialize(bool privileged, void *opaque ATTRIBUTE_UNUSED) { if (virNetcfDriverStateInitialize() < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; if (!(driver = virObjectLockableNew(virNetcfDriverStateClass))) - return -1; + return VIR_DRV_STATE_INIT_ERROR; driver->privileged = privileged; @@ -129,12 +129,12 @@ netcfStateInitialize(bool privileged, _("failed to initialize netcf")); goto error; } - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; error: virObjectUnref(driver); driver = NULL; - return -1; + return VIR_DRV_STATE_INIT_ERROR; } diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c index fea5108dbc..ef748540d1 100644 --- a/src/interface/interface_backend_udev.c +++ b/src/interface/interface_backend_udev.c @@ -1172,7 +1172,7 @@ udevStateInitialize(bool privileged, virStateInhibitCallback callback ATTRIBUTE_UNUSED, void *opaque ATTRIBUTE_UNUSED) { - int ret = -1; + int ret = VIR_DRV_STATE_INIT_ERROR; if (VIR_ALLOC(driver) < 0) goto cleanup; @@ -1210,7 +1210,7 @@ udevStateInitialize(bool privileged, } driver->privileged = privileged; - ret = 0; + ret = VIR_DRV_STATE_INIT_COMPLETE; cleanup: if (ret < 0) diff --git a/src/libvirt.c b/src/libvirt.c index f0a768fc7e..9390a767f9 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -629,6 +629,7 @@ virRegisterStateDriver(virStateDriverPtr driver) /** * virStateInitialize: * @privileged: set to true if running with root privilege, false otherwise + * @mandatory: set to true if all drivers must report success, not skipped * @callback: callback to invoke to inhibit shutdown of the daemon * @opaque: data to pass to @callback * @@ -638,6 +639,7 @@ virRegisterStateDriver(virStateDriverPtr driver) */ int virStateInitialize(bool privileged, + bool mandatory, virStateInhibitCallback callback, void *opaque) { @@ -648,15 +650,22 @@ virStateInitialize(bool privileged, for (i = 0; i < virStateDriverTabCount; i++) { if (virStateDriverTab[i]->stateInitialize) { + virDrvStateInitResult ret; VIR_DEBUG("Running global init for %s state driver", virStateDriverTab[i]->name); - if (virStateDriverTab[i]->stateInitialize(privileged, - callback, - opaque) < 0) { + ret = virStateDriverTab[i]->stateInitialize(privileged, + callback, + opaque); + VIR_DEBUG("State init result %d (mandatory=%d)", ret, mandatory); + if (ret == VIR_DRV_STATE_INIT_ERROR) { VIR_ERROR(_("Initialization of %s state driver failed: %s"), virStateDriverTab[i]->name, virGetLastErrorMessage()); return -1; + } else if (ret == VIR_DRV_STATE_INIT_SKIPPED && mandatory) { + VIR_ERROR(_("Initialization of mandatory %s state driver skipped"), + virStateDriverTab[i]->name); + return -1; } } } diff --git a/src/libvirt_internal.h b/src/libvirt_internal.h index 3f012fdd4b..4a74dbc2af 100644 --- a/src/libvirt_internal.h +++ b/src/libvirt_internal.h @@ -30,6 +30,7 @@ typedef void (*virStateInhibitCallback)(bool inhibit, void *opaque); int virStateInitialize(bool privileged, + bool mandatory, virStateInhibitCallback inhibit, void *opaque); int virStateCleanup(void); diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index 492028c487..231960b817 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -657,17 +657,17 @@ libxlStateInitialize(bool privileged, char ebuf[1024]; if (!libxlDriverShouldLoad(privileged)) - return 0; + return VIR_DRV_STATE_INIT_SKIPPED; if (VIR_ALLOC(libxl_driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; libxl_driver->lockFD = -1; if (virMutexInit(&libxl_driver->lock) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot initialize mutex")); VIR_FREE(libxl_driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } /* Allocate bitmap for vnc port reservation */ @@ -806,12 +806,12 @@ libxlStateInitialize(bool privileged, virDomainObjListForEach(libxl_driver->domains, libxlDomainManagedSaveLoad, libxl_driver); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; error: VIR_FREE(driverConf); libxlStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } static int diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index d0b6703101..0baf18f3ef 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1545,7 +1545,7 @@ static int lxcStateInitialize(bool privileged, /* Check that the user is root, silently disable if not */ if (!privileged) { VIR_INFO("Not running privileged, disabling driver"); - return 0; + return VIR_DRV_STATE_INIT_SKIPPED; } /* Check that this is a container enabled kernel */ @@ -1554,15 +1554,15 @@ static int lxcStateInitialize(bool privileged, VIR_PROCESS_NAMESPACE_UTS | VIR_PROCESS_NAMESPACE_IPC) < 0) { VIR_INFO("LXC support not available in this kernel, disabling driver"); - return 0; + return VIR_DRV_STATE_INIT_SKIPPED; } if (VIR_ALLOC(lxc_driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; lxc_driver->lockFD = -1; if (virMutexInit(&lxc_driver->lock) < 0) { VIR_FREE(lxc_driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } if (!(lxc_driver->domains = virDomainObjListNew())) @@ -1633,12 +1633,12 @@ static int lxcStateInitialize(bool privileged, virLXCProcessAutostartAll(lxc_driver); virObjectUnref(caps); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; cleanup: virObjectUnref(caps); lxcStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } static void lxcNotifyLoadDomain(virDomainObjPtr vm, int newVM, void *opaque) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 41fa89a4af..2b1fa59390 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -713,7 +713,7 @@ networkStateInitialize(bool privileged, virStateInhibitCallback callback ATTRIBUTE_UNUSED, void *opaque ATTRIBUTE_UNUSED) { - int ret = -1; + int ret = VIR_DRV_STATE_INIT_ERROR; char *configdir = NULL; char *rundir = NULL; #ifdef WITH_FIREWALLD @@ -847,7 +847,7 @@ networkStateInitialize(bool privileged, } #endif - ret = 0; + ret = VIR_DRV_STATE_INIT_COMPLETE; cleanup: VIR_FREE(configdir); VIR_FREE(rundir); diff --git a/src/node_device/node_device_hal.c b/src/node_device/node_device_hal.c index 1f3f867599..d46e4e98f3 100644 --- a/src/node_device/node_device_hal.c +++ b/src/node_device/node_device_hal.c @@ -599,7 +599,7 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, char **udi = NULL; int num_devs; size_t i; - int ret = -1; + int ret = VIR_DRV_STATE_INIT_ERROR; DBusConnection *sysbus; DBusError err; @@ -608,12 +608,12 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, cmpstringp); if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) { VIR_FREE(driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } nodeDeviceLock(); @@ -648,7 +648,7 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, virReportError(VIR_ERR_INTERNAL_ERROR, _("DBus not available, disabling HAL driver: %s"), virGetLastErrorMessage()); - ret = 0; + ret = VIR_DRV_STATE_INIT_SKIPPED; goto failure; } @@ -671,7 +671,7 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, /* We don't want to show a fatal error here, otherwise entire libvirtd shuts down when hald isn't running */ - ret = 0; + ret = VIR_DRV_STATE_INIT_SKIPPED; goto failure; } @@ -709,7 +709,7 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, } VIR_FREE(udi); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; failure: if (dbus_error_is_set(&err)) { diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c index 8bc63c506c..adf60e4537 100644 --- a/src/node_device/node_device_udev.c +++ b/src/node_device/node_device_udev.c @@ -1816,14 +1816,14 @@ nodeStateInitialize(bool privileged, virThread enumThread; if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to initialize mutex")); VIR_FREE(driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } driver->privileged = privileged; @@ -1919,11 +1919,11 @@ nodeStateInitialize(bool privileged, goto cleanup; } - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; cleanup: nodeStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; unlock: virObjectUnlock(priv); diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 530e4f5872..6073143437 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -184,10 +184,10 @@ nwfilterStateInitialize(bool privileged, if (virDBusHasSystemBus() && !(sysbus = virDBusGetSystemBus())) - return -1; + return VIR_DRV_STATE_INIT_ERROR; if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) @@ -201,7 +201,7 @@ nwfilterStateInitialize(bool privileged, goto error; if (!privileged) - return 0; + return VIR_DRV_STATE_INIT_SKIPPED; nwfilterDriverLock(); @@ -281,13 +281,13 @@ nwfilterStateInitialize(bool privileged, nwfilterDriverUnlock(); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; error: nwfilterDriverUnlock(); nwfilterStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; err_techdrivers_shutdown: virNWFilterTechDriversShutdown(); @@ -302,7 +302,7 @@ nwfilterStateInitialize(bool privileged, virNWFilterObjListFree(driver->nwfilters); VIR_FREE(driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } /** diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 4ca3eb7bde..d4fc8bbbd6 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -730,7 +730,7 @@ qemuStateInitialize(bool privileged, size_t i; if (VIR_ALLOC(qemu_driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; qemu_driver->lockFD = -1; @@ -738,7 +738,7 @@ qemuStateInitialize(bool privileged, virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot initialize mutex")); VIR_FREE(qemu_driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } qemu_driver->inhibitCallback = callback; @@ -1074,14 +1074,14 @@ qemuStateInitialize(bool privileged, qemuAutostartDomains(qemu_driver); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; error: VIR_FREE(driverConf); VIR_FREE(hugepagePath); VIR_FREE(memoryBackingPath); qemuStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } static void qemuNotifyLoadDomain(virDomainObjPtr vm, int newVM, void *opaque) diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index fadfc7c016..42c51c1329 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -792,6 +792,11 @@ static void daemonRunStateInit(void *opaque) { virNetDaemonPtr dmn = opaque; virIdentityPtr sysident = virIdentityGetSystem(); +#ifdef MODULE_NAME + bool mandatory = true; +#else /* ! MODULE_NAME */ + bool mandatory = false; +#endif /* ! MODULE_NAME */ virIdentitySetCurrent(sysident); @@ -804,6 +809,7 @@ static void daemonRunStateInit(void *opaque) * we're ready, since it can take a long time and this will * seriously delay OS bootup process */ if (virStateInitialize(virNetDaemonIsPrivileged(dmn), + mandatory, daemonInhibitCallback, dmn) < 0) { VIR_ERROR(_("Driver state initialization failed")); diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 72c2336b7a..8e1024dca3 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -195,7 +195,7 @@ remoteStateInitialize(bool privileged ATTRIBUTE_UNUSED, * re-entering ourselves */ inside_daemon = true; - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; } diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 0af2bcef96..0d5ea05f56 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -457,12 +457,12 @@ secretStateInitialize(bool privileged, void *opaque ATTRIBUTE_UNUSED) { if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) { VIR_FREE(driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } secretDriverLock(); @@ -514,12 +514,12 @@ secretStateInitialize(bool privileged, goto error; secretDriverUnlock(); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; error: secretDriverUnlock(); secretStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c index 03ac6a6845..dfa654178b 100644 --- a/src/storage/storage_driver.c +++ b/src/storage/storage_driver.c @@ -255,12 +255,12 @@ storageStateInitialize(bool privileged, VIR_AUTOFREE(char *) rundir = NULL; if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) { VIR_FREE(driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } storageDriverLock(); @@ -326,12 +326,12 @@ storageStateInitialize(bool privileged, storageDriverUnlock(); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; error: storageDriverUnlock(); storageStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } /** diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index f5d05a7f43..da72b209d1 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -4118,36 +4118,36 @@ vzStateInitialize(bool privileged, void *opaque ATTRIBUTE_UNUSED) { if (!privileged) - return 0; + return VIR_DRV_STATE_INIT_SKIPPED; vz_driver_privileged = privileged; if (virFileMakePathWithMode(VZ_STATEDIR, S_IRWXU) < 0) { virReportSystemError(errno, _("cannot create state directory '%s'"), VZ_STATEDIR); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } if ((vz_driver_lock_fd = virPidFileAcquire(VZ_STATEDIR, "driver", false, getpid())) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; if (prlsdkInit() < 0) { VIR_DEBUG("%s", _("Can't initialize Parallels SDK")); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } - if (virMutexInit(&vz_driver_lock) < 0) + if (virMutexInit(&vz_driver_lock) < 0) goto error; /* Failing to create driver here is not fatal and only means * that next driver client will try once more when connecting */ vz_driver = vzDriverObjNew(); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; error: vzStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } static virStateDriver vzStateDriver = { -- 2.21.0
Daniel P. Berrangé writes:
When running in libvirtd, we are happy for any of the drivers to simply skip their initialization in virStateInitialize, as other drivers are still potentially useful.
When running in per-driver daemons though, we want the daemon to abort startup if the driver cannot initialize itself, as the daemon will be useless without it.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/bhyve/bhyve_driver.c | 10 +++++----- src/driver-state.h | 8 +++++++- src/interface/interface_backend_netcf.c | 8 ++++---- src/interface/interface_backend_udev.c | 4 ++-- src/libvirt.c | 15 ++++++++++++--- src/libvirt_internal.h | 1 + src/libxl/libxl_driver.c | 10 +++++----- src/lxc/lxc_driver.c | 12 ++++++------ src/network/bridge_driver.c | 4 ++-- src/node_device/node_device_hal.c | 12 ++++++------ src/node_device/node_device_udev.c | 8 ++++---- src/nwfilter/nwfilter_driver.c | 12 ++++++------ src/qemu/qemu_driver.c | 8 ++++---- src/remote/remote_daemon.c | 6 ++++++ src/remote/remote_driver.c | 2 +- src/secret/secret_driver.c | 8 ++++---- src/storage/storage_driver.c | 8 ++++---- src/vz/vz_driver.c | 14 +++++++------- 18 files changed, 86 insertions(+), 64 deletions(-)
diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c index 5387ac5570..e2c1b00080 100644 --- a/src/bhyve/bhyve_driver.c +++ b/src/bhyve/bhyve_driver.c @@ -1220,16 +1220,16 @@ bhyveStateInitialize(bool privileged, { if (!privileged) { VIR_INFO("Not running privileged, disabling driver"); - return 0; + return VIR_DRV_STATE_INIT_SKIPPED; }
if (VIR_ALLOC(bhyve_driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
bhyve_driver->lockFD = -1; if (virMutexInit(&bhyve_driver->lock) < 0) { VIR_FREE(bhyve_driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
if (!(bhyve_driver->closeCallbacks = virCloseCallbacksNew())) @@ -1303,11 +1303,11 @@ bhyveStateInitialize(bool privileged,
bhyveAutostartDomains(bhyve_driver);
- return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
cleanup: bhyveStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
unsigned diff --git a/src/driver-state.h b/src/driver-state.h index 974b2252ee..69e2678dfc 100644 --- a/src/driver-state.h +++ b/src/driver-state.h @@ -24,7 +24,13 @@ # error "Don't include this file directly, only use driver.h" #endif
-typedef int +typedef enum { + VIR_DRV_STATE_INIT_ERROR = -1, + VIR_DRV_STATE_INIT_SKIPPED, + VIR_DRV_STATE_INIT_COMPLETE, +} virDrvStateInitResult; + +typedef virDrvStateInitResult (*virDrvStateInitialize)(bool privileged, virStateInhibitCallback callback, void *opaque); diff --git a/src/interface/interface_backend_netcf.c b/src/interface/interface_backend_netcf.c index 0000587cee..eb509ccc13 100644 --- a/src/interface/interface_backend_netcf.c +++ b/src/interface/interface_backend_netcf.c @@ -93,10 +93,10 @@ netcfStateInitialize(bool privileged, void *opaque ATTRIBUTE_UNUSED) { if (virNetcfDriverStateInitialize() < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
if (!(driver = virObjectLockableNew(virNetcfDriverStateClass))) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
driver->privileged = privileged;
@@ -129,12 +129,12 @@ netcfStateInitialize(bool privileged, _("failed to initialize netcf")); goto error; } - return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
error: virObjectUnref(driver); driver = NULL; - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c index fea5108dbc..ef748540d1 100644 --- a/src/interface/interface_backend_udev.c +++ b/src/interface/interface_backend_udev.c @@ -1172,7 +1172,7 @@ udevStateInitialize(bool privileged, virStateInhibitCallback callback ATTRIBUTE_UNUSED, void *opaque ATTRIBUTE_UNUSED) { - int ret = -1; + int ret = VIR_DRV_STATE_INIT_ERROR;
if (VIR_ALLOC(driver) < 0) goto cleanup; @@ -1210,7 +1210,7 @@ udevStateInitialize(bool privileged, } driver->privileged = privileged;
- ret = 0; + ret = VIR_DRV_STATE_INIT_COMPLETE;
cleanup: if (ret < 0) diff --git a/src/libvirt.c b/src/libvirt.c index f0a768fc7e..9390a767f9 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -629,6 +629,7 @@ virRegisterStateDriver(virStateDriverPtr driver) /** * virStateInitialize: * @privileged: set to true if running with root privilege, false otherwise + * @mandatory: set to true if all drivers must report success, not skipped * @callback: callback to invoke to inhibit shutdown of the daemon * @opaque: data to pass to @callback * @@ -638,6 +639,7 @@ virRegisterStateDriver(virStateDriverPtr driver) */ int virStateInitialize(bool privileged, + bool mandatory, virStateInhibitCallback callback, void *opaque) { @@ -648,15 +650,22 @@ virStateInitialize(bool privileged,
for (i = 0; i < virStateDriverTabCount; i++) { if (virStateDriverTab[i]->stateInitialize) { + virDrvStateInitResult ret; VIR_DEBUG("Running global init for %s state driver", virStateDriverTab[i]->name); - if (virStateDriverTab[i]->stateInitialize(privileged, - callback, - opaque) < 0) { + ret = virStateDriverTab[i]->stateInitialize(privileged, + callback, + opaque); + VIR_DEBUG("State init result %d (mandatory=%d)", ret, mandatory); + if (ret == VIR_DRV_STATE_INIT_ERROR) {
I'm a bit conflicted here. I like the explicit "error" in the name, but all the code checks for errors with < 0, and that would work here too. But then, you also just replied to me that libvirt only uses -1 as an error value, so the < 0 really means == -1... Not sure what to prefer here ;-)
VIR_ERROR(_("Initialization of %s state driver failed: %s"), virStateDriverTab[i]->name, virGetLastErrorMessage()); return -1; + } else if (ret == VIR_DRV_STATE_INIT_SKIPPED && mandatory) { + VIR_ERROR(_("Initialization of mandatory %s state driver skipped"), + virStateDriverTab[i]->name); + return -1; } } } diff --git a/src/libvirt_internal.h b/src/libvirt_internal.h index 3f012fdd4b..4a74dbc2af 100644 --- a/src/libvirt_internal.h +++ b/src/libvirt_internal.h @@ -30,6 +30,7 @@ typedef void (*virStateInhibitCallback)(bool inhibit, void *opaque);
int virStateInitialize(bool privileged, + bool mandatory, virStateInhibitCallback inhibit, void *opaque); int virStateCleanup(void); diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index 492028c487..231960b817 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -657,17 +657,17 @@ libxlStateInitialize(bool privileged, char ebuf[1024];
if (!libxlDriverShouldLoad(privileged)) - return 0; + return VIR_DRV_STATE_INIT_SKIPPED;
if (VIR_ALLOC(libxl_driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
libxl_driver->lockFD = -1; if (virMutexInit(&libxl_driver->lock) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot initialize mutex")); VIR_FREE(libxl_driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
/* Allocate bitmap for vnc port reservation */ @@ -806,12 +806,12 @@ libxlStateInitialize(bool privileged, virDomainObjListForEach(libxl_driver->domains, libxlDomainManagedSaveLoad, libxl_driver);
- return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
error: VIR_FREE(driverConf); libxlStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
static int diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index d0b6703101..0baf18f3ef 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1545,7 +1545,7 @@ static int lxcStateInitialize(bool privileged, /* Check that the user is root, silently disable if not */ if (!privileged) { VIR_INFO("Not running privileged, disabling driver"); - return 0; + return VIR_DRV_STATE_INIT_SKIPPED; }
/* Check that this is a container enabled kernel */ @@ -1554,15 +1554,15 @@ static int lxcStateInitialize(bool privileged, VIR_PROCESS_NAMESPACE_UTS | VIR_PROCESS_NAMESPACE_IPC) < 0) { VIR_INFO("LXC support not available in this kernel, disabling driver"); - return 0; + return VIR_DRV_STATE_INIT_SKIPPED; }
if (VIR_ALLOC(lxc_driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR; lxc_driver->lockFD = -1; if (virMutexInit(&lxc_driver->lock) < 0) { VIR_FREE(lxc_driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
if (!(lxc_driver->domains = virDomainObjListNew())) @@ -1633,12 +1633,12 @@ static int lxcStateInitialize(bool privileged, virLXCProcessAutostartAll(lxc_driver);
virObjectUnref(caps); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
cleanup: virObjectUnref(caps); lxcStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
static void lxcNotifyLoadDomain(virDomainObjPtr vm, int newVM, void *opaque) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 41fa89a4af..2b1fa59390 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -713,7 +713,7 @@ networkStateInitialize(bool privileged, virStateInhibitCallback callback ATTRIBUTE_UNUSED, void *opaque ATTRIBUTE_UNUSED) { - int ret = -1; + int ret = VIR_DRV_STATE_INIT_ERROR; char *configdir = NULL; char *rundir = NULL; #ifdef WITH_FIREWALLD @@ -847,7 +847,7 @@ networkStateInitialize(bool privileged, } #endif
- ret = 0; + ret = VIR_DRV_STATE_INIT_COMPLETE; cleanup: VIR_FREE(configdir); VIR_FREE(rundir); diff --git a/src/node_device/node_device_hal.c b/src/node_device/node_device_hal.c index 1f3f867599..d46e4e98f3 100644 --- a/src/node_device/node_device_hal.c +++ b/src/node_device/node_device_hal.c @@ -599,7 +599,7 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, char **udi = NULL; int num_devs; size_t i; - int ret = -1; + int ret = VIR_DRV_STATE_INIT_ERROR; DBusConnection *sysbus; DBusError err;
@@ -608,12 +608,12 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, cmpstringp);
if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) { VIR_FREE(driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } nodeDeviceLock();
@@ -648,7 +648,7 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, virReportError(VIR_ERR_INTERNAL_ERROR, _("DBus not available, disabling HAL driver: %s"), virGetLastErrorMessage()); - ret = 0; + ret = VIR_DRV_STATE_INIT_SKIPPED; goto failure; }
@@ -671,7 +671,7 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, /* We don't want to show a fatal error here, otherwise entire libvirtd shuts down when hald isn't running */ - ret = 0; + ret = VIR_DRV_STATE_INIT_SKIPPED; goto failure; }
@@ -709,7 +709,7 @@ nodeStateInitialize(bool privileged ATTRIBUTE_UNUSED, } VIR_FREE(udi);
- return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
failure: if (dbus_error_is_set(&err)) { diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c index 8bc63c506c..adf60e4537 100644 --- a/src/node_device/node_device_udev.c +++ b/src/node_device/node_device_udev.c @@ -1816,14 +1816,14 @@ nodeStateInitialize(bool privileged, virThread enumThread;
if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to initialize mutex")); VIR_FREE(driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
driver->privileged = privileged; @@ -1919,11 +1919,11 @@ nodeStateInitialize(bool privileged, goto cleanup; }
- return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
cleanup: nodeStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR;
unlock: virObjectUnlock(priv); diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 530e4f5872..6073143437 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -184,10 +184,10 @@ nwfilterStateInitialize(bool privileged,
if (virDBusHasSystemBus() && !(sysbus = virDBusGetSystemBus())) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) @@ -201,7 +201,7 @@ nwfilterStateInitialize(bool privileged, goto error;
if (!privileged) - return 0; + return VIR_DRV_STATE_INIT_SKIPPED;
nwfilterDriverLock();
@@ -281,13 +281,13 @@ nwfilterStateInitialize(bool privileged,
nwfilterDriverUnlock();
- return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
error: nwfilterDriverUnlock(); nwfilterStateCleanup();
- return -1; + return VIR_DRV_STATE_INIT_ERROR;
err_techdrivers_shutdown: virNWFilterTechDriversShutdown(); @@ -302,7 +302,7 @@ nwfilterStateInitialize(bool privileged, virNWFilterObjListFree(driver->nwfilters); VIR_FREE(driver);
- return -1; + return VIR_DRV_STATE_INIT_ERROR; }
/** diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 4ca3eb7bde..d4fc8bbbd6 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -730,7 +730,7 @@ qemuStateInitialize(bool privileged, size_t i;
if (VIR_ALLOC(qemu_driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
qemu_driver->lockFD = -1;
@@ -738,7 +738,7 @@ qemuStateInitialize(bool privileged, virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot initialize mutex")); VIR_FREE(qemu_driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
qemu_driver->inhibitCallback = callback; @@ -1074,14 +1074,14 @@ qemuStateInitialize(bool privileged,
qemuAutostartDomains(qemu_driver);
- return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
error: VIR_FREE(driverConf); VIR_FREE(hugepagePath); VIR_FREE(memoryBackingPath); qemuStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
static void qemuNotifyLoadDomain(virDomainObjPtr vm, int newVM, void *opaque) diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index fadfc7c016..42c51c1329 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -792,6 +792,11 @@ static void daemonRunStateInit(void *opaque) { virNetDaemonPtr dmn = opaque; virIdentityPtr sysident = virIdentityGetSystem(); +#ifdef MODULE_NAME + bool mandatory = true; +#else /* ! MODULE_NAME */ + bool mandatory = false; +#endif /* ! MODULE_NAME */
virIdentitySetCurrent(sysident);
@@ -804,6 +809,7 @@ static void daemonRunStateInit(void *opaque) * we're ready, since it can take a long time and this will * seriously delay OS bootup process */ if (virStateInitialize(virNetDaemonIsPrivileged(dmn), + mandatory, daemonInhibitCallback, dmn) < 0) { VIR_ERROR(_("Driver state initialization failed")); diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 72c2336b7a..8e1024dca3 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -195,7 +195,7 @@ remoteStateInitialize(bool privileged ATTRIBUTE_UNUSED, * re-entering ourselves */ inside_daemon = true; - return 0; + return VIR_DRV_STATE_INIT_COMPLETE; }
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 0af2bcef96..0d5ea05f56 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -457,12 +457,12 @@ secretStateInitialize(bool privileged, void *opaque ATTRIBUTE_UNUSED) { if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) { VIR_FREE(driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } secretDriverLock();
@@ -514,12 +514,12 @@ secretStateInitialize(bool privileged, goto error;
secretDriverUnlock(); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
error: secretDriverUnlock(); secretStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c index 03ac6a6845..dfa654178b 100644 --- a/src/storage/storage_driver.c +++ b/src/storage/storage_driver.c @@ -255,12 +255,12 @@ storageStateInitialize(bool privileged, VIR_AUTOFREE(char *) rundir = NULL;
if (VIR_ALLOC(driver) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
driver->lockFD = -1; if (virMutexInit(&driver->lock) < 0) { VIR_FREE(driver); - return -1; + return VIR_DRV_STATE_INIT_ERROR; } storageDriverLock();
@@ -326,12 +326,12 @@ storageStateInitialize(bool privileged,
storageDriverUnlock();
- return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
error: storageDriverUnlock(); storageStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
/** diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index f5d05a7f43..da72b209d1 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -4118,36 +4118,36 @@ vzStateInitialize(bool privileged, void *opaque ATTRIBUTE_UNUSED) { if (!privileged) - return 0; + return VIR_DRV_STATE_INIT_SKIPPED;
vz_driver_privileged = privileged;
if (virFileMakePathWithMode(VZ_STATEDIR, S_IRWXU) < 0) { virReportSystemError(errno, _("cannot create state directory '%s'"), VZ_STATEDIR); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
if ((vz_driver_lock_fd = virPidFileAcquire(VZ_STATEDIR, "driver", false, getpid())) < 0) - return -1; + return VIR_DRV_STATE_INIT_ERROR;
if (prlsdkInit() < 0) { VIR_DEBUG("%s", _("Can't initialize Parallels SDK")); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
- if (virMutexInit(&vz_driver_lock) < 0) + if (virMutexInit(&vz_driver_lock) < 0) goto error;
/* Failing to create driver here is not fatal and only means * that next driver client will try once more when connecting */ vz_driver = vzDriverObjNew(); - return 0; + return VIR_DRV_STATE_INIT_COMPLETE;
error: vzStateCleanup(); - return -1; + return VIR_DRV_STATE_INIT_ERROR; }
static virStateDriver vzStateDriver = { -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, 2019-07-30 at 12:59 +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes: [... 163 lines removed ...]
@@ -648,15 +650,22 @@ virStateInitialize(bool privileged,
for (i = 0; i < virStateDriverTabCount; i++) { if (virStateDriverTab[i]->stateInitialize) { + virDrvStateInitResult ret; VIR_DEBUG("Running global init for %s state driver", virStateDriverTab[i]->name); - if (virStateDriverTab[i]->stateInitialize(privileged, - callback, - opaque) < 0) { + ret = virStateDriverTab[i]->stateInitialize(privileged, + callback, + opaque); + VIR_DEBUG("State init result %d (mandatory=%d)", ret, mandatory); + if (ret == VIR_DRV_STATE_INIT_ERROR) {
I'm a bit conflicted here. I like the explicit "error" in the name, but all the code checks for errors with < 0, and that would work here too. But then, you also just replied to me that libvirt only uses -1 as an error value, so the < 0 really means == -1... Not sure what to prefer here ;-)
Most functions in libvirt either succeed (0) or fail (-1), but in some cases we need to be able to tell apart different reasons for the failure and so, accordingly, we return different negative numbers: that doesn't mean that every single caller of those functions will care about the specific failure cause, so the <0 check might still be perfectly fine even in those cases. Here we have a small number of named return codes, so I agree with Dan's approach: comparing by name instead of just checking whether the return value is negative looks a bit cleaner. [... 469 lines removed ...]
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Meta: can you please trim the parts of the original message that you're not specifically replying to? In this particularly egregious case, less than 10% of the message was actual content rather than noise. Please be considerate to list subscribers and make sure they don't have to waste time and bandwidth fetching additional, unrelated text just so they can then waste even more time scrolling past them before getting to your actual reply. -- Andrea Bolognani / Red Hat / Virtualization
The libvirtd daemon provides the traditional libvirt experience where all the drivers are in a single daemon, and is accessible over both local UNIX sockets and remote IP sockets. In the new world we're having a set of per-driver daemons which will primarily be accessed locally via their own UNIX sockets. We still, however, need to allow for case of applications which will connect to libvirt remotely. These remote connections can be done as TCP/TLS sockets, or by SSH tunnelling to the UNIX socket. In the later case, the old libvirt.so clients will only know about the path to the old libvirtd socket /var/run/libvirt/libvirt-sock, and not the new driver sockets /var/run/libvirt/virtqemud-sock. It is also not desirable to expose the main driver specific daemons over IP directly to minimize their attack service. Thus the virtproxyd daemon steps into place, to provide TCP/TLS sockets, and back compat for the old libvirtd UNIX socket path(s). It will then forward all RPC calls made to the appropriate driver specific daemon. Essentially it is equivalent to the old libvirtd with absolutely no drivers registered except for the remote driver (and other stateless drivers in libvirt.so). We could have modified libvirtd so none of the drivers are registed to get the same end result. We could even add a libvirtd.conf parameter to control whether the drivers are loaded to enable users to switch back to the old world if we discover bugs in the split-daemon model. Using a new daemon though has some advantages - We can make virtproxyd and the virtXXXd per-driver daemons all have "Conflicts: libvirtd.service" in their systemd unit files. This will guarantee that libvirtd is never started at the same time, as this would result in two daemons running the same driver. Fortunately drivers use locking to protect themselves, but it is better to avoid starting a daemon we know will conflict. - It allows us to break CLI compat to remove the --listen parameter. Both listen_tcp and listen_tls parameters in /etc/libvirtd/virtd.conf will default to zero. Either TLS or TCP can be enabled exclusively though virtd.conf without requiring the extra step of adding --listen. - It allows us to set a strict SELinux policy over virtproxyd. For back compat the libvirtd policy must continue to allow all drivers to run. We can't easily give a second policy to libvirtd which locks it down. By introducing a new virtproxyd we can set a strict policy for that daemon only. - It gets rid of the wierd naming of having a daemon with "lib" in its name. Now all normal daemons libvirt ships will have "virt" as their prefix not "libvirt". - Distros can more easily choose their upgrade path. They can ship both sets of daemons in their packages, and choose to either enable libvirtd, or enable the per-driver daemons and virtproxyd out of the box. Users can easily override this if desired by just tweaking which systemd units are active. After some time we can deprecate use of libvirtd and after some more time delete it entirely, leaving us in a pretty world filled with prancing unicorns. The main downside with introducing a new daemon, and with the per-driver daemons in general, is figuring out the correct upgrade path. The conservative option is to leave libvirtd running if it was an existing installation. Only use the new daemons & virtproxyd on completely new installs. The aggressive option is to disable libvirtd if already running and activate all the new daemons. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 10 +++ src/remote/Makefile.inc.am | 111 +++++++++++++++++++++++++++--- src/remote/remote_daemon.c | 28 +++++--- src/remote/remote_daemon_config.c | 6 +- src/remote/virtproxyd.service.in | 24 +++++++ 6 files changed, 163 insertions(+), 20 deletions(-) create mode 100644 src/remote/virtproxyd.service.in diff --git a/.gitignore b/.gitignore index 4463660c85..05bc166860 100644 --- a/.gitignore +++ b/.gitignore @@ -161,6 +161,9 @@ /src/remote/libvirtd.aug /src/remote/libvirtd.conf /src/remote/test_libvirtd.aug +/src/remote/test_virtproxyd.aug +/src/remote/virtproxyd.aug +/src/remote/virtproxyd.conf /src/rpc/virkeepaliveprotocol.[ch] /src/rpc/virnetprotocol.[ch] /src/util/virkeycodetable*.h @@ -168,6 +171,7 @@ /src/virt-aa-helper /src/virtlockd /src/virtlogd +/src/virtproxyd /src/virt-guest-shutdown.target /tests/*.log /tests/*.pid diff --git a/libvirt.spec.in b/libvirt.spec.in index 045c0fed1a..c7f276b2bc 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1527,6 +1527,12 @@ exit 0 %{_unitdir}/libvirtd-admin.socket %{_unitdir}/libvirtd-tcp.socket %{_unitdir}/libvirtd-tls.socket +%{_unitdir}/virtproxyd.service +%{_unitdir}/virtproxyd.socket +%{_unitdir}/virtproxyd-ro.socket +%{_unitdir}/virtproxyd-admin.socket +%{_unitdir}/virtproxyd-tcp.socket +%{_unitdir}/virtproxyd-tls.socket %{_unitdir}/virt-guest-shutdown.target %{_unitdir}/virtlogd.service %{_unitdir}/virtlogd.socket @@ -1538,6 +1544,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/sysconfig/virtlogd %config(noreplace) %{_sysconfdir}/sysconfig/virtlockd %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf +%config(noreplace) %{_sysconfdir}/libvirt/virtproxyd.conf %config(noreplace) %{_sysconfdir}/libvirt/virtlogd.conf %config(noreplace) %{_sysconfdir}/libvirt/virtlockd.conf %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf @@ -1565,6 +1572,8 @@ exit 0 %{_datadir}/augeas/lenses/tests/test_virtlogd.aug %{_datadir}/augeas/lenses/virtlockd.aug %{_datadir}/augeas/lenses/tests/test_virtlockd.aug +%{_datadir}/augeas/lenses/virtproxyd.aug +%{_datadir}/augeas/lenses/tests/test_virtproxyd.aug %{_datadir}/augeas/lenses/libvirt_lockd.aug %if %{with_qemu} %{_datadir}/augeas/lenses/tests/test_libvirt_lockd.aug @@ -1579,6 +1588,7 @@ exit 0 %attr(0755, root, root) %{_libexecdir}/libvirt_iohelper %attr(0755, root, root) %{_sbindir}/libvirtd +%attr(0755, root, root) %{_sbindir}/virtproxyd %attr(0755, root, root) %{_sbindir}/virtlogd %attr(0755, root, root) %{_sbindir}/virtlockd diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index c9c3c7203a..344f19311a 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -89,18 +89,40 @@ SYSCONF_FILES += remote/libvirtd.sysconf PODFILES += remote/libvirtd.pod MANINFILES += libvirtd.8.in -LIBVIRTD_UNIT_FILES_IN = \ - remote/libvirtd.service.in \ +LIBVIRTD_SOCKET_UNIT_FILES_IN = \ remote/libvirtd.socket.in \ remote/libvirtd-ro.socket.in \ remote/libvirtd-admin.socket.in \ remote/libvirtd-tcp.socket.in \ remote/libvirtd-tls.socket.in \ + $(NULL) + +LIBVIRTD_SOCKET_UNIT_FILES = $(notdir $(LIBVIRTD_SOCKET_UNIT_FILES_IN:%.in=%)) + +LIBVIRTD_UNIT_FILES_IN = \ + remote/libvirtd.service.in \ + $(LIBVIRTD_SOCKET_UNIT_FILES_IN) \ + $(NULL) + +VIRTPROXYD_UNIT_FILES_IN = \ + remote/virtproxyd.service.in \ + $(NULL) + +GUEST_UNIT_FILES_IN = \ remote/virt-guest-shutdown.target.in \ $(NULL) -SYSTEMD_UNIT_FILES += $(notdir $(LIBVIRTD_UNIT_FILES_IN:%.in=%)) -SYSTEMD_UNIT_FILES_IN += $(LIBVIRTD_UNIT_FILES_IN) + +SYSTEMD_UNIT_FILES += \ + $(notdir $(LIBVIRTD_UNIT_FILES_IN:%.in=%)) \ + $(notdir $(LIBVIRTD_UNIT_FILES_IN:remote/libvirtd%.in=remote/virtproxyd%)) \ + $(notdir $(GUEST_UNIT_FILES_IN:%.in=%)) \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + $(LIBVIRTD_UNIT_FILES_IN) \ + $(VIRTPROXYD_UNIT_FILES_IN) \ + $(GUEST_UNIT_FILES_IN) \ + $(NULL) REMOTE_PROTOCOL = $(srcdir)/remote/remote_protocol.x LXC_PROTOCOL = $(srcdir)/remote/lxc_protocol.x @@ -138,6 +160,7 @@ MAINTAINERCLEANFILES += \ $(NULL) CLEANFILES += \ remote/libvirtd.conf \ + remote/virtproxyd.conf \ $(NULL) if WITH_REMOTE @@ -168,15 +191,27 @@ endif ! WITH_REMOTE if WITH_LIBVIRTD -sbin_PROGRAMS += libvirtd +sbin_PROGRAMS += libvirtd virtproxyd -augeas_DATA += remote/libvirtd.aug +augeas_DATA += \ + remote/libvirtd.aug \ + remote/virtproxyd.aug \ + $(NULL) -augeastest_DATA += remote/test_libvirtd.aug +augeastest_DATA += \ + remote/test_libvirtd.aug \ + remote/test_virtproxyd.aug \ + $(NULL) -nodist_conf_DATA += remote/libvirtd.conf +nodist_conf_DATA += \ + remote/libvirtd.conf \ + remote/virtproxyd.conf \ + $(NULL) -CLEANFILES += remote/libvirtd.aug +CLEANFILES += \ + remote/libvirtd.aug \ + remote/virtproxyd.aug \ + $(NULL) man8_MANS += libvirtd.8 @@ -187,12 +222,23 @@ libvirtd_CFLAGS = \ -DSOCK_PREFIX="\"libvirt\"" \ -DDAEMON_NAME="\"libvirtd\"" \ -DENABLE_IP \ + -DLIBVIRTD \ $(NULL) libvirtd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) libvirtd_LDADD = $(REMOTE_DAEMON_LD_ADD) +virtproxyd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtproxyd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DSOCK_PREFIX="\"libvirt\"" \ + -DDAEMON_NAME="\"virtproxyd\"" \ + -DENABLE_IP \ + $(NULL) +virtproxyd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtproxyd_LDADD = $(REMOTE_DAEMON_LD_ADD) + remote/libvirtd.conf: remote/libvirtd.conf.in $(AM_V_GEN)$(SED) \ -e '/[@]CUT_ENABLE_IP[@]/d' \ @@ -201,6 +247,13 @@ remote/libvirtd.conf: remote/libvirtd.conf.in -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ < $< > $@ +remote/virtproxyd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtproxyd/' \ + < $^ > $@ + INSTALL_DATA_DIRS += remote install-data-remote: @@ -218,6 +271,14 @@ remote/libvirtd.aug: remote/libvirtd.aug.in -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ $< > $@ +remote/virtproxyd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtproxyd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtproxyd/' \ + $< > $@ + remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf \ @@ -229,6 +290,16 @@ remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ > $@ || rm -f $@ +remote/test_virtproxyd.aug: remote/test_libvirtd.aug.in \ + remote/virtproxyd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) remote/virtproxyd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtproxyd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtproxyd/' \ + > $@ || rm -f $@ + if WITH_SYSCTL # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on # /usr/lib/sysctl.d/ even when libdir is /usr/lib64 @@ -303,11 +374,31 @@ LIBVIRTD_UNIT_VARS = \ -e 's|[@]deps[@]||g' \ $(NULL) +VIRTD_UNIT_VARS = \ + $(COMMON_UNIT_VARS) \ + -e 's|[@]deps[@]|Conflicts=$(LIBVIRTD_SOCKET_UNIT_FILES)|g' \ + $(NULL) + +VIRTPROXYD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt proxy|g' \ + -e 's|[@]service[@]|virtproxyd|g' \ + -e 's|[@]sockprefix[@]|libvirt|g' \ + $(NULL) + libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@ libvirt%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) \ + < $< > $@-t && mv $@-t $@ + +virtproxyd.service: remote/virtproxyd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTPROXYD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtproxy%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTPROXYD_UNIT_VARS) \ + < $< > $@-t && mv $@-t $@ virt-guest-shutdown.target: remote/virt-guest-shutdown.target.in \ $(top_builddir)/config.status diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 42c51c1329..02a33d6754 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -311,10 +311,16 @@ static int daemonErrorLogFilter(virErrorPtr err, int priority) static int daemonInitialize(void) { -#ifdef MODULE_NAME +#ifndef LIBVIRTD +# ifdef MODULE_NAME /* This a dedicated per-driver daemon build */ if (virDriverLoadModule(MODULE_NAME, MODULE_NAME "Register", true) < 0) return -1; +# else + /* This is virtproxyd which merely proxies to the per-driver + * daemons for back compat, and also allows IP connectivity. + */ +# endif #else /* This is the legacy monolithic libvirtd built with all drivers * @@ -906,9 +912,9 @@ daemonUsage(const char *argv0, bool privileged) { "-h | --help", N_("Display program help") }, { "-v | --verbose", N_("Verbose messages") }, { "-d | --daemon", N_("Run as a daemon & write PID file") }, -#ifdef ENABLE_IP +#if defined(ENABLE_IP) && defined(LIBVIRTD) { "-l | --listen", N_("Listen for TCP/IP connections") }, -#endif /* ENABLE_IP */ +#endif /* ENABLE_IP && LIBVIRTD */ { "-t | --timeout <secs>", N_("Exit after timeout period") }, { "-f | --config <file>", N_("Configuration file") }, { "-V | --version", N_("Display version information") }, @@ -985,7 +991,11 @@ int main(int argc, char **argv) { int verbose = 0; int godaemon = 0; #ifdef ENABLE_IP +# ifdef LIBVIRTD int ipsock = 0; +# else + int ipsock = 1; /* listen_tcp/listen_tls default to 0 */ +# endif #endif /* ! ENABLE_IP */ struct daemonConfig *config; bool privileged = geteuid() == 0 ? true : false; @@ -996,9 +1006,9 @@ int main(int argc, char **argv) { struct option opts[] = { { "verbose", no_argument, &verbose, 'v'}, { "daemon", no_argument, &godaemon, 'd'}, -#ifdef ENABLE_IP +#if defined(ENABLE_IP) && defined(LIBVIRTD) { "listen", no_argument, &ipsock, 'l'}, -#endif /* ! ENABLE_IP */ +#endif /* ENABLE_IP && LIBVIRTD */ { "config", required_argument, NULL, 'f'}, { "timeout", required_argument, NULL, 't'}, { "pid-file", required_argument, NULL, 'p'}, @@ -1021,11 +1031,11 @@ int main(int argc, char **argv) { int optidx = 0; int c; char *tmp; -#ifdef ENABLE_IP +#if defined(ENABLE_IP) && defined(LIBVIRTD) const char *optstr = "ldf:p:t:vVh"; -#else /* ! ENABLE_IP */ +#else /* ! ENABLE_IP && ! LIBVIRTD */ const char *optstr = "df:p:t:vVh"; -#endif /* ! ENABLE_IP */ +#endif /* ! ENABLE_IP && ! LIBVIRTD */ c = getopt_long(argc, argv, optstr, opts, &optidx); @@ -1043,7 +1053,7 @@ int main(int argc, char **argv) { godaemon = 1; break; -#ifdef ENABLE_IP +#if defined(ENABLE_IP) && defined(LIBVIRTD) case 'l': ipsock = 1; break; diff --git a/src/remote/remote_daemon_config.c b/src/remote/remote_daemon_config.c index 3c5ccd5ba8..f583442dc7 100644 --- a/src/remote/remote_daemon_config.c +++ b/src/remote/remote_daemon_config.c @@ -108,7 +108,11 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) return NULL; #ifdef ENABLE_IP - data->listen_tls = 1; +# ifdef LIBVIRTD + data->listen_tls = 1; /* Only honoured it --listen is set */ +# else /* ! LIBVIRTD */ + data->listen_tls = 0; /* Always honoured, --listen doesn't exist. */ +# endif /* ! LIBVIRTD */ data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || diff --git a/src/remote/virtproxyd.service.in b/src/remote/virtproxyd.service.in new file mode 100644 index 0000000000..e99e2af19c --- /dev/null +++ b/src/remote/virtproxyd.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=Virtualization daemon +Conflicts=libvirtd.service +Requires=virtproxyd.socket +Requires=virtproxyd-ro.socket +Requires=virtproxyd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtproxyd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtproxyd.socket +Also=virtproxyd-ro.socket +Also=virtproxyd-admin.socket -- 2.21.0
Daniel P. Berrangé writes:
The libvirtd daemon provides the traditional libvirt experience where all the drivers are in a single daemon, and is accessible over both local UNIX sockets and remote IP sockets.
In the new world we're having a set of per-driver daemons which will primarily be accessed locally via their own UNIX sockets.
We still, however, need to allow for case of applications which will connect to libvirt remotely. These remote connections can be done as TCP/TLS sockets, or by SSH tunnelling to the UNIX socket.
In the later case, the old libvirt.so clients will only know about the path to the old libvirtd socket /var/run/libvirt/libvirt-sock, and not the new driver sockets /var/run/libvirt/virtqemud-sock.
It is also not desirable to expose the main driver specific daemons over IP directly to minimize their attack service.
Thus the virtproxyd daemon steps into place, to provide TCP/TLS sockets, and back compat for the old libvirtd UNIX socket path(s). It will then forward all RPC calls made to the appropriate driver specific daemon.
Essentially it is equivalent to the old libvirtd with absolutely no drivers registered except for the remote driver (and other stateless drivers in libvirt.so).
We could have modified libvirtd so none of the drivers are registed to get the same end result. We could even add a libvirtd.conf parameter to control whether the drivers are loaded to enable users to switch back to the old world if we discover bugs in the split-daemon model. Using a new daemon though has some advantages
- We can make virtproxyd and the virtXXXd per-driver daemons all have "Conflicts: libvirtd.service" in their systemd unit files. This will guarantee that libvirtd is never started at the same time, as this would result in two daemons running the same driver. Fortunately drivers use locking to protect themselves, but it is better to avoid starting a daemon we know will conflict.
- It allows us to break CLI compat to remove the --listen parameter. Both listen_tcp and listen_tls parameters in /etc/libvirtd/virtd.conf will default to zero. Either TLS or TCP can be enabled exclusively though virtd.conf without requiring the extra step of adding --listen.
- It allows us to set a strict SELinux policy over virtproxyd. For back compat the libvirtd policy must continue to allow all drivers to run. We can't easily give a second policy to libvirtd which locks it down. By introducing a new virtproxyd we can set a strict policy for that daemon only.
- It gets rid of the wierd naming of having a daemon with "lib" in
"weird"
its name. Now all normal daemons libvirt ships will have "virt" as their prefix not "libvirt".
- Distros can more easily choose their upgrade path. They can ship both sets of daemons in their packages, and choose to either enable libvirtd, or enable the per-driver daemons and virtproxyd out of the box. Users can easily override this if desired by just tweaking which systemd units are active.
After some time we can deprecate use of libvirtd and after some more time delete it entirely, leaving us in a pretty world filled with prancing unicorns.
Had to learn a new word, "prancing" :-) Note that prancing unicorns are surrounded by a swarm of daemons. Not sure they will like it. Just saying.
The main downside with introducing a new daemon, and with the per-driver daemons in general, is figuring out the correct upgrade path.
The conservative option is to leave libvirtd running if it was an existing installation. Only use the new daemons & virtproxyd on completely new installs.
The aggressive option is to disable libvirtd if already running and activate all the new daemons.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 10 +++ src/remote/Makefile.inc.am | 111 +++++++++++++++++++++++++++--- src/remote/remote_daemon.c | 28 +++++--- src/remote/remote_daemon_config.c | 6 +- src/remote/virtproxyd.service.in | 24 +++++++ 6 files changed, 163 insertions(+), 20 deletions(-) create mode 100644 src/remote/virtproxyd.service.in
diff --git a/.gitignore b/.gitignore index 4463660c85..05bc166860 100644 --- a/.gitignore +++ b/.gitignore @@ -161,6 +161,9 @@ /src/remote/libvirtd.aug /src/remote/libvirtd.conf /src/remote/test_libvirtd.aug +/src/remote/test_virtproxyd.aug +/src/remote/virtproxyd.aug +/src/remote/virtproxyd.conf /src/rpc/virkeepaliveprotocol.[ch] /src/rpc/virnetprotocol.[ch] /src/util/virkeycodetable*.h @@ -168,6 +171,7 @@ /src/virt-aa-helper /src/virtlockd /src/virtlogd +/src/virtproxyd /src/virt-guest-shutdown.target /tests/*.log /tests/*.pid diff --git a/libvirt.spec.in b/libvirt.spec.in index 045c0fed1a..c7f276b2bc 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1527,6 +1527,12 @@ exit 0 %{_unitdir}/libvirtd-admin.socket %{_unitdir}/libvirtd-tcp.socket %{_unitdir}/libvirtd-tls.socket +%{_unitdir}/virtproxyd.service +%{_unitdir}/virtproxyd.socket +%{_unitdir}/virtproxyd-ro.socket +%{_unitdir}/virtproxyd-admin.socket +%{_unitdir}/virtproxyd-tcp.socket +%{_unitdir}/virtproxyd-tls.socket %{_unitdir}/virt-guest-shutdown.target %{_unitdir}/virtlogd.service %{_unitdir}/virtlogd.socket @@ -1538,6 +1544,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/sysconfig/virtlogd %config(noreplace) %{_sysconfdir}/sysconfig/virtlockd %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf +%config(noreplace) %{_sysconfdir}/libvirt/virtproxyd.conf %config(noreplace) %{_sysconfdir}/libvirt/virtlogd.conf %config(noreplace) %{_sysconfdir}/libvirt/virtlockd.conf %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf @@ -1565,6 +1572,8 @@ exit 0 %{_datadir}/augeas/lenses/tests/test_virtlogd.aug %{_datadir}/augeas/lenses/virtlockd.aug %{_datadir}/augeas/lenses/tests/test_virtlockd.aug +%{_datadir}/augeas/lenses/virtproxyd.aug +%{_datadir}/augeas/lenses/tests/test_virtproxyd.aug %{_datadir}/augeas/lenses/libvirt_lockd.aug %if %{with_qemu} %{_datadir}/augeas/lenses/tests/test_libvirt_lockd.aug @@ -1579,6 +1588,7 @@ exit 0 %attr(0755, root, root) %{_libexecdir}/libvirt_iohelper
%attr(0755, root, root) %{_sbindir}/libvirtd +%attr(0755, root, root) %{_sbindir}/virtproxyd %attr(0755, root, root) %{_sbindir}/virtlogd %attr(0755, root, root) %{_sbindir}/virtlockd
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index c9c3c7203a..344f19311a 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -89,18 +89,40 @@ SYSCONF_FILES += remote/libvirtd.sysconf PODFILES += remote/libvirtd.pod MANINFILES += libvirtd.8.in
-LIBVIRTD_UNIT_FILES_IN = \ - remote/libvirtd.service.in \ +LIBVIRTD_SOCKET_UNIT_FILES_IN = \ remote/libvirtd.socket.in \ remote/libvirtd-ro.socket.in \ remote/libvirtd-admin.socket.in \ remote/libvirtd-tcp.socket.in \ remote/libvirtd-tls.socket.in \ + $(NULL) + +LIBVIRTD_SOCKET_UNIT_FILES = $(notdir $(LIBVIRTD_SOCKET_UNIT_FILES_IN:%.in=%)) + +LIBVIRTD_UNIT_FILES_IN = \ + remote/libvirtd.service.in \ + $(LIBVIRTD_SOCKET_UNIT_FILES_IN) \ + $(NULL) + +VIRTPROXYD_UNIT_FILES_IN = \ + remote/virtproxyd.service.in \ + $(NULL) + +GUEST_UNIT_FILES_IN = \ remote/virt-guest-shutdown.target.in \ $(NULL)
-SYSTEMD_UNIT_FILES += $(notdir $(LIBVIRTD_UNIT_FILES_IN:%.in=%)) -SYSTEMD_UNIT_FILES_IN += $(LIBVIRTD_UNIT_FILES_IN) + +SYSTEMD_UNIT_FILES += \ + $(notdir $(LIBVIRTD_UNIT_FILES_IN:%.in=%)) \ + $(notdir $(LIBVIRTD_UNIT_FILES_IN:remote/libvirtd%.in=remote/virtproxyd%)) \ + $(notdir $(GUEST_UNIT_FILES_IN:%.in=%)) \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + $(LIBVIRTD_UNIT_FILES_IN) \ + $(VIRTPROXYD_UNIT_FILES_IN) \ + $(GUEST_UNIT_FILES_IN) \ + $(NULL)
REMOTE_PROTOCOL = $(srcdir)/remote/remote_protocol.x LXC_PROTOCOL = $(srcdir)/remote/lxc_protocol.x @@ -138,6 +160,7 @@ MAINTAINERCLEANFILES += \ $(NULL) CLEANFILES += \ remote/libvirtd.conf \ + remote/virtproxyd.conf \ $(NULL)
if WITH_REMOTE @@ -168,15 +191,27 @@ endif ! WITH_REMOTE
if WITH_LIBVIRTD
-sbin_PROGRAMS += libvirtd +sbin_PROGRAMS += libvirtd virtproxyd
-augeas_DATA += remote/libvirtd.aug +augeas_DATA += \ + remote/libvirtd.aug \ + remote/virtproxyd.aug \ + $(NULL)
-augeastest_DATA += remote/test_libvirtd.aug +augeastest_DATA += \ + remote/test_libvirtd.aug \ + remote/test_virtproxyd.aug \ + $(NULL)
-nodist_conf_DATA += remote/libvirtd.conf +nodist_conf_DATA += \ + remote/libvirtd.conf \ + remote/virtproxyd.conf \ + $(NULL)
-CLEANFILES += remote/libvirtd.aug +CLEANFILES += \ + remote/libvirtd.aug \ + remote/virtproxyd.aug \ + $(NULL)
man8_MANS += libvirtd.8
@@ -187,12 +222,23 @@ libvirtd_CFLAGS = \ -DSOCK_PREFIX="\"libvirt\"" \ -DDAEMON_NAME="\"libvirtd\"" \ -DENABLE_IP \ + -DLIBVIRTD \ $(NULL)
libvirtd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
libvirtd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+virtproxyd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtproxyd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DSOCK_PREFIX="\"libvirt\"" \ + -DDAEMON_NAME="\"virtproxyd\"" \ + -DENABLE_IP \ + $(NULL) +virtproxyd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtproxyd_LDADD = $(REMOTE_DAEMON_LD_ADD) + remote/libvirtd.conf: remote/libvirtd.conf.in $(AM_V_GEN)$(SED) \ -e '/[@]CUT_ENABLE_IP[@]/d' \ @@ -201,6 +247,13 @@ remote/libvirtd.conf: remote/libvirtd.conf.in -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ < $< > $@
+remote/virtproxyd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtproxyd/' \ + < $^ > $@ + INSTALL_DATA_DIRS += remote
install-data-remote: @@ -218,6 +271,14 @@ remote/libvirtd.aug: remote/libvirtd.aug.in -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ $< > $@
+remote/virtproxyd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtproxyd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtproxyd/' \ + $< > $@ + remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf \ @@ -229,6 +290,16 @@ remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ > $@ || rm -f $@
+remote/test_virtproxyd.aug: remote/test_libvirtd.aug.in \ + remote/virtproxyd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) remote/virtproxyd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtproxyd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtproxyd/' \ + > $@ || rm -f $@ + if WITH_SYSCTL # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on # /usr/lib/sysctl.d/ even when libdir is /usr/lib64 @@ -303,11 +374,31 @@ LIBVIRTD_UNIT_VARS = \ -e 's|[@]deps[@]||g' \ $(NULL)
+VIRTD_UNIT_VARS = \ + $(COMMON_UNIT_VARS) \ + -e 's|[@]deps[@]|Conflicts=$(LIBVIRTD_SOCKET_UNIT_FILES)|g' \ + $(NULL) + +VIRTPROXYD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt proxy|g' \ + -e 's|[@]service[@]|virtproxyd|g' \ + -e 's|[@]sockprefix[@]|libvirt|g' \ + $(NULL) + libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@
libvirt%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) \ + < $< > $@-t && mv $@-t $@ + +virtproxyd.service: remote/virtproxyd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTPROXYD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtproxy%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTPROXYD_UNIT_VARS) \ + < $< > $@-t && mv $@-t $@
virt-guest-shutdown.target: remote/virt-guest-shutdown.target.in \ $(top_builddir)/config.status diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 42c51c1329..02a33d6754 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -311,10 +311,16 @@ static int daemonErrorLogFilter(virErrorPtr err, int priority)
static int daemonInitialize(void) { -#ifdef MODULE_NAME +#ifndef LIBVIRTD +# ifdef MODULE_NAME /* This a dedicated per-driver daemon build */ if (virDriverLoadModule(MODULE_NAME, MODULE_NAME "Register", true) < 0) return -1; +# else + /* This is virtproxyd which merely proxies to the per-driver + * daemons for back compat, and also allows IP connectivity. + */ +# endif #else /* This is the legacy monolithic libvirtd built with all drivers * @@ -906,9 +912,9 @@ daemonUsage(const char *argv0, bool privileged) { "-h | --help", N_("Display program help") }, { "-v | --verbose", N_("Verbose messages") }, { "-d | --daemon", N_("Run as a daemon & write PID file") }, -#ifdef ENABLE_IP +#if defined(ENABLE_IP) && defined(LIBVIRTD) { "-l | --listen", N_("Listen for TCP/IP connections") }, -#endif /* ENABLE_IP */ +#endif /* ENABLE_IP && LIBVIRTD */ { "-t | --timeout <secs>", N_("Exit after timeout period") }, { "-f | --config <file>", N_("Configuration file") }, { "-V | --version", N_("Display version information") }, @@ -985,7 +991,11 @@ int main(int argc, char **argv) { int verbose = 0; int godaemon = 0; #ifdef ENABLE_IP +# ifdef LIBVIRTD int ipsock = 0; +# else + int ipsock = 1; /* listen_tcp/listen_tls default to 0 */ +# endif #endif /* ! ENABLE_IP */ struct daemonConfig *config; bool privileged = geteuid() == 0 ? true : false; @@ -996,9 +1006,9 @@ int main(int argc, char **argv) { struct option opts[] = { { "verbose", no_argument, &verbose, 'v'}, { "daemon", no_argument, &godaemon, 'd'}, -#ifdef ENABLE_IP +#if defined(ENABLE_IP) && defined(LIBVIRTD) { "listen", no_argument, &ipsock, 'l'}, -#endif /* ! ENABLE_IP */ +#endif /* ENABLE_IP && LIBVIRTD */ { "config", required_argument, NULL, 'f'}, { "timeout", required_argument, NULL, 't'}, { "pid-file", required_argument, NULL, 'p'}, @@ -1021,11 +1031,11 @@ int main(int argc, char **argv) { int optidx = 0; int c; char *tmp; -#ifdef ENABLE_IP +#if defined(ENABLE_IP) && defined(LIBVIRTD) const char *optstr = "ldf:p:t:vVh"; -#else /* ! ENABLE_IP */ +#else /* ! ENABLE_IP && ! LIBVIRTD */ const char *optstr = "df:p:t:vVh"; -#endif /* ! ENABLE_IP */ +#endif /* ! ENABLE_IP && ! LIBVIRTD */
c = getopt_long(argc, argv, optstr, opts, &optidx);
@@ -1043,7 +1053,7 @@ int main(int argc, char **argv) { godaemon = 1; break;
-#ifdef ENABLE_IP +#if defined(ENABLE_IP) && defined(LIBVIRTD) case 'l': ipsock = 1; break; diff --git a/src/remote/remote_daemon_config.c b/src/remote/remote_daemon_config.c index 3c5ccd5ba8..f583442dc7 100644 --- a/src/remote/remote_daemon_config.c +++ b/src/remote/remote_daemon_config.c @@ -108,7 +108,11 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) return NULL;
#ifdef ENABLE_IP - data->listen_tls = 1; +# ifdef LIBVIRTD + data->listen_tls = 1; /* Only honoured it --listen is set */ +# else /* ! LIBVIRTD */ + data->listen_tls = 0; /* Always honoured, --listen doesn't exist. */ +# endif /* ! LIBVIRTD */ data->listen_tcp = 0;
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || diff --git a/src/remote/virtproxyd.service.in b/src/remote/virtproxyd.service.in new file mode 100644 index 0000000000..e99e2af19c --- /dev/null +++ b/src/remote/virtproxyd.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=Virtualization daemon +Conflicts=libvirtd.service +Requires=virtproxyd.socket +Requires=virtproxyd-ro.socket +Requires=virtproxyd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtproxyd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtproxyd.socket +Also=virtproxyd-ro.socket +Also=virtproxyd-admin.socket -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote: [...]
+++ b/src/remote/Makefile.inc.am +remote/virtproxyd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtproxyd/' \ + < $^ > $@
Unnecessary input redirection. [...]
+remote/virtproxyd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtproxyd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtproxyd/' \ + $< > $@
Same here. [...]
+remote/test_virtproxyd.aug: remote/test_libvirtd.aug.in \ + remote/virtproxyd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) remote/virtproxyd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtproxyd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtproxyd/' \ + > $@ || rm -f $@
Wrong formatting for first argument (should be on its own line). [...]
libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@
libvirt%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status - $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) \ + < $< > $@-t && mv $@-t $@
Unnecessary input redirection and questionable formatting: $(LIBVIRTD_UNIT_VARS) should be on a separate line. Also, and I'm sorry I've just noticed this, you're using 'sed' instead of $(SED). All three issues trace back to previous patches and should be fixed there.
+virtproxyd.service: remote/virtproxyd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTPROXYD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtproxy%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTPROXYD_UNIT_VARS) \ + < $< > $@-t && mv $@-t $@
These rules also suffer from all the issues listed above, but they're introduced by this patch. [...]
+++ b/src/remote/remote_daemon_config.c @@ -108,7 +108,11 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) +# ifdef LIBVIRTD + data->listen_tls = 1; /* Only honoured it --listen is set */
s/it --listen/if --listen/ -- Andrea Bolognani / Red Hat / Virtualization
The virtsecretd daemon will be responsible for providing the secret API driver functionality. The secret driver is still loaded by the main libvirtd daemon at this stage, so virtsecretd must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/secret/Makefile.inc.am | 62 +++++++++++++++++++++++++++++++ src/secret/virtsecretd.service.in | 24 ++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/secret/virtsecretd.service.in diff --git a/.gitignore b/.gitignore index 05bc166860..162b017c4a 100644 --- a/.gitignore +++ b/.gitignore @@ -166,12 +166,16 @@ /src/remote/virtproxyd.conf /src/rpc/virkeepaliveprotocol.[ch] /src/rpc/virnetprotocol.[ch] +/src/secret/test_virtsecretd.aug +/src/secret/virtsecretd.aug +/src/secret/virtsecretd.conf /src/util/virkeycodetable*.h /src/util/virkeynametable*.h /src/virt-aa-helper /src/virtlockd /src/virtlogd /src/virtproxyd +/src/virtsecretd /src/virt-guest-shutdown.target /tests/*.log /tests/*.pid diff --git a/libvirt.spec.in b/libvirt.spec.in index c7f276b2bc..7eeb2b4f07 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1634,6 +1634,14 @@ exit 0 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so %files daemon-driver-secret +%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf +%{_datadir}/augeas/lenses/virtsecretd.aug +%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug +%{_unitdir}/virtsecretd.service +%{_unitdir}/virtsecretd.socket +%{_unitdir}/virtsecretd-ro.socket +%{_unitdir}/virtsecretd-admin.socket +%attr(0755, root, root) %{_sbindir}/virtsecretd %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so %files daemon-driver-storage diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am index 7a1c8f8e1a..5535fc5862 100644 --- a/src/secret/Makefile.inc.am +++ b/src/secret/Makefile.inc.am @@ -37,4 +37,66 @@ libvirt_driver_secret_la_LIBADD = \ $(NULL) libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES) + +sbin_PROGRAMS += virtsecretd + +nodist_conf_DATA += secret/virtsecretd.conf +augeas_DATA += secret/virtsecretd.aug +augeastest_DATA += secret/test_virtsecretd.aug +CLEANFILES += secret/virtsecretd.aug + +virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtsecretd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtsecretd\"" \ + -DMODULE_NAME="\"secret\"" \ + $(NULL) +virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtsecretd.service \ + virtsecretd.socket \ + virtsecretd-ro.socket \ + virtsecretd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + secret/virtsecretd.service.in \ + $(NULL) + +VIRTSECRETD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt secret|g' \ + -e 's|[@]service[@]|virtsecretd|g' \ + -e 's|[@]sockprefix[@]|virtsecretd|g' \ + $(NULL) + +virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +secret/virtsecretd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + < $^ > $@ + +secret/virtsecretd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \ + $< > $@ + +secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \ + secret/virtsecretd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \ + > $@ || rm -f $@ + endif WITH_SECRETS diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in new file mode 100644 index 0000000000..00cdc26b97 --- /dev/null +++ b/src/secret/virtsecretd.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=Virtualization secret daemon +Conflicts=libvirtd.service +Requires=virtsecretd.socket +Requires=virtsecretd-ro.socket +Requires=virtsecretd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtsecretd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtsecretd.socket +Also=virtsecretd-ro.socket +Also=virtsecretd-admin.socket -- 2.21.0
Daniel P. Berrangé writes:
The virtsecretd daemon will be responsible for providing the secret API driver functionality. The secret driver is still loaded by the main libvirtd daemon at this stage, so virtsecretd must not be running at the same time.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/secret/Makefile.inc.am | 62 +++++++++++++++++++++++++++++++ src/secret/virtsecretd.service.in | 24 ++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/secret/virtsecretd.service.in
diff --git a/.gitignore b/.gitignore index 05bc166860..162b017c4a 100644 --- a/.gitignore +++ b/.gitignore @@ -166,12 +166,16 @@ /src/remote/virtproxyd.conf /src/rpc/virkeepaliveprotocol.[ch] /src/rpc/virnetprotocol.[ch] +/src/secret/test_virtsecretd.aug +/src/secret/virtsecretd.aug +/src/secret/virtsecretd.conf /src/util/virkeycodetable*.h /src/util/virkeynametable*.h /src/virt-aa-helper /src/virtlockd /src/virtlogd /src/virtproxyd +/src/virtsecretd /src/virt-guest-shutdown.target /tests/*.log /tests/*.pid diff --git a/libvirt.spec.in b/libvirt.spec.in index c7f276b2bc..7eeb2b4f07 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1634,6 +1634,14 @@ exit 0 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
%files daemon-driver-secret +%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf +%{_datadir}/augeas/lenses/virtsecretd.aug +%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug +%{_unitdir}/virtsecretd.service +%{_unitdir}/virtsecretd.socket +%{_unitdir}/virtsecretd-ro.socket +%{_unitdir}/virtsecretd-admin.socket +%attr(0755, root, root) %{_sbindir}/virtsecretd %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
%files daemon-driver-storage diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am index 7a1c8f8e1a..5535fc5862 100644 --- a/src/secret/Makefile.inc.am +++ b/src/secret/Makefile.inc.am @@ -37,4 +37,66 @@ libvirt_driver_secret_la_LIBADD = \ $(NULL) libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES) + +sbin_PROGRAMS += virtsecretd + +nodist_conf_DATA += secret/virtsecretd.conf +augeas_DATA += secret/virtsecretd.aug +augeastest_DATA += secret/test_virtsecretd.aug +CLEANFILES += secret/virtsecretd.aug + +virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtsecretd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtsecretd\"" \ + -DMODULE_NAME="\"secret\"" \ + $(NULL) +virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtsecretd.service \ + virtsecretd.socket \ + virtsecretd-ro.socket \ + virtsecretd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + secret/virtsecretd.service.in \ + $(NULL) + +VIRTSECRETD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt secret|g' \ + -e 's|[@]service[@]|virtsecretd|g' \ + -e 's|[@]sockprefix[@]|virtsecretd|g' \ + $(NULL) + +virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +secret/virtsecretd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + < $^ > $@ + +secret/virtsecretd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \ + $< > $@ + +secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \ + secret/virtsecretd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \ + > $@ || rm -f $@ + endif WITH_SECRETS diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in new file mode 100644 index 0000000000..00cdc26b97 --- /dev/null +++ b/src/secret/virtsecretd.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=Virtualization secret daemon +Conflicts=libvirtd.service +Requires=virtsecretd.socket +Requires=virtsecretd-ro.socket +Requires=virtsecretd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org
At some point, would it be useful to have one doc page per driver?
+ +[Service] +Type=notify +ExecStart=@sbindir@/virtsecretd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtsecretd.socket +Also=virtsecretd-ro.socket +Also=virtsecretd-admin.socket -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote: [...]
+virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +secret/virtsecretd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + < $^ > $@
Oh, you didn't replace $^ with $< here!
+secret/virtsecretd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \ + $< > $@ + +secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \ + secret/virtsecretd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \ + > $@ || rm -f $@
All of the issues mentioned in the previous patch unsurprisingly show up here as well, and they should similarly be addressed. Just to reiterate, the secret/virtsecretd.aug rule is the one that should be used as a model. The comments above also apply to patches 22-32. -- Andrea Bolognani / Red Hat / Virtualization
On Tue, Jul 30, 2019 at 04:01:15PM +0200, Andrea Bolognani wrote:
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote: [...]
+virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +secret/virtsecretd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + < $^ > $@
Oh, you didn't replace $^ with $< here!
I did the previous patch, forgetting i replicated the problem in every following patch. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
The virtnetworkd daemon will be responsible for providing the network API driver functionality. The network driver is still loaded by the main libvirtd daemon at this stage, so virtnetworkd must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/network/Makefile.inc.am | 61 +++++++++++++++++++++++++++++ src/network/virtnetworkd.service.in | 25 ++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/network/virtnetworkd.service.in diff --git a/.gitignore b/.gitignore index 162b017c4a..4101bb4564 100644 --- a/.gitignore +++ b/.gitignore @@ -154,6 +154,9 @@ /src/lxc/lxc_monitor_protocol.h /src/lxc/lxc_protocol.[ch] /src/lxc/test_libvirtd_lxc.aug +/src/network/test_virtnetworkd.aug +/src/network/virtnetworkd.aug +/src/network/virtnetworkd.conf /src/qemu/test_libvirtd_qemu.aug /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] @@ -174,6 +177,7 @@ /src/virt-aa-helper /src/virtlockd /src/virtlogd +/src/virtnetworkd /src/virtproxyd /src/virtsecretd /src/virt-guest-shutdown.target diff --git a/libvirt.spec.in b/libvirt.spec.in index 7eeb2b4f07..52a671d908 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1612,6 +1612,14 @@ exit 0 %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so %files daemon-driver-network +%config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf +%{_datadir}/augeas/lenses/virtnetworkd.aug +%{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug +%{_unitdir}/virtnetworkd.service +%{_unitdir}/virtnetworkd.socket +%{_unitdir}/virtnetworkd-ro.socket +%{_unitdir}/virtnetworkd-admin.socket +%attr(0755, root, root) %{_sbindir}/virtnetworkd %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/ %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/ %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am index 23cf39b6f4..672142452e 100644 --- a/src/network/Makefile.inc.am +++ b/src/network/Makefile.inc.am @@ -49,6 +49,67 @@ libvirt_driver_network_impl_la_CFLAGS = \ libvirt_driver_network_impl_la_SOURCES = $(NETWORK_DRIVER_SOURCES) libvirt_driver_network_impl_la_LIBADD = $(DBUS_LIBS) $(LIBXML_LIBS) +sbin_PROGRAMS += virtnetworkd + +nodist_conf_DATA += network/virtnetworkd.conf +augeas_DATA += network/virtnetworkd.aug +augeastest_DATA += network/test_virtnetworkd.aug +CLEANFILES += network/virtnetworkd.aug + +virtnetworkd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtnetworkd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtnetworkd\"" \ + -DMODULE_NAME="\"network\"" \ + $(NULL) +virtnetworkd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtnetworkd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtnetworkd.service \ + virtnetworkd.socket \ + virtnetworkd-ro.socket \ + virtnetworkd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + network/virtnetworkd.service.in \ + $(NULL) + +VIRTNETWORKD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt network|g' \ + -e 's|[@]service[@]|virtnetworkd|g' \ + -e 's|[@]sockprefix[@]|virtnetworkd|g' \ + $(NULL) + +virtnetworkd.service: network/virtnetworkd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTNETWORKD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtnetwork%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTNETWORKD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +network/virtnetworkd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnetworkd/' \ + < $^ > $@ + +network/virtnetworkd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnetworkd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtnetworkd/' \ + $< > $@ + +network/test_virtnetworkd.aug: remote/test_libvirtd.aug.in \ + network/virtnetworkd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) network/virtnetworkd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnetworkd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtnetworkd/' \ + > $@ || rm -f $@ + libexec_PROGRAMS += libvirt_leaseshelper libvirt_leaseshelper_SOURCES = $(NETWORK_LEASES_HELPER_SOURCES) libvirt_leaseshelper_LDFLAGS = \ diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in new file mode 100644 index 0000000000..656e8b4f84 --- /dev/null +++ b/src/network/virtnetworkd.service.in @@ -0,0 +1,25 @@ +[Unit] +Description=Virtualization network daemon +Conflicts=libvirtd.service +Requires=virtnetworkd.socket +Requires=virtnetworkd-ro.socket +Requires=virtnetworkd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtnetworkd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure +KillMode=process + +[Install] +WantedBy=multi-user.target +Also=virtnetworkd.socket +Also=virtnetworkd-ro.socket +Also=virtnetworkd-admin.socket -- 2.21.0
Daniel P. Berrangé writes:
The virtnetworkd daemon will be responsible for providing the network API driver functionality. The network driver is still loaded by the main libvirtd daemon at this stage, so virtnetworkd must not be running at the same time.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/network/Makefile.inc.am | 61 +++++++++++++++++++++++++++++ src/network/virtnetworkd.service.in | 25 ++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/network/virtnetworkd.service.in
diff --git a/.gitignore b/.gitignore index 162b017c4a..4101bb4564 100644 --- a/.gitignore +++ b/.gitignore @@ -154,6 +154,9 @@ /src/lxc/lxc_monitor_protocol.h /src/lxc/lxc_protocol.[ch] /src/lxc/test_libvirtd_lxc.aug +/src/network/test_virtnetworkd.aug +/src/network/virtnetworkd.aug +/src/network/virtnetworkd.conf /src/qemu/test_libvirtd_qemu.aug /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] @@ -174,6 +177,7 @@ /src/virt-aa-helper /src/virtlockd /src/virtlogd +/src/virtnetworkd /src/virtproxyd /src/virtsecretd /src/virt-guest-shutdown.target diff --git a/libvirt.spec.in b/libvirt.spec.in index 7eeb2b4f07..52a671d908 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1612,6 +1612,14 @@ exit 0 %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so
%files daemon-driver-network +%config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf +%{_datadir}/augeas/lenses/virtnetworkd.aug +%{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug +%{_unitdir}/virtnetworkd.service +%{_unitdir}/virtnetworkd.socket +%{_unitdir}/virtnetworkd-ro.socket +%{_unitdir}/virtnetworkd-admin.socket +%attr(0755, root, root) %{_sbindir}/virtnetworkd %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/ %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/ %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am index 23cf39b6f4..672142452e 100644 --- a/src/network/Makefile.inc.am +++ b/src/network/Makefile.inc.am @@ -49,6 +49,67 @@ libvirt_driver_network_impl_la_CFLAGS = \ libvirt_driver_network_impl_la_SOURCES = $(NETWORK_DRIVER_SOURCES) libvirt_driver_network_impl_la_LIBADD = $(DBUS_LIBS) $(LIBXML_LIBS)
+sbin_PROGRAMS += virtnetworkd + +nodist_conf_DATA += network/virtnetworkd.conf +augeas_DATA += network/virtnetworkd.aug +augeastest_DATA += network/test_virtnetworkd.aug +CLEANFILES += network/virtnetworkd.aug + +virtnetworkd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtnetworkd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtnetworkd\"" \ + -DMODULE_NAME="\"network\"" \ + $(NULL) +virtnetworkd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtnetworkd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtnetworkd.service \ + virtnetworkd.socket \ + virtnetworkd-ro.socket \ + virtnetworkd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + network/virtnetworkd.service.in \ + $(NULL) + +VIRTNETWORKD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt network|g' \ + -e 's|[@]service[@]|virtnetworkd|g' \ + -e 's|[@]sockprefix[@]|virtnetworkd|g' \ + $(NULL) + +virtnetworkd.service: network/virtnetworkd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTNETWORKD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtnetwork%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTNETWORKD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +network/virtnetworkd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnetworkd/' \ + < $^ > $@ + +network/virtnetworkd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnetworkd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtnetworkd/' \ + $< > $@ + +network/test_virtnetworkd.aug: remote/test_libvirtd.aug.in \ + network/virtnetworkd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) network/virtnetworkd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnetworkd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtnetworkd/' \ + > $@ || rm -f $@ + libexec_PROGRAMS += libvirt_leaseshelper libvirt_leaseshelper_SOURCES = $(NETWORK_LEASES_HELPER_SOURCES) libvirt_leaseshelper_LDFLAGS = \ diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in new file mode 100644 index 0000000000..656e8b4f84 --- /dev/null +++ b/src/network/virtnetworkd.service.in @@ -0,0 +1,25 @@ +[Unit] +Description=Virtualization network daemon +Conflicts=libvirtd.service +Requires=virtnetworkd.socket +Requires=virtnetworkd-ro.socket +Requires=virtnetworkd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8)
Maybe you need to create man page aliases for each of the new daemon names?
+Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtnetworkd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure +KillMode=process + +[Install] +WantedBy=multi-user.target +Also=virtnetworkd.socket +Also=virtnetworkd-ro.socket +Also=virtnetworkd-admin.socket -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, Jul 30, 2019 at 01:08:53PM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
The virtnetworkd daemon will be responsible for providing the network API driver functionality. The network driver is still loaded by the main libvirtd daemon at this stage, so virtnetworkd must not be running at the same time.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/network/Makefile.inc.am | 61 +++++++++++++++++++++++++++++ src/network/virtnetworkd.service.in | 25 ++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/network/virtnetworkd.service.in diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in new file mode 100644 index 0000000000..656e8b4f84 --- /dev/null +++ b/src/network/virtnetworkd.service.in @@ -0,0 +1,25 @@ +[Unit] +Description=Virtualization network daemon +Conflicts=libvirtd.service +Requires=virtnetworkd.socket +Requires=virtnetworkd-ro.socket +Requires=virtnetworkd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8)
Maybe you need to create man page aliases for each of the new daemon names?
Yes, I need to figure out a way to auto-generate the man page for each daemon with irrelevant content stripped. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 30 Jul 2019, at 13:20, Daniel P. Berrangé <berrange@redhat.com> wrote:
On Tue, Jul 30, 2019 at 01:08:53PM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
The virtnetworkd daemon will be responsible for providing the network API driver functionality. The network driver is still loaded by the main libvirtd daemon at this stage, so virtnetworkd must not be running at the same time.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/network/Makefile.inc.am | 61 +++++++++++++++++++++++++++++ src/network/virtnetworkd.service.in | 25 ++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/network/virtnetworkd.service.in diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in new file mode 100644 index 0000000000..656e8b4f84 --- /dev/null +++ b/src/network/virtnetworkd.service.in @@ -0,0 +1,25 @@ +[Unit] +Description=Virtualization network daemon +Conflicts=libvirtd.service +Requires=virtnetworkd.socket +Requires=virtnetworkd-ro.socket +Requires=virtnetworkd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8)
Maybe you need to create man page aliases for each of the new daemon names?
Yes, I need to figure out a way to auto-generate the man page for each daemon with irrelevant content stripped.
Or simply refdirect to the original man page, using the .so macro? In which case you could generate the man page with a rule like: echo “.so $LIBVIRTD_MANPAGE” > $@ (But then, maybe you really want per-daemon man page…) Thanks, Christophe
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Tue, Jul 30, 2019 at 02:52:14PM +0200, Christophe de Dinechin wrote:
On 30 Jul 2019, at 13:20, Daniel P. Berrangé <berrange@redhat.com> wrote:
On Tue, Jul 30, 2019 at 01:08:53PM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
The virtnetworkd daemon will be responsible for providing the network API driver functionality. The network driver is still loaded by the main libvirtd daemon at this stage, so virtnetworkd must not be running at the same time.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/network/Makefile.inc.am | 61 +++++++++++++++++++++++++++++ src/network/virtnetworkd.service.in | 25 ++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/network/virtnetworkd.service.in diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in new file mode 100644 index 0000000000..656e8b4f84 --- /dev/null +++ b/src/network/virtnetworkd.service.in @@ -0,0 +1,25 @@ +[Unit] +Description=Virtualization network daemon +Conflicts=libvirtd.service +Requires=virtnetworkd.socket +Requires=virtnetworkd-ro.socket +Requires=virtnetworkd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8)
Maybe you need to create man page aliases for each of the new daemon names?
Yes, I need to figure out a way to auto-generate the man page for each daemon with irrelevant content stripped.
Or simply refdirect to the original man page, using the .so macro? In which case you could generate the man page with a rule like:
echo “.so $LIBVIRTD_MANPAGE” > $@
(But then, maybe you really want per-daemon man page…)
Yes, some cli parameters are not valid with the new daemons, so we need to trim those out of the man Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
The virtinterfaced daemon will be responsible for providing the interface API driver functionality. The interface driver is still loaded by the main libvirtd daemon at this stage, so virtinterfaced must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/interface/Makefile.inc.am | 62 +++++++++++++++++++++++++ src/interface/virtinterfaced.service.in | 24 ++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/interface/virtinterfaced.service.in diff --git a/.gitignore b/.gitignore index 4101bb4564..c361d87868 100644 --- a/.gitignore +++ b/.gitignore @@ -120,6 +120,9 @@ /src/admin/admin_server_dispatch_stubs.h /src/esx/*.generated.* /src/hyperv/*.generated.* +/src/interface/test_virtinterfaced.aug +/src/interface/virtinterfaced.aug +/src/interface/virtinterfaced.conf /src/libvirt*.def /src/libvirt.syms /src/libvirt_access.syms @@ -175,6 +178,7 @@ /src/util/virkeycodetable*.h /src/util/virkeynametable*.h /src/virt-aa-helper +/src/virtinterfaced /src/virtlockd /src/virtlogd /src/virtnetworkd diff --git a/libvirt.spec.in b/libvirt.spec.in index 52a671d908..b4fab26ea4 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1609,6 +1609,14 @@ exit 0 %ghost %{_sysconfdir}/libvirt/nwfilter/*.xml %files daemon-driver-interface +%config(noreplace) %{_sysconfdir}/libvirt/virtinterfaced.conf +%{_datadir}/augeas/lenses/virtinterfaced.aug +%{_datadir}/augeas/lenses/tests/test_virtinterfaced.aug +%{_unitdir}/virtinterfaced.service +%{_unitdir}/virtinterfaced.socket +%{_unitdir}/virtinterfaced-ro.socket +%{_unitdir}/virtinterfaced-admin.socket +%attr(0755, root, root) %{_sbindir}/virtinterfaced %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so %files daemon-driver-network diff --git a/src/interface/Makefile.inc.am b/src/interface/Makefile.inc.am index 339a92786b..4c989bebec 100644 --- a/src/interface/Makefile.inc.am +++ b/src/interface/Makefile.inc.am @@ -41,4 +41,66 @@ libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS) libvirt_driver_interface_la_SOURCES += $(INTERFACE_DRIVER_UDEV_SOURCES) endif WITH_UDEV libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la + +sbin_PROGRAMS += virtinterfaced + +nodist_conf_DATA += interface/virtinterfaced.conf +augeas_DATA += interface/virtinterfaced.aug +augeastest_DATA += interface/test_virtinterfaced.aug +CLEANFILES += interface/virtinterfaced.aug + +virtinterfaced_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtinterfaced_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtinterfaced\"" \ + -DMODULE_NAME="\"interface\"" \ + $(NULL) +virtinterfaced_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtinterfaced_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtinterfaced.service \ + virtinterfaced.socket \ + virtinterfaced-ro.socket \ + virtinterfaced-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + interface/virtinterfaced.service.in \ + $(NULL) + +VIRTINTERFACED_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt interface|g' \ + -e 's|[@]service[@]|virtinterfaced|g' \ + -e 's|[@]sockprefix[@]|virtinterfaced|g' \ + $(NULL) + +virtinterfaced.service: interface/virtinterfaced.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTINTERFACED_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtinterface%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTINTERFACED_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +interface/virtinterfaced.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtinterfaced/' \ + < $^ > $@ + +interface/virtinterfaced.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtinterfaced/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtinterfaced/' \ + $< > $@ + +interface/test_virtinterfaced.aug: remote/test_libvirtd.aug.in \ + interface/virtinterfaced.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) interface/virtinterfaced.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtinterfaced/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtinterfaced/' \ + > $@ || rm -f $@ + endif WITH_INTERFACE diff --git a/src/interface/virtinterfaced.service.in b/src/interface/virtinterfaced.service.in new file mode 100644 index 0000000000..ff3a611d16 --- /dev/null +++ b/src/interface/virtinterfaced.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=Virtualization interface daemon +Conflicts=libvirtd.service +Requires=virtinterfaced.socket +Requires=virtinterfaced-ro.socket +Requires=virtinterfaced-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtinterfaced --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtinterfaced.socket +Also=virtinterfaced-ro.socket +Also=virtinterfaced-admin.socket -- 2.21.0
Daniel P. Berrangé writes:
The virtinterfaced daemon will be responsible for providing the interface API driver functionality. The interface driver is still loaded by the main libvirtd daemon at this stage, so virtinterfaced must not be running at the same time.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/interface/Makefile.inc.am | 62 +++++++++++++++++++++++++ src/interface/virtinterfaced.service.in | 24 ++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/interface/virtinterfaced.service.in
diff --git a/.gitignore b/.gitignore index 4101bb4564..c361d87868 100644 --- a/.gitignore +++ b/.gitignore @@ -120,6 +120,9 @@ /src/admin/admin_server_dispatch_stubs.h /src/esx/*.generated.* /src/hyperv/*.generated.* +/src/interface/test_virtinterfaced.aug +/src/interface/virtinterfaced.aug +/src/interface/virtinterfaced.conf /src/libvirt*.def /src/libvirt.syms /src/libvirt_access.syms @@ -175,6 +178,7 @@ /src/util/virkeycodetable*.h /src/util/virkeynametable*.h /src/virt-aa-helper +/src/virtinterfaced /src/virtlockd /src/virtlogd /src/virtnetworkd diff --git a/libvirt.spec.in b/libvirt.spec.in index 52a671d908..b4fab26ea4 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1609,6 +1609,14 @@ exit 0 %ghost %{_sysconfdir}/libvirt/nwfilter/*.xml
%files daemon-driver-interface +%config(noreplace) %{_sysconfdir}/libvirt/virtinterfaced.conf +%{_datadir}/augeas/lenses/virtinterfaced.aug +%{_datadir}/augeas/lenses/tests/test_virtinterfaced.aug +%{_unitdir}/virtinterfaced.service +%{_unitdir}/virtinterfaced.socket +%{_unitdir}/virtinterfaced-ro.socket +%{_unitdir}/virtinterfaced-admin.socket +%attr(0755, root, root) %{_sbindir}/virtinterfaced %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so
%files daemon-driver-network diff --git a/src/interface/Makefile.inc.am b/src/interface/Makefile.inc.am index 339a92786b..4c989bebec 100644 --- a/src/interface/Makefile.inc.am +++ b/src/interface/Makefile.inc.am @@ -41,4 +41,66 @@ libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS) libvirt_driver_interface_la_SOURCES += $(INTERFACE_DRIVER_UDEV_SOURCES) endif WITH_UDEV libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la + +sbin_PROGRAMS += virtinterfaced + +nodist_conf_DATA += interface/virtinterfaced.conf +augeas_DATA += interface/virtinterfaced.aug +augeastest_DATA += interface/test_virtinterfaced.aug +CLEANFILES += interface/virtinterfaced.aug + +virtinterfaced_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtinterfaced_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtinterfaced\"" \ + -DMODULE_NAME="\"interface\"" \ + $(NULL) +virtinterfaced_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtinterfaced_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtinterfaced.service \ + virtinterfaced.socket \ + virtinterfaced-ro.socket \ + virtinterfaced-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + interface/virtinterfaced.service.in \ + $(NULL) + +VIRTINTERFACED_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt interface|g' \ + -e 's|[@]service[@]|virtinterfaced|g' \ + -e 's|[@]sockprefix[@]|virtinterfaced|g' \ + $(NULL) + +virtinterfaced.service: interface/virtinterfaced.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTINTERFACED_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtinterface%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTINTERFACED_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +interface/virtinterfaced.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtinterfaced/' \ + < $^ > $@ + +interface/virtinterfaced.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtinterfaced/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtinterfaced/' \ + $< > $@ + +interface/test_virtinterfaced.aug: remote/test_libvirtd.aug.in \ + interface/virtinterfaced.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) interface/virtinterfaced.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtinterfaced/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtinterfaced/' \ + > $@ || rm -f $@ + endif WITH_INTERFACE diff --git a/src/interface/virtinterfaced.service.in b/src/interface/virtinterfaced.service.in new file mode 100644 index 0000000000..ff3a611d16 --- /dev/null +++ b/src/interface/virtinterfaced.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=Virtualization interface daemon +Conflicts=libvirtd.service +Requires=virtinterfaced.socket +Requires=virtinterfaced-ro.socket +Requires=virtinterfaced-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8)
Provide its own man page?
+Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtinterfaced --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtinterfaced.socket +Also=virtinterfaced-ro.socket +Also=virtinterfaced-admin.socket -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
The virtstoraged daemon will be responsible for providing the storage API driver functionality. The storage driver is still loaded by the main libvirtd daemon at this stage, so virtstoraged must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/storage/Makefile.inc.am | 61 +++++++++++++++++++++++++++++ src/storage/virtstoraged.service.in | 26 ++++++++++++ 4 files changed, 99 insertions(+) create mode 100644 src/storage/virtstoraged.service.in diff --git a/.gitignore b/.gitignore index c361d87868..3b86183bee 100644 --- a/.gitignore +++ b/.gitignore @@ -175,6 +175,9 @@ /src/secret/test_virtsecretd.aug /src/secret/virtsecretd.aug /src/secret/virtsecretd.conf +/src/storage/test_virtstoraged.aug +/src/storage/virtstoraged.aug +/src/storage/virtstoraged.conf /src/util/virkeycodetable*.h /src/util/virkeynametable*.h /src/virt-aa-helper @@ -184,6 +187,7 @@ /src/virtnetworkd /src/virtproxyd /src/virtsecretd +/src/virtstoraged /src/virt-guest-shutdown.target /tests/*.log /tests/*.pid diff --git a/libvirt.spec.in b/libvirt.spec.in index b4fab26ea4..c34445090d 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1663,6 +1663,14 @@ exit 0 %files daemon-driver-storage %files daemon-driver-storage-core +%config(noreplace) %{_sysconfdir}/libvirt/virtstoraged.conf +%{_datadir}/augeas/lenses/virtstoraged.aug +%{_datadir}/augeas/lenses/tests/test_virtstoraged.aug +%{_unitdir}/virtstoraged.service +%{_unitdir}/virtstoraged.socket +%{_unitdir}/virtstoraged-ro.socket +%{_unitdir}/virtstoraged-admin.socket +%attr(0755, root, root) %{_sbindir}/virtstoraged %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper %{_libdir}/%{name}/connection-driver/libvirt_driver_storage.so %{_libdir}/%{name}/storage-backend/libvirt_storage_backend_fs.so diff --git a/src/storage/Makefile.inc.am b/src/storage/Makefile.inc.am index 538709256d..767875785a 100644 --- a/src/storage/Makefile.inc.am +++ b/src/storage/Makefile.inc.am @@ -142,6 +142,67 @@ mod_LTLIBRARIES += libvirt_driver_storage.la libvirt_driver_storage_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_SOURCES) +sbin_PROGRAMS += virtstoraged + +nodist_conf_DATA += storage/virtstoraged.conf +augeas_DATA += storage/virtstoraged.aug +augeastest_DATA += storage/test_virtstoraged.aug +CLEANFILES += storage/virtstoraged.aug + +virtstoraged_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtstoraged_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtstoraged\"" \ + -DMODULE_NAME="\"storage\"" \ + $(NULL) +virtstoraged_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtstoraged_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtstoraged.service \ + virtstoraged.socket \ + virtstoraged-ro.socket \ + virtstoraged-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + storage/virtstoraged.service.in \ + $(NULL) + +VIRTSTORAGED_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt storage|g' \ + -e 's|[@]service[@]|virtstoraged|g' \ + -e 's|[@]sockprefix[@]|virtstoraged|g' \ + $(NULL) + +virtstoraged.service: storage/virtstoraged.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSTORAGED_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtstorage%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSTORAGED_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +storage/virtstoraged.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtstoraged/' \ + < $^ > $@ + +storage/virtstoraged.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtstoraged/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtstoraged/' \ + $< > $@ + +storage/test_virtstoraged.aug: remote/test_libvirtd.aug.in \ + storage/virtstoraged.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) storage/virtstoraged.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtstoraged/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtstoraged/' \ + > $@ || rm -f $@ + libvirt_storage_backend_fs_la_SOURCES = $(STORAGE_DRIVER_FS_SOURCES) libvirt_storage_backend_fs_la_CFLAGS = \ diff --git a/src/storage/virtstoraged.service.in b/src/storage/virtstoraged.service.in new file mode 100644 index 0000000000..9aa26764a9 --- /dev/null +++ b/src/storage/virtstoraged.service.in @@ -0,0 +1,26 @@ +[Unit] +Description=Virtualization storage daemon +Conflicts=libvirtd.service +Requires=virtstoraged.socket +Requires=virtstoraged-ro.socket +Requires=virtstoraged-admin.socket +After=network.target +After=dbus.service +After=iscsid.service +After=apparmor.service +After=local-fs.target +After=remote-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtstoraged --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtstoraged.socket +Also=virtstoraged-ro.socket +Also=virtstoraged-admin.socket -- 2.21.0
Daniel P. Berrangé writes:
The virtstoraged daemon will be responsible for providing the storage API driver functionality. The storage driver is still loaded by the main libvirtd daemon at this stage, so virtstoraged must not be running at the same time.
Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/storage/Makefile.inc.am | 61 +++++++++++++++++++++++++++++ src/storage/virtstoraged.service.in | 26 ++++++++++++ 4 files changed, 99 insertions(+) create mode 100644 src/storage/virtstoraged.service.in
diff --git a/.gitignore b/.gitignore index c361d87868..3b86183bee 100644 --- a/.gitignore +++ b/.gitignore @@ -175,6 +175,9 @@ /src/secret/test_virtsecretd.aug /src/secret/virtsecretd.aug /src/secret/virtsecretd.conf +/src/storage/test_virtstoraged.aug +/src/storage/virtstoraged.aug +/src/storage/virtstoraged.conf /src/util/virkeycodetable*.h /src/util/virkeynametable*.h /src/virt-aa-helper @@ -184,6 +187,7 @@ /src/virtnetworkd /src/virtproxyd /src/virtsecretd +/src/virtstoraged /src/virt-guest-shutdown.target /tests/*.log /tests/*.pid diff --git a/libvirt.spec.in b/libvirt.spec.in index b4fab26ea4..c34445090d 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1663,6 +1663,14 @@ exit 0 %files daemon-driver-storage
%files daemon-driver-storage-core +%config(noreplace) %{_sysconfdir}/libvirt/virtstoraged.conf +%{_datadir}/augeas/lenses/virtstoraged.aug +%{_datadir}/augeas/lenses/tests/test_virtstoraged.aug +%{_unitdir}/virtstoraged.service +%{_unitdir}/virtstoraged.socket +%{_unitdir}/virtstoraged-ro.socket +%{_unitdir}/virtstoraged-admin.socket +%attr(0755, root, root) %{_sbindir}/virtstoraged %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper %{_libdir}/%{name}/connection-driver/libvirt_driver_storage.so %{_libdir}/%{name}/storage-backend/libvirt_storage_backend_fs.so diff --git a/src/storage/Makefile.inc.am b/src/storage/Makefile.inc.am index 538709256d..767875785a 100644 --- a/src/storage/Makefile.inc.am +++ b/src/storage/Makefile.inc.am @@ -142,6 +142,67 @@ mod_LTLIBRARIES += libvirt_driver_storage.la libvirt_driver_storage_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_SOURCES)
+sbin_PROGRAMS += virtstoraged + +nodist_conf_DATA += storage/virtstoraged.conf +augeas_DATA += storage/virtstoraged.aug +augeastest_DATA += storage/test_virtstoraged.aug +CLEANFILES += storage/virtstoraged.aug + +virtstoraged_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtstoraged_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtstoraged\"" \ + -DMODULE_NAME="\"storage\"" \ + $(NULL) +virtstoraged_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtstoraged_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtstoraged.service \ + virtstoraged.socket \ + virtstoraged-ro.socket \ + virtstoraged-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + storage/virtstoraged.service.in \ + $(NULL) + +VIRTSTORAGED_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt storage|g' \ + -e 's|[@]service[@]|virtstoraged|g' \ + -e 's|[@]sockprefix[@]|virtstoraged|g' \ + $(NULL) + +virtstoraged.service: storage/virtstoraged.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSTORAGED_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtstorage%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTSTORAGED_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +storage/virtstoraged.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtstoraged/' \ + < $^ > $@ + +storage/virtstoraged.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtstoraged/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtstoraged/' \ + $< > $@ + +storage/test_virtstoraged.aug: remote/test_libvirtd.aug.in \ + storage/virtstoraged.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) storage/virtstoraged.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtstoraged/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtstoraged/' \ + > $@ || rm -f $@ +
libvirt_storage_backend_fs_la_SOURCES = $(STORAGE_DRIVER_FS_SOURCES) libvirt_storage_backend_fs_la_CFLAGS = \ diff --git a/src/storage/virtstoraged.service.in b/src/storage/virtstoraged.service.in new file mode 100644 index 0000000000..9aa26764a9 --- /dev/null +++ b/src/storage/virtstoraged.service.in @@ -0,0 +1,26 @@ +[Unit] +Description=Virtualization storage daemon +Conflicts=libvirtd.service +Requires=virtstoraged.socket +Requires=virtstoraged-ro.socket +Requires=virtstoraged-admin.socket +After=network.target +After=dbus.service +After=iscsid.service +After=apparmor.service +After=local-fs.target +After=remote-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtstoraged --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure
+ +[Install] +WantedBy=multi-user.target +Also=virtstoraged.socket +Also=virtstoraged-ro.socket +Also=virtstoraged-admin.socket -- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
The virtnodedevd daemon will be responsible for providing the nodedev API driver functionality. The nodedev driver is still loaded by the main libvirtd daemon at this stage, so virtnodedevd must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/node_device/Makefile.inc.am | 62 +++++++++++++++++++++++++ src/node_device/virtnodedevd.service.in | 24 ++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/node_device/virtnodedevd.service.in diff --git a/.gitignore b/.gitignore index 3b86183bee..ada72fd618 100644 --- a/.gitignore +++ b/.gitignore @@ -160,6 +160,9 @@ /src/network/test_virtnetworkd.aug /src/network/virtnetworkd.aug /src/network/virtnetworkd.conf +/src/node_device/test_virtnodedevd.aug +/src/node_device/virtnodedevd.aug +/src/node_device/virtnodedevd.conf /src/qemu/test_libvirtd_qemu.aug /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] @@ -185,6 +188,7 @@ /src/virtlockd /src/virtlogd /src/virtnetworkd +/src/virtnodedevd /src/virtproxyd /src/virtsecretd /src/virtstoraged diff --git a/libvirt.spec.in b/libvirt.spec.in index c34445090d..7519ebebcf 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1642,6 +1642,14 @@ exit 0 %endif %files daemon-driver-nodedev +%config(noreplace) %{_sysconfdir}/libvirt/virtnodedevd.conf +%{_datadir}/augeas/lenses/virtnodedevd.aug +%{_datadir}/augeas/lenses/tests/test_virtnodedevd.aug +%{_unitdir}/virtnodedevd.service +%{_unitdir}/virtnodedevd.socket +%{_unitdir}/virtnodedevd-ro.socket +%{_unitdir}/virtnodedevd-admin.socket +%attr(0755, root, root) %{_sbindir}/virtnodedevd %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so %files daemon-driver-nwfilter diff --git a/src/node_device/Makefile.inc.am b/src/node_device/Makefile.inc.am index 3e04651e8c..e71b790735 100644 --- a/src/node_device/Makefile.inc.am +++ b/src/node_device/Makefile.inc.am @@ -64,4 +64,66 @@ libvirt_driver_nodedev_la_LIBADD += \ endif WITH_UDEV libvirt_driver_nodedev_la_LIBADD += ../gnulib/lib/libgnu.la + +sbin_PROGRAMS += virtnodedevd + +nodist_conf_DATA += node_device/virtnodedevd.conf +augeas_DATA += node_device/virtnodedevd.aug +augeastest_DATA += node_device/test_virtnodedevd.aug +CLEANFILES += node_device/virtnodedevd.aug + +virtnodedevd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtnodedevd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtnodedevd\"" \ + -DMODULE_NAME="\"nodedev\"" \ + $(NULL) +virtnodedevd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtnodedevd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtnodedevd.service \ + virtnodedevd.socket \ + virtnodedevd-ro.socket \ + virtnodedevd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + node_device/virtnodedevd.service.in \ + $(NULL) + +VIRTNODEDEVD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt nodedev|g' \ + -e 's|[@]service[@]|virtnodedevd|g' \ + -e 's|[@]sockprefix[@]|virtnodedevd|g' \ + $(NULL) + +virtnodedevd.service: node_device/virtnodedevd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTNODEDEVD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtnodedev%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTNODEDEVD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +node_device/virtnodedevd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnodedevd/' \ + < $^ > $@ + +node_device/virtnodedevd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnodedevd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtnodedevd/' \ + $< > $@ + +node_device/test_virtnodedevd.aug: remote/test_libvirtd.aug.in \ + node_device/virtnodedevd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) node_device/virtnodedevd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnodedevd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtnodedevd/' \ + > $@ || rm -f $@ + endif WITH_NODE_DEVICES diff --git a/src/node_device/virtnodedevd.service.in b/src/node_device/virtnodedevd.service.in new file mode 100644 index 0000000000..132ee05a7f --- /dev/null +++ b/src/node_device/virtnodedevd.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=Virtualization nodedev daemon +Conflicts=libvirtd.service +Requires=virtnodedevd.socket +Requires=virtnodedevd-ro.socket +Requires=virtnodedevd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtnodedevd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtnodedevd.socket +Also=virtnodedevd-ro.socket +Also=virtnodedevd-admin.socket -- 2.21.0
The virtnwfilterd daemon will be responsible for providing the nwfilter API driver functionality. The nwfilter driver is still loaded by the main libvirtd daemon at this stage, so virtnwfilterd must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/nwfilter/Makefile.inc.am | 62 +++++++++++++++++++++++++++ src/nwfilter/virtnwfilterd.service.in | 24 +++++++++++ 4 files changed, 98 insertions(+) create mode 100644 src/nwfilter/virtnwfilterd.service.in diff --git a/.gitignore b/.gitignore index ada72fd618..b93fd1b044 100644 --- a/.gitignore +++ b/.gitignore @@ -163,6 +163,9 @@ /src/node_device/test_virtnodedevd.aug /src/node_device/virtnodedevd.aug /src/node_device/virtnodedevd.conf +/src/nwfilter/test_virtnwfilterd.aug +/src/nwfilter/virtnwfilterd.aug +/src/nwfilter/virtnwfilterd.conf /src/qemu/test_libvirtd_qemu.aug /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] @@ -189,6 +192,7 @@ /src/virtlogd /src/virtnetworkd /src/virtnodedevd +/src/virtnwfilterd /src/virtproxyd /src/virtsecretd /src/virtstoraged diff --git a/libvirt.spec.in b/libvirt.spec.in index 7519ebebcf..3c0194df29 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1653,6 +1653,14 @@ exit 0 %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so %files daemon-driver-nwfilter +%config(noreplace) %{_sysconfdir}/libvirt/virtnwfilterd.conf +%{_datadir}/augeas/lenses/virtnwfilterd.aug +%{_datadir}/augeas/lenses/tests/test_virtnwfilterd.aug +%{_unitdir}/virtnwfilterd.service +%{_unitdir}/virtnwfilterd.socket +%{_unitdir}/virtnwfilterd-ro.socket +%{_unitdir}/virtnwfilterd-admin.socket +%attr(0755, root, root) %{_sbindir}/virtnwfilterd %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/ %ghost %dir %{_localstatedir}/run/libvirt/network/ %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so diff --git a/src/nwfilter/Makefile.inc.am b/src/nwfilter/Makefile.inc.am index 810ca54bcc..5c5e636ccc 100644 --- a/src/nwfilter/Makefile.inc.am +++ b/src/nwfilter/Makefile.inc.am @@ -41,4 +41,66 @@ libvirt_driver_nwfilter_impl_la_LIBADD = \ ../gnulib/lib/libgnu.la \ $(NULL) libvirt_driver_nwfilter_impl_la_SOURCES = $(NWFILTER_DRIVER_SOURCES) + +sbin_PROGRAMS += virtnwfilterd + +nodist_conf_DATA += nwfilter/virtnwfilterd.conf +augeas_DATA += nwfilter/virtnwfilterd.aug +augeastest_DATA += nwfilter/test_virtnwfilterd.aug +CLEANFILES += nwfilter/virtnwfilterd.aug + +virtnwfilterd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtnwfilterd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtnwfilterd\"" \ + -DMODULE_NAME="\"nwfilter\"" \ + $(NULL) +virtnwfilterd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtnwfilterd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtnwfilterd.service \ + virtnwfilterd.socket \ + virtnwfilterd-ro.socket \ + virtnwfilterd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + nwfilter/virtnwfilterd.service.in \ + $(NULL) + +VIRTNWFILTERD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt nwfilter|g' \ + -e 's|[@]service[@]|virtnwfilterd|g' \ + -e 's|[@]sockprefix[@]|virtnwfilterd|g' \ + $(NULL) + +virtnwfilterd.service: nwfilter/virtnwfilterd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTNWFILTERD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtnwfilter%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTNWFILTERD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +nwfilter/virtnwfilterd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \ + < $^ > $@ + +nwfilter/virtnwfilterd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtnwfilterd/' \ + $< > $@ + +nwfilter/test_virtnwfilterd.aug: remote/test_libvirtd.aug.in \ + nwfilter/virtnwfilterd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) nwfilter/virtnwfilterd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtnwfilterd/' \ + > $@ || rm -f $@ + endif WITH_NWFILTER diff --git a/src/nwfilter/virtnwfilterd.service.in b/src/nwfilter/virtnwfilterd.service.in new file mode 100644 index 0000000000..57c2fafe43 --- /dev/null +++ b/src/nwfilter/virtnwfilterd.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=Virtualization nwfilter daemon +Conflicts=libvirtd.service +Requires=virtnwfilterd.socket +Requires=virtnwfilterd-ro.socket +Requires=virtnwfilterd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtnwfilterd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtnwfilterd.socket +Also=virtnwfilterd-ro.socket +Also=virtnwfilterd-admin.socket -- 2.21.0
The virtxend daemon will be responsible for providing the libxl API driver functionality. The libxl driver is still loaded by the main libvirtd daemon at this stage, so virtxend must not be running at the same time. This naming is slightly different than other drivers. With the libxl driver, the user still has a 'xen:///system' URI, and we provide it in a libvirt-daemon-xen RPM, which pulls in a libvirt-daemon-driver-libxl RPM. Arguably we could rename the libxl driver to "xen" since it is the only xen driver we have these days, and that matches how we expose it to users in the URI naming. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 +++ libvirt.spec.in | 8 +++++ src/libxl/Makefile.inc.am | 62 +++++++++++++++++++++++++++++++++++ src/libxl/virtxend.service.in | 26 +++++++++++++++ 4 files changed, 100 insertions(+) create mode 100644 src/libxl/virtxend.service.in diff --git a/.gitignore b/.gitignore index b93fd1b044..1c746cec44 100644 --- a/.gitignore +++ b/.gitignore @@ -139,6 +139,9 @@ /src/libvirtd /src/libvirtd*.logrotate /src/libxl/test_libvirtd_libxl.aug +/src/libxl/test_virtxend.aug +/src/libxl/virtxend.aug +/src/libxl/virtxend.conf /src/locking/libxl-lockd.conf /src/locking/libxl-sanlock.conf /src/locking/lock_daemon_dispatch_stubs.h @@ -188,6 +191,7 @@ /src/util/virkeynametable*.h /src/virt-aa-helper /src/virtinterfaced +/src/virtxend /src/virtlockd /src/virtlogd /src/virtnetworkd diff --git a/libvirt.spec.in b/libvirt.spec.in index 3c0194df29..a9d12faa2a 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1765,6 +1765,14 @@ exit 0 %if %{with_libxl} %files daemon-driver-libxl +%config(noreplace) %{_sysconfdir}/libvirt/virtxend.conf +%{_datadir}/augeas/lenses/virtxend.aug +%{_datadir}/augeas/lenses/tests/test_virtxend.aug +%{_unitdir}/virtxend.service +%{_unitdir}/virtxend.socket +%{_unitdir}/virtxend-ro.socket +%{_unitdir}/virtxend-admin.socket +%attr(0755, root, root) %{_sbindir}/virtxend %config(noreplace) %{_sysconfdir}/libvirt/libxl.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.libxl %config(noreplace) %{_sysconfdir}/libvirt/libxl-lockd.conf diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am index 467c2720b2..6f303cc66c 100644 --- a/src/libxl/Makefile.inc.am +++ b/src/libxl/Makefile.inc.am @@ -65,6 +65,68 @@ libvirt_driver_libxl_impl_la_LIBADD = \ $(NULL) libvirt_driver_libxl_impl_la_SOURCES = $(LIBXL_DRIVER_SOURCES) +sbin_PROGRAMS += virtxend + +nodist_conf_DATA += libxl/virtxend.conf +augeas_DATA += libxl/virtxend.aug +augeastest_DATA += libxl/test_virtxend.aug +CLEANFILES += libxl/virtxend.aug + +virtxend_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtxend_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtxend\"" \ + -DMODULE_NAME="\"libxl\"" \ + $(NULL) +virtxend_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtxend_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtxend.service \ + virtxend.socket \ + virtxend-ro.socket \ + virtxend-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + libxl/virtxend.service.in \ + $(NULL) + +VIRTXEND_UNIT_VARS = \ + $(COMMON_UNIT_VARS) \ + -e 's|[@]deps[@]|Conflicts=$(LIBVIRTD_SOCKET_UNIT_FILES)\nConditionPathExists=/proc/xen/capabilities|g' \ + -e 's|[@]name[@]|Libvirt libxl|g' \ + -e 's|[@]service[@]|virtxend|g' \ + -e 's|[@]sockprefix[@]|virtxend|g' \ + $(NULL) + +virtxend.service: libxl/virtxend.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTXEND_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtxen%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTXEND_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +libxl/virtxend.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtxend/' \ + < $^ > $@ + +libxl/virtxend.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtxend/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtxend/' \ + $< > $@ + +libxl/test_virtxend.aug: remote/test_libvirtd.aug.in \ + libxl/virtxend.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) libxl/virtxend.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtxend/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtxend/' \ + > $@ || rm -f $@ + conf_DATA += libxl/libxl.conf augeas_DATA += libxl/libvirtd_libxl.aug augeastest_DATA += libxl/test_libvirtd_libxl.aug diff --git a/src/libxl/virtxend.service.in b/src/libxl/virtxend.service.in new file mode 100644 index 0000000000..059d79be77 --- /dev/null +++ b/src/libxl/virtxend.service.in @@ -0,0 +1,26 @@ +[Unit] +Description=Virtualization xen daemon +Conflicts=libvirtd.service +Requires=virtxend.socket +Requires=virtxend-ro.socket +Requires=virtxend-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +After=remote-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org +ConditionPathExists=/proc/xen/capabilities + +[Service] +Type=notify +ExecStart=@sbindir@/virtxend --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtxend.socket +Also=virtxend-ro.socket +Also=virtxend-admin.socket -- 2.21.0
The virtqemud daemon will be responsible for providing the qemu API driver functionality. The qemu driver is still loaded by the main libvirtd daemon at this stage, so virtqemud must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 +++ libvirt.spec.in | 8 +++++ src/qemu/Makefile.inc.am | 61 +++++++++++++++++++++++++++++++++++ src/qemu/virtqemud.service.in | 40 +++++++++++++++++++++++ 4 files changed, 113 insertions(+) create mode 100644 src/qemu/virtqemud.service.in diff --git a/.gitignore b/.gitignore index 1c746cec44..d23ffa94f0 100644 --- a/.gitignore +++ b/.gitignore @@ -170,6 +170,9 @@ /src/nwfilter/virtnwfilterd.aug /src/nwfilter/virtnwfilterd.conf /src/qemu/test_libvirtd_qemu.aug +/src/qemu/test_virtqemud.aug +/src/qemu/virtqemud.aug +/src/qemu/virtqemud.conf /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] /src/remote/*_stubs.h @@ -198,6 +201,7 @@ /src/virtnodedevd /src/virtnwfilterd /src/virtproxyd +/src/virtqemud /src/virtsecretd /src/virtstoraged /src/virt-guest-shutdown.target diff --git a/libvirt.spec.in b/libvirt.spec.in index a9d12faa2a..f86b0212c7 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1735,6 +1735,14 @@ exit 0 %if %{with_qemu} %files daemon-driver-qemu +%config(noreplace) %{_sysconfdir}/libvirt/virtqemud.conf +%{_datadir}/augeas/lenses/virtqemud.aug +%{_datadir}/augeas/lenses/tests/test_virtqemud.aug +%{_unitdir}/virtqemud.service +%{_unitdir}/virtqemud.socket +%{_unitdir}/virtqemud-ro.socket +%{_unitdir}/virtqemud-admin.socket +%attr(0755, root, root) %{_sbindir}/virtqemud %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/ %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/ %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am index 12236a9e7b..215283cecd 100644 --- a/src/qemu/Makefile.inc.am +++ b/src/qemu/Makefile.inc.am @@ -112,6 +112,67 @@ CLEANFILES += \ endif WITH_DTRACE_PROBES +sbin_PROGRAMS += virtqemud + +nodist_conf_DATA += qemu/virtqemud.conf +augeas_DATA += qemu/virtqemud.aug +augeastest_DATA += qemu/test_virtqemud.aug +CLEANFILES += qemu/virtqemud.aug + +virtqemud_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtqemud_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtqemud\"" \ + -DMODULE_NAME="\"qemu\"" \ + $(NULL) +virtqemud_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtqemud_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtqemud.service \ + virtqemud.socket \ + virtqemud-ro.socket \ + virtqemud-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + qemu/virtqemud.service.in \ + $(NULL) + +VIRTQEMUD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt qemu|g' \ + -e 's|[@]service[@]|virtqemud|g' \ + -e 's|[@]sockprefix[@]|virtqemud|g' \ + $(NULL) + +virtqemud.service: qemu/virtqemud.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTQEMUD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtqemu%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTQEMUD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +qemu/virtqemud.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtqemud/' \ + < $^ > $@ + +qemu/virtqemud.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtqemud/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtqemud/' \ + $< > $@ + +qemu/test_virtqemud.aug: remote/test_libvirtd.aug.in \ + qemu/virtqemud.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) qemu/virtqemud.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtqemud/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtqemud/' \ + > $@ || rm -f $@ + conf_DATA += qemu/qemu.conf augeas_DATA += qemu/libvirtd_qemu.aug diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in new file mode 100644 index 0000000000..44eb2a2bf7 --- /dev/null +++ b/src/qemu/virtqemud.service.in @@ -0,0 +1,40 @@ +[Unit] +Description=Virtualization qemu daemon +Conflicts=libvirtd.service +Requires=virtqemud.socket +Requires=virtqemud-ro.socket +Requires=virtqemud-admin.socket +Wants=systemd-machined.service +Before=libvirt-guests.service +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +After=remote-fs.target +After=systemd-logind.service +After=systemd-machined.service +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtqemud --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent). +# eg if we want to support 4096 guests, we'll typically need 8192 FDs +# If changing this, also consider virtlogd.service & virtlockd.service +# limits which are also related to number of guests +LimitNOFILE=8192 +# The cgroups pids controller can limit the number of tasks started by +# the daemon, which can limit the number of domains for some hypervisors. +# A conservative default of 8 tasks per guest results in a TasksMax of +# 32k to support 4096 guests. +TasksMax=32768 + +[Install] +WantedBy=multi-user.target +Also=virtqemud.socket +Also=virtqemud-ro.socket +Also=virtqemud-admin.socket -- 2.21.0
The virtlxcd daemon will be responsible for providing the lxc API driver functionality. The lxc driver is still loaded by the main libvirtd daemon at this stage, so virtlxcd must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 +++ libvirt.spec.in | 8 +++++ src/lxc/Makefile.inc.am | 62 +++++++++++++++++++++++++++++++++++++ src/lxc/virtlxcd.service.in | 40 ++++++++++++++++++++++++ 4 files changed, 114 insertions(+) create mode 100644 src/lxc/virtlxcd.service.in diff --git a/.gitignore b/.gitignore index d23ffa94f0..d279c7bc1f 100644 --- a/.gitignore +++ b/.gitignore @@ -160,6 +160,9 @@ /src/lxc/lxc_monitor_protocol.h /src/lxc/lxc_protocol.[ch] /src/lxc/test_libvirtd_lxc.aug +/src/lxc/test_virtlxcd.aug +/src/lxc/virtlxcd.aug +/src/lxc/virtlxcd.conf /src/network/test_virtnetworkd.aug /src/network/virtnetworkd.aug /src/network/virtnetworkd.conf @@ -197,6 +200,7 @@ /src/virtxend /src/virtlockd /src/virtlogd +/src/virtlxcd /src/virtnetworkd /src/virtnodedevd /src/virtnwfilterd diff --git a/libvirt.spec.in b/libvirt.spec.in index f86b0212c7..81fc1481e0 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1760,6 +1760,14 @@ exit 0 %if %{with_lxc} %files daemon-driver-lxc +%config(noreplace) %{_sysconfdir}/libvirt/virtlxcd.conf +%{_datadir}/augeas/lenses/virtlxcd.aug +%{_datadir}/augeas/lenses/tests/test_virtlxcd.aug +%{_unitdir}/virtlxcd.service +%{_unitdir}/virtlxcd.socket +%{_unitdir}/virtlxcd-ro.socket +%{_unitdir}/virtlxcd-admin.socket +%attr(0755, root, root) %{_sbindir}/virtlxcd %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/ %config(noreplace) %{_sysconfdir}/libvirt/lxc.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc diff --git a/src/lxc/Makefile.inc.am b/src/lxc/Makefile.inc.am index 0c241fc5c1..4960ee4324 100644 --- a/src/lxc/Makefile.inc.am +++ b/src/lxc/Makefile.inc.am @@ -110,6 +110,68 @@ endif WITH_BLKID libvirt_driver_lxc_impl_la_LIBADD += $(SECDRIVER_LIBS) libvirt_driver_lxc_impl_la_SOURCES = $(LXC_DRIVER_SOURCES) + +sbin_PROGRAMS += virtlxcd + +nodist_conf_DATA += lxc/virtlxcd.conf +augeas_DATA += lxc/virtlxcd.aug +augeastest_DATA += lxc/test_virtlxcd.aug +CLEANFILES += lxc/virtlxcd.aug + +virtlxcd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtlxcd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtlxcd\"" \ + -DMODULE_NAME="\"lxc\"" \ + $(NULL) +virtlxcd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtlxcd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtlxcd.service \ + virtlxcd.socket \ + virtlxcd-ro.socket \ + virtlxcd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + lxc/virtlxcd.service.in \ + $(NULL) + +VIRTLXCD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt lxc|g' \ + -e 's|[@]service[@]|virtlxcd|g' \ + -e 's|[@]sockprefix[@]|virtlxcd|g' \ + $(NULL) + +virtlxcd.service: lxc/virtlxcd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTLXCD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtlxc%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTLXCD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +lxc/virtlxcd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtlxcd/' \ + < $^ > $@ + +lxc/virtlxcd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtlxcd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtlxcd/' \ + $< > $@ + +lxc/test_virtlxcd.aug: remote/test_libvirtd.aug.in \ + lxc/virtlxcd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) lxc/virtlxcd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtlxcd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtlxcd/' \ + > $@ || rm -f $@ + libexec_PROGRAMS += libvirt_lxc libvirt_lxc_SOURCES = \ diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in new file mode 100644 index 0000000000..c732499a64 --- /dev/null +++ b/src/lxc/virtlxcd.service.in @@ -0,0 +1,40 @@ +[Unit] +Description=Virtualization lxc daemon +Conflicts=libvirtd.service +Requires=virtlxcd.socket +Requires=virtlxcd-ro.socket +Requires=virtlxcd-admin.socket +Wants=systemd-machined.service +Before=libvirt-guests.service +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +After=remote-fs.target +After=systemd-logind.service +After=systemd-machined.service +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtlxcd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent). +# eg if we want to support 4096 guests, we'll typically need 8192 FDs +# If changing this, also consider virtlogd.service & virtlockd.service +# limits which are also related to number of guests +LimitNOFILE=8192 +# The cgroups pids controller can limit the number of tasks started by +# the daemon, which can limit the number of domains for some hypervisors. +# A conservative default of 8 tasks per guest results in a TasksMax of +# 32k to support 4096 guests. +TasksMax=32768 + +[Install] +WantedBy=multi-user.target +Also=virtlxcd.socket +Also=virtlxcd-ro.socket +Also=virtlxcd-admin.socket -- 2.21.0
The virtvboxd daemon will be responsible for providing the vbox API driver functionality. The vbox driver is still loaded by the main libvirtd daemon at this stage, so virtvboxd must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 +++ libvirt.spec.in | 8 +++++ src/vbox/Makefile.inc.am | 62 +++++++++++++++++++++++++++++++++++ src/vbox/virtvboxd.service.in | 25 ++++++++++++++ 4 files changed, 99 insertions(+) create mode 100644 src/vbox/virtvboxd.service.in diff --git a/.gitignore b/.gitignore index d279c7bc1f..a23828cce6 100644 --- a/.gitignore +++ b/.gitignore @@ -195,6 +195,9 @@ /src/storage/virtstoraged.conf /src/util/virkeycodetable*.h /src/util/virkeynametable*.h +/src/vbox/test_virtvboxd.aug +/src/vbox/virtvboxd.aug +/src/vbox/virtvboxd.conf /src/virt-aa-helper /src/virtinterfaced /src/virtxend @@ -208,6 +211,7 @@ /src/virtqemud /src/virtsecretd /src/virtstoraged +/src/virtvboxd /src/virt-guest-shutdown.target /tests/*.log /tests/*.pid diff --git a/libvirt.spec.in b/libvirt.spec.in index 81fc1481e0..c1da28892a 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1802,6 +1802,14 @@ exit 0 %if %{with_vbox} %files daemon-driver-vbox +%config(noreplace) %{_sysconfdir}/libvirt/virtvboxd.conf +%{_datadir}/augeas/lenses/virtvboxd.aug +%{_datadir}/augeas/lenses/tests/test_virtvboxd.aug +%{_unitdir}/virtvboxd.service +%{_unitdir}/virtvboxd.socket +%{_unitdir}/virtvboxd-ro.socket +%{_unitdir}/virtvboxd-admin.socket +%attr(0755, root, root) %{_sbindir}/virtvboxd %{_libdir}/%{name}/connection-driver/libvirt_driver_vbox.so %endif diff --git a/src/vbox/Makefile.inc.am b/src/vbox/Makefile.inc.am index 95407778f7..74f274eb6a 100644 --- a/src/vbox/Makefile.inc.am +++ b/src/vbox/Makefile.inc.am @@ -63,4 +63,66 @@ libvirt_driver_vbox_impl_la_LIBADD = \ $(LIBXML_LIBS) \ $(NULL) libvirt_driver_vbox_impl_la_SOURCES = $(VBOX_DRIVER_SOURCES) + +sbin_PROGRAMS += virtvboxd + +nodist_conf_DATA += vbox/virtvboxd.conf +augeas_DATA += vbox/virtvboxd.aug +augeastest_DATA += vbox/test_virtvboxd.aug +CLEANFILES += vbox/virtvboxd.aug + +virtvboxd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtvboxd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtvboxd\"" \ + -DMODULE_NAME="\"vbox\"" \ + $(NULL) +virtvboxd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtvboxd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtvboxd.service \ + virtvboxd.socket \ + virtvboxd-ro.socket \ + virtvboxd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + vbox/virtvboxd.service.in \ + $(NULL) + +VIRTVBOXD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt vbox|g' \ + -e 's|[@]service[@]|virtvboxd|g' \ + -e 's|[@]sockprefix[@]|virtvboxd|g' \ + $(NULL) + +virtvboxd.service: vbox/virtvboxd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTVBOXD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtvbox%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTVBOXD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +vbox/virtvboxd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtvboxd/' \ + < $^ > $@ + +vbox/virtvboxd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtvboxd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtvboxd/' \ + $< > $@ + +vbox/test_virtvboxd.aug: remote/test_libvirtd.aug.in \ + vbox/virtvboxd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) vbox/virtvboxd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtvboxd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtvboxd/' \ + > $@ || rm -f $@ + endif WITH_VBOX diff --git a/src/vbox/virtvboxd.service.in b/src/vbox/virtvboxd.service.in new file mode 100644 index 0000000000..7e0f7518d6 --- /dev/null +++ b/src/vbox/virtvboxd.service.in @@ -0,0 +1,25 @@ +[Unit] +Description=Virtualization vbox daemon +Conflicts=libvirtd.service +Requires=virtvboxd.socket +Requires=virtvboxd-ro.socket +Requires=virtvboxd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +After=remote-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtvboxd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtvboxd.socket +Also=virtvboxd-ro.socket +Also=virtvboxd-admin.socket -- 2.21.0
The virtbhyved daemon will be responsible for providing the bhyve API driver functionality. The bhyve driver is still loaded by the main libvirtd daemon at this stage, so virtbhyved must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 ++++ src/bhyve/Makefile.inc.am | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/.gitignore b/.gitignore index a23828cce6..4e46adaa55 100644 --- a/.gitignore +++ b/.gitignore @@ -118,6 +118,9 @@ /src/admin/admin_client.h /src/admin/admin_protocol.[ch] /src/admin/admin_server_dispatch_stubs.h +/src/bhyve/test_virtbhyved.aug +/src/bhyve/virtbhyved.aug +/src/bhyve/virtbhyved.conf /src/esx/*.generated.* /src/hyperv/*.generated.* /src/interface/test_virtinterfaced.aug @@ -199,6 +202,7 @@ /src/vbox/virtvboxd.aug /src/vbox/virtvboxd.conf /src/virt-aa-helper +/src/virtbhyved /src/virtinterfaced /src/virtxend /src/virtlockd diff --git a/src/bhyve/Makefile.inc.am b/src/bhyve/Makefile.inc.am index 8b662e9775..210f04f240 100644 --- a/src/bhyve/Makefile.inc.am +++ b/src/bhyve/Makefile.inc.am @@ -47,6 +47,44 @@ libvirt_driver_bhyve_impl_la_CFLAGS = \ libvirt_driver_bhyve_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_bhyve_impl_la_SOURCES = $(BHYVE_DRIVER_SOURCES) +sbin_PROGRAMS += virtbhyved + +nodist_conf_DATA += bhyve/virtbhyved.conf +augeas_DATA += bhyve/virtbhyved.aug +augeastest_DATA += bhyve/test_virtbhyved.aug +CLEANFILES += bhyve/virtbhyved.aug + +virtbhyved_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtbhyved_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtbhyved\"" \ + -DMODULE_NAME="\"bhyve\"" \ + $(NULL) +virtbhyved_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtbhyved_LDADD = $(REMOTE_DAEMON_LD_ADD) + +bhyve/virtbhyved.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtbhyved/' \ + < $^ > $@ + +bhyve/virtbhyved.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtbhyved/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtbhyved/' \ + $< > $@ + +bhyve/test_virtbhyved.aug: remote/test_libvirtd.aug.in \ + bhyve/virtbhyved.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) bhyve/virtbhyved.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtbhyved/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtbhyved/' \ + > $@ || rm -f $@ + conf_DATA += bhyve/bhyve.conf augeas_DATA += bhyve/libvirtd_bhyve.aug augeastest_DATA += bhyve/test_libvirtd_bhyve.aug -- 2.21.0
The virtvzd daemon will be responsible for providing the vz API driver functionality. The vz driver is still loaded by the main libvirtd daemon at this stage, so virtvzd must not be running at the same time. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitignore | 4 +++ src/vz/Makefile.inc.am | 62 +++++++++++++++++++++++++++++++++++++++ src/vz/virtvzd.service.in | 25 ++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 src/vz/virtvzd.service.in diff --git a/.gitignore b/.gitignore index 4e46adaa55..e35a3409f2 100644 --- a/.gitignore +++ b/.gitignore @@ -216,7 +216,11 @@ /src/virtsecretd /src/virtstoraged /src/virtvboxd +/src/virtvzd /src/virt-guest-shutdown.target +/src/vz/test_virtvzd.aug +/src/vz/virtvzd.aug +/src/vz/virtvzd.conf /tests/*.log /tests/*.pid /tests/*.trs diff --git a/src/vz/Makefile.inc.am b/src/vz/Makefile.inc.am index a3a146c627..0176586d4c 100644 --- a/src/vz/Makefile.inc.am +++ b/src/vz/Makefile.inc.am @@ -37,4 +37,66 @@ libvirt_driver_vz_impl_la_LIBADD = \ $(PARALLELS_SDK_LIBS) \ $(LIBNL_LIBS) \ $(NULL) + +sbin_PROGRAMS += virtvzd + +nodist_conf_DATA += vz/virtvzd.conf +augeas_DATA += vz/virtvzd.aug +augeastest_DATA += vz/test_virtvzd.aug +CLEANFILES += vz/virtvzd.aug + +virtvzd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtvzd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtvzd\"" \ + -DMODULE_NAME="\"vz\"" \ + $(NULL) +virtvzd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtvzd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtvzd.service \ + virtvzd.socket \ + virtvzd-ro.socket \ + virtvzd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + vz/virtvzd.service.in \ + $(NULL) + +VIRTVZD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt vz|g' \ + -e 's|[@]service[@]|virtvzd|g' \ + -e 's|[@]sockprefix[@]|virtvzd|g' \ + $(NULL) + +virtvzd.service: vz/virtvzd.service.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTVZD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +virtvz%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)sed $(VIRTVZD_UNIT_VARS) < $< > $@-t && mv $@-t $@ + +vz/virtvzd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)sed \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtvzd/' \ + < $^ > $@ + +vz/virtvzd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtvzd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtvzd/' \ + $< > $@ + +vz/test_virtvzd.aug: remote/test_libvirtd.aug.in \ + vz/virtvzd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) vz/virtvzd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtvzd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtvzd/' \ + > $@ || rm -f $@ + endif WITH_VZ diff --git a/src/vz/virtvzd.service.in b/src/vz/virtvzd.service.in new file mode 100644 index 0000000000..cd0f558768 --- /dev/null +++ b/src/vz/virtvzd.service.in @@ -0,0 +1,25 @@ +[Unit] +Description=Virtualization vz daemon +Conflicts=libvirtd.service +Requires=virtvzd.socket +Requires=virtvzd-ro.socket +Requires=virtvzd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +After=remote-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtvzd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtvzd.socket +Also=virtvzd-ro.socket +Also=virtvzd-admin.socket -- 2.21.0
The admin client now supports addressing the per-driver daemons using the obvious URI schemes for each daemon. eg virtqemud:///system virtqemud:///session, etc. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt-admin.c | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/src/libvirt-admin.c b/src/libvirt-admin.c index 74dedf64d8..fa077d5a46 100644 --- a/src/libvirt-admin.c +++ b/src/libvirt-admin.c @@ -36,10 +36,6 @@ #define VIR_FROM_THIS VIR_FROM_ADMIN -#define LIBVIRTD_ADMIN_SOCK_NAME "libvirt-admin-sock" -#define VIRTLOGD_ADMIN_SOCK_NAME "virtlogd-admin-sock" -#define VIRTLOCKD_ADMIN_SOCK_NAME "virtlockd-admin-sock" - VIR_LOG_INIT("libvirt-admin"); @@ -127,27 +123,29 @@ getSocketPath(virURIPtr uri) } if (!sock_path) { - const char *sockbase = NULL; - if (STREQ_NULLABLE(uri->scheme, "libvirtd")) { - sockbase = LIBVIRTD_ADMIN_SOCK_NAME; - } else if (STREQ_NULLABLE(uri->scheme, "virtlogd")) { - sockbase = VIRTLOGD_ADMIN_SOCK_NAME; - } else if (STREQ_NULLABLE(uri->scheme, "virtlockd")) { - sockbase = VIRTLOCKD_ADMIN_SOCK_NAME; - } else { + bool legacy = false; + if (!uri->scheme) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + "%s", _("No URI scheme specified")); + goto error; + } + if (STREQ(uri->scheme, "libvirtd")) { + legacy = true; + } else if (!STRPREFIX(uri->scheme, "virt")) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Unsupported URI scheme '%s'"), - NULLSTR(uri->scheme)); + uri->scheme); goto error; } if (STREQ_NULLABLE(uri->path, "/system")) { - if (virAsprintf(&sock_path, LOCALSTATEDIR "/run/libvirt/%s", - sockbase) < 0) + if (virAsprintf(&sock_path, "%s/run/libvirt/%s-admin-sock", + LOCALSTATEDIR, + legacy ? "libvirt" : uri->scheme) < 0) goto error; } else if (STREQ_NULLABLE(uri->path, "/session")) { - if (!rundir || virAsprintf(&sock_path, "%s/%s", rundir, - sockbase) < 0) + if (!rundir || virAsprintf(&sock_path, "%s/%s-admin-sock", rundir, + legacy ? "libvirt" : uri->scheme) < 0) goto error; } else { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, -- 2.21.0
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
+++ b/src/libvirt-admin.c @@ -127,27 +123,29 @@ getSocketPath(virURIPtr uri) if (STREQ_NULLABLE(uri->path, "/system")) { - if (virAsprintf(&sock_path, LOCALSTATEDIR "/run/libvirt/%s", - sockbase) < 0) + if (virAsprintf(&sock_path, "%s/run/libvirt/%s-admin-sock", + LOCALSTATEDIR, + legacy ? "libvirt" : uri->scheme) < 0) goto error; } else if (STREQ_NULLABLE(uri->path, "/session")) { - if (!rundir || virAsprintf(&sock_path, "%s/%s", rundir, - sockbase) < 0) + if (!rundir || virAsprintf(&sock_path, "%s/%s-admin-sock", rundir, + legacy ? "libvirt" : uri->scheme) < 0) goto error;
I'm not sure why I didn't suggest this during the previous review round, but you could also do something like VIR_AUTOFREE(char *) sockbase = NULL; /* ... */ if (legacy) { if (VIR_STRDUP(sockbase, "libvirt-admin-sock") < 0) goto error; } else { if (virAsprintf(&sockbase, "%s-admin-sock", uri->scheme) < 0) goto error; } or even VIR_AUTOFREE(char *) sockbase = NULL; /* ... */ if (virAsprintf(&sockbase, "%s-admin-sock", legacy ? "libvirt" : uri->scheme) < 0) { goto error; } and then keep using sockbase when building sock_path, getting rid of the duplicated Elvis operator in the process. But either version works, really. -- Andrea Bolognani / Red Hat / Virtualization
The client parameter is always used to get access to the private data struct. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon_dispatch.c | 98 ++++++++++++++--------------- 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 444c03a644..0145279d72 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -2006,7 +2006,7 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchConnectClose(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED) { @@ -2017,7 +2017,7 @@ remoteDispatchConnectClose(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetSchedulerType(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_scheduler_type_args *args, @@ -2054,7 +2054,7 @@ remoteDispatchDomainGetSchedulerType(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_scheduler_parameters_args *args, @@ -2104,7 +2104,7 @@ remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS static int remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_scheduler_parameters_flags_args *args, @@ -2155,7 +2155,7 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE static int remoteDispatchDomainMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_memory_stats_args *args, @@ -2213,7 +2213,7 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainBlockPeek(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_block_peek_args *args, @@ -2267,7 +2267,7 @@ remoteDispatchDomainBlockPeek(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainBlockStatsFlags(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_block_stats_flags_args *args, @@ -2330,7 +2330,7 @@ remoteDispatchDomainBlockStatsFlags(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMemoryPeek(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_memory_peek_args *args, @@ -2382,7 +2382,7 @@ remoteDispatchDomainMemoryPeek(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetSecurityLabel(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_security_label_args *args, @@ -2426,7 +2426,7 @@ remoteDispatchDomainGetSecurityLabel(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetSecurityLabelList(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_security_label_list_args *args, @@ -2483,7 +2483,7 @@ remoteDispatchDomainGetSecurityLabelList(virNetServerPtr server ATTRIBUTE_UNUSED static int remoteDispatchNodeGetSecurityModel(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_node_get_security_model_ret *ret) @@ -2522,7 +2522,7 @@ remoteDispatchNodeGetSecurityModel(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetVcpuPinInfo(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_vcpu_pin_info_args *args, @@ -2623,7 +2623,7 @@ remoteDispatchDomainPinEmulator(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetEmulatorPinInfo(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_emulator_pin_info_args *args, @@ -2672,7 +2672,7 @@ remoteDispatchDomainGetEmulatorPinInfo(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetVcpus(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_vcpus_args *args, @@ -2825,7 +2825,7 @@ remoteDispatchDomainGetIOThreadInfo(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMigratePrepare(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_prepare_args *args, @@ -2880,7 +2880,7 @@ remoteDispatchDomainMigratePrepare(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMigratePrepare2(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_prepare2_args *args, @@ -2932,7 +2932,7 @@ remoteDispatchDomainMigratePrepare2(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_memory_parameters_args *args, @@ -2994,7 +2994,7 @@ remoteDispatchDomainGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetNumaParameters(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_numa_parameters_args *args, @@ -3056,7 +3056,7 @@ remoteDispatchDomainGetNumaParameters(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetBlkioParameters(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_blkio_parameters_args *args, @@ -3118,7 +3118,7 @@ remoteDispatchDomainGetBlkioParameters(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchNodeGetCPUStats(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_node_get_cpu_stats_args *args, @@ -3190,7 +3190,7 @@ remoteDispatchNodeGetCPUStats(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchNodeGetMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_node_get_memory_stats_args *args, @@ -3262,7 +3262,7 @@ remoteDispatchNodeGetMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetLaunchSecurityInfo(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_launch_security_info_args *args, @@ -3309,7 +3309,7 @@ remoteDispatchDomainGetLaunchSecurityInfo(virNetServerPtr server ATTRIBUTE_UNUSE static int remoteDispatchDomainGetPerfEvents(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_perf_events_args *args, @@ -3356,7 +3356,7 @@ remoteDispatchDomainGetPerfEvents(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetBlockJobInfo(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_block_job_info_args *args, @@ -3396,7 +3396,7 @@ remoteDispatchDomainGetBlockJobInfo(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetBlockIoTune(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr hdr ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_block_io_tune_args *args, @@ -3974,7 +3974,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server, static int remoteDispatchNodeDeviceGetParent(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_node_device_get_parent_args *args, @@ -4230,7 +4230,7 @@ remoteDispatchObjectEventSend(virNetServerClientPtr client, static int remoteDispatchSecretGetValue(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_secret_get_value_args *args, @@ -4268,7 +4268,7 @@ remoteDispatchSecretGetValue(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetState(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_state_args *args, @@ -4562,7 +4562,7 @@ remoteDispatchConnectDomainEventCallbackDeregisterAny(virNetServerPtr server ATT static int qemuDispatchDomainMonitorCommand(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, qemu_domain_monitor_command_args *args, @@ -4597,7 +4597,7 @@ qemuDispatchDomainMonitorCommand(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMigrateBegin3(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_begin3_args *args, @@ -4648,7 +4648,7 @@ remoteDispatchDomainMigrateBegin3(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMigratePrepare3(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_prepare3_args *args, @@ -4704,7 +4704,7 @@ remoteDispatchDomainMigratePrepare3(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMigratePerform3(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_perform3_args *args, @@ -4759,7 +4759,7 @@ remoteDispatchDomainMigratePerform3(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMigrateFinish3(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_finish3_args *args, @@ -4813,7 +4813,7 @@ remoteDispatchDomainMigrateFinish3(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMigrateConfirm3(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_confirm3_args *args) @@ -4913,7 +4913,7 @@ static int remoteDispatchConnectSupportsFeature(virNetServerPtr server ATTRIBUTE static int remoteDispatchDomainOpenGraphics(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg, virNetMessageErrorPtr rerr, remote_domain_open_graphics_args *args) @@ -4954,7 +4954,7 @@ remoteDispatchDomainOpenGraphics(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainOpenGraphicsFd(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg, virNetMessageErrorPtr rerr, remote_domain_open_graphics_fd_args *args) @@ -4997,7 +4997,7 @@ remoteDispatchDomainOpenGraphicsFd(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainGetInterfaceParameters(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_interface_parameters_args *args, @@ -5060,7 +5060,7 @@ remoteDispatchDomainGetInterfaceParameters(virNetServerPtr server ATTRIBUTE_UNUS static int remoteDispatchDomainGetCPUStats(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr hdr ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_get_cpu_stats_args *args, @@ -5192,7 +5192,7 @@ remoteDispatchDomainGetDiskErrors(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchNodeGetSevInfo(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_node_get_sev_info_args *args, @@ -5236,7 +5236,7 @@ remoteDispatchNodeGetSevInfo(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchNodeGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_node_get_memory_parameters_args *args, @@ -5293,7 +5293,7 @@ remoteDispatchNodeGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchNodeGetCPUMap(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_node_get_cpu_map_args *args, @@ -5340,7 +5340,7 @@ remoteDispatchNodeGetCPUMap(virNetServerPtr server ATTRIBUTE_UNUSED, static int lxcDispatchDomainOpenNamespace(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, lxc_domain_open_namespace_args *args) @@ -5440,7 +5440,7 @@ remoteDispatchDomainGetJobStats(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMigrateBegin3Params(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_begin3_params_args *args, @@ -5497,7 +5497,7 @@ remoteDispatchDomainMigrateBegin3Params(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchDomainMigratePrepare3Params(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_prepare3_params_args *args, @@ -5627,7 +5627,7 @@ remoteDispatchDomainMigratePrepareTunnel3Params(virNetServerPtr server ATTRIBUTE static int remoteDispatchDomainMigratePerform3Params(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_perform3_params_args *args, @@ -5688,7 +5688,7 @@ remoteDispatchDomainMigratePerform3Params(virNetServerPtr server ATTRIBUTE_UNUSE static int remoteDispatchDomainMigrateFinish3Params(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_finish3_params_args *args, @@ -5749,7 +5749,7 @@ remoteDispatchDomainMigrateFinish3Params(virNetServerPtr server ATTRIBUTE_UNUSED static int remoteDispatchDomainMigrateConfirm3Params(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_domain_migrate_confirm3_params_args *args) @@ -5800,7 +5800,7 @@ remoteDispatchDomainMigrateConfirm3Params(virNetServerPtr server ATTRIBUTE_UNUSE static int remoteDispatchConnectGetCPUModelNames(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_connect_get_cpu_model_names_args *args, @@ -7181,7 +7181,7 @@ remoteDispatchStorageVolGetInfoFlags(virNetServerPtr server ATTRIBUTE_UNUSED, static int remoteDispatchNetworkPortGetParameters(virNetServerPtr server ATTRIBUTE_UNUSED, - virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, remote_network_port_get_parameters_args *args, -- 2.21.0
The driver dispatch methods access the priv->conn variables directly. In future we want to dynamically open the connections for the secondary driver. Thus we want the methods to call a method to get the connection handle instead of assuming the private variable is non-NULL. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/admin/admin_server_dispatch.c | 9 +++ src/remote/remote_daemon_dispatch.c | 121 ++++++++++++++++++++++++++++ src/rpc/gendispatch.pl | 96 ++++++++++++---------- 3 files changed, 183 insertions(+), 43 deletions(-) diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c index 6e3b99f97d..1973664488 100644 --- a/src/admin/admin_server_dispatch.c +++ b/src/admin/admin_server_dispatch.c @@ -206,6 +206,15 @@ adminConnectGetLibVersion(virNetDaemonPtr dmn ATTRIBUTE_UNUSED, return 0; } +static virNetDaemonPtr +adminGetConn(virNetServerClientPtr client) +{ + struct daemonAdmClientPrivate *priv = + virNetServerClientGetPrivateData(client); + + return priv->dmn; +} + static int adminDispatchServerGetThreadpoolParameters(virNetServerPtr server ATTRIBUTE_UNUSED, virNetServerClientPtr client, diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 0145279d72..90103f5093 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -112,6 +112,22 @@ remoteSerializeDomainDiskErrors(virDomainDiskErrorPtr errors, remote_domain_disk_error **ret_errors_val, u_int *ret_errors_len); +static virConnectPtr +remoteGetHypervisorConn(virNetServerClientPtr client); +static virConnectPtr +remoteGetInterfaceConn(virNetServerClientPtr client); +static virConnectPtr +remoteGetNetworkConn(virNetServerClientPtr client); +static virConnectPtr +remoteGetNodeDevConn(virNetServerClientPtr client); +static virConnectPtr +remoteGetNWFilterConn(virNetServerClientPtr client); +static virConnectPtr +remoteGetSecretConn(virNetServerClientPtr client); +static virConnectPtr +remoteGetStorageConn(virNetServerClientPtr client); + + #include "remote_daemon_dispatch_stubs.h" #include "remote_daemon_dispatch_qemu_stubs.h" #include "remote_daemon_dispatch_lxc_stubs.h" @@ -1925,6 +1941,111 @@ static void remoteClientCloseFunc(virNetServerClientPtr client) } +static virConnectPtr +remoteGetHypervisorConn(virNetServerClientPtr client) +{ + struct daemonClientPrivate *priv = + virNetServerClientGetPrivateData(client); + + if (!priv->conn) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + return NULL; + } + + return priv->conn; +} + + +static virConnectPtr +remoteGetInterfaceConn(virNetServerClientPtr client) +{ + struct daemonClientPrivate *priv = + virNetServerClientGetPrivateData(client); + + if (!priv->interfaceConn) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + return NULL; + } + + return priv->interfaceConn; +} + + +static virConnectPtr +remoteGetNetworkConn(virNetServerClientPtr client) +{ + struct daemonClientPrivate *priv = + virNetServerClientGetPrivateData(client); + + if (!priv->networkConn) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + return NULL; + } + + return priv->networkConn; +} + + +static virConnectPtr +remoteGetNodeDevConn(virNetServerClientPtr client) +{ + struct daemonClientPrivate *priv = + virNetServerClientGetPrivateData(client); + + if (!priv->nodedevConn) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + return NULL; + } + + return priv->nodedevConn; +} + + +static virConnectPtr +remoteGetNWFilterConn(virNetServerClientPtr client) +{ + struct daemonClientPrivate *priv = + virNetServerClientGetPrivateData(client); + + if (!priv->nwfilterConn) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + return NULL; + } + + return priv->nwfilterConn; +} + + +static virConnectPtr +remoteGetSecretConn(virNetServerClientPtr client) +{ + struct daemonClientPrivate *priv = + virNetServerClientGetPrivateData(client); + + if (!priv->secretConn) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + return NULL; + } + + return priv->secretConn; +} + + +static virConnectPtr +remoteGetStorageConn(virNetServerClientPtr client) +{ + struct daemonClientPrivate *priv = + virNetServerClientGetPrivateData(client); + + if (!priv->storageConn) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + return NULL; + } + + return priv->storageConn; +} + + void *remoteClientNew(virNetServerClientPtr client, void *opaque ATTRIBUTE_UNUSED) { diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl index 4e548e14cd..ff21834091 100755 --- a/src/rpc/gendispatch.pl +++ b/src/rpc/gendispatch.pl @@ -111,13 +111,29 @@ sub name_to_TypeName { return $typename; } -sub get_conn_arg { +sub get_conn_type { + if ($structprefix eq "admin") { + return "virNetDaemonPtr"; + } else { + return "virConnectPtr"; + } +} + +sub get_conn_var { + if ($structprefix eq "admin") { + return "dmn"; + } else { + return "conn"; + } +} + +sub get_conn_method { my $proc = shift; my $args = shift; my $rets = shift; if ($structprefix eq "admin") { - return "priv->dmn"; + return "adminGetConn"; } my @types; @@ -127,22 +143,22 @@ sub get_conn_arg { # This correctly detects most APIs foreach my $type (@types) { if ($type =~ /remote_nonnull_interface/) { - return "priv->interfaceConn"; + return "remoteGetInterfaceConn"; } if ($type =~ /remote_nonnull_network/) { - return "priv->networkConn"; + return "remoteGetNetworkConn"; } if ($type =~ /remote_nonnull_node_device/) { - return "priv->nodedevConn"; + return "remoteGetNodeDevConn"; } if ($type =~ /remote_nonnull_nwfilter/) { - return "priv->nwfilterConn"; + return "remoteGetNWFilterConn"; } if ($type =~ /remote_nonnull_secret/) { - return "priv->secretConn"; + return "remoteGetSecretConn"; } if ($type =~ /remote_nonnull_storage/) { - return "priv->storageConn"; + return "remoteGetStorageConn"; } } @@ -150,25 +166,25 @@ sub get_conn_arg { # return things which aren't objects. eg list # of pool names, or number of pools. if ($proc =~ /Connect.*Interface/ || $proc =~ /InterfaceChange/) { - return "priv->interfaceConn"; + return "remoteGetInterfaceConn"; } if ($proc =~ /Connect.*Network/) { - return "priv->networkConn"; + return "remoteGetNetworkConn"; } if ($proc =~ /Node.*Device/) { - return "priv->nodedevConn"; + return "remoteGetNodeDevConn"; } if ($proc =~ /Connect.*NWFilter/) { - return "priv->nwfilterConn"; + return "remoteGetNWFilterConn"; } if ($proc =~ /Connect.*Secret/) { - return "priv->secretConn"; + return "remoteGetSecretConn"; } if ($proc =~ /Connect.*Storage/) { - return "priv->storageConn"; + return "remoteGetStorageConn"; } - return "priv->conn"; + return "remoteGetHypervisorConn"; } # Read the input file (usually remote_protocol.x) and form an @@ -535,7 +551,9 @@ elsif ($mode eq "server") { my @free_list = (); my @free_list_on_error = ("virNetMessageSaveError(rerr);"); - my $conn = get_conn_arg($call->{ProcName}, $call->{args_members}, $call->{ret_members}); + my $conn_method = get_conn_method($call->{ProcName}, $call->{args_members}, $call->{ret_members}); + my $conn_var = get_conn_var(); + my $conn_type = get_conn_type(); # handle arguments to the function if ($argtype ne "void") { @@ -547,7 +565,7 @@ elsif ($mode eq "server") { $has_node_device = 1; push(@vars_list, "virNodeDevicePtr dev = NULL"); push(@getters_list, - " if (!(dev = virNodeDeviceLookupByName($conn, args->name)))\n" . + " if (!(dev = virNodeDeviceLookupByName($conn_var, args->name)))\n" . " goto cleanup;\n"); push(@args_list, "dev"); push(@free_list, @@ -563,7 +581,7 @@ elsif ($mode eq "server") { push(@vars_list, "vir${type_name}Ptr $2 = NULL"); push(@getters_list, - " if (!($2 = get_nonnull_$1($conn, args->$2)))\n" . + " if (!($2 = get_nonnull_$1($conn_var, args->$2)))\n" . " goto cleanup;\n"); push(@args_list, "$2"); push(@free_list, @@ -574,7 +592,7 @@ elsif ($mode eq "server") { push(@vars_list, "virDomainPtr dom = NULL"); push(@vars_list, "virDomain${type_name}Ptr ${1} = NULL"); push(@getters_list, - " if (!(dom = get_nonnull_domain($conn, args->${2}.dom)))\n" . + " if (!(dom = get_nonnull_domain($conn_var, args->${2}.dom)))\n" . " goto cleanup;\n" . "\n" . " if (!($1 = get_nonnull_domain_${1}(dom, args->$2)))\n" . @@ -584,11 +602,11 @@ elsif ($mode eq "server") { " virObjectUnref($1);\n" . " virObjectUnref(dom);"); } elsif ($args_member =~ m/^(?:(?:admin|remote)_string|remote_uuid) (\S+)<\S+>;/) { - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; push(@args_list, "args->$1.$1_val"); push(@args_list, "args->$1.$1_len"); } elsif ($args_member =~ m/^(?:opaque|(?:admin|remote)_nonnull_string) (\S+)<\S+>;(.*)$/) { - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; my $cast = ""; my $arg_name = $1; @@ -605,7 +623,7 @@ elsif ($mode eq "server") { push(@args_list, "${cast}args->$arg_name.${arg_name}_val"); push(@args_list, "args->$arg_name.${arg_name}_len"); } elsif ($args_member =~ m/^(?:unsigned )?int (\S+)<\S+>;/) { - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; push(@args_list, "args->$1.$1_val"); push(@args_list, "args->$1.$1_len"); @@ -613,7 +631,7 @@ elsif ($mode eq "server") { push(@vars_list, "virTypedParameterPtr $1 = NULL"); push(@vars_list, "int n$1 = 0"); if ($call->{ProcName} eq "NodeSetMemoryParameters") { - push(@args_list, "$conn"); + push(@args_list, $conn_var); } push(@args_list, "$1"); push(@args_list, "n$1"); @@ -628,25 +646,25 @@ elsif ($mode eq "server") { # just make all other array types fail die "unhandled type for argument value: $args_member"; } elsif ($args_member =~ m/^remote_uuid (\S+);/) { - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; push(@args_list, "(unsigned char *) args->$1"); } elsif ($args_member =~ m/^(?:admin|remote)_string (\S+);/) { - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; push(@vars_list, "char *$1"); push(@optionals_list, "$1"); push(@args_list, "$1"); } elsif ($args_member =~ m/^(?:admin|remote)_nonnull_string (\S+);/) { - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; push(@args_list, "args->$1"); } elsif ($args_member =~ m/^(unsigned )?int (\S+);/) { - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; push(@args_list, "args->$2"); } elsif ($args_member =~ m/^(unsigned )?hyper (\S+);/) { - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; my $arg_name = $2; @@ -665,7 +683,7 @@ elsif ($mode eq "server") { push(@vars_list, "virNet${type_name}Ptr $2 = NULL"); push(@getters_list, - " if (!($2 = get_nonnull_$1($conn, args->$2)))\n" . + " if (!($2 = get_nonnull_$1($conn_var, args->$2)))\n" . " goto cleanup;\n"); push(@args_list, "$2"); push(@free_list, @@ -676,7 +694,7 @@ elsif ($mode eq "server") { push(@vars_list, "virNetServerPtr srv = NULL"); push(@vars_list, "virNetServer${type_name}Ptr $2 = NULL"); push(@getters_list, - " if (!(srv = get_nonnull_server($conn, args->$2.srv)))\n" . + " if (!(srv = get_nonnull_server($conn_var, args->$2.srv)))\n" . " goto cleanup;\n"); push(@getters_list, " if (!($2 = get_nonnull_$1(srv, args->$2)))\n" . @@ -952,7 +970,7 @@ elsif ($mode eq "server") { # select struct type for multi-return-value functions if ($multi_ret) { if (defined $call->{ret_offset}) { - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; if ($modern_ret_as_list) { my $struct_name = name_to_TypeName($modern_ret_struct_name); @@ -1032,13 +1050,6 @@ elsif ($mode eq "server") { print " $var;\n"; } - if ($structprefix eq "admin") { - print " struct daemonAdmClientPrivate *priv =\n"; - } else { - print " struct daemonClientPrivate *priv =\n"; - } - print " virNetServerClientGetPrivateData(client);\n"; - if ($call->{streamflag} ne "none") { print " virStreamPtr st = NULL;\n"; print " daemonClientStreamPtr stream = NULL;\n"; @@ -1051,10 +1062,9 @@ elsif ($mode eq "server") { print "\n"; - print " if (!$conn) {\n"; - print " virReportError(VIR_ERR_INTERNAL_ERROR, \"%s\", _(\"connection not open\"));\n"; + print " $conn_type $conn_var = $conn_method(client);\n"; + print " if (!$conn_var) \n"; print " goto cleanup;\n"; - print " }\n"; print "\n"; if ($single_ret_as_list) { @@ -1081,7 +1091,7 @@ elsif ($mode eq "server") { } if ($call->{streamflag} ne "none") { - print " if (!(st = virStreamNew($conn, VIR_STREAM_NONBLOCK)))\n"; + print " if (!(st = virStreamNew($conn_var, VIR_STREAM_NONBLOCK)))\n"; print " goto cleanup;\n"; print "\n"; print " if (!(stream = daemonCreateClientStream(client, st, remoteProgram, &msg->header, sparse)))\n"; @@ -1098,7 +1108,7 @@ elsif ($mode eq "server") { } elsif (!$multi_ret) { my $proc_name = $call->{ProcName}; - push(@args_list, $conn) if !@args_list; + push(@args_list, $conn_var) if !@args_list; if ($structprefix eq "qemu" && $call->{ProcName} =~ /^(Connect)?Domain/) { -- 2.21.0
If the event (un)registration methods are invoked while no connection is open, they jump to a cleanup block which unlocks a mutex which is not currently locked. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon_dispatch.c | 64 ++++++++++++++--------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 90103f5093..4a3312a944 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -4212,13 +4212,13 @@ remoteDispatchConnectDomainEventRegister(virNetServerPtr server ATTRIBUTE_UNUSED struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->conn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - /* If we call register first, we could append a complete callback * to our array, but on OOM append failure, we'd have to then hope * deregister works to undo our register. So instead we append an @@ -4276,13 +4276,13 @@ remoteDispatchConnectDomainEventDeregister(virNetServerPtr server ATTRIBUTE_UNUS struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->conn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - for (i = 0; i < priv->ndomainEventCallbacks; i++) { if (priv->domainEventCallbacks[i]->eventID == VIR_DOMAIN_EVENT_ID_LIFECYCLE) { callbackID = priv->domainEventCallbacks[i]->callbackID; @@ -4440,13 +4440,13 @@ remoteDispatchConnectDomainEventRegisterAny(virNetServerPtr server ATTRIBUTE_UNU struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->conn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - /* We intentionally do not use VIR_DOMAIN_EVENT_ID_LAST here; any * new domain events added after this point should only use the * modern callback style of RPC. */ @@ -4516,13 +4516,13 @@ remoteDispatchConnectDomainEventCallbackRegisterAny(virNetServerPtr server ATTRI virNetServerClientGetPrivateData(client); virDomainPtr dom = NULL; + virMutexLock(&priv->lock); + if (!priv->conn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - if (args->dom && !(dom = get_nonnull_domain(priv->conn, *args->dom))) goto cleanup; @@ -4590,13 +4590,13 @@ remoteDispatchConnectDomainEventDeregisterAny(virNetServerPtr server ATTRIBUTE_U struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->conn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - /* We intentionally do not use VIR_DOMAIN_EVENT_ID_LAST here; any * new domain events added after this point should only use the * modern callback style of RPC. */ @@ -4647,13 +4647,13 @@ remoteDispatchConnectDomainEventCallbackDeregisterAny(virNetServerPtr server ATT struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->conn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - for (i = 0; i < priv->ndomainEventCallbacks; i++) { if (priv->domainEventCallbacks[i]->callbackID == args->callbackID) break; @@ -6089,13 +6089,13 @@ remoteDispatchConnectNetworkEventRegisterAny(virNetServerPtr server ATTRIBUTE_UN virNetServerClientGetPrivateData(client); virNetworkPtr net = NULL; + virMutexLock(&priv->lock); + if (!priv->networkConn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - if (args->net && !(net = get_nonnull_network(priv->networkConn, *args->net))) goto cleanup; @@ -6162,13 +6162,13 @@ remoteDispatchConnectNetworkEventDeregisterAny(virNetServerPtr server ATTRIBUTE_ struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->networkConn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - for (i = 0; i < priv->nnetworkEventCallbacks; i++) { if (priv->networkEventCallbacks[i]->callbackID == args->callbackID) break; @@ -6211,13 +6211,13 @@ remoteDispatchConnectStoragePoolEventRegisterAny(virNetServerPtr server ATTRIBUT virNetServerClientGetPrivateData(client); virStoragePoolPtr pool = NULL; + virMutexLock(&priv->lock); + if (!priv->storageConn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - if (args->pool && !(pool = get_nonnull_storage_pool(priv->storageConn, *args->pool))) goto cleanup; @@ -6283,13 +6283,13 @@ remoteDispatchConnectStoragePoolEventDeregisterAny(virNetServerPtr server ATTRIB struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->storageConn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - for (i = 0; i < priv->nstorageEventCallbacks; i++) { if (priv->storageEventCallbacks[i]->callbackID == args->callbackID) break; @@ -6332,13 +6332,13 @@ remoteDispatchConnectNodeDeviceEventRegisterAny(virNetServerPtr server ATTRIBUTE virNetServerClientGetPrivateData(client); virNodeDevicePtr dev = NULL; + virMutexLock(&priv->lock); + if (!priv->nodedevConn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - if (args->dev && !(dev = get_nonnull_node_device(priv->nodedevConn, *args->dev))) goto cleanup; @@ -6404,13 +6404,13 @@ remoteDispatchConnectNodeDeviceEventDeregisterAny(virNetServerPtr server ATTRIBU struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->nodedevConn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - for (i = 0; i < priv->nnodeDeviceEventCallbacks; i++) { if (priv->nodeDeviceEventCallbacks[i]->callbackID == args->callbackID) break; @@ -6453,13 +6453,13 @@ remoteDispatchConnectSecretEventRegisterAny(virNetServerPtr server ATTRIBUTE_UNU virNetServerClientGetPrivateData(client); virSecretPtr secret = NULL; + virMutexLock(&priv->lock); + if (!priv->secretConn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - if (args->secret && !(secret = get_nonnull_secret(priv->secretConn, *args->secret))) goto cleanup; @@ -6525,13 +6525,13 @@ remoteDispatchConnectSecretEventDeregisterAny(virNetServerPtr server ATTRIBUTE_U struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->secretConn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - for (i = 0; i < priv->nsecretEventCallbacks; i++) { if (priv->secretEventCallbacks[i]->callbackID == args->callbackID) break; @@ -6575,13 +6575,13 @@ qemuDispatchConnectDomainMonitorEventRegister(virNetServerPtr server ATTRIBUTE_U virDomainPtr dom = NULL; const char *event = args->event ? *args->event : NULL; + virMutexLock(&priv->lock); + if (!priv->conn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - if (args->dom && !(dom = get_nonnull_domain(priv->conn, *args->dom))) goto cleanup; @@ -6643,13 +6643,13 @@ qemuDispatchConnectDomainMonitorEventDeregister(virNetServerPtr server ATTRIBUTE struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virMutexLock(&priv->lock); + if (!priv->conn) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; } - virMutexLock(&priv->lock); - for (i = 0; i < priv->nqemuEventCallbacks; i++) { if (priv->qemuEventCallbacks[i]->callbackID == args->callbackID) break; -- 2.21.0
On Mon, Jul 29, 2019 at 06:11:18PM +0100, Daniel P. Berrangé wrote:
If the event (un)registration methods are invoked while no connection is open, they jump to a cleanup block which unlocks a mutex which is not currently locked.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon_dispatch.c | 64 ++++++++++++++--------------- 1 file changed, 32 insertions(+), 32 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
If the event (un)registration methods are invoked while no connection is open, they jump to a cleanup block which unlocks a mutex which is not currently locked.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon_dispatch.c | 64 ++++++++++++++--------------- 1 file changed, 32 insertions(+), 32 deletions(-)
Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
The driver dispatch methods access the priv->conn variables directly. In future we want to dynamically open the connections for the secondary driver. Thus we want the methods to call a method to get the connection handle instead of assuming the private variable is non-NULL. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon_dispatch.c | 718 ++++++++++------------------ 1 file changed, 257 insertions(+), 461 deletions(-) diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 4a3312a944..5609eb4caf 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -2148,15 +2148,12 @@ remoteDispatchDomainGetSchedulerType(virNetServerPtr server ATTRIBUTE_UNUSED, char *type; int nparams; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (!(type = virDomainGetSchedulerType(dom, &nparams))) @@ -2185,13 +2182,10 @@ remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS virTypedParameterPtr params = NULL; int nparams = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); @@ -2201,7 +2195,7 @@ remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS goto cleanup; nparams = args->nparams; - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetSchedulerParameters(dom, params, &nparams) < 0) @@ -2235,13 +2229,10 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE virTypedParameterPtr params = NULL; int nparams = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); @@ -2251,7 +2242,7 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE goto cleanup; nparams = args->nparams; - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetSchedulerParametersFlags(dom, params, &nparams, @@ -2287,13 +2278,10 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED, int nr_stats; size_t i; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->maxStats > REMOTE_DOMAIN_MEMORY_STATS_MAX) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -2301,7 +2289,7 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; /* Allocate stats array for making dispatch call */ @@ -2346,15 +2334,12 @@ remoteDispatchDomainBlockPeek(virNetServerPtr server ATTRIBUTE_UNUSED, size_t size; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; path = args->path; offset = args->offset; @@ -2400,15 +2385,12 @@ remoteDispatchDomainBlockStatsFlags(virNetServerPtr server ATTRIBUTE_UNUSED, int nparams = 0; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; flags = args->flags; @@ -2462,15 +2444,12 @@ remoteDispatchDomainMemoryPeek(virNetServerPtr server ATTRIBUTE_UNUSED, size_t size; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; offset = args->offset; size = args->size; @@ -2512,15 +2491,12 @@ remoteDispatchDomainGetSecurityLabel(virNetServerPtr server ATTRIBUTE_UNUSED, virDomainPtr dom = NULL; virSecurityLabelPtr seclabel = NULL; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (VIR_ALLOC(seclabel) < 0) @@ -2557,15 +2533,12 @@ remoteDispatchDomainGetSecurityLabelList(virNetServerPtr server ATTRIBUTE_UNUSED virSecurityLabelPtr seclabels = NULL; int len, rv = -1; size_t i; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if ((len = virDomainGetSecurityLabelList(dom, &seclabels)) < 0) { @@ -2611,16 +2584,13 @@ remoteDispatchNodeGetSecurityModel(virNetServerPtr server ATTRIBUTE_UNUSED, { virSecurityModel secmodel; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } memset(&secmodel, 0, sizeof(secmodel)); - if (virNodeGetSecurityModel(priv->conn, &secmodel) < 0) + if (virNodeGetSecurityModel(conn, &secmodel) < 0) goto cleanup; ret->model.model_len = strlen(secmodel.model) + 1; @@ -2653,15 +2623,12 @@ remoteDispatchDomainGetVcpuPinInfo(virNetServerPtr server ATTRIBUTE_UNUSED, unsigned char *cpumaps = NULL; int num; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (args->ncpumaps > REMOTE_VCPUINFO_MAX) { @@ -2715,15 +2682,12 @@ remoteDispatchDomainPinEmulator(virNetServerPtr server ATTRIBUTE_UNUSED, { int rv = -1; virDomainPtr dom = NULL; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainPinEmulator(dom, @@ -2754,15 +2718,12 @@ remoteDispatchDomainGetEmulatorPinInfo(virNetServerPtr server ATTRIBUTE_UNUSED, unsigned char *cpumaps = NULL; int r; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; /* Allocate buffers to take the results */ @@ -2805,15 +2766,12 @@ remoteDispatchDomainGetVcpus(virNetServerPtr server ATTRIBUTE_UNUSED, int info_len; size_t i; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (args->maxinfo > REMOTE_VCPUINFO_MAX) { @@ -2882,18 +2840,16 @@ remoteDispatchDomainGetIOThreadInfo(virNetServerPtr server ATTRIBUTE_UNUSED, { int rv = -1; size_t i; - struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virDomainIOThreadInfoPtr *info = NULL; virDomainPtr dom = NULL; remote_domain_iothread_info *dst; int ninfo = 0; + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if ((ninfo = virDomainGetIOThreadInfo(dom, &info, args->flags)) < 0) @@ -2958,13 +2914,10 @@ remoteDispatchDomainMigratePrepare(virNetServerPtr server ATTRIBUTE_UNUSED, char **uri_out; char *dname; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } uri_in = args->uri_in == NULL ? NULL : *args->uri_in; dname = args->dname == NULL ? NULL : *args->dname; @@ -2973,7 +2926,7 @@ remoteDispatchDomainMigratePrepare(virNetServerPtr server ATTRIBUTE_UNUSED, if (VIR_ALLOC(uri_out) < 0) goto cleanup; - if (virDomainMigratePrepare(priv->conn, &cookie, &cookielen, + if (virDomainMigratePrepare(conn, &cookie, &cookielen, uri_in, uri_out, args->flags, dname, args->resource) < 0) goto cleanup; @@ -3013,13 +2966,10 @@ remoteDispatchDomainMigratePrepare2(virNetServerPtr server ATTRIBUTE_UNUSED, char **uri_out; char *dname; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } uri_in = args->uri_in == NULL ? NULL : *args->uri_in; dname = args->dname == NULL ? NULL : *args->dname; @@ -3028,7 +2978,7 @@ remoteDispatchDomainMigratePrepare2(virNetServerPtr server ATTRIBUTE_UNUSED, if (VIR_ALLOC(uri_out) < 0) goto cleanup; - if (virDomainMigratePrepare2(priv->conn, &cookie, &cookielen, + if (virDomainMigratePrepare2(conn, &cookie, &cookielen, uri_in, uri_out, args->flags, dname, args->resource, args->dom_xml) < 0) @@ -3064,13 +3014,10 @@ remoteDispatchDomainGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED, int nparams = 0; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } flags = args->flags; @@ -3082,7 +3029,7 @@ remoteDispatchDomainGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; nparams = args->nparams; - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetMemoryParameters(dom, params, &nparams, flags) < 0) @@ -3126,13 +3073,10 @@ remoteDispatchDomainGetNumaParameters(virNetServerPtr server ATTRIBUTE_UNUSED, int nparams = 0; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } flags = args->flags; @@ -3144,7 +3088,7 @@ remoteDispatchDomainGetNumaParameters(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; nparams = args->nparams; - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetNumaParameters(dom, params, &nparams, flags) < 0) @@ -3188,13 +3132,10 @@ remoteDispatchDomainGetBlkioParameters(virNetServerPtr server ATTRIBUTE_UNUSED, int nparams = 0; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } flags = args->flags; @@ -3206,7 +3147,7 @@ remoteDispatchDomainGetBlkioParameters(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; nparams = args->nparams; - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetBlkioParameters(dom, params, &nparams, flags) < 0) @@ -3251,13 +3192,10 @@ remoteDispatchNodeGetCPUStats(virNetServerPtr server ATTRIBUTE_UNUSED, int nparams = 0; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } flags = args->flags; @@ -3269,7 +3207,7 @@ remoteDispatchNodeGetCPUStats(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; nparams = args->nparams; - if (virNodeGetCPUStats(priv->conn, cpuNum, params, &nparams, flags) < 0) + if (virNodeGetCPUStats(conn, cpuNum, params, &nparams, flags) < 0) goto cleanup; /* In this case, we need to send back the number of stats @@ -3323,13 +3261,10 @@ remoteDispatchNodeGetMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED, int nparams = 0; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } flags = args->flags; @@ -3341,7 +3276,7 @@ remoteDispatchNodeGetMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; nparams = args->nparams; - if (virNodeGetMemoryStats(priv->conn, cellNum, params, &nparams, flags) < 0) + if (virNodeGetMemoryStats(conn, cellNum, params, &nparams, flags) < 0) goto cleanup; /* In this case, we need to send back the number of parameters @@ -3393,15 +3328,12 @@ remoteDispatchDomainGetLaunchSecurityInfo(virNetServerPtr server ATTRIBUTE_UNUSE virTypedParameterPtr params = NULL; int nparams = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetLaunchSecurityInfo(dom, ¶ms, &nparams, args->flags) < 0) @@ -3440,15 +3372,12 @@ remoteDispatchDomainGetPerfEvents(virNetServerPtr server ATTRIBUTE_UNUSED, virTypedParameterPtr params = NULL; int nparams = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetPerfEvents(dom, ¶ms, &nparams, args->flags) < 0) @@ -3486,15 +3415,12 @@ remoteDispatchDomainGetBlockJobInfo(virNetServerPtr server ATTRIBUTE_UNUSED, virDomainPtr dom = NULL; virDomainBlockJobInfo tmp; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; rv = virDomainGetBlockJobInfo(dom, args->path, &tmp, args->flags); @@ -3527,13 +3453,10 @@ remoteDispatchDomainGetBlockIoTune(virNetServerPtr server ATTRIBUTE_UNUSED, int rv = -1; virTypedParameterPtr params = NULL; int nparams = 0; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->nparams > REMOTE_DOMAIN_BLOCK_IO_TUNE_PARAMETERS_MAX) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); @@ -3544,7 +3467,7 @@ remoteDispatchDomainGetBlockIoTune(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; nparams = args->nparams; - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetBlockIoTune(dom, args->disk ? *args->disk : NULL, @@ -4104,15 +4027,12 @@ remoteDispatchNodeDeviceGetParent(virNetServerPtr server ATTRIBUTE_UNUSED, virNodeDevicePtr dev = NULL; const char *parent = NULL; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetNodeDevConn(client); - if (!priv->nodedevConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dev = virNodeDeviceLookupByName(priv->nodedevConn, args->name))) + if (!(dev = virNodeDeviceLookupByName(conn, args->name))) goto cleanup; parent = virNodeDeviceGetParent(dev); @@ -4144,15 +4064,14 @@ remoteDispatchConnectRegisterCloseCallback(virNetServerPtr server ATTRIBUTE_UNUS int rv = -1; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (virConnectRegisterCloseCallback(priv->conn, + if (virConnectRegisterCloseCallback(conn, remoteRelayConnectionClosedEvent, client, NULL) < 0) goto cleanup; @@ -4176,15 +4095,14 @@ remoteDispatchConnectUnregisterCloseCallback(virNetServerPtr server ATTRIBUTE_UN int rv = -1; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (virConnectUnregisterCloseCallback(priv->conn, + if (virConnectUnregisterCloseCallback(conn, remoteRelayConnectionClosedEvent) < 0) goto cleanup; @@ -4211,13 +4129,12 @@ remoteDispatchConnectDomainEventRegister(virNetServerPtr server ATTRIBUTE_UNUSED daemonClientEventCallbackPtr ref; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } /* If we call register first, we could append a complete callback * to our array, but on OOM append failure, we'd have to then hope @@ -4239,7 +4156,7 @@ remoteDispatchConnectDomainEventRegister(virNetServerPtr server ATTRIBUTE_UNUSED callback) < 0) goto cleanup; - if ((callbackID = virConnectDomainEventRegisterAny(priv->conn, + if ((callbackID = virConnectDomainEventRegisterAny(conn, NULL, VIR_DOMAIN_EVENT_ID_LIFECYCLE, VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventLifecycle), @@ -4275,13 +4192,12 @@ remoteDispatchConnectDomainEventDeregister(virNetServerPtr server ATTRIBUTE_UNUS size_t i; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } for (i = 0; i < priv->ndomainEventCallbacks; i++) { if (priv->domainEventCallbacks[i]->eventID == VIR_DOMAIN_EVENT_ID_LIFECYCLE) { @@ -4297,7 +4213,7 @@ remoteDispatchConnectDomainEventDeregister(virNetServerPtr server ATTRIBUTE_UNUS goto cleanup; } - if (virConnectDomainEventDeregisterAny(priv->conn, callbackID) < 0) + if (virConnectDomainEventDeregisterAny(conn, callbackID) < 0) goto cleanup; VIR_DELETE_ELEMENT(priv->domainEventCallbacks, i, @@ -4361,15 +4277,12 @@ remoteDispatchSecretGetValue(virNetServerPtr server ATTRIBUTE_UNUSED, size_t value_size; unsigned char *value; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetSecretConn(client); - if (!priv->secretConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(secret = get_nonnull_secret(priv->secretConn, args->secret))) + if (!(secret = get_nonnull_secret(conn, args->secret))) goto cleanup; if (!(value = virSecretGetValue(secret, &value_size, args->flags))) @@ -4397,15 +4310,12 @@ remoteDispatchDomainGetState(virNetServerPtr server ATTRIBUTE_UNUSED, { virDomainPtr dom = NULL; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetState(dom, &ret->state, &ret->reason, args->flags) < 0) @@ -4439,13 +4349,12 @@ remoteDispatchConnectDomainEventRegisterAny(virNetServerPtr server ATTRIBUTE_UNU daemonClientEventCallbackPtr ref; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } /* We intentionally do not use VIR_DOMAIN_EVENT_ID_LAST here; any * new domain events added after this point should only use the @@ -4475,7 +4384,7 @@ remoteDispatchConnectDomainEventRegisterAny(virNetServerPtr server ATTRIBUTE_UNU callback) < 0) goto cleanup; - if ((callbackID = virConnectDomainEventRegisterAny(priv->conn, + if ((callbackID = virConnectDomainEventRegisterAny(conn, NULL, args->eventID, domainEventCallbacks[args->eventID], @@ -4515,16 +4424,15 @@ remoteDispatchConnectDomainEventCallbackRegisterAny(virNetServerPtr server ATTRI struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virDomainPtr dom = NULL; + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->dom && - !(dom = get_nonnull_domain(priv->conn, *args->dom))) + !(dom = get_nonnull_domain(conn, *args->dom))) goto cleanup; if (args->eventID >= VIR_DOMAIN_EVENT_ID_LAST || args->eventID < 0) { @@ -4550,7 +4458,7 @@ remoteDispatchConnectDomainEventCallbackRegisterAny(virNetServerPtr server ATTRI callback) < 0) goto cleanup; - if ((callbackID = virConnectDomainEventRegisterAny(priv->conn, + if ((callbackID = virConnectDomainEventRegisterAny(conn, dom, args->eventID, domainEventCallbacks[args->eventID], @@ -4589,13 +4497,12 @@ remoteDispatchConnectDomainEventDeregisterAny(virNetServerPtr server ATTRIBUTE_U size_t i; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } /* We intentionally do not use VIR_DOMAIN_EVENT_ID_LAST here; any * new domain events added after this point should only use the @@ -4619,7 +4526,7 @@ remoteDispatchConnectDomainEventDeregisterAny(virNetServerPtr server ATTRIBUTE_U goto cleanup; } - if (virConnectDomainEventDeregisterAny(priv->conn, callbackID) < 0) + if (virConnectDomainEventDeregisterAny(conn, callbackID) < 0) goto cleanup; VIR_DELETE_ELEMENT(priv->domainEventCallbacks, i, @@ -4646,13 +4553,12 @@ remoteDispatchConnectDomainEventCallbackDeregisterAny(virNetServerPtr server ATT size_t i; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } for (i = 0; i < priv->ndomainEventCallbacks; i++) { if (priv->domainEventCallbacks[i]->callbackID == args->callbackID) @@ -4665,7 +4571,7 @@ remoteDispatchConnectDomainEventCallbackDeregisterAny(virNetServerPtr server ATT goto cleanup; } - if (virConnectDomainEventDeregisterAny(priv->conn, args->callbackID) < 0) + if (virConnectDomainEventDeregisterAny(conn, args->callbackID) < 0) goto cleanup; VIR_DELETE_ELEMENT(priv->domainEventCallbacks, i, @@ -4691,15 +4597,12 @@ qemuDispatchDomainMonitorCommand(virNetServerPtr server ATTRIBUTE_UNUSED, { virDomainPtr dom = NULL; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainQemuMonitorCommand(dom, args->cmd, &ret->result, @@ -4731,15 +4634,12 @@ remoteDispatchDomainMigrateBegin3(virNetServerPtr server ATTRIBUTE_UNUSED, char *cookieout = NULL; int cookieoutlen = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; xmlin = args->xmlin == NULL ? NULL : *args->xmlin; @@ -4781,13 +4681,10 @@ remoteDispatchDomainMigratePrepare3(virNetServerPtr server ATTRIBUTE_UNUSED, char **uri_out; char *dname; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } uri_in = args->uri_in == NULL ? NULL : *args->uri_in; dname = args->dname == NULL ? NULL : *args->dname; @@ -4796,7 +4693,7 @@ remoteDispatchDomainMigratePrepare3(virNetServerPtr server ATTRIBUTE_UNUSED, if (VIR_ALLOC(uri_out) < 0) goto cleanup; - if (virDomainMigratePrepare3(priv->conn, + if (virDomainMigratePrepare3(conn, args->cookie_in.cookie_in_val, args->cookie_in.cookie_in_len, &cookieout, &cookieoutlen, @@ -4839,15 +4736,12 @@ remoteDispatchDomainMigratePerform3(virNetServerPtr server ATTRIBUTE_UNUSED, char *cookieout = NULL; int cookieoutlen = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; xmlin = args->xmlin == NULL ? NULL : *args->xmlin; @@ -4892,18 +4786,15 @@ remoteDispatchDomainMigrateFinish3(virNetServerPtr server ATTRIBUTE_UNUSED, char *uri; char *dconnuri; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } uri = args->uri == NULL ? NULL : *args->uri; dconnuri = args->dconnuri == NULL ? NULL : *args->dconnuri; - if (!(dom = virDomainMigrateFinish3(priv->conn, args->dname, + if (!(dom = virDomainMigrateFinish3(conn, args->dname, args->cookie_in.cookie_in_val, args->cookie_in.cookie_in_len, &cookieout, &cookieoutlen, @@ -4941,15 +4832,12 @@ remoteDispatchDomainMigrateConfirm3(virNetServerPtr server ATTRIBUTE_UNUSED, { virDomainPtr dom = NULL; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainMigrateConfirm3(dom, @@ -4977,8 +4865,7 @@ static int remoteDispatchConnectSupportsFeature(virNetServerPtr server ATTRIBUTE { int rv = -1; int supported = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = NULL; /* This feature is checked before opening the connection, thus we must * check it first. @@ -4990,10 +4877,10 @@ static int remoteDispatchConnectSupportsFeature(virNetServerPtr server ATTRIBUTE goto done; } - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + conn = remoteGetHypervisorConn(client); + + if (!conn) goto cleanup; - } switch ((virDrvFeature) args->feature) { case VIR_DRV_FEATURE_FD_PASSING: @@ -5013,7 +4900,7 @@ static int remoteDispatchConnectSupportsFeature(virNetServerPtr server ATTRIBUTE case VIR_DRV_FEATURE_MIGRATION_OFFLINE: case VIR_DRV_FEATURE_MIGRATION_PARAMS: default: - if ((supported = virConnectSupportsFeature(priv->conn, args->feature)) < 0) + if ((supported = virConnectSupportsFeature(conn, args->feature)) < 0) goto cleanup; break; case VIR_DRV_FEATURE_PROGRAM_KEEPALIVE: @@ -5042,15 +4929,12 @@ remoteDispatchDomainOpenGraphics(virNetServerPtr server ATTRIBUTE_UNUSED, virDomainPtr dom = NULL; int rv = -1; int fd = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if ((fd = virNetMessageDupFD(msg, 0)) < 0) @@ -5083,15 +4967,12 @@ remoteDispatchDomainOpenGraphicsFd(virNetServerPtr server ATTRIBUTE_UNUSED, virDomainPtr dom = NULL; int rv = -1; int fd = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if ((fd = virDomainOpenGraphicsFD(dom, @@ -5130,13 +5011,10 @@ remoteDispatchDomainGetInterfaceParameters(virNetServerPtr server ATTRIBUTE_UNUS int nparams = 0; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } flags = args->flags; @@ -5148,7 +5026,7 @@ remoteDispatchDomainGetInterfaceParameters(virNetServerPtr server ATTRIBUTE_UNUS goto cleanup; nparams = args->nparams; - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetInterfaceParameters(dom, device, params, &nparams, flags) < 0) @@ -5188,16 +5066,13 @@ remoteDispatchDomainGetCPUStats(virNetServerPtr server ATTRIBUTE_UNUSED, remote_domain_get_cpu_stats_ret *ret) { virDomainPtr dom = NULL; - struct daemonClientPrivate *priv; virTypedParameterPtr params = NULL; int rv = -1; int percpu_len = 0; + virConnectPtr conn = remoteGetHypervisorConn(client); - priv = virNetServerClientGetPrivateData(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->nparams > REMOTE_NODE_CPU_STATS_MAX) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); @@ -5212,7 +5087,7 @@ remoteDispatchDomainGetCPUStats(virNetServerPtr server ATTRIBUTE_UNUSED, VIR_ALLOC_N(params, args->ncpus * args->nparams) < 0) goto cleanup; - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; percpu_len = virDomainGetCPUStats(dom, params, args->nparams, @@ -5262,15 +5137,12 @@ remoteDispatchDomainGetDiskErrors(virNetServerPtr server ATTRIBUTE_UNUSED, virDomainPtr dom = NULL; virDomainDiskErrorPtr errors = NULL; int len = 0; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (args->maxerrors > REMOTE_DOMAIN_DISK_ERRORS_MAX) { @@ -5322,15 +5194,12 @@ remoteDispatchNodeGetSevInfo(virNetServerPtr server ATTRIBUTE_UNUSED, virTypedParameterPtr params = NULL; int nparams = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (virNodeGetSEVInfo(priv->conn, ¶ms, &nparams, args->flags) < 0) + if (virNodeGetSEVInfo(conn, ¶ms, &nparams, args->flags) < 0) goto cleanup; if (nparams > REMOTE_NODE_SEV_INFO_MAX) { @@ -5367,13 +5236,10 @@ remoteDispatchNodeGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED, int nparams = 0; unsigned int flags; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } flags = args->flags; @@ -5385,7 +5251,7 @@ remoteDispatchNodeGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; nparams = args->nparams; - if (virNodeGetMemoryParameters(priv->conn, params, &nparams, flags) < 0) + if (virNodeGetMemoryParameters(conn, params, &nparams, flags) < 0) goto cleanup; /* In this case, we need to send back the number of parameters @@ -5425,17 +5291,14 @@ remoteDispatchNodeGetCPUMap(virNetServerPtr server ATTRIBUTE_UNUSED, unsigned int flags; int cpunum; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } flags = args->flags; - cpunum = virNodeGetCPUMap(priv->conn, args->need_map ? &cpumap : NULL, + cpunum = virNodeGetCPUMap(conn, args->need_map ? &cpumap : NULL, args->need_online ? &online : NULL, flags); if (cpunum < 0) goto cleanup; @@ -5467,19 +5330,16 @@ lxcDispatchDomainOpenNamespace(virNetServerPtr server ATTRIBUTE_UNUSED, lxc_domain_open_namespace_args *args) { int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); int *fdlist = NULL; int ret; virDomainPtr dom = NULL; size_t i; + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; ret = virDomainLxcOpenNamespace(dom, @@ -5521,15 +5381,12 @@ remoteDispatchDomainGetJobStats(virNetServerPtr server ATTRIBUTE_UNUSED, virTypedParameterPtr params = NULL; int nparams = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetJobStats(dom, &ret->type, ¶ms, @@ -5574,13 +5431,10 @@ remoteDispatchDomainMigrateBegin3Params(virNetServerPtr server ATTRIBUTE_UNUSED, char *cookieout = NULL; int cookieoutlen = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->params.params_len > REMOTE_DOMAIN_MIGRATE_PARAM_LIST_MAX) { virReportError(VIR_ERR_RPC, @@ -5589,7 +5443,7 @@ remoteDispatchDomainMigrateBegin3Params(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val, @@ -5630,13 +5484,10 @@ remoteDispatchDomainMigratePrepare3Params(virNetServerPtr server ATTRIBUTE_UNUSE int cookieoutlen = 0; char **uri_out; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->params.params_len > REMOTE_DOMAIN_MIGRATE_PARAM_LIST_MAX) { virReportError(VIR_ERR_RPC, @@ -5654,7 +5505,7 @@ remoteDispatchDomainMigratePrepare3Params(virNetServerPtr server ATTRIBUTE_UNUSE if (VIR_ALLOC(uri_out) < 0) goto cleanup; - if (virDomainMigratePrepare3Params(priv->conn, params, nparams, + if (virDomainMigratePrepare3Params(conn, params, nparams, args->cookie_in.cookie_in_val, args->cookie_in.cookie_in_len, &cookieout, &cookieoutlen, @@ -5689,15 +5540,12 @@ remoteDispatchDomainMigratePrepareTunnel3Params(virNetServerPtr server ATTRIBUTE char *cookieout = NULL; int cookieoutlen = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); virStreamPtr st = NULL; daemonClientStreamPtr stream = NULL; + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->params.params_len > REMOTE_DOMAIN_MIGRATE_PARAM_LIST_MAX) { virReportError(VIR_ERR_RPC, @@ -5711,12 +5559,12 @@ remoteDispatchDomainMigratePrepareTunnel3Params(virNetServerPtr server ATTRIBUTE 0, ¶ms, &nparams) < 0) goto cleanup; - if (!(st = virStreamNew(priv->conn, VIR_STREAM_NONBLOCK)) || + if (!(st = virStreamNew(conn, VIR_STREAM_NONBLOCK)) || !(stream = daemonCreateClientStream(client, st, remoteProgram, &msg->header, false))) goto cleanup; - if (virDomainMigratePrepareTunnel3Params(priv->conn, st, params, nparams, + if (virDomainMigratePrepareTunnel3Params(conn, st, params, nparams, args->cookie_in.cookie_in_val, args->cookie_in.cookie_in_len, &cookieout, &cookieoutlen, @@ -5761,13 +5609,10 @@ remoteDispatchDomainMigratePerform3Params(virNetServerPtr server ATTRIBUTE_UNUSE int cookieoutlen = 0; char *dconnuri; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->params.params_len > REMOTE_DOMAIN_MIGRATE_PARAM_LIST_MAX) { virReportError(VIR_ERR_RPC, @@ -5776,7 +5621,7 @@ remoteDispatchDomainMigratePerform3Params(virNetServerPtr server ATTRIBUTE_UNUSE goto cleanup; } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val, @@ -5821,13 +5666,10 @@ remoteDispatchDomainMigrateFinish3Params(virNetServerPtr server ATTRIBUTE_UNUSED char *cookieout = NULL; int cookieoutlen = 0; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->params.params_len > REMOTE_DOMAIN_MIGRATE_PARAM_LIST_MAX) { virReportError(VIR_ERR_RPC, @@ -5841,7 +5683,7 @@ remoteDispatchDomainMigrateFinish3Params(virNetServerPtr server ATTRIBUTE_UNUSED 0, ¶ms, &nparams) < 0) goto cleanup; - dom = virDomainMigrateFinish3Params(priv->conn, params, nparams, + dom = virDomainMigrateFinish3Params(conn, params, nparams, args->cookie_in.cookie_in_val, args->cookie_in.cookie_in_len, &cookieout, &cookieoutlen, @@ -5879,13 +5721,10 @@ remoteDispatchDomainMigrateConfirm3Params(virNetServerPtr server ATTRIBUTE_UNUSE int nparams = 0; virDomainPtr dom = NULL; int rv = -1; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->params.params_len > REMOTE_DOMAIN_MIGRATE_PARAM_LIST_MAX) { virReportError(VIR_ERR_RPC, @@ -5894,7 +5733,7 @@ remoteDispatchDomainMigrateConfirm3Params(virNetServerPtr server ATTRIBUTE_UNUSE goto cleanup; } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val, @@ -5929,15 +5768,12 @@ remoteDispatchConnectGetCPUModelNames(virNetServerPtr server ATTRIBUTE_UNUSED, { int len, rv = -1; char **models = NULL; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - len = virConnectGetCPUModelNames(priv->conn, args->arch, + len = virConnectGetCPUModelNames(conn, args->arch, args->need_results ? &models : NULL, args->flags); if (len < 0) @@ -5981,16 +5817,13 @@ remoteDispatchDomainCreateXMLWithFiles(virNetServerPtr server ATTRIBUTE_UNUSED, { int rv = -1; virDomainPtr dom = NULL; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); int *files = NULL; unsigned int nfiles = 0; size_t i; + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (VIR_ALLOC_N(files, msg->nfds) < 0) goto cleanup; @@ -6000,7 +5833,7 @@ remoteDispatchDomainCreateXMLWithFiles(virNetServerPtr server ATTRIBUTE_UNUSED, nfiles++; } - if ((dom = virDomainCreateXMLWithFiles(priv->conn, args->xml_desc, + if ((dom = virDomainCreateXMLWithFiles(conn, args->xml_desc, nfiles, files, args->flags)) == NULL) goto cleanup; @@ -6030,16 +5863,13 @@ static int remoteDispatchDomainCreateWithFiles(virNetServerPtr server ATTRIBUTE_ { int rv = -1; virDomainPtr dom = NULL; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); int *files = NULL; unsigned int nfiles = 0; size_t i; + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (VIR_ALLOC_N(files, msg->nfds) < 0) goto cleanup; @@ -6049,7 +5879,7 @@ static int remoteDispatchDomainCreateWithFiles(virNetServerPtr server ATTRIBUTE_ nfiles++; } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainCreateWithFiles(dom, @@ -6085,19 +5915,18 @@ remoteDispatchConnectNetworkEventRegisterAny(virNetServerPtr server ATTRIBUTE_UN int rv = -1; daemonClientEventCallbackPtr callback = NULL; daemonClientEventCallbackPtr ref; + virNetworkPtr net = NULL; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); - virNetworkPtr net = NULL; + virConnectPtr conn = remoteGetNetworkConn(client); virMutexLock(&priv->lock); - if (!priv->networkConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->net && - !(net = get_nonnull_network(priv->networkConn, *args->net))) + !(net = get_nonnull_network(conn, *args->net))) goto cleanup; if (args->eventID >= VIR_NETWORK_EVENT_ID_LAST || args->eventID < 0) { @@ -6123,7 +5952,7 @@ remoteDispatchConnectNetworkEventRegisterAny(virNetServerPtr server ATTRIBUTE_UN callback) < 0) goto cleanup; - if ((callbackID = virConnectNetworkEventRegisterAny(priv->networkConn, + if ((callbackID = virConnectNetworkEventRegisterAny(conn, net, args->eventID, networkEventCallbacks[args->eventID], @@ -6161,13 +5990,12 @@ remoteDispatchConnectNetworkEventDeregisterAny(virNetServerPtr server ATTRIBUTE_ size_t i; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetNetworkConn(client); virMutexLock(&priv->lock); - if (!priv->networkConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } for (i = 0; i < priv->nnetworkEventCallbacks; i++) { if (priv->networkEventCallbacks[i]->callbackID == args->callbackID) @@ -6180,7 +6008,7 @@ remoteDispatchConnectNetworkEventDeregisterAny(virNetServerPtr server ATTRIBUTE_ goto cleanup; } - if (virConnectNetworkEventDeregisterAny(priv->networkConn, args->callbackID) < 0) + if (virConnectNetworkEventDeregisterAny(conn, args->callbackID) < 0) goto cleanup; VIR_DELETE_ELEMENT(priv->networkEventCallbacks, i, @@ -6210,16 +6038,15 @@ remoteDispatchConnectStoragePoolEventRegisterAny(virNetServerPtr server ATTRIBUT struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virStoragePoolPtr pool = NULL; + virConnectPtr conn = remoteGetStorageConn(client); virMutexLock(&priv->lock); - if (!priv->storageConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->pool && - !(pool = get_nonnull_storage_pool(priv->storageConn, *args->pool))) + !(pool = get_nonnull_storage_pool(conn, *args->pool))) goto cleanup; if (args->eventID >= VIR_STORAGE_POOL_EVENT_ID_LAST || args->eventID < 0) { @@ -6245,7 +6072,7 @@ remoteDispatchConnectStoragePoolEventRegisterAny(virNetServerPtr server ATTRIBUT callback) < 0) goto cleanup; - if ((callbackID = virConnectStoragePoolEventRegisterAny(priv->storageConn, + if ((callbackID = virConnectStoragePoolEventRegisterAny(conn, pool, args->eventID, storageEventCallbacks[args->eventID], @@ -6282,13 +6109,12 @@ remoteDispatchConnectStoragePoolEventDeregisterAny(virNetServerPtr server ATTRIB size_t i; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetStorageConn(client); virMutexLock(&priv->lock); - if (!priv->storageConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } for (i = 0; i < priv->nstorageEventCallbacks; i++) { if (priv->storageEventCallbacks[i]->callbackID == args->callbackID) @@ -6301,7 +6127,7 @@ remoteDispatchConnectStoragePoolEventDeregisterAny(virNetServerPtr server ATTRIB goto cleanup; } - if (virConnectStoragePoolEventDeregisterAny(priv->storageConn, args->callbackID) < 0) + if (virConnectStoragePoolEventDeregisterAny(conn, args->callbackID) < 0) goto cleanup; VIR_DELETE_ELEMENT(priv->storageEventCallbacks, i, @@ -6331,16 +6157,15 @@ remoteDispatchConnectNodeDeviceEventRegisterAny(virNetServerPtr server ATTRIBUTE struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virNodeDevicePtr dev = NULL; + virConnectPtr conn = remoteGetNodeDevConn(client); virMutexLock(&priv->lock); - if (!priv->nodedevConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->dev && - !(dev = get_nonnull_node_device(priv->nodedevConn, *args->dev))) + !(dev = get_nonnull_node_device(conn, *args->dev))) goto cleanup; if (args->eventID >= VIR_NODE_DEVICE_EVENT_ID_LAST || args->eventID < 0) { @@ -6366,7 +6191,7 @@ remoteDispatchConnectNodeDeviceEventRegisterAny(virNetServerPtr server ATTRIBUTE callback) < 0) goto cleanup; - if ((callbackID = virConnectNodeDeviceEventRegisterAny(priv->nodedevConn, + if ((callbackID = virConnectNodeDeviceEventRegisterAny(conn, dev, args->eventID, nodeDeviceEventCallbacks[args->eventID], @@ -6403,13 +6228,12 @@ remoteDispatchConnectNodeDeviceEventDeregisterAny(virNetServerPtr server ATTRIBU size_t i; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetNodeDevConn(client); virMutexLock(&priv->lock); - if (!priv->nodedevConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } for (i = 0; i < priv->nnodeDeviceEventCallbacks; i++) { if (priv->nodeDeviceEventCallbacks[i]->callbackID == args->callbackID) @@ -6422,7 +6246,7 @@ remoteDispatchConnectNodeDeviceEventDeregisterAny(virNetServerPtr server ATTRIBU goto cleanup; } - if (virConnectNodeDeviceEventDeregisterAny(priv->nodedevConn, args->callbackID) < 0) + if (virConnectNodeDeviceEventDeregisterAny(conn, args->callbackID) < 0) goto cleanup; VIR_DELETE_ELEMENT(priv->nodeDeviceEventCallbacks, i, @@ -6452,16 +6276,15 @@ remoteDispatchConnectSecretEventRegisterAny(virNetServerPtr server ATTRIBUTE_UNU struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virSecretPtr secret = NULL; + virConnectPtr conn = remoteGetSecretConn(client); virMutexLock(&priv->lock); - if (!priv->secretConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->secret && - !(secret = get_nonnull_secret(priv->secretConn, *args->secret))) + !(secret = get_nonnull_secret(conn, *args->secret))) goto cleanup; if (args->eventID >= VIR_SECRET_EVENT_ID_LAST || args->eventID < 0) { @@ -6487,7 +6310,7 @@ remoteDispatchConnectSecretEventRegisterAny(virNetServerPtr server ATTRIBUTE_UNU callback) < 0) goto cleanup; - if ((callbackID = virConnectSecretEventRegisterAny(priv->secretConn, + if ((callbackID = virConnectSecretEventRegisterAny(conn, secret, args->eventID, secretEventCallbacks[args->eventID], @@ -6524,13 +6347,12 @@ remoteDispatchConnectSecretEventDeregisterAny(virNetServerPtr server ATTRIBUTE_U size_t i; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetSecretConn(client); virMutexLock(&priv->lock); - if (!priv->secretConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } for (i = 0; i < priv->nsecretEventCallbacks; i++) { if (priv->secretEventCallbacks[i]->callbackID == args->callbackID) @@ -6543,7 +6365,7 @@ remoteDispatchConnectSecretEventDeregisterAny(virNetServerPtr server ATTRIBUTE_U goto cleanup; } - if (virConnectSecretEventDeregisterAny(priv->secretConn, args->callbackID) < 0) + if (virConnectSecretEventDeregisterAny(conn, args->callbackID) < 0) goto cleanup; VIR_DELETE_ELEMENT(priv->secretEventCallbacks, i, @@ -6574,16 +6396,15 @@ qemuDispatchConnectDomainMonitorEventRegister(virNetServerPtr server ATTRIBUTE_U virNetServerClientGetPrivateData(client); virDomainPtr dom = NULL; const char *event = args->event ? *args->event : NULL; + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->dom && - !(dom = get_nonnull_domain(priv->conn, *args->dom))) + !(dom = get_nonnull_domain(conn, *args->dom))) goto cleanup; /* If we call register first, we could append a complete callback @@ -6603,7 +6424,7 @@ qemuDispatchConnectDomainMonitorEventRegister(virNetServerPtr server ATTRIBUTE_U callback) < 0) goto cleanup; - if ((callbackID = virConnectDomainQemuMonitorEventRegister(priv->conn, + if ((callbackID = virConnectDomainQemuMonitorEventRegister(conn, dom, event, remoteRelayDomainQemuMonitorEvent, @@ -6642,13 +6463,12 @@ qemuDispatchConnectDomainMonitorEventDeregister(virNetServerPtr server ATTRIBUTE size_t i; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); virMutexLock(&priv->lock); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } for (i = 0; i < priv->nqemuEventCallbacks; i++) { if (priv->qemuEventCallbacks[i]->callbackID == args->callbackID) @@ -6661,7 +6481,7 @@ qemuDispatchConnectDomainMonitorEventDeregister(virNetServerPtr server ATTRIBUTE goto cleanup; } - if (virConnectDomainQemuMonitorEventDeregister(priv->conn, + if (virConnectDomainQemuMonitorEventDeregister(conn, args->callbackID) < 0) goto cleanup; @@ -6689,15 +6509,12 @@ remoteDispatchDomainGetTime(virNetServerPtr server ATTRIBUTE_UNUSED, virDomainPtr dom = NULL; long long seconds; unsigned int nseconds; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if (virDomainGetTime(dom, &seconds, &nseconds, args->flags) < 0) @@ -6725,13 +6542,10 @@ remoteDispatchNodeGetFreePages(virNetServerPtr server ATTRIBUTE_UNUSED, { int rv = -1; int len; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->pages.pages_len * args->cellCount > REMOTE_NODE_MAX_CELLS) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -6744,7 +6558,7 @@ remoteDispatchNodeGetFreePages(virNetServerPtr server ATTRIBUTE_UNUSED, args->pages.pages_len * args->cellCount) < 0) goto cleanup; - if ((len = virNodeGetFreePages(priv->conn, + if ((len = virNodeGetFreePages(conn, args->pages.pages_len, args->pages.pages_val, args->startCell, @@ -6838,17 +6652,15 @@ remoteDispatchNetworkGetDHCPLeases(virNetServerPtr server ATTRIBUTE_UNUSED, { int rv = -1; size_t i; - struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virNetworkDHCPLeasePtr *leases = NULL; virNetworkPtr net = NULL; int nleases = 0; + virConnectPtr conn = remoteGetNetworkConn(client); - if (!priv->networkConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(net = get_nonnull_network(priv->networkConn, args->net))) + if (!(net = get_nonnull_network(conn, args->net))) goto cleanup; if ((nleases = virNetworkGetDHCPLeases(net, @@ -6906,22 +6718,20 @@ remoteDispatchConnectGetAllDomainStats(virNetServerPtr server ATTRIBUTE_UNUSED, { int rv = -1; size_t i; - struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virDomainStatsRecordPtr *retStats = NULL; int nrecords = 0; virDomainPtr *doms = NULL; + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } if (args->doms.doms_len) { if (VIR_ALLOC_N(doms, args->doms.doms_len + 1) < 0) goto cleanup; for (i = 0; i < args->doms.doms_len; i++) { - if (!(doms[i] = get_nonnull_domain(priv->conn, args->doms.doms_val[i]))) + if (!(doms[i] = get_nonnull_domain(conn, args->doms.doms_val[i]))) goto cleanup; } @@ -6931,7 +6741,7 @@ remoteDispatchConnectGetAllDomainStats(virNetServerPtr server ATTRIBUTE_UNUSED, args->flags)) < 0) goto cleanup; } else { - if ((nrecords = virConnectGetAllDomainStats(priv->conn, + if ((nrecords = virConnectGetAllDomainStats(conn, args->stats, &retStats, args->flags)) < 0) @@ -6993,15 +6803,12 @@ remoteDispatchNodeAllocPages(virNetServerPtr server ATTRIBUTE_UNUSED, { int rv = -1; int len; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if ((len = virNodeAllocPages(priv->conn, + if ((len = virNodeAllocPages(conn, args->pageSizes.pageSizes_len, args->pageSizes.pageSizes_val, (unsigned long long *) args->pageCounts.pageCounts_val, @@ -7030,19 +6837,17 @@ remoteDispatchDomainGetFSInfo(virNetServerPtr server ATTRIBUTE_UNUSED, { int rv = -1; size_t i, j; - struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virDomainFSInfoPtr *info = NULL; virDomainPtr dom = NULL; remote_domain_fsinfo *dst; int ninfo = 0; size_t ndisk; + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if ((ninfo = virDomainGetFSInfo(dom, &info, args->flags)) < 0) @@ -7227,15 +7032,12 @@ remoteDispatchDomainInterfaceAddresses(virNetServerPtr server ATTRIBUTE_UNUSED, virDomainPtr dom = NULL; virDomainInterfacePtr *ifaces = NULL; int ifaces_count = 0; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetHypervisorConn(client); - if (!priv->conn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(dom = get_nonnull_domain(priv->conn, args->dom))) + if (!(dom = get_nonnull_domain(conn, args->dom))) goto cleanup; if ((ifaces_count = virDomainInterfaceAddresses(dom, &ifaces, args->source, args->flags)) < 0) @@ -7273,15 +7075,12 @@ remoteDispatchStorageVolGetInfoFlags(virNetServerPtr server ATTRIBUTE_UNUSED, int rv = -1; virStorageVolPtr vol = NULL; virStorageVolInfo tmp; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetStorageConn(client); - if (!priv->storageConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(vol = get_nonnull_storage_vol(priv->storageConn, args->vol))) + if (!(vol = get_nonnull_storage_vol(conn, args->vol))) goto cleanup; if (virStorageVolGetInfoFlags(vol, &tmp, args->flags) < 0) @@ -7312,15 +7111,12 @@ remoteDispatchNetworkPortGetParameters(virNetServerPtr server ATTRIBUTE_UNUSED, virNetworkPortPtr port = NULL; virTypedParameterPtr params = NULL; int nparams = 0; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); + virConnectPtr conn = remoteGetNetworkConn(client); - if (!priv->networkConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + if (!conn) goto cleanup; - } - if (!(port = get_nonnull_network_port(priv->networkConn, args->port))) + if (!(port = get_nonnull_network_port(conn, args->port))) goto cleanup; if (virNetworkPortGetParameters(port, ¶ms, &nparams, args->flags) < 0) -- 2.21.0
When the client has a connection to one of the hypervisor specific daemons (eg virtqemud), the app may still expect to use the secondary driver APIs (storage, network, etc). None of these will be registered in the hypervisor daemon, so we must explicitly open a connection to each of the daemons for the secondary drivers we need. We don't want to open these secondary driver connections at the same time as the primary connection is opened though. That would mean that establishing a connection to virtqemud would immediately trigger activation of virtnetworkd, virnwfilterd, etc despite that that these drivers may never be used by the app. Thus we only open the secondary driver connections at time of first use by an API call. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon.h | 13 +++ src/remote/remote_daemon_dispatch.c | 162 ++++++++++++++++++++++------ 2 files changed, 145 insertions(+), 30 deletions(-) diff --git a/src/remote/remote_daemon.h b/src/remote/remote_daemon.h index a403d2593a..a2d9af4036 100644 --- a/src/remote/remote_daemon.h +++ b/src/remote/remote_daemon.h @@ -70,12 +70,25 @@ struct daemonClientPrivate { * called, it will be set back to NULL if that succeeds. */ virConnectPtr conn; + + /* These secondary drivers may point back to 'conn' + * in the monolithic daemon setups. Otherwise they + * can be NULL and opened on first use, pointing + * to remote driver use of an external daemon + */ virConnectPtr interfaceConn; + const char *interfaceURI; virConnectPtr networkConn; + const char *networkURI; virConnectPtr nodedevConn; + const char *nodedevURI; virConnectPtr nwfilterConn; + const char *nwfilterURI; virConnectPtr secretConn; + const char *secretURI; virConnectPtr storageConn; + const char *storageURI; + bool readonly; daemonClientStreamPtr streams; }; diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 5609eb4caf..8c11bb3f6c 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -1941,6 +1941,33 @@ static void remoteClientCloseFunc(virNetServerClientPtr client) } +static int +remoteOpenConn(const char *uri, + bool readonly, + virConnectPtr *conn) +{ + VIR_DEBUG("Getting secondary uri=%s readonly=%d conn=%p", + NULLSTR(uri), readonly, conn); + if (*conn) + return 0; + + if (!uri) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); + return -1; + } + + VIR_DEBUG("Opening driver %s", uri); + if (readonly) + *conn = virConnectOpenReadOnly(uri); + else + *conn = virConnectOpen(uri); + if (!*conn) + return -1; + VIR_DEBUG("Opened driver %p", *conn); + return 0; +} + + static virConnectPtr remoteGetHypervisorConn(virNetServerClientPtr client) { @@ -1962,10 +1989,10 @@ remoteGetInterfaceConn(virNetServerClientPtr client) struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); - if (!priv->interfaceConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + if (remoteOpenConn(priv->interfaceURI, + priv->readonly, + &priv->interfaceConn) < 0) return NULL; - } return priv->interfaceConn; } @@ -1977,10 +2004,10 @@ remoteGetNetworkConn(virNetServerClientPtr client) struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); - if (!priv->networkConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + if (remoteOpenConn(priv->networkURI, + priv->readonly, + &priv->networkConn) < 0) return NULL; - } return priv->networkConn; } @@ -1992,10 +2019,10 @@ remoteGetNodeDevConn(virNetServerClientPtr client) struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); - if (!priv->nodedevConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + if (remoteOpenConn(priv->nodedevURI, + priv->readonly, + &priv->nodedevConn) < 0) return NULL; - } return priv->nodedevConn; } @@ -2007,10 +2034,10 @@ remoteGetNWFilterConn(virNetServerClientPtr client) struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); - if (!priv->nwfilterConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + if (remoteOpenConn(priv->nwfilterURI, + priv->readonly, + &priv->nwfilterConn) < 0) return NULL; - } return priv->nwfilterConn; } @@ -2022,10 +2049,10 @@ remoteGetSecretConn(virNetServerClientPtr client) struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); - if (!priv->secretConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + if (remoteOpenConn(priv->secretURI, + priv->readonly, + &priv->secretConn) < 0) return NULL; - } return priv->secretConn; } @@ -2037,10 +2064,10 @@ remoteGetStorageConn(virNetServerClientPtr client) struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); - if (!priv->storageConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + if (remoteOpenConn(priv->storageURI, + priv->readonly, + &priv->storageConn) < 0) return NULL; - } return priv->storageConn; } @@ -2077,6 +2104,9 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, unsigned int flags; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); int rv = -1; +#ifndef LIBVIRTD + const char *type = NULL; +#endif VIR_DEBUG("priv=%p conn=%p", priv, priv->conn); virMutexLock(&priv->lock); @@ -2095,20 +2125,88 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, if (virNetServerClientGetReadonly(client)) flags |= VIR_CONNECT_RO; - priv->conn = - flags & VIR_CONNECT_RO - ? virConnectOpenReadOnly(name) - : virConnectOpen(name); + priv->readonly = flags & VIR_CONNECT_RO; - if (priv->conn == NULL) + VIR_DEBUG("Opening driver %s", name); + if (priv->readonly) { + if (!(priv->conn = virConnectOpenReadOnly(name))) + goto cleanup; + } else { + if (!(priv->conn = virConnectOpen(name))) + goto cleanup; + } + VIR_DEBUG("Opened %p", priv->conn); + +#ifndef LIBVIRTD + if (!(type = virConnectGetType(priv->conn))) + goto cleanup; + + VIR_DEBUG("Primary driver type is '%s'", type); + if (STREQ(type, "QEMU") || + STREQ(type, "LIBXL") || + STREQ(type, "LXC") || + STREQ(type, "VBOX") || + STREQ(type, "bhyve") || + STREQ(type, "vz") || + STREQ(type, "Parallels")) { + VIR_DEBUG("Hypervisor driver found, setting URIs for secondary drivers"); + if (getuid() == 0) { + priv->interfaceURI = "interface:///system"; + priv->networkURI = "network:///system"; + priv->nodedevURI = "nodedev:///system"; + priv->nwfilterURI = "nwfilter:///system"; + priv->secretURI = "secret:///system"; + priv->storageURI = "storage:///system"; + } else { + priv->interfaceURI = "interface:///session"; + priv->networkURI = "network:///session"; + priv->nodedevURI = "nodedev:///session"; + /* No nwfilterURI as this is a root-only driver */ + priv->secretURI = "secret:///session"; + priv->storageURI = "storage:///session"; + } + } else if (STREQ(type, "interface")) { + VIR_DEBUG("Interface driver found"); + priv->interfaceConn = virObjectRef(priv->conn); + } else if (STREQ(type, "network")) { + VIR_DEBUG("Network driver found"); + priv->networkConn = virObjectRef(priv->conn); + } else if (STREQ(type, "nodedev")) { + VIR_DEBUG("Nodedev driver found"); + priv->nodedevConn = virObjectRef(priv->conn); + } else if (STREQ(type, "nwfilter")) { + VIR_DEBUG("NWFilter driver found"); + priv->nwfilterConn = virObjectRef(priv->conn); + } else if (STREQ(type, "secret")) { + VIR_DEBUG("Secret driver found"); + priv->secretConn = virObjectRef(priv->conn); + } else if (STREQ(type, "storage")) { + VIR_DEBUG("Storage driver found"); + priv->storageConn = virObjectRef(priv->conn); + + /* Co-open the secret driver, as apps using the storage driver may well + * need access to secrets for storage auth + */ + if (getuid() == 0) + priv->secretURI = "secret:///system"; + else + priv->secretURI = "secret:///session"; + } else if (STREQ(type, "remote")) { +#endif /* !LIBVIRTD */ + VIR_DEBUG("Pointing secondary drivers to primary"); + priv->interfaceConn = virObjectRef(priv->conn); + priv->networkConn = virObjectRef(priv->conn); + priv->nodedevConn = virObjectRef(priv->conn); + priv->nwfilterConn = virObjectRef(priv->conn); + priv->secretConn = virObjectRef(priv->conn); + priv->storageConn = virObjectRef(priv->conn); +#ifndef LIBVIRTD + } else { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unexpected driver type '%s' opened"), type); goto cleanup; - - priv->interfaceConn = virObjectRef(priv->conn); - priv->networkConn = virObjectRef(priv->conn); - priv->nodedevConn = virObjectRef(priv->conn); - priv->nwfilterConn = virObjectRef(priv->conn); - priv->secretConn = virObjectRef(priv->conn); - priv->storageConn = virObjectRef(priv->conn); + } +#endif /* !LIBVIRTD */ /* force update the @readonly attribute which was inherited from the * virNetServerService object - this is important for sockets that are RW @@ -2120,6 +2218,10 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, cleanup: if (rv < 0) virNetMessageSaveError(rerr); + if (priv->conn) { + virObjectUnref(priv->conn); + priv->conn = NULL; + } virMutexUnlock(&priv->lock); return rv; } -- 2.21.0
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
+++ b/src/remote/remote_daemon_dispatch.c @@ -1941,6 +1941,33 @@ static void remoteClientCloseFunc(virNetServerClientPtr client) + VIR_DEBUG("Opening driver %s", uri); + if (readonly) + *conn = virConnectOpenReadOnly(uri); + else + *conn = virConnectOpen(uri); + if (!*conn) + return -1; + VIR_DEBUG("Opened driver %p", *conn);
Empty line here.
@@ -1962,10 +1989,10 @@ remoteGetInterfaceConn(virNetServerClientPtr client) struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client);
- if (!priv->interfaceConn) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection not open")); + if (remoteOpenConn(priv->interfaceURI, + priv->readonly, + &priv->interfaceConn) < 0) return NULL; - }
Our coding style guidelines allow this, but personally I think it's less readable and in this specific case also happens to make the diff unnecessarily bigger, so I would suggest keeping the curly braces. If you prefer not making this change, though, that's alright too :)
@@ -2095,20 +2125,88 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, +#endif /* !LIBVIRTD */ + VIR_DEBUG("Pointing secondary drivers to primary"); + priv->interfaceConn = virObjectRef(priv->conn); + priv->networkConn = virObjectRef(priv->conn); + priv->nodedevConn = virObjectRef(priv->conn); + priv->nwfilterConn = virObjectRef(priv->conn); + priv->secretConn = virObjectRef(priv->conn); + priv->storageConn = virObjectRef(priv->conn);
I thought we agreed to have at least a comment explaining that this is necessary to support the virtproxyd use case? With the comment added, Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
The virtproxyd daemon is merely responsible for forwarding RPC calls to one of the other per-driver daemons. As such, it does not have any drivers loaded and so regular auto-probing logic will not work. We need it to be able to handle NULL URIs though, so must implement some kind of alternative probing logic. When running as root this is quite crude. If a per-driver daemon is running, its UNIX socket will exist and we can assume it will accept connections. If the per-driver daemon is not running, but socket autostart is enabled, we again just assume it will accept connections. The is not great, however, because a default install may well have all sockets available for activation. IOW, the virtxend socket may exist, despite the fact that the libxl driver will not actually work. When running as non-root this is slightly easier as we only have two drivers, QEMU and VirtualBox. These daemons will likely not be running and socket activation won't be used either, as libvirt spawns the daemon on demand. So we just check whether the daemon actually is installed. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/Makefile.inc.am | 1 + src/remote/remote_daemon_dispatch.c | 137 ++++++++++++++++++++++++++++ 2 files changed, 138 insertions(+) diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index 344f19311a..d100922a8d 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -235,6 +235,7 @@ virtproxyd_CFLAGS = \ -DSOCK_PREFIX="\"libvirt\"" \ -DDAEMON_NAME="\"virtproxyd\"" \ -DENABLE_IP \ + -DVIRTPROXYD \ $(NULL) virtproxyd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) virtproxyd_LDADD = $(REMOTE_DAEMON_LD_ADD) diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 8c11bb3f6c..9ef76daa55 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -50,6 +50,7 @@ #include "viraccessapicheckqemu.h" #include "virpolkit.h" #include "virthreadjob.h" +#include "configmake.h" #define VIR_FROM_THIS VIR_FROM_RPC @@ -2093,6 +2094,130 @@ void *remoteClientNew(virNetServerClientPtr client, /*----- Functions. -----*/ +#ifdef VIRTPROXYD +/* + * When running in virtproxyd regular auto-probing of drivers + * does not work as we don't have any drivers present (except + * stateless ones inside libvirt.so). All the interesting + * drivers are in separate daemons. Thus when we get a NULL + * URI we need to simulate probing that virConnectOpen would + * previously do. We use the existance of the UNIX domain + * socket as our hook for probing. + * + * This assumes no stale sockets left over from a now dead + * daemon, but that's reasonable since libvirtd unlinks + * sockets it creates on shutdown, or uses systemd activation + * + * We only try to probe for primary hypervisor drivers, + * not the secondary drivers. + */ +static int +remoteDispatchProbeURI(bool readonly, char **probeduri) +{ + *probeduri = NULL; + VIR_DEBUG("Probing for driver daemon sockets"); + + /* + * If running root, either the daemon is running and the socket + * exists, or we're using socket activation so the socket exists + * too. + * + * If running non-root, chances are that the daemon won't be + * running, nor any socket activation is used. We need to + * be able to auto-spawn the daemon. We thus just check to + * see what daemons are installed. This is not a big deal as + * only QEMU & VBox run as non-root, anyway. + */ + if (geteuid() != 0) { + /* Order these the same as virDriverLoadModule + * calls in daemonInitialize */ + const char *drivers[] = { +# ifdef WITH_QEMU + "qemu", +# endif +# ifdef WITH_VBOX + "vbox", +# endif + }; + size_t i; + + for (i = 0; i < ARRAY_CARDINALITY(drivers) && !*probeduri; i++) { + VIR_AUTOFREE(char *) daemonname = NULL; + VIR_AUTOFREE(char *) daemonpath = NULL; + + if (virAsprintf(&daemonname, "virt%sd", drivers[i]) < 0) + return -1; + + if (!(daemonpath = virFileFindResource(daemonname, "src", SBINDIR))) + return -1; + + if (!virFileExists(daemonpath)) { + VIR_DEBUG("Missing daemon %s for driver %s", daemonpath, drivers[i]); + continue; + } + + if (virAsprintf(probeduri, "%s:///session", drivers[i]) < 0) + return -1; + + VIR_DEBUG("Probed URI %s via daemon %s", *probeduri, daemonpath); + return 0; + } + } else { + /* Order these the same as virDriverLoadModule + * calls in daemonInitialize */ + const char *drivers[] = { +# ifdef WITH_LIBXL + "libxl", +# endif +# ifdef WITH_QEMU + "qemu", +# endif +# ifdef WITH_LXC + "lxc", +# endif +# ifdef WITH_VBOX + "vbox", +# endif +# ifdef WITH_BHYVE + "bhyve", +# endif +# ifdef WITH_VZ + "vz", +# endif + }; + size_t i; + + for (i = 0; i < ARRAY_CARDINALITY(drivers) && !*probeduri; i++) { + VIR_AUTOFREE(char *) sockname = NULL; + + if (virAsprintf(&sockname, "%s/run/libvirt/virt%sd-%s", + LOCALSTATEDIR, drivers[i], + readonly ? "sock-ro" : "sock") < 0) + return -1; + + if (!virFileExists(sockname)) { + VIR_DEBUG("Missing sock %s for driver %s", sockname, drivers[i]); + continue; + } + + if (virAsprintf(probeduri, "%s:///system", drivers[i]) < 0) + return -1; + + VIR_DEBUG("Probed URI %s via sock %s", *probeduri, sockname); + return 0; + } + } + + /* Even if we didn't probe any socket, we won't + * return error. Just let virConnectOpen's normal + * logic run which will likely return an error anyway + */ + VIR_DEBUG("No driver sock exists"); + return 0; +} +#endif /* VIRTPROXYD */ + + static int remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, virNetServerClientPtr client, @@ -2101,6 +2226,9 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, struct remote_connect_open_args *args) { const char *name; +#ifdef VIRTPROXYD + VIR_AUTOFREE(char *) probeduri = NULL; +#endif unsigned int flags; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); int rv = -1; @@ -2127,6 +2255,15 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, priv->readonly = flags & VIR_CONNECT_RO; +#ifdef VIRTPROXYD + if (!name || STREQ(name, "")) { + if (remoteDispatchProbeURI(priv->readonly, &probeduri) < 0) + goto cleanup; + + name = probeduri; + } +#endif + VIR_DEBUG("Opening driver %s", name); if (priv->readonly) { if (!(priv->conn = virConnectOpenReadOnly(name))) -- 2.21.0
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
@@ -2093,6 +2094,130 @@ void *remoteClientNew(virNetServerClientPtr client, +static int +remoteDispatchProbeURI(bool readonly, char **probeduri)
One argument per line. Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
Instead of open-coding a string -> enum conversion, use the enum helpers for the remote driver transport. The old code uses STRCASEEQ, so we must force the URI transport to lowercase for sake of back-compatibility. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_driver.c | 123 +++++++++++++++++++++---------------- 1 file changed, 69 insertions(+), 54 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 8e1024dca3..706d9e6e14 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -49,11 +49,35 @@ #include "virauth.h" #include "virauthconfig.h" #include "virstring.h" +#include "c-ctype.h" #define VIR_FROM_THIS VIR_FROM_REMOTE VIR_LOG_INIT("remote.remote_driver"); +typedef enum { + REMOTE_DRIVER_TRANSPORT_TLS, + REMOTE_DRIVER_TRANSPORT_UNIX, + REMOTE_DRIVER_TRANSPORT_SSH, + REMOTE_DRIVER_TRANSPORT_LIBSSH2, + REMOTE_DRIVER_TRANSPORT_EXT, + REMOTE_DRIVER_TRANSPORT_TCP, + REMOTE_DRIVER_TRANSPORT_LIBSSH, + + REMOTE_DRIVER_TRANSPORT_LAST, +} remoteDriverTransport; + +VIR_ENUM_DECL(remoteDriverTransport); +VIR_ENUM_IMPL(remoteDriverTransport, + REMOTE_DRIVER_TRANSPORT_LAST, + "tls", + "unix", + "ssh", + "libssh2", + "ext", + "tcp", + "libssh"); + #if SIZEOF_LONG < 8 # define HYPER_TO_TYPE(_type, _to, _from) \ do { \ @@ -176,10 +200,17 @@ static int remoteSplitURIScheme(virURIPtr uri, if (VIR_STRNDUP(*driver, uri->scheme, p ? p - uri->scheme : -1) < 0) return -1; - if (p && - VIR_STRDUP(*transport, p + 1) < 0) { - VIR_FREE(*driver); - return -1; + if (p) { + if (VIR_STRDUP(*transport, p + 1) < 0) { + VIR_FREE(*driver); + return -1; + } + + p = *transport; + while (*p) { + *p = c_tolower(*p); + p++; + } } return 0; @@ -778,15 +809,7 @@ doRemoteOpen(virConnectPtr conn, virConfPtr conf, unsigned int flags) { - enum { - trans_tls, - trans_unix, - trans_ssh, - trans_libssh2, - trans_ext, - trans_tcp, - trans_libssh, - } transport; + int transport; #ifndef WIN32 VIR_AUTOFREE(char *) daemonPath = NULL; #endif @@ -815,42 +838,29 @@ doRemoteOpen(virConnectPtr conn, if (conn->uri) { if (!transport_str) { if (conn->uri->server) - transport = trans_tls; + transport = REMOTE_DRIVER_TRANSPORT_TLS; else - transport = trans_unix; + transport = REMOTE_DRIVER_TRANSPORT_UNIX; } else { - if (STRCASEEQ(transport_str, "tls")) { - transport = trans_tls; - } else if (STRCASEEQ(transport_str, "unix")) { - if (conn->uri->server) { - virReportError(VIR_ERR_INVALID_ARG, - _("using unix socket and remote " - "server '%s' is not supported."), - conn->uri->server); - return VIR_DRV_OPEN_ERROR; - } else { - transport = trans_unix; - } - } else if (STRCASEEQ(transport_str, "ssh")) { - transport = trans_ssh; - } else if (STRCASEEQ(transport_str, "libssh2")) { - transport = trans_libssh2; - } else if (STRCASEEQ(transport_str, "ext")) { - transport = trans_ext; - } else if (STRCASEEQ(transport_str, "tcp")) { - transport = trans_tcp; - } else if (STRCASEEQ(transport_str, "libssh")) { - transport = trans_libssh; - } else { + if ((transport = remoteDriverTransportTypeFromString(transport_str)) < 0) { virReportError(VIR_ERR_INVALID_ARG, "%s", _("remote_open: transport in URL not recognised " "(should be tls|unix|ssh|ext|tcp|libssh2|libssh)")); return VIR_DRV_OPEN_ERROR; } + + if (transport == REMOTE_DRIVER_TRANSPORT_UNIX && + conn->uri->server) { + virReportError(VIR_ERR_INVALID_ARG, + _("using unix socket and remote " + "server '%s' is not supported."), + conn->uri->server); + return VIR_DRV_OPEN_ERROR; + } } } else { /* No URI, then must be probing so use UNIX socket */ - transport = trans_unix; + transport = REMOTE_DRIVER_TRANSPORT_UNIX; } /* @@ -861,7 +871,7 @@ doRemoteOpen(virConnectPtr conn, * not require any external libraries or command execution */ if (virIsSUID() && - transport != trans_unix) { + transport != REMOTE_DRIVER_TRANSPORT_UNIX) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Only Unix socket URI transport is allowed in setuid mode")); return VIR_DRV_OPEN_ERROR; @@ -872,10 +882,10 @@ doRemoteOpen(virConnectPtr conn, if (conn->uri && conn->uri->port != 0) { if (virAsprintf(&port, "%d", conn->uri->port) < 0) goto failed; - } else if (transport == trans_tls) { + } else if (transport == REMOTE_DRIVER_TRANSPORT_TLS) { if (VIR_STRDUP(port, LIBVIRTD_TLS_PORT) < 0) goto failed; - } else if (transport == trans_tcp) { + } else if (transport == REMOTE_DRIVER_TRANSPORT_TCP) { if (VIR_STRDUP(port, LIBVIRTD_TCP_PORT) < 0) goto failed; } /* Port not used for unix, ext., default for ssh */ @@ -959,7 +969,7 @@ doRemoteOpen(virConnectPtr conn, VIR_DEBUG("proceeding with name = %s", name); /* For ext transport, command is required. */ - if (transport == trans_ext && !command) { + if (transport == REMOTE_DRIVER_TRANSPORT_EXT && !command) { virReportError(VIR_ERR_INVALID_ARG, "%s", _("remote_open: for 'ext' transport, command is required")); goto failed; @@ -967,8 +977,8 @@ doRemoteOpen(virConnectPtr conn, VIR_DEBUG("Connecting with transport %d", transport); /* Connect to the remote service. */ - switch (transport) { - case trans_tls: + switch ((remoteDriverTransport)transport) { + case REMOTE_DRIVER_TRANSPORT_TLS: if (conf && !tls_priority && virConfGetValueString(conf, "tls_priority", &tls_priority) < 0) goto failed; @@ -991,7 +1001,7 @@ doRemoteOpen(virConnectPtr conn, goto failed; #endif - case trans_tcp: + case REMOTE_DRIVER_TRANSPORT_TCP: priv->client = virNetClientNewTCP(priv->hostname, port, AF_UNSPEC); if (!priv->client) goto failed; @@ -1006,7 +1016,7 @@ doRemoteOpen(virConnectPtr conn, break; - case trans_libssh2: + case REMOTE_DRIVER_TRANSPORT_LIBSSH2: if (!sockname) { /* Right now we don't support default session connections */ if (flags & VIR_DRV_OPEN_REMOTE_USER) { @@ -1041,7 +1051,7 @@ doRemoteOpen(virConnectPtr conn, priv->is_secure = 1; break; - case trans_libssh: + case REMOTE_DRIVER_TRANSPORT_LIBSSH: if (!sockname) { /* Right now we don't support default session connections */ if (flags & VIR_DRV_OPEN_REMOTE_USER) { @@ -1077,7 +1087,7 @@ doRemoteOpen(virConnectPtr conn, break; #ifndef WIN32 - case trans_unix: + case REMOTE_DRIVER_TRANSPORT_UNIX: if (!sockname) { if (flags & VIR_DRV_OPEN_REMOTE_USER) sockname = remoteGetUNIXSocketNonRoot(); @@ -1103,7 +1113,7 @@ doRemoteOpen(virConnectPtr conn, priv->is_secure = 1; break; - case trans_ssh: + case REMOTE_DRIVER_TRANSPORT_SSH: if (!command && VIR_STRDUP(command, "ssh") < 0) goto failed; @@ -1135,7 +1145,7 @@ doRemoteOpen(virConnectPtr conn, priv->is_secure = 1; break; - case trans_ext: { + case REMOTE_DRIVER_TRANSPORT_EXT: { char const *cmd_argv[] = { command, NULL }; if (!(priv->client = virNetClientNewExternal(cmd_argv))) goto failed; @@ -1147,15 +1157,20 @@ doRemoteOpen(virConnectPtr conn, #else /* WIN32 */ - case trans_unix: - case trans_ssh: - case trans_ext: + case REMOTE_DRIVER_TRANSPORT_UNIX: + case REMOTE_DRIVER_TRANSPORT_SSH: + case REMOTE_DRIVER_TRANSPORT_EXT: virReportError(VIR_ERR_INVALID_ARG, "%s", _("transport methods unix, ssh and ext are not supported " "under Windows")); goto failed; #endif /* WIN32 */ + + case REMOTE_DRIVER_TRANSPORT_LAST: + default: + virReportEnumRangeError(remoteDriverTransport, transport); + goto failed; } /* switch (transport) */ -- 2.21.0
The ssh, libssh, libssh2 & unix transports all need to use a UNIX socket path, and duplicate some of the same logic for error checking. Pull this out into a separate method to increase code sharing. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_driver.c | 123 +++++++++++++++---------------------- 1 file changed, 48 insertions(+), 75 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 706d9e6e14..e647a77f41 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -747,34 +747,35 @@ remoteConnectSupportsFeatureUnlocked(virConnectPtr conn, } -#ifndef WIN32 -static char *remoteGetUNIXSocketNonRoot(void) +static char * +remoteGetUNIXSocket(remoteDriverTransport transport, + unsigned int flags) { char *sockname = NULL; - char *userdir = virGetUserRuntimeDirectory(); - - if (!userdir) - return NULL; + VIR_AUTOFREE(char *) userdir = NULL; + + if (flags & VIR_DRV_OPEN_REMOTE_USER) { + if (transport != REMOTE_DRIVER_TRANSPORT_UNIX) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, + _("Connecting to session instance without " + "socket path is not supported by the %s " + "transport"), + remoteDriverTransportTypeToString(transport)); + return NULL; + } + if (!(userdir = virGetUserRuntimeDirectory())) + return NULL; - if (virAsprintf(&sockname, "%s/" LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0) { - VIR_FREE(userdir); - return NULL; + if (virAsprintf(&sockname, + "%s/" LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0) + return NULL; + } else { + if (VIR_STRDUP(sockname, + flags & VIR_DRV_OPEN_REMOTE_RO ? + LIBVIRTD_PRIV_UNIX_SOCKET_RO : + LIBVIRTD_PRIV_UNIX_SOCKET) < 0) + return NULL; } - VIR_FREE(userdir); - - VIR_DEBUG("Chosen UNIX sockname %s", sockname); - return sockname; -} -#endif /* WIN32 */ - -static char *remoteGetUNIXSocketRoot(unsigned int flags) -{ - char *sockname = NULL; - - if (VIR_STRDUP(sockname, - flags & VIR_DRV_OPEN_REMOTE_RO ? - LIBVIRTD_PRIV_UNIX_SOCKET_RO : LIBVIRTD_PRIV_UNIX_SOCKET) < 0) - return NULL; VIR_DEBUG("Chosen UNIX sockname %s", sockname); return sockname; @@ -976,6 +977,29 @@ doRemoteOpen(virConnectPtr conn, } VIR_DEBUG("Connecting with transport %d", transport); + + switch ((remoteDriverTransport)transport) { + case REMOTE_DRIVER_TRANSPORT_UNIX: + case REMOTE_DRIVER_TRANSPORT_SSH: + case REMOTE_DRIVER_TRANSPORT_LIBSSH: + case REMOTE_DRIVER_TRANSPORT_LIBSSH2: + if (!sockname && + !(sockname = remoteGetUNIXSocket(transport, flags))) + goto failed; + + case REMOTE_DRIVER_TRANSPORT_TCP: + case REMOTE_DRIVER_TRANSPORT_TLS: + case REMOTE_DRIVER_TRANSPORT_EXT: + break; + + case REMOTE_DRIVER_TRANSPORT_LAST: + default: + virReportEnumRangeError(remoteDriverTransport, transport); + goto failed; + } + + VIR_DEBUG("Chosen UNIX socket %s", NULLSTR(sockname)); + /* Connect to the remote service. */ switch ((remoteDriverTransport)transport) { case REMOTE_DRIVER_TRANSPORT_TLS: @@ -1017,20 +1041,6 @@ doRemoteOpen(virConnectPtr conn, break; case REMOTE_DRIVER_TRANSPORT_LIBSSH2: - if (!sockname) { - /* Right now we don't support default session connections */ - if (flags & VIR_DRV_OPEN_REMOTE_USER) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("Connecting to session instance without " - "socket path is not supported by the libssh2 " - "connection driver")); - goto failed; - } - - if (!(sockname = remoteGetUNIXSocketRoot(flags))) - goto failed; - } - VIR_DEBUG("Starting LibSSH2 session"); priv->client = virNetClientNewLibSSH2(priv->hostname, @@ -1052,20 +1062,6 @@ doRemoteOpen(virConnectPtr conn, break; case REMOTE_DRIVER_TRANSPORT_LIBSSH: - if (!sockname) { - /* Right now we don't support default session connections */ - if (flags & VIR_DRV_OPEN_REMOTE_USER) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("Connecting to session instance without " - "socket path is not supported by the libssh " - "connection driver")); - goto failed; - } - - if (!(sockname = remoteGetUNIXSocketRoot(flags))) - goto failed; - } - VIR_DEBUG("Starting libssh session"); priv->client = virNetClientNewLibssh(priv->hostname, @@ -1088,15 +1084,6 @@ doRemoteOpen(virConnectPtr conn, #ifndef WIN32 case REMOTE_DRIVER_TRANSPORT_UNIX: - if (!sockname) { - if (flags & VIR_DRV_OPEN_REMOTE_USER) - sockname = remoteGetUNIXSocketNonRoot(); - else - sockname = remoteGetUNIXSocketRoot(flags); - if (!sockname) - goto failed; - } - if ((flags & VIR_DRV_OPEN_REMOTE_AUTOSTART) && !(daemonPath = virFileFindResourceFull("libvirtd", NULL, NULL, @@ -1117,20 +1104,6 @@ doRemoteOpen(virConnectPtr conn, if (!command && VIR_STRDUP(command, "ssh") < 0) goto failed; - if (!sockname) { - /* Right now we don't support default session connections */ - if (flags & VIR_DRV_OPEN_REMOTE_USER) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("Connecting to session instance without " - "socket path is not supported by the ssh " - "connection driver")); - goto failed; - } - - if (!(sockname = remoteGetUNIXSocketRoot(flags))) - goto failed; - } - if (!(priv->client = virNetClientNewSSH(priv->hostname, port, command, -- 2.21.0
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
+++ b/src/remote/remote_driver.c @@ -976,6 +977,29 @@ doRemoteOpen(virConnectPtr conn, + switch ((remoteDriverTransport)transport) { + case REMOTE_DRIVER_TRANSPORT_UNIX: + case REMOTE_DRIVER_TRANSPORT_SSH: + case REMOTE_DRIVER_TRANSPORT_LIBSSH: + case REMOTE_DRIVER_TRANSPORT_LIBSSH2: + if (!sockname && + !(sockname = remoteGetUNIXSocket(transport, flags))) + goto failed;
Curly brackets around the body. Also you should have either a break statement (preferred) or an ATTRIBUTE_FALLTHROUGH annotation here. -- Andrea Bolognani / Red Hat / Virtualization
Historically URIs handled by the remote driver will always connect to the libvirtd UNIX socket. There will now be one daemon per driver, and each of these has its own UNIX sockets to connect to. It will still be possible to run the traditional monolithic libvirtd though, which will have the original UNIX socket path. In addition there is a virproxyd daemon that doesn't run any drivers, but provides proxying for clients accessing libvirt over IP sockets, or tunnelling to the legacy libvirtd UNIX socket path. Finally when running inside a daemon, the remote driver must not reject connections unconditionally. For example, the QEMU driver needs to be able to connect to the network driver. The remote driver must thus be willing to handle connections even when inside the daemon, provided no local driver is registered. This refactoring enables the remote driver to be able to connect to the per-driver daemons. The URI parameter "mode" accepts the values "auto", "direct" and "legacy" to control which daemons are connected to. The client side libvirt.conf config file also supports a "remote_mode" setting which is used if the URI parameter is not set. If neither the config file or URI parameter set a mode, then "auto" is used, whereby the client looks to see which sockets actually exist right now. The remote driver will only ever spawn the per-driver daemons, or the legacy libvirtd. It won't ever try to spawn virtproxyd, as that is only there for IP based connectivity, or for access from legacy remote clients. If connecting to a remote host over any kind of ssh tunnel, for now we must assume only the legacy socket exists. A future patch will introduce a netcat replacement that is tailored for libvirt to make remote tunnelling easier. The configure arg '--with-remote-default-mode=legacy|direct' allows packagers to set a default at build time. If not given, it will default to legacy mode. Eventually the default will switch to default mode. Distros can choose todo the switch earlier if desired. The main blocker is testing and suitable SELinux/AppArmor policies. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- docs/remote.html.in | 18 ++++ libvirt.spec.in | 1 + m4/virt-driver-remote.m4 | 15 +++ src/driver.h | 2 + src/libvirt.c | 27 +++++ src/remote/remote_driver.c | 209 +++++++++++++++++++++++++++++++++---- src/remote/remote_driver.h | 3 - 7 files changed, 250 insertions(+), 25 deletions(-) diff --git a/docs/remote.html.in b/docs/remote.html.in index fbcc8bf01c..78e071a898 100644 --- a/docs/remote.html.in +++ b/docs/remote.html.in @@ -206,6 +206,24 @@ Note that parameter values must be <td colspan="2"/> <td> Example: <code>tls_priority=NORMAL:-VERS-SSL3.0</code> </td> </tr> + <tr> + <td> + <code>mode</code> + </td> + <td> unix, ssh, libssh, libssh2 </td> + <td> + <dl> + <dt><code>auto</code></dt><dd>automatically determine the daemon</dd> + <dt><code>direct</code></dt><dd>connect to per-driver daemons</dd> + <dt><code>legacy</code></dt><dd>connect to libvirtd</dd> + </dl> + Can also be set in <code>libvirt.conf</code> as <code>remote_mode</code> + </td> + </tr> + <tr> + <td colspan="2"/> + <td> Example: <code>mode=direct</code> </td> + </tr> <tr> <td> <code>command</code> diff --git a/libvirt.spec.in b/libvirt.spec.in index c1da28892a..112c3fe7c4 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1170,6 +1170,7 @@ rm -f po/stamp-po --without-xenapi \ --without-vz \ --without-bhyve \ + --with-remote-default-mode=legacy \ --with-interface \ --with-network \ --with-storage-fs \ diff --git a/m4/virt-driver-remote.m4 b/m4/virt-driver-remote.m4 index c7af5b3fc6..8d98e369b3 100644 --- a/m4/virt-driver-remote.m4 +++ b/m4/virt-driver-remote.m4 @@ -19,6 +19,7 @@ dnl AC_DEFUN([LIBVIRT_DRIVER_ARG_REMOTE], [ LIBVIRT_ARG_WITH_FEATURE([REMOTE], [remote driver], [yes]) + LIBVIRT_ARG_WITH([REMOTE_DEFAULT_MODE], [remote driver default mode], [legacy]) ]) AC_DEFUN([LIBVIRT_DRIVER_CHECK_REMOTE], [ @@ -26,6 +27,20 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_REMOTE], [ AC_DEFINE_UNQUOTED([WITH_REMOTE], 1, [whether Remote driver is enabled]) fi AM_CONDITIONAL([WITH_REMOTE], [test "$with_remote" = "yes"]) + + case "$with_remote_default_mode" in + legacy) + REMOTE_DRIVER_MODE_DEFAULT=REMOTE_DRIVER_MODE_LEGACY + ;; + direct) + REMOTE_DRIVER_MODE_DEFAULT=REMOTE_DRIVER_MODE_DIRECT + ;; + *) + AC_MSG_ERROR([Unknown remote mode '$with_remote_default_mode']) + ;; + esac + + AC_DEFINE_UNQUOTED([REMOTE_DRIVER_MODE_DEFAULT],[$REMOTE_DRIVER_MODE_DEFAULT], [Default remote driver mode]) ]) AC_DEFUN([LIBVIRT_DRIVER_RESULT_REMOTE], [ diff --git a/src/driver.h b/src/driver.h index 898fb96df4..f7d667a03c 100644 --- a/src/driver.h +++ b/src/driver.h @@ -108,6 +108,8 @@ int virSetSharedNWFilterDriver(virNWFilterDriverPtr driver) ATTRIBUTE_RETURN_CHE int virSetSharedSecretDriver(virSecretDriverPtr driver) ATTRIBUTE_RETURN_CHECK; int virSetSharedStorageDriver(virStorageDriverPtr driver) ATTRIBUTE_RETURN_CHECK; +bool virHasDriverForURIScheme(const char *scheme); + int virDriverLoadModule(const char *name, const char *regfunc, bool required); diff --git a/src/libvirt.c b/src/libvirt.c index 9390a767f9..beafbc3716 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -601,6 +601,33 @@ virRegisterConnectDriver(virConnectDriverPtr driver, } +/** + * virHasDriverForURIScheme: + * @scheme: the URI scheme + * + * Determine if there is a driver registered that explicitly + * handles URIs with the scheme @scheme. + * + * Returns: true if a driver is registered + */ +bool +virHasDriverForURIScheme(const char *scheme) +{ + size_t i; + size_t j; + + for (i = 0; i < virConnectDriverTabCount; i++) { + if (!virConnectDriverTab[i]->uriSchemes) + continue; + for (j = 0; virConnectDriverTab[i]->uriSchemes[j]; j++) { + if (STREQ(virConnectDriverTab[i]->uriSchemes[j], scheme)) + return true; + } + } + + return false; +} + /** * virRegisterStateDriver: * @driver: pointer to a driver block diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index e647a77f41..889d62ba4f 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -78,6 +78,24 @@ VIR_ENUM_IMPL(remoteDriverTransport, "tcp", "libssh"); +typedef enum { + /* Try to figure out the "best" choice magically */ + REMOTE_DRIVER_MODE_AUTO, + /* Always use the legacy libvirtd */ + REMOTE_DRIVER_MODE_LEGACY, + /* Always use the per-driver virt*d daemons */ + REMOTE_DRIVER_MODE_DIRECT, + + REMOTE_DRIVER_MODE_LAST +} remoteDriverMode; + +VIR_ENUM_DECL(remoteDriverMode); +VIR_ENUM_IMPL(remoteDriverMode, + REMOTE_DRIVER_MODE_LAST, + "auto", + "legacy", + "direct"); + #if SIZEOF_LONG < 8 # define HYPER_TO_TYPE(_type, _to, _from) \ do { \ @@ -748,8 +766,9 @@ remoteConnectSupportsFeatureUnlocked(virConnectPtr conn, static char * -remoteGetUNIXSocket(remoteDriverTransport transport, - unsigned int flags) +remoteGetUNIXSocketHelper(remoteDriverTransport transport, + const char *sock_prefix, + unsigned int flags) { char *sockname = NULL; VIR_AUTOFREE(char *) userdir = NULL; @@ -766,21 +785,129 @@ remoteGetUNIXSocket(remoteDriverTransport transport, if (!(userdir = virGetUserRuntimeDirectory())) return NULL; - if (virAsprintf(&sockname, - "%s/" LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0) + if (virAsprintf(&sockname, "%s/%s-sock", + userdir, sock_prefix) < 0) return NULL; } else { - if (VIR_STRDUP(sockname, - flags & VIR_DRV_OPEN_REMOTE_RO ? - LIBVIRTD_PRIV_UNIX_SOCKET_RO : - LIBVIRTD_PRIV_UNIX_SOCKET) < 0) + if (virAsprintf(&sockname, "%s/run/libvirt/%s-%s", + LOCALSTATEDIR, sock_prefix, + flags & VIR_DRV_OPEN_REMOTE_RO ? + "sock-ro" : "sock") < 0) return NULL; } - VIR_DEBUG("Chosen UNIX sockname %s", sockname); + VIR_DEBUG("Built UNIX sockname %s for transport %s prefix %s flags=0x%x", + sockname, remoteDriverTransportTypeToString(transport), + sock_prefix, flags); return sockname; } + +static char * +remoteGetUNIXSocket(remoteDriverTransport transport, + remoteDriverMode mode, + const char *driver, + char **daemon, + unsigned int flags) +{ + char *sock_name = NULL; + VIR_AUTOFREE(char *) direct_daemon = NULL; + VIR_AUTOFREE(char *) legacy_daemon = NULL; + VIR_AUTOFREE(char *) direct_sock_name = NULL; + VIR_AUTOFREE(char *) legacy_sock_name = NULL; + + if (driver && + virAsprintf(&direct_daemon, "virt%sd", driver) < 0) + return NULL; + + if (VIR_STRDUP(legacy_daemon, "libvirtd") < 0) + return NULL; + + if (driver && + !(direct_sock_name = remoteGetUNIXSocketHelper(transport, direct_daemon, flags))) + return NULL; + + if (!(legacy_sock_name = remoteGetUNIXSocketHelper(transport, "libvirt", flags))) + return NULL; + + if (mode == REMOTE_DRIVER_MODE_AUTO) { + if (transport == REMOTE_DRIVER_TRANSPORT_UNIX) { + if (direct_sock_name && virFileExists(direct_sock_name)) { + mode = REMOTE_DRIVER_MODE_DIRECT; + } else if (virFileExists(legacy_sock_name)) { + mode = REMOTE_DRIVER_MODE_LEGACY; + } else if (driver) { + /* + * This constant comes from the configure script and + * maps to either the direct or legacy mode constant + */ + mode = REMOTE_DRIVER_MODE_DEFAULT; + } else { + mode = REMOTE_DRIVER_MODE_LEGACY; + } + } else { + mode = REMOTE_DRIVER_MODE_LEGACY; + } + } + + switch ((remoteDriverMode)mode) { + case REMOTE_DRIVER_MODE_LEGACY: + VIR_STEAL_PTR(sock_name, legacy_sock_name); + VIR_STEAL_PTR(*daemon, legacy_daemon); + break; + + case REMOTE_DRIVER_MODE_DIRECT: + if (transport != REMOTE_DRIVER_TRANSPORT_UNIX) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, + _("Cannot use direct socket mode for %s transport"), + remoteDriverTransportTypeToString(transport)); + return NULL; + } + + if (!direct_sock_name) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("Cannot use direct socket mode if no URI is set")); + return NULL; + } + + VIR_STEAL_PTR(sock_name, direct_sock_name); + VIR_STEAL_PTR(*daemon, direct_daemon); + break; + + case REMOTE_DRIVER_MODE_AUTO: + case REMOTE_DRIVER_MODE_LAST: + default: + virReportEnumRangeError(remoteDriverMode, mode); + return NULL; + } + + VIR_DEBUG("Chosen UNIX sockname %s daemon %s " + "for mode %s transport %s flags=0x%x", + sock_name, NULLSTR(*daemon), + remoteDriverModeTypeToString(mode), + remoteDriverTransportTypeToString(transport), + flags); + return sock_name; +} + + +#ifndef WIN32 +static const char * +remoteGetDaemonPathEnv(void) +{ + /* We prefer a VIRTD_PATH env var to use for all daemons, + * but if it is not set we will fallback to LIBVIRTD_PATH + * for previous behaviour + */ + if (virGetEnvBlockSUID("VIRTD_PATH") != NULL) { + return "VIRTD_PATH"; + } else { + return "LIBVIRTD_PATH"; + } +} +#endif /* WIN32 */ + + /* * URIs that this driver needs to handle: * @@ -827,11 +954,20 @@ doRemoteOpen(virConnectPtr conn, VIR_AUTOFREE(char *) sshauth = NULL; VIR_AUTOFREE(char *) knownHostsVerify = NULL; VIR_AUTOFREE(char *) knownHosts = NULL; + VIR_AUTOFREE(char *) mode_str = NULL; + VIR_AUTOFREE(char *) daemon_name = NULL; bool sanity = true; bool verify = true; #ifndef WIN32 bool tty = true; #endif + int mode; + + if (inside_daemon && !conn->uri->server) { + mode = REMOTE_DRIVER_MODE_DIRECT; + } else { + mode = REMOTE_DRIVER_MODE_AUTO; + } /* We handle *ALL* URIs here. The caller has rejected any * URIs we don't care about */ @@ -920,7 +1056,7 @@ doRemoteOpen(virConnectPtr conn, EXTRACT_URI_ARG_STR("known_hosts", knownHosts); EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify); EXTRACT_URI_ARG_STR("tls_priority", tls_priority); - + EXTRACT_URI_ARG_STR("mode", mode_str); EXTRACT_URI_ARG_BOOL("no_sanity", sanity); EXTRACT_URI_ARG_BOOL("no_verify", verify); #ifndef WIN32 @@ -967,6 +1103,21 @@ doRemoteOpen(virConnectPtr conn, goto failed; } + if (conf && !mode_str && + virConfGetValueString(conf, "remote_mode", &mode_str) < 0) + goto failed; + + if (mode_str && + (mode = remoteDriverModeTypeFromString(mode_str)) < 0) + goto failed; + + /* Sanity check that nothing requested !direct mode by mistake */ + if (inside_daemon && !conn->uri->server && mode != REMOTE_DRIVER_MODE_DIRECT) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("Connections from inside daemon must be direct")); + return VIR_DRV_OPEN_ERROR; + } + VIR_DEBUG("proceeding with name = %s", name); /* For ext transport, command is required. */ @@ -984,7 +1135,8 @@ doRemoteOpen(virConnectPtr conn, case REMOTE_DRIVER_TRANSPORT_LIBSSH: case REMOTE_DRIVER_TRANSPORT_LIBSSH2: if (!sockname && - !(sockname = remoteGetUNIXSocket(transport, flags))) + !(sockname = remoteGetUNIXSocket(transport, mode, driver_str, + &daemon_name, flags))) goto failed; case REMOTE_DRIVER_TRANSPORT_TCP: @@ -1084,13 +1236,15 @@ doRemoteOpen(virConnectPtr conn, #ifndef WIN32 case REMOTE_DRIVER_TRANSPORT_UNIX: - if ((flags & VIR_DRV_OPEN_REMOTE_AUTOSTART) && - !(daemonPath = virFileFindResourceFull("libvirtd", - NULL, NULL, - abs_top_builddir "/src", - SBINDIR, - "LIBVIRTD_PATH"))) - goto failed; + if (flags & VIR_DRV_OPEN_REMOTE_AUTOSTART) { + const char *env_name = remoteGetDaemonPathEnv(); + if (!(daemonPath = virFileFindResourceFull(daemon_name, + NULL, NULL, + abs_top_builddir "/src", + SBINDIR, + env_name))) + goto failed; + } if (!(priv->client = virNetClientNewUNIX(sockname, flags & VIR_DRV_OPEN_REMOTE_AUTOSTART, @@ -1206,7 +1360,7 @@ doRemoteOpen(virConnectPtr conn, { remote_connect_open_args args = { &name, flags }; - VIR_DEBUG("Trying to open URI %s", name); + VIR_DEBUG("Trying to open URI '%s'", name); if (call(conn, priv, 0, REMOTE_PROC_CONNECT_OPEN, (xdrproc_t) xdr_remote_connect_open_args, (char *) &args, (xdrproc_t) xdr_void, (char *) NULL) == -1) @@ -1308,9 +1462,20 @@ remoteConnectOpen(virConnectPtr conn, remoteSplitURIScheme(conn->uri, &driver, &transport) < 0) goto cleanup; - if (inside_daemon && (!conn->uri || !conn->uri->server)) { - ret = VIR_DRV_OPEN_DECLINED; - goto cleanup; + if (inside_daemon) { + if (!conn->uri) { + ret = VIR_DRV_OPEN_DECLINED; + goto cleanup; + } + + /* If there's a driver registered we must defer to that. + * If there isn't a driver, we must connect in "direct" + * mode - see doRemoteOpen */ + if (!conn->uri->server && + virHasDriverForURIScheme(driver)) { + ret = VIR_DRV_OPEN_DECLINED; + goto cleanup; + } } if (!(priv = remoteAllocPrivateData())) diff --git a/src/remote/remote_driver.h b/src/remote/remote_driver.h index 132e478ef3..1fab5a6cc4 100644 --- a/src/remote/remote_driver.h +++ b/src/remote/remote_driver.h @@ -31,9 +31,6 @@ unsigned long remoteVersion(void); #define LIBVIRTD_LISTEN_ADDR NULL #define LIBVIRTD_TLS_PORT "16514" #define LIBVIRTD_TCP_PORT "16509" -#define LIBVIRTD_PRIV_UNIX_SOCKET LOCALSTATEDIR "/run/libvirt/libvirt-sock" -#define LIBVIRTD_PRIV_UNIX_SOCKET_RO LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro" -#define LIBVIRTD_USER_UNIX_SOCKET "libvirt-sock" /* Defaults for PKI directory. */ #define LIBVIRT_PKI_DIR SYSCONFDIR "/pki" -- 2.21.0
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote: [...]
Eventually the default will switch to default mode. Distros can choose todo the switch earlier if desired. The main blocker is testing and suitable SELinux/AppArmor policies.
s/default mode/direct mode/ s/todo/to do/ Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
When using the fine grained access control mechanism for APIs, when a client connects to libvirtd, it will fetch the uid, gid, selinux info of the remote client on the UNIX domain socket. This is then used as the identity when checking ACLs. With the new split daemons things are a bit more complicated. The user can connect to virtproxyd, which in turn connects to virtqemud. When virtqemud requests the identity over the UNIX domain socket, it will get the identity that the virtproxyd is running as, not the identity of the real end user/application. virproxyd knows what the real identity is, and needs to be able to forward this information to virtqemud. The virConnectSetIdentity API provides a mechanism for doing this. Obviously virtqemud should not accept such identity overrides from any client, it must only honour it from a trusted client, aka one running as the same uid/gid as itself. The typed parameters exposed in the API are the same as those currently supported by the internal virIdentity class. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- include/libvirt/libvirt-host.h | 75 ++++++++++++++++++++++++++++++++++ src/driver-hypervisor.h | 7 ++++ src/libvirt-host.c | 51 +++++++++++++++++++++++ src/libvirt_public.syms | 1 + 4 files changed, 134 insertions(+) diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h index 7debb5f829..8ea3531750 100644 --- a/include/libvirt/libvirt-host.h +++ b/include/libvirt/libvirt-host.h @@ -579,6 +579,81 @@ virConnectPtr virConnectOpenAuth (const char *name, unsigned int flags); int virConnectRef (virConnectPtr conn); int virConnectClose (virConnectPtr conn); + +/** + * VIR_CONNECT_IDENTITY_OS_USER_NAME: + * + * The operating system user name as VIR_TYPED_PARAM_STRING + */ +# define VIR_CONNECT_IDENTITY_OS_USER_NAME "os-user-name" + +/** + * VIR_CONNECT_IDENTITY_OS_USER_ID: + * + * The operating system user ID as VIR_TYPED_PARAM_ULLONG + */ +# define VIR_CONNECT_IDENTITY_OS_USER_ID "os-user-id" + +/** + * VIR_CONNECT_IDENTITY_OS_GROUP_NAME: + * + * The operating system user ID as VIR_TYPED_PARAM_STRING + */ +# define VIR_CONNECT_IDENTITY_OS_GROUP_NAME "os-group-name" + +/** + * VIR_CONNECT_IDENTITY_OS_GROUP_ID: + * + * The operating system user ID as VIR_TYPED_PARAM_ULLONG + */ +# define VIR_CONNECT_IDENTITY_OS_GROUP_ID "os-group-id" + +/** + * VIR_CONNECT_IDENTITY_OS_PROCESS_ID: + * + * The operating system user ID as VIR_TYPED_PARAM_LLONG + */ +# define VIR_CONNECT_IDENTITY_OS_PROCESS_ID "os-process-id" + +/** + * VIR_CONNECT_IDENTITY_OS_PROCESS_TIME: + * + * The operating system process start time as VIR_TYPED_PARAM_ULLONG + * + * The units the time is measured in vary according to the + * host operating system. On Linux this is usually clock + * ticks (as reported in /proc/$PID/stat field 22). + */ +# define VIR_CONNECT_IDENTITY_OS_PROCESS_TIME "os-process-time" + +/** + * VIR_CONNECT_IDENTITY_SASL_USER_NAME: + * + * The SASL authenticated username as VIR_TYPED_PARAM_STRING + */ +# define VIR_CONNECT_IDENTITY_SASL_USER_NAME "sasl-user-name" + +/** + * VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME: + * + * The TLS x509 certificate distinguished named as VIR_TYPED_PARAM_STRING + */ +# define VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME "x509-distinguished-name" + +/** + * VIR_CONNECT_IDENTITY_SELINUX_CONTEXT: + * + * The application's SELinux context as VIR_TYPED_PARAM_STRING + * + */ +# define VIR_CONNECT_IDENTITY_SELINUX_CONTEXT "selinux-context" + + +int virConnectSetIdentity (virConnectPtr conn, + virTypedParameterPtr params, + int nparams, + unsigned int flags); + const char * virConnectGetType (virConnectPtr conn); int virConnectGetVersion (virConnectPtr conn, unsigned long *hvVer); diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h index c1632ae4c6..f1bc355b65 100644 --- a/src/driver-hypervisor.h +++ b/src/driver-hypervisor.h @@ -36,6 +36,12 @@ typedef virDrvOpenStatus typedef int (*virDrvConnectClose)(virConnectPtr conn); +typedef int +(*virDrvConnectSetIdentity)(virConnectPtr conn, + virTypedParameterPtr params, + int nparams, + unsigned int flags); + typedef int (*virDrvConnectSupportsFeature)(virConnectPtr conn, int feature); @@ -1378,6 +1384,7 @@ struct _virHypervisorDriver { virDrvConnectURIProbe connectURIProbe; virDrvConnectOpen connectOpen; virDrvConnectClose connectClose; + virDrvConnectSetIdentity connectSetIdentity; virDrvConnectSupportsFeature connectSupportsFeature; virDrvConnectGetType connectGetType; virDrvConnectGetVersion connectGetVersion; diff --git a/src/libvirt-host.c b/src/libvirt-host.c index e5c4e5f72a..d7b1b82277 100644 --- a/src/libvirt-host.c +++ b/src/libvirt-host.c @@ -61,6 +61,57 @@ virConnectRef(virConnectPtr conn) } +/** + * virConnectSetIdentity: + * @conn: pointer to the hypervisor connection + * @params: parameters containing the identity attributes + * @nparams: size of @params array + * @flags: currently unused, pass 0 + * + * Override the default identity information associated with + * the connection. When connecting to a stateful driver over + * a UNIX socket, the daemon will interrogate the remote end + * of the UNIX socket to acquire the application's identity. + * This identity is used for the fine grained access control + * checks on API calls. + * + * There may be times when application is operating on behalf + * of a variety of users, and thus the identity that the + * application runs as is not appropriate for access control + * checks. In this case, if the application is considered + * trustworthy, it can supply alternative identity information. + * + * The driver may reject the request to change the identity + * on a connection if the application is not trustworthy. + * + * Returns: 0 if the identity change was accepted, -1 on error + */ +int +virConnectSetIdentity(virConnectPtr conn, + virTypedParameterPtr params, + int nparams, + unsigned int flags) +{ + VIR_DEBUG("conn=%p params=%p nparams=%d flags=0x%x", conn, params, nparams, flags); + VIR_TYPED_PARAMS_DEBUG(params, nparams); + + virResetLastError(); + + if (conn->driver->connectSetIdentity) { + int ret = conn->driver->connectSetIdentity(conn, params, nparams, flags); + if (ret < 0) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(conn); + return -1; +} + + /* * Not for public use. This function is part of the internal * implementation of driver features in the remote case. diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 54256b6317..580b14b6a0 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -838,6 +838,7 @@ LIBVIRT_5.5.0 { LIBVIRT_5.6.0 { global: + virConnectSetIdentity; virDomainCheckpointCreateXML; virDomainCheckpointDelete; virDomainCheckpointFree; -- 2.21.0
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
api: introduce virConnectSetIdentity for pasing uid, gid, selinux info
s/pasing/passing/
When using the fine grained access control mechanism for APIs, when a client connects to libvirtd, it will fetch the uid, gid, selinux info of the remote client on the UNIX domain socket. This is then used as the identity when checking ACLs.
s/it will/the latter will/
With the new split daemons things are a bit more complicated. The user can connect to virtproxyd, which in turn connects to virtqemud. When virtqemud requests the identity over the UNIX domain socket, it will get the identity that the virtproxyd is running as, not the identity of the real end user/application.
s/the virtproxyd/virtproxyd/
virproxyd knows what the real identity is, and needs to be able to forward this information to virtqemud. The virConnectSetIdentity API provides a mechanism for doing this. Obviously virtqemud should not accept such identity overrides from any client, it must only honour it from a trusted client, aka one running as the same uid/gid as itself.
I've been trying to figure out where the very reasonable check you describe is performed, either here or later in the series, but I have to admit that I haven't been able to find it. Can you please point me in the right direction?
The typed parameters exposed in the API are the same as those currently supported by the internal virIdentity class.
... although with slightly different names...
+++ b/include/libvirt/libvirt-host.h +/** + * VIR_CONNECT_IDENTITY_OS_USER_NAME: + * + * The operating system user name as VIR_TYPED_PARAM_STRING + */ +# define VIR_CONNECT_IDENTITY_OS_USER_NAME "os-user-name"
The documentation should end with a period. Same for all following values.
+/** + * VIR_CONNECT_IDENTITY_OS_PROCESS_ID: + * + * The operating system user ID as VIR_TYPED_PARAM_LLONG + */ +# define VIR_CONNECT_IDENTITY_OS_PROCESS_ID "os-process-id"
Welp, looks like you've copy-pasted the same documentation over and over again! Please fix that :) Anyway, shouldn't this be VIR_TYPED_PARAM_ULLONG as well? Can pids be negative? Looking at the code that you're replacing with patch 46, it uses virStrToLong_i() to parse uid and gid and virStrToLong_ull() to parse pid, so if anything the VIR_TYPED_PARAM_* should be the other way around? But it seems to me like we really want all of these to be VIR_TYPED_PARAM_ULLONGs.
+/** + * VIR_CONNECT_IDENTITY_SELINUX_CONTEXT: + * + * The application's SELinux context as VIR_TYPED_PARAM_STRING + * + */ +# define VIR_CONNECT_IDENTITY_SELINUX_CONTEXT "selinux-context"
Spurious empty line in the documentation.
+++ b/src/libvirt_public.syms LIBVIRT_5.6.0 { global: + virConnectSetIdentity; virDomainCheckpointCreateXML; virDomainCheckpointDelete; virDomainCheckpointFree;
Yeah, about that... Overall the patch looks good. -- Andrea Bolognani / Red Hat / Virtualization
On Tue, Jul 30, 2019 at 08:32:00PM +0200, Andrea Bolognani wrote:
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
api: introduce virConnectSetIdentity for pasing uid, gid, selinux info
s/pasing/passing/
When using the fine grained access control mechanism for APIs, when a client connects to libvirtd, it will fetch the uid, gid, selinux info of the remote client on the UNIX domain socket. This is then used as the identity when checking ACLs.
s/it will/the latter will/
With the new split daemons things are a bit more complicated. The user can connect to virtproxyd, which in turn connects to virtqemud. When virtqemud requests the identity over the UNIX domain socket, it will get the identity that the virtproxyd is running as, not the identity of the real end user/application.
s/the virtproxyd/virtproxyd/
virproxyd knows what the real identity is, and needs to be able to forward this information to virtqemud. The virConnectSetIdentity API provides a mechanism for doing this. Obviously virtqemud should not accept such identity overrides from any client, it must only honour it from a trusted client, aka one running as the same uid/gid as itself.
I've been trying to figure out where the very reasonable check you describe is performed, either here or later in the series, but I have to admit that I haven't been able to find it. Can you please point me in the right direction?
In the absence of any policy rules, polkit will only grant access if the remote peer is running as root. So if a non-root virtproxyd tried to request identity override to virtqemud as root, then polkit will reject it. IOW, we don't need any code in libvirt to protect for this - it just "does the right thing(tm)"
The typed parameters exposed in the API are the same as those currently supported by the internal virIdentity class.
... although with slightly different names...
Yes, the internal APIs uses "UNIX", but I didn't consider the attrs to really be UNIX specific - a username is a portable concept, and so is process ID. Windows doesn't have a user ID concept - just a "SID" which is the string format and so maps to the user name, but we allow any fields to be optional so user ID can be ignored if we need windows portability later.
+++ b/include/libvirt/libvirt-host.h +/** + * VIR_CONNECT_IDENTITY_OS_USER_NAME: + * + * The operating system user name as VIR_TYPED_PARAM_STRING + */ +# define VIR_CONNECT_IDENTITY_OS_USER_NAME "os-user-name"
The documentation should end with a period. Same for all following values.
+/** + * VIR_CONNECT_IDENTITY_OS_PROCESS_ID: + * + * The operating system user ID as VIR_TYPED_PARAM_LLONG + */ +# define VIR_CONNECT_IDENTITY_OS_PROCESS_ID "os-process-id"
Welp, looks like you've copy-pasted the same documentation over and over again! Please fix that :)
Anyway, shouldn't this be VIR_TYPED_PARAM_ULLONG as well? Can pids be negative?
POSIX says that the pid_t data type is a signed int. It doesn't specify the size, but ULLONG is the largest we can do so it is the best fit.
Looking at the code that you're replacing with patch 46, it uses virStrToLong_i() to parse uid and gid and virStrToLong_ull() to parse pid, so if anything the VIR_TYPED_PARAM_* should be the other way around? But it seems to me like we really want all of these to be VIR_TYPED_PARAM_ULLONGs.
POSIX does not explicitly state signed-ness of uid_t/gid_t, but the docs do require that you explicitly cast any negative values ie gid_t foo = (gid_t)-1; which implies that gid_t is liable to be an unsigned type. Thus picking ULLONG is best for gid/uid.
+/** + * VIR_CONNECT_IDENTITY_SELINUX_CONTEXT: + * + * The application's SELinux context as VIR_TYPED_PARAM_STRING + * + */ +# define VIR_CONNECT_IDENTITY_SELINUX_CONTEXT "selinux-context"
Spurious empty line in the documentation.
+++ b/src/libvirt_public.syms LIBVIRT_5.6.0 { global: + virConnectSetIdentity; virDomainCheckpointCreateXML; virDomainCheckpointDelete; virDomainCheckpointFree;
Yeah, about that...
Overall the patch looks good.
-- Andrea Bolognani / Red Hat / Virtualization
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Change the identity class attribute names with a "UNIX" tag to have a more generic "OS" tag, since when we expose this in the public API we want it to be more flexible for the future. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/access/viraccessdriverpolkit.c | 12 ++--- src/admin/admin_server.c | 10 ++-- src/libvirt_private.syms | 24 ++++----- src/rpc/virnetserverclient.c | 12 ++--- src/util/viridentity.c | 84 +++++++++++++++--------------- src/util/viridentity.h | 60 ++++++++++----------- tests/viridentitytest.c | 18 +++---- tests/virnetserverclienttest.c | 8 +-- 8 files changed, 114 insertions(+), 114 deletions(-) diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index b1473cd0a4..b98122d4a3 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -88,19 +88,19 @@ virAccessDriverPolkitGetCaller(const char *actionid, return -1; } - if (virIdentityGetUNIXProcessID(identity, pid) < 0) { + if (virIdentityGetOSProcessID(identity, pid) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX process ID available")); + _("No OS process ID available")); goto cleanup; } - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) { + if (virIdentityGetOSProcessTime(identity, startTime) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX process start time available")); + _("No OS process start time available")); goto cleanup; } - if (virIdentityGetUNIXUserID(identity, uid) < 0) { + if (virIdentityGetOSUserID(identity, uid) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX caller UID available")); + _("No OS caller UID available")); goto cleanup; } diff --git a/src/admin/admin_server.c b/src/admin/admin_server.c index f2a38f6dfa..b92eb2fdc6 100644 --- a/src/admin/admin_server.c +++ b/src/admin/admin_server.c @@ -257,29 +257,29 @@ adminClientGetInfo(virNetServerClientPtr client, pid_t pid; uid_t uid; gid_t gid; - if (virIdentityGetUNIXUserID(identity, &uid) < 0 || + if (virIdentityGetOSUserID(identity, &uid) < 0 || virTypedParamsAddInt(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_USER_ID, uid) < 0) goto cleanup; - if (virIdentityGetUNIXUserName(identity, &attr) < 0 || + if (virIdentityGetOSUserName(identity, &attr) < 0 || virTypedParamsAddString(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_USER_NAME, attr) < 0) goto cleanup; - if (virIdentityGetUNIXGroupID(identity, &gid) < 0 || + if (virIdentityGetOSGroupID(identity, &gid) < 0 || virTypedParamsAddInt(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_GROUP_ID, gid) < 0) goto cleanup; - if (virIdentityGetUNIXGroupName(identity, &attr) < 0 || + if (virIdentityGetOSGroupName(identity, &attr) < 0 || virTypedParamsAddString(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_GROUP_NAME, attr) < 0) goto cleanup; - if (virIdentityGetUNIXProcessID(identity, &pid) < 0 || + if (virIdentityGetOSProcessID(identity, &pid) < 0 || virTypedParamsAddInt(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_PROCESS_ID, pid) < 0) goto cleanup; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index c323f679b3..ac357583e4 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2138,28 +2138,28 @@ virHostMemSetParameters; # util/viridentity.h virIdentityGetAttr; virIdentityGetCurrent; +virIdentityGetOSGroupID; +virIdentityGetOSGroupName; +virIdentityGetOSProcessID; +virIdentityGetOSProcessTime; +virIdentityGetOSUserID; +virIdentityGetOSUserName; virIdentityGetSASLUserName; virIdentityGetSELinuxContext; virIdentityGetSystem; -virIdentityGetUNIXGroupID; -virIdentityGetUNIXGroupName; -virIdentityGetUNIXProcessID; -virIdentityGetUNIXProcessTime; -virIdentityGetUNIXUserID; -virIdentityGetUNIXUserName; virIdentityGetX509DName; virIdentityIsEqual; virIdentityNew; virIdentitySetAttr; virIdentitySetCurrent; +virIdentitySetOSGroupID; +virIdentitySetOSGroupName; +virIdentitySetOSProcessID; +virIdentitySetOSProcessTime; +virIdentitySetOSUserID; +virIdentitySetOSUserName; virIdentitySetSASLUserName; virIdentitySetSELinuxContext; -virIdentitySetUNIXGroupID; -virIdentitySetUNIXGroupName; -virIdentitySetUNIXProcessID; -virIdentitySetUNIXProcessTime; -virIdentitySetUNIXUserID; -virIdentitySetUNIXUserName; virIdentitySetX509DName; diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 410de253d2..1f020a5a04 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -779,21 +779,21 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client) if (!(username = virGetUserName(uid))) goto error; - if (virIdentitySetUNIXUserName(ret, username) < 0) + if (virIdentitySetOSUserName(ret, username) < 0) goto error; - if (virIdentitySetUNIXUserID(ret, uid) < 0) + if (virIdentitySetOSUserID(ret, uid) < 0) goto error; if (!(groupname = virGetGroupName(gid))) goto error; - if (virIdentitySetUNIXGroupName(ret, groupname) < 0) + if (virIdentitySetOSGroupName(ret, groupname) < 0) goto error; - if (virIdentitySetUNIXGroupID(ret, gid) < 0) + if (virIdentitySetOSGroupID(ret, gid) < 0) goto error; - if (virIdentitySetUNIXProcessID(ret, pid) < 0) + if (virIdentitySetOSProcessID(ret, pid) < 0) goto error; - if (virIdentitySetUNIXProcessTime(ret, timestamp) < 0) + if (virIdentitySetOSProcessTime(ret, timestamp) < 0) goto error; } diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 4ceff3cb74..2c6c0ee91f 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -144,27 +144,27 @@ virIdentityPtr virIdentityGetSystem(void) if (!(ret = virIdentityNew())) goto error; - if (virIdentitySetUNIXProcessID(ret, getpid()) < 0) + if (virIdentitySetOSProcessID(ret, getpid()) < 0) goto error; if (virProcessGetStartTime(getpid(), &startTime) < 0) goto error; if (startTime != 0 && - virIdentitySetUNIXProcessTime(ret, startTime) < 0) + virIdentitySetOSProcessTime(ret, startTime) < 0) goto error; if (!(username = virGetUserName(geteuid()))) return ret; - if (virIdentitySetUNIXUserName(ret, username) < 0) + if (virIdentitySetOSUserName(ret, username) < 0) goto error; - if (virIdentitySetUNIXUserID(ret, getuid()) < 0) + if (virIdentitySetOSUserID(ret, getuid()) < 0) goto error; if (!(groupname = virGetGroupName(getegid()))) return ret; - if (virIdentitySetUNIXGroupName(ret, groupname) < 0) + if (virIdentitySetOSGroupName(ret, groupname) < 0) goto error; - if (virIdentitySetUNIXGroupID(ret, getgid()) < 0) + if (virIdentitySetOSGroupID(ret, getgid()) < 0) goto error; #if WITH_SELINUX @@ -310,24 +310,24 @@ bool virIdentityIsEqual(virIdentityPtr identA, } -int virIdentityGetUNIXUserName(virIdentityPtr ident, - const char **username) +int virIdentityGetOSUserName(virIdentityPtr ident, + const char **username) { return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_NAME, username); } -int virIdentityGetUNIXUserID(virIdentityPtr ident, - uid_t *uid) +int virIdentityGetOSUserID(virIdentityPtr ident, + uid_t *uid) { int val; const char *userid; *uid = -1; if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_ID, + VIR_IDENTITY_ATTR_OS_USER_ID, &userid) < 0) return -1; @@ -342,24 +342,24 @@ int virIdentityGetUNIXUserID(virIdentityPtr ident, return 0; } -int virIdentityGetUNIXGroupName(virIdentityPtr ident, - const char **groupname) +int virIdentityGetOSGroupName(virIdentityPtr ident, + const char **groupname) { return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, groupname); } -int virIdentityGetUNIXGroupID(virIdentityPtr ident, - gid_t *gid) +int virIdentityGetOSGroupID(virIdentityPtr ident, + gid_t *gid) { int val; const char *groupid; *gid = -1; if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, + VIR_IDENTITY_ATTR_OS_GROUP_ID, &groupid) < 0) return -1; @@ -375,15 +375,15 @@ int virIdentityGetUNIXGroupID(virIdentityPtr ident, } -int virIdentityGetUNIXProcessID(virIdentityPtr ident, - pid_t *pid) +int virIdentityGetOSProcessID(virIdentityPtr ident, + pid_t *pid) { unsigned long long val; const char *processid; *pid = 0; if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_ID, &processid) < 0) return -1; @@ -399,12 +399,12 @@ int virIdentityGetUNIXProcessID(virIdentityPtr ident, } -int virIdentityGetUNIXProcessTime(virIdentityPtr ident, - unsigned long long *timestamp) +int virIdentityGetOSProcessTime(virIdentityPtr ident, + unsigned long long *timestamp) { const char *processtime; if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, + VIR_IDENTITY_ATTR_OS_PROCESS_TIME, &processtime) < 0) return -1; @@ -445,17 +445,17 @@ int virIdentityGetSELinuxContext(virIdentityPtr ident, } -int virIdentitySetUNIXUserName(virIdentityPtr ident, - const char *username) +int virIdentitySetOSUserName(virIdentityPtr ident, + const char *username) { return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_NAME, username); } -int virIdentitySetUNIXUserID(virIdentityPtr ident, - uid_t uid) +int virIdentitySetOSUserID(virIdentityPtr ident, + uid_t uid) { VIR_AUTOFREE(char *) val = NULL; @@ -463,22 +463,22 @@ int virIdentitySetUNIXUserID(virIdentityPtr ident, return -1; return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_ID, + VIR_IDENTITY_ATTR_OS_USER_ID, val); } -int virIdentitySetUNIXGroupName(virIdentityPtr ident, - const char *groupname) +int virIdentitySetOSGroupName(virIdentityPtr ident, + const char *groupname) { return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, groupname); } -int virIdentitySetUNIXGroupID(virIdentityPtr ident, - gid_t gid) +int virIdentitySetOSGroupID(virIdentityPtr ident, + gid_t gid) { VIR_AUTOFREE(char *) val = NULL; @@ -486,13 +486,13 @@ int virIdentitySetUNIXGroupID(virIdentityPtr ident, return -1; return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, + VIR_IDENTITY_ATTR_OS_GROUP_ID, val); } -int virIdentitySetUNIXProcessID(virIdentityPtr ident, - pid_t pid) +int virIdentitySetOSProcessID(virIdentityPtr ident, + pid_t pid) { VIR_AUTOFREE(char *) val = NULL; @@ -500,13 +500,13 @@ int virIdentitySetUNIXProcessID(virIdentityPtr ident, return -1; return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_ID, val); } -int virIdentitySetUNIXProcessTime(virIdentityPtr ident, - unsigned long long timestamp) +int virIdentitySetOSProcessTime(virIdentityPtr ident, + unsigned long long timestamp) { VIR_AUTOFREE(char *) val = NULL; @@ -514,7 +514,7 @@ int virIdentitySetUNIXProcessTime(virIdentityPtr ident, return -1; return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, + VIR_IDENTITY_ATTR_OS_PROCESS_TIME, val); } diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 0fde3207ca..4b87506373 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -27,12 +27,12 @@ typedef struct _virIdentity virIdentity; typedef virIdentity *virIdentityPtr; typedef enum { - VIR_IDENTITY_ATTR_UNIX_USER_NAME, - VIR_IDENTITY_ATTR_UNIX_USER_ID, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, - VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, - VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, + VIR_IDENTITY_ATTR_OS_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_ID, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_TIME, VIR_IDENTITY_ATTR_SASL_USER_NAME, VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, VIR_IDENTITY_ATTR_SELINUX_CONTEXT, @@ -64,18 +64,18 @@ bool virIdentityIsEqual(virIdentityPtr identA, ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); -int virIdentityGetUNIXUserName(virIdentityPtr ident, - const char **username); -int virIdentityGetUNIXUserID(virIdentityPtr ident, - uid_t *uid); -int virIdentityGetUNIXGroupName(virIdentityPtr ident, - const char **groupname); -int virIdentityGetUNIXGroupID(virIdentityPtr ident, - gid_t *gid); -int virIdentityGetUNIXProcessID(virIdentityPtr ident, - pid_t *pid); -int virIdentityGetUNIXProcessTime(virIdentityPtr ident, - unsigned long long *timestamp); +int virIdentityGetOSUserName(virIdentityPtr ident, + const char **username); +int virIdentityGetOSUserID(virIdentityPtr ident, + uid_t *uid); +int virIdentityGetOSGroupName(virIdentityPtr ident, + const char **groupname); +int virIdentityGetOSGroupID(virIdentityPtr ident, + gid_t *gid); +int virIdentityGetOSProcessID(virIdentityPtr ident, + pid_t *pid); +int virIdentityGetOSProcessTime(virIdentityPtr ident, + unsigned long long *timestamp); int virIdentityGetSASLUserName(virIdentityPtr ident, const char **username); int virIdentityGetX509DName(virIdentityPtr ident, @@ -84,18 +84,18 @@ int virIdentityGetSELinuxContext(virIdentityPtr ident, const char **context); -int virIdentitySetUNIXUserName(virIdentityPtr ident, - const char *username); -int virIdentitySetUNIXUserID(virIdentityPtr ident, - uid_t uid); -int virIdentitySetUNIXGroupName(virIdentityPtr ident, - const char *groupname); -int virIdentitySetUNIXGroupID(virIdentityPtr ident, - gid_t gid); -int virIdentitySetUNIXProcessID(virIdentityPtr ident, - pid_t pid); -int virIdentitySetUNIXProcessTime(virIdentityPtr ident, - unsigned long long timestamp); +int virIdentitySetOSUserName(virIdentityPtr ident, + const char *username); +int virIdentitySetOSUserID(virIdentityPtr ident, + uid_t uid); +int virIdentitySetOSGroupName(virIdentityPtr ident, + const char *groupname); +int virIdentitySetOSGroupID(virIdentityPtr ident, + gid_t gid); +int virIdentitySetOSProcessID(virIdentityPtr ident, + pid_t pid); +int virIdentitySetOSProcessTime(virIdentityPtr ident, + unsigned long long timestamp); int virIdentitySetSASLUserName(virIdentityPtr ident, const char *username); int virIdentitySetX509DName(virIdentityPtr ident, diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index b60d944d8e..64b511c272 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -46,12 +46,12 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) goto cleanup; if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_NAME, "fred") < 0) goto cleanup; if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_NAME, &val) < 0) goto cleanup; @@ -61,7 +61,7 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) } if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, &val) < 0) goto cleanup; @@ -71,14 +71,14 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) } if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_NAME, "joe") != -1) { VIR_DEBUG("Unexpectedly overwrote attribute"); goto cleanup; } if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_NAME, &val) < 0) goto cleanup; @@ -111,7 +111,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) } if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_NAME, "fred") < 0) goto cleanup; @@ -121,7 +121,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) } if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_NAME, "fred") < 0) goto cleanup; @@ -131,11 +131,11 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) } if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, "flintstone") < 0) goto cleanup; if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, "flintstone") < 0) goto cleanup; diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c index cb5071b2d9..280bd24227 100644 --- a/tests/virnetserverclienttest.c +++ b/tests/virnetserverclienttest.c @@ -86,7 +86,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) } if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_NAME, &gotUsername) < 0) { fprintf(stderr, "Missing username in identity\n"); goto cleanup; @@ -98,7 +98,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) } if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_ID, + VIR_IDENTITY_ATTR_OS_USER_ID, &gotUserID) < 0) { fprintf(stderr, "Missing user ID in identity\n"); goto cleanup; @@ -110,7 +110,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) } if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, &gotGroupname) < 0) { fprintf(stderr, "Missing groupname in identity\n"); goto cleanup; @@ -122,7 +122,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) } if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, + VIR_IDENTITY_ATTR_OS_GROUP_ID, &gotGroupID) < 0) { fprintf(stderr, "Missing group ID in identity\n"); goto cleanup; -- 2.21.0
Daniel P. Berrangé writes:
Change the identity class attribute names with a "UNIX" tag to have a more generic "OS" tag, since when we expose this in the public API we want it to be more flexible for the future.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/access/viraccessdriverpolkit.c | 12 ++--- src/admin/admin_server.c | 10 ++-- src/libvirt_private.syms | 24 ++++----- src/rpc/virnetserverclient.c | 12 ++--- src/util/viridentity.c | 84 +++++++++++++++--------------- src/util/viridentity.h | 60 ++++++++++----------- tests/viridentitytest.c | 18 +++---- tests/virnetserverclienttest.c | 8 +-- 8 files changed, 114 insertions(+), 114 deletions(-)
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index b1473cd0a4..b98122d4a3 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -88,19 +88,19 @@ virAccessDriverPolkitGetCaller(const char *actionid, return -1; }
- if (virIdentityGetUNIXProcessID(identity, pid) < 0) { + if (virIdentityGetOSProcessID(identity, pid) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX process ID available")); + _("No OS process ID available"));
What about "No process ID available"?
goto cleanup; } - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) { + if (virIdentityGetOSProcessTime(identity, startTime) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX process start time available")); + _("No OS process start time available"));
What about "No process start time available"?
goto cleanup; } - if (virIdentityGetUNIXUserID(identity, uid) < 0) { + if (virIdentityGetOSUserID(identity, uid) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX caller UID available")); + _("No OS caller UID available"));
What about "No caller user ID available"? (the term "user ID" is used elsewhere in the code) The UID acronym is not widely known outside of programmer circles, and for those who know it, it's practically always related to Unix-like systems (on Windows, it's generally called a SID).
goto cleanup; }
diff --git a/src/admin/admin_server.c b/src/admin/admin_server.c index f2a38f6dfa..b92eb2fdc6 100644 --- a/src/admin/admin_server.c +++ b/src/admin/admin_server.c @@ -257,29 +257,29 @@ adminClientGetInfo(virNetServerClientPtr client, pid_t pid; uid_t uid; gid_t gid; - if (virIdentityGetUNIXUserID(identity, &uid) < 0 || + if (virIdentityGetOSUserID(identity, &uid) < 0 ||
Even in function names, I believe that "OS" could be removed without much of a loss in readability.
virTypedParamsAddInt(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_USER_ID, uid) < 0) goto cleanup;
- if (virIdentityGetUNIXUserName(identity, &attr) < 0 || + if (virIdentityGetOSUserName(identity, &attr) < 0 ||
The above comment applies even more for a user name.
virTypedParamsAddString(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_USER_NAME,
There are some spots where "UNIX" remains...
attr) < 0) goto cleanup;
- if (virIdentityGetUNIXGroupID(identity, &gid) < 0 || + if (virIdentityGetOSGroupID(identity, &gid) < 0 || virTypedParamsAddInt(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_GROUP_ID, gid) < 0) goto cleanup;
[...]
if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, + VIR_IDENTITY_ATTR_OS_GROUP_ID,
... whereas it is changed at other places.
&gotGroupID) < 0) { fprintf(stderr, "Missing group ID in identity\n"); goto cleanup; -- 2.21.0
No functional issue found. Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, 2019-07-30 at 16:23 +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
virTypedParamsAddString(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_USER_NAME,
There are some spots where "UNIX" remains...
That's because VIR_CLIENT_INFO_UNIX_* are pre-existing defines which, since they're part of the public API, can't be changed without breaking existing applications. It is true, however, that we're basically introducing a whole new set of defines where VIR_CLIENT_INFO_* already cover exactly the values we want to pass around... Is there any way we can reuse those instead of coming up with our own ever so slightly different set of defines? -- Andrea Bolognani / Red Hat / Virtualization
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
+++ b/src/util/viridentity.c -int virIdentityGetUNIXUserName(virIdentityPtr ident, - const char **username) +int virIdentityGetOSUserName(virIdentityPtr ident, + const char **username)
Since you're touching all of these anyway, you might as well take the opportunity to move the return type to its own line. Assuming the parallel conversation about reusing VIR_CLIENT_INFO_* doesn't lead anywhere, Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
Only expose the type safe getters/setters to other code in preparation for changing the internal storage of data. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt_private.syms | 2 -- src/util/viridentity.c | 28 ++++++++++++++++----- src/util/viridentity.h | 25 ------------------- tests/viridentitytest.c | 45 +++++++++------------------------- tests/virnetserverclienttest.c | 45 +++++++++++++++------------------- 5 files changed, 54 insertions(+), 91 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index ac357583e4..c7fb8c94e4 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2136,7 +2136,6 @@ virHostMemSetParameters; # util/viridentity.h -virIdentityGetAttr; virIdentityGetCurrent; virIdentityGetOSGroupID; virIdentityGetOSGroupName; @@ -2150,7 +2149,6 @@ virIdentityGetSystem; virIdentityGetX509DName; virIdentityIsEqual; virIdentityNew; -virIdentitySetAttr; virIdentitySetCurrent; virIdentitySetOSGroupID; virIdentitySetOSGroupName; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 2c6c0ee91f..fe0c416bba 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -41,6 +41,20 @@ VIR_LOG_INIT("util.identity"); +typedef enum { + VIR_IDENTITY_ATTR_OS_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_ID, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_TIME, + VIR_IDENTITY_ATTR_SASL_USER_NAME, + VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, + VIR_IDENTITY_ATTR_SELINUX_CONTEXT, + + VIR_IDENTITY_ATTR_LAST, +} virIdentityAttrType; + struct _virIdentity { virObject parent; @@ -233,9 +247,10 @@ static void virIdentityDispose(void *object) * * Returns: 0 on success, or -1 on error */ -int virIdentitySetAttr(virIdentityPtr ident, - unsigned int attr, - const char *value) +static int +virIdentitySetAttr(virIdentityPtr ident, + unsigned int attr, + const char *value) { int ret = -1; VIR_DEBUG("ident=%p attribute=%u value=%s", ident, attr, value); @@ -269,9 +284,10 @@ int virIdentitySetAttr(virIdentityPtr ident, * * Returns 0 on success, -1 on error */ -int virIdentityGetAttr(virIdentityPtr ident, - unsigned int attr, - const char **value) +static int +virIdentityGetAttr(virIdentityPtr ident, + unsigned int attr, + const char **value) { VIR_DEBUG("ident=%p attribute=%d value=%p", ident, attr, value); diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 4b87506373..0925b740d9 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -26,20 +26,6 @@ typedef struct _virIdentity virIdentity; typedef virIdentity *virIdentityPtr; -typedef enum { - VIR_IDENTITY_ATTR_OS_USER_NAME, - VIR_IDENTITY_ATTR_OS_USER_ID, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - VIR_IDENTITY_ATTR_OS_GROUP_ID, - VIR_IDENTITY_ATTR_OS_PROCESS_ID, - VIR_IDENTITY_ATTR_OS_PROCESS_TIME, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - - VIR_IDENTITY_ATTR_LAST, -} virIdentityAttrType; - virIdentityPtr virIdentityGetCurrent(void); int virIdentitySetCurrent(virIdentityPtr ident); @@ -47,17 +33,6 @@ virIdentityPtr virIdentityGetSystem(void); virIdentityPtr virIdentityNew(void); -int virIdentitySetAttr(virIdentityPtr ident, - unsigned int attr, - const char *value) - ATTRIBUTE_NONNULL(1) - ATTRIBUTE_NONNULL(3); - -int virIdentityGetAttr(virIdentityPtr ident, - unsigned int attr, - const char **value) - ATTRIBUTE_NONNULL(1) - ATTRIBUTE_NONNULL(3); bool virIdentityIsEqual(virIdentityPtr identA, virIdentityPtr identB) diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index 64b511c272..e57b68ec43 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -45,14 +45,11 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) if (!(ident = virIdentityNew())) goto cleanup; - if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "fred") < 0) + if (virIdentitySetOSUserName(ident, "fred") < 0) goto cleanup; - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - &val) < 0) + if (virIdentityGetOSUserName(ident, + &val) < 0) goto cleanup; if (STRNEQ_NULLABLE(val, "fred")) { @@ -60,9 +57,7 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) goto cleanup; } - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - &val) < 0) + if (virIdentityGetOSGroupName(ident, &val) < 0) goto cleanup; if (val != NULL) { @@ -70,16 +65,12 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) goto cleanup; } - if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "joe") != -1) { + if (virIdentitySetOSUserName(ident, "joe") != -1) { VIR_DEBUG("Unexpectedly overwrote attribute"); goto cleanup; } - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - &val) < 0) + if (virIdentityGetOSUserName(ident, &val) < 0) goto cleanup; if (STRNEQ_NULLABLE(val, "fred")) { @@ -110,9 +101,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) goto cleanup; } - if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "fred") < 0) + if (virIdentitySetOSUserName(identa, "fred") < 0) goto cleanup; if (virIdentityIsEqual(identa, identb)) { @@ -120,9 +109,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) goto cleanup; } - if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "fred") < 0) + if (virIdentitySetOSUserName(identb, "fred") < 0) goto cleanup; if (!virIdentityIsEqual(identa, identb)) { @@ -130,13 +117,9 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) goto cleanup; } - if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - "flintstone") < 0) + if (virIdentitySetOSGroupName(identa, "flintstone") < 0) goto cleanup; - if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - "flintstone") < 0) + if (virIdentitySetOSGroupName(identb, "flintstone") < 0) goto cleanup; if (!virIdentityIsEqual(identa, identb)) { @@ -144,9 +127,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) goto cleanup; } - if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - "fred@FLINTSTONE.COM") < 0) + if (virIdentitySetSASLUserName(identb, "fred@FLINTSTONE.COM") < 0) goto cleanup; if (virIdentityIsEqual(identa, identb)) { @@ -181,9 +162,7 @@ static int testIdentityGetSystem(const void *data) goto cleanup; } - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - &val) < 0) + if (virIdentityGetSELinuxContext(ident, &val) < 0) goto cleanup; if (STRNEQ_NULLABLE(val, context)) { diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c index 280bd24227..603afadab4 100644 --- a/tests/virnetserverclienttest.c +++ b/tests/virnetserverclienttest.c @@ -53,9 +53,9 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) virNetServerClientPtr client = NULL; virIdentityPtr ident = NULL; const char *gotUsername = NULL; - const char *gotUserID = NULL; + uid_t gotUserID; const char *gotGroupname = NULL; - const char *gotGroupID = NULL; + gid_t gotGroupID; const char *gotSELinuxContext = NULL; if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) < 0) { @@ -85,9 +85,8 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) goto cleanup; } - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - &gotUsername) < 0) { + if (virIdentityGetOSUserName(ident, + &gotUsername) < 0) { fprintf(stderr, "Missing username in identity\n"); goto cleanup; } @@ -97,21 +96,19 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) goto cleanup; } - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_ID, - &gotUserID) < 0) { + if (virIdentityGetOSUserID(ident, + &gotUserID) < 0) { fprintf(stderr, "Missing user ID in identity\n"); goto cleanup; } - if (STRNEQ_NULLABLE("666", gotUserID)) { - fprintf(stderr, "Want username '666' got '%s'\n", - NULLSTR(gotUserID)); + if (666 != gotUserID) { + fprintf(stderr, "Want username '666' got '%llu'\n", + (unsigned long long)gotUserID); goto cleanup; } - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - &gotGroupname) < 0) { + if (virIdentityGetOSGroupName(ident, + &gotGroupname) < 0) { fprintf(stderr, "Missing groupname in identity\n"); goto cleanup; } @@ -121,27 +118,25 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) goto cleanup; } - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_ID, - &gotGroupID) < 0) { + if (virIdentityGetOSGroupID(ident, + &gotGroupID) < 0) { fprintf(stderr, "Missing group ID in identity\n"); goto cleanup; } - if (STRNEQ_NULLABLE("7337", gotGroupID)) { - fprintf(stderr, "Want groupname '7337' got '%s'\n", - NULLSTR(gotGroupID)); + if (7337 != gotGroupID) { + fprintf(stderr, "Want groupname '7337' got '%llu'\n", + (unsigned long long)gotGroupID); goto cleanup; } - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - &gotSELinuxContext) < 0) { + if (virIdentityGetSELinuxContext(ident, + &gotSELinuxContext) < 0) { fprintf(stderr, "Missing SELinux context in identity\n"); goto cleanup; } if (STRNEQ_NULLABLE("foo_u:bar_r:wizz_t:s0-s0:c0.c1023", gotSELinuxContext)) { - fprintf(stderr, "Want groupname 'foo_u:bar_r:wizz_t:s0-s0:c0.c1023' got '%s'\n", - NULLSTR(gotGroupID)); + fprintf(stderr, "Want SELinux context 'foo_u:bar_r:wizz_t:s0-s0:c0.c1023' got '%s'\n", + NULLSTR(gotSELinuxContext)); goto cleanup; } -- 2.21.0
Daniel P. Berrangé writes:
Only expose the type safe getters/setters to other code in preparation for changing the internal storage of data.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt_private.syms | 2 -- src/util/viridentity.c | 28 ++++++++++++++++----- src/util/viridentity.h | 25 ------------------- tests/viridentitytest.c | 45 +++++++++------------------------- tests/virnetserverclienttest.c | 45 +++++++++++++++------------------- 5 files changed, 54 insertions(+), 91 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index ac357583e4..c7fb8c94e4 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2136,7 +2136,6 @@ virHostMemSetParameters;
# util/viridentity.h -virIdentityGetAttr; virIdentityGetCurrent; virIdentityGetOSGroupID; virIdentityGetOSGroupName; @@ -2150,7 +2149,6 @@ virIdentityGetSystem; virIdentityGetX509DName; virIdentityIsEqual; virIdentityNew; -virIdentitySetAttr; virIdentitySetCurrent; virIdentitySetOSGroupID; virIdentitySetOSGroupName; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 2c6c0ee91f..fe0c416bba 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -41,6 +41,20 @@
VIR_LOG_INIT("util.identity");
+typedef enum { + VIR_IDENTITY_ATTR_OS_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_ID, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_TIME, + VIR_IDENTITY_ATTR_SASL_USER_NAME, + VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, + VIR_IDENTITY_ATTR_SELINUX_CONTEXT, + + VIR_IDENTITY_ATTR_LAST, +} virIdentityAttrType;
Why define a typedef if it's never used?
+ struct _virIdentity { virObject parent;
@@ -233,9 +247,10 @@ static void virIdentityDispose(void *object) * * Returns: 0 on success, or -1 on error */ -int virIdentitySetAttr(virIdentityPtr ident, - unsigned int attr, - const char *value) +static int +virIdentitySetAttr(virIdentityPtr ident, + unsigned int attr,
e.g. here, might have virIdentityAttrType instead of unsigned int, might help the compiler emit better diagnostics.
+ const char *value) { int ret = -1; VIR_DEBUG("ident=%p attribute=%u value=%s", ident, attr, value); @@ -269,9 +284,10 @@ int virIdentitySetAttr(virIdentityPtr ident, * * Returns 0 on success, -1 on error */ -int virIdentityGetAttr(virIdentityPtr ident, - unsigned int attr, - const char **value) +static int +virIdentityGetAttr(virIdentityPtr ident, + unsigned int attr,
virIdentityAttrType
+ const char **value) { VIR_DEBUG("ident=%p attribute=%d value=%p", ident, attr, value);
diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 4b87506373..0925b740d9 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -26,20 +26,6 @@ typedef struct _virIdentity virIdentity; typedef virIdentity *virIdentityPtr;
-typedef enum { - VIR_IDENTITY_ATTR_OS_USER_NAME, - VIR_IDENTITY_ATTR_OS_USER_ID, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - VIR_IDENTITY_ATTR_OS_GROUP_ID, - VIR_IDENTITY_ATTR_OS_PROCESS_ID, - VIR_IDENTITY_ATTR_OS_PROCESS_TIME, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - - VIR_IDENTITY_ATTR_LAST, -} virIdentityAttrType; - virIdentityPtr virIdentityGetCurrent(void); int virIdentitySetCurrent(virIdentityPtr ident);
@@ -47,17 +33,6 @@ virIdentityPtr virIdentityGetSystem(void);
virIdentityPtr virIdentityNew(void);
-int virIdentitySetAttr(virIdentityPtr ident, - unsigned int attr, - const char *value) - ATTRIBUTE_NONNULL(1) - ATTRIBUTE_NONNULL(3); - -int virIdentityGetAttr(virIdentityPtr ident, - unsigned int attr, - const char **value) - ATTRIBUTE_NONNULL(1) - ATTRIBUTE_NONNULL(3);
bool virIdentityIsEqual(virIdentityPtr identA, virIdentityPtr identB) diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index 64b511c272..e57b68ec43 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -45,14 +45,11 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) if (!(ident = virIdentityNew())) goto cleanup;
- if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "fred") < 0) + if (virIdentitySetOSUserName(ident, "fred") < 0)
(Following a discussion on another patch - Learning the conventions) Here is a case were error is checked with < 0...
goto cleanup;
- if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - &val) < 0) + if (virIdentityGetOSUserName(ident, + &val) < 0) goto cleanup;
if (STRNEQ_NULLABLE(val, "fred")) { @@ -60,9 +57,7 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) goto cleanup; }
- if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - &val) < 0) + if (virIdentityGetOSGroupName(ident, &val) < 0) goto cleanup;
if (val != NULL) { @@ -70,16 +65,12 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) goto cleanup; }
- if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "joe") != -1) { + if (virIdentitySetOSUserName(ident, "joe") != -1) { VIR_DEBUG("Unexpectedly overwrote attribute"); goto cleanup; }
... but the precise error is supposed to be -1 (at least when overwriting). Not complaining, just taking notes.
- if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - &val) < 0) + if (virIdentityGetOSUserName(ident, &val) < 0) goto cleanup;
if (STRNEQ_NULLABLE(val, "fred")) { @@ -110,9 +101,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) goto cleanup; }
- if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "fred") < 0) + if (virIdentitySetOSUserName(identa, "fred") < 0) goto cleanup;
if (virIdentityIsEqual(identa, identb)) { @@ -120,9 +109,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) goto cleanup; }
- if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "fred") < 0) + if (virIdentitySetOSUserName(identb, "fred") < 0) goto cleanup;
if (!virIdentityIsEqual(identa, identb)) { @@ -130,13 +117,9 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) goto cleanup; }
- if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - "flintstone") < 0) + if (virIdentitySetOSGroupName(identa, "flintstone") < 0) goto cleanup; - if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - "flintstone") < 0) + if (virIdentitySetOSGroupName(identb, "flintstone") < 0) goto cleanup;
if (!virIdentityIsEqual(identa, identb)) { @@ -144,9 +127,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) goto cleanup; }
- if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - "fred@FLINTSTONE.COM") < 0) + if (virIdentitySetSASLUserName(identb, "fred@FLINTSTONE.COM") < 0) goto cleanup;
if (virIdentityIsEqual(identa, identb)) { @@ -181,9 +162,7 @@ static int testIdentityGetSystem(const void *data) goto cleanup; }
- if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - &val) < 0) + if (virIdentityGetSELinuxContext(ident, &val) < 0) goto cleanup;
if (STRNEQ_NULLABLE(val, context)) { diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c index 280bd24227..603afadab4 100644 --- a/tests/virnetserverclienttest.c +++ b/tests/virnetserverclienttest.c @@ -53,9 +53,9 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) virNetServerClientPtr client = NULL; virIdentityPtr ident = NULL; const char *gotUsername = NULL; - const char *gotUserID = NULL; + uid_t gotUserID; const char *gotGroupname = NULL; - const char *gotGroupID = NULL; + gid_t gotGroupID; const char *gotSELinuxContext = NULL;
if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) < 0) { @@ -85,9 +85,8 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) goto cleanup; }
- if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - &gotUsername) < 0) { + if (virIdentityGetOSUserName(ident, + &gotUsername) < 0) {
I think this would fit on a single line now.
fprintf(stderr, "Missing username in identity\n"); goto cleanup; } @@ -97,21 +96,19 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) goto cleanup; }
- if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_ID, - &gotUserID) < 0) { + if (virIdentityGetOSUserID(ident, + &gotUserID) < 0) {
Would fit on a single line
fprintf(stderr, "Missing user ID in identity\n"); goto cleanup; } - if (STRNEQ_NULLABLE("666", gotUserID)) { - fprintf(stderr, "Want username '666' got '%s'\n", - NULLSTR(gotUserID)); + if (666 != gotUserID) { + fprintf(stderr, "Want username '666' got '%llu'\n", + (unsigned long long)gotUserID); goto cleanup; }
- if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - &gotGroupname) < 0) { + if (virIdentityGetOSGroupName(ident, + &gotGroupname) < 0) { fprintf(stderr, "Missing groupname in identity\n"); goto cleanup; } @@ -121,27 +118,25 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) goto cleanup; }
- if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_ID, - &gotGroupID) < 0) { + if (virIdentityGetOSGroupID(ident, + &gotGroupID) < 0) { fprintf(stderr, "Missing group ID in identity\n"); goto cleanup; } - if (STRNEQ_NULLABLE("7337", gotGroupID)) { - fprintf(stderr, "Want groupname '7337' got '%s'\n", - NULLSTR(gotGroupID)); + if (7337 != gotGroupID) { + fprintf(stderr, "Want groupname '7337' got '%llu'\n", + (unsigned long long)gotGroupID); goto cleanup; }
- if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - &gotSELinuxContext) < 0) { + if (virIdentityGetSELinuxContext(ident, + &gotSELinuxContext) < 0) { fprintf(stderr, "Missing SELinux context in identity\n"); goto cleanup; } if (STRNEQ_NULLABLE("foo_u:bar_r:wizz_t:s0-s0:c0.c1023", gotSELinuxContext)) { - fprintf(stderr, "Want groupname 'foo_u:bar_r:wizz_t:s0-s0:c0.c1023' got '%s'\n", - NULLSTR(gotGroupID)); + fprintf(stderr, "Want SELinux context 'foo_u:bar_r:wizz_t:s0-s0:c0.c1023' got '%s'\n", + NULLSTR(gotSELinuxContext)); goto cleanup;
That last fix not really related to the rest of the patch, but useful. (I don't know how important it is in the libvirt community to not mix "side fixes" with large patch series. I don't personally mind at all.) Only minor nits, nothing functional. Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
}
-- 2.21.0
-- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, 2019-07-30 at 16:47 +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
+++ b/src/util/viridentity.c +typedef enum { + VIR_IDENTITY_ATTR_OS_USER_NAME, + VIR_IDENTITY_ATTR_OS_USER_ID, + VIR_IDENTITY_ATTR_OS_GROUP_NAME, + VIR_IDENTITY_ATTR_OS_GROUP_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_ID, + VIR_IDENTITY_ATTR_OS_PROCESS_TIME, + VIR_IDENTITY_ATTR_SASL_USER_NAME, + VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, + VIR_IDENTITY_ATTR_SELINUX_CONTEXT, + + VIR_IDENTITY_ATTR_LAST, +} virIdentityAttrType;
Why define a typedef if it's never used?
It's just good manners :) Especially when you're just moving an existing definition around.
@@ -233,9 +247,10 @@ static void virIdentityDispose(void *object) -int virIdentitySetAttr(virIdentityPtr ident, - unsigned int attr, - const char *value) +static int +virIdentitySetAttr(virIdentityPtr ident, + unsigned int attr,
e.g. here, might have virIdentityAttrType instead of unsigned int, might help the compiler emit better diagnostics.
In some cases we're forced to use 'int' instead of the specific enum because... Reasons. I forget :) But I dont think this is one of those cases. Considering that this patch is pure code motion (plus dealing with the fallout of such code motion), it would not be very appropriate to alter the function signature during the process. And anyway, none of this really matters: we're gonna drop both the enum and the functions in the next patch.
+++ b/tests/viridentitytest.c @@ -45,14 +45,11 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) - if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "fred") < 0) + if (virIdentitySetOSUserName(ident, "fred") < 0)
(Following a discussion on another patch - Learning the conventions) Here is a case were error is checked with < 0...
[...]
@@ -70,16 +65,12 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) - if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - "joe") != -1) { + if (virIdentitySetOSUserName(ident, "joe") != -1) { VIR_DEBUG("Unexpectedly overwrote attribute"); goto cleanup; }
... but the precise error is supposed to be -1 (at least when overwriting).
Not complaining, just taking notes.
I don't think the difference is intentional: just code written by different developers and/or at different points in time. And again, not something that it would be appropriate to change in this patch.
@@ -85,9 +85,8 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - &gotUsername) < 0) { + if (virIdentityGetOSUserName(ident, + &gotUsername) < 0) {
I think this would fit on a single line now.
Agreed.
@@ -121,27 +118,25 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED) if (STRNEQ_NULLABLE("foo_u:bar_r:wizz_t:s0-s0:c0.c1023", gotSELinuxContext)) { - fprintf(stderr, "Want groupname 'foo_u:bar_r:wizz_t:s0-s0:c0.c1023' got '%s'\n", - NULLSTR(gotGroupID)); + fprintf(stderr, "Want SELinux context 'foo_u:bar_r:wizz_t:s0-s0:c0.c1023' got '%s'\n", + NULLSTR(gotSELinuxContext)); goto cleanup;
That last fix not really related to the rest of the patch, but useful. (I don't know how important it is in the libvirt community to not mix "side fixes" with large patch series. I don't personally mind at all.)
It's usually frowned upon, though it's prefectly normal that something will slip in, especially in the context of a fairly large series such as this one. Please split off that change to its own, trivial patch. With that addressed, Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
We'll shortly be exposing the identity as virTypedParameter in the public header, so it simplifies life to use that as the internal representation too. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt_private.syms | 1 - src/util/viridentity.c | 385 ++++++++++++++++++--------------------- src/util/viridentity.h | 6 - tests/viridentitytest.c | 62 +------ 4 files changed, 180 insertions(+), 274 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index c7fb8c94e4..d42a939f5d 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2147,7 +2147,6 @@ virIdentityGetSASLUserName; virIdentityGetSELinuxContext; virIdentityGetSystem; virIdentityGetX509DName; -virIdentityIsEqual; virIdentityNew; virIdentitySetCurrent; virIdentitySetOSGroupID; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index fe0c416bba..5324400650 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -41,24 +41,12 @@ VIR_LOG_INIT("util.identity"); -typedef enum { - VIR_IDENTITY_ATTR_OS_USER_NAME, - VIR_IDENTITY_ATTR_OS_USER_ID, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - VIR_IDENTITY_ATTR_OS_GROUP_ID, - VIR_IDENTITY_ATTR_OS_PROCESS_ID, - VIR_IDENTITY_ATTR_OS_PROCESS_TIME, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - - VIR_IDENTITY_ATTR_LAST, -} virIdentityAttrType; - struct _virIdentity { virObject parent; - char *attrs[VIR_IDENTITY_ATTR_LAST]; + int nparams; + int maxparams; + virTypedParameterPtr params; }; static virClassPtr virIdentityClass; @@ -188,6 +176,7 @@ virIdentityPtr virIdentityGetSystem(void) _("Unable to lookup SELinux process context")); return ret; } + VIR_DEBUG("Set con %s", con); if (virIdentitySetSELinuxContext(ret, con) < 0) { freecon(con); goto error; @@ -229,131 +218,38 @@ virIdentityPtr virIdentityNew(void) static void virIdentityDispose(void *object) { virIdentityPtr ident = object; - size_t i; - for (i = 0; i < VIR_IDENTITY_ATTR_LAST; i++) - VIR_FREE(ident->attrs[i]); -} - - -/** - * virIdentitySetAttr: - * @ident: the identity to modify - * @attr: the attribute type to set - * @value: the identifying value to associate with @attr - * - * Sets an identifying attribute @attr on @ident. Each - * @attr type can only be set once. - * - * Returns: 0 on success, or -1 on error - */ -static int -virIdentitySetAttr(virIdentityPtr ident, - unsigned int attr, - const char *value) -{ - int ret = -1; - VIR_DEBUG("ident=%p attribute=%u value=%s", ident, attr, value); - - if (ident->attrs[attr]) { - virReportError(VIR_ERR_OPERATION_DENIED, "%s", - _("Identity attribute is already set")); - goto cleanup; - } - - if (VIR_STRDUP(ident->attrs[attr], value) < 0) - goto cleanup; - - ret = 0; - - cleanup: - return ret; -} - - -/** - * virIdentityGetAttr: - * @ident: the identity to query - * @attr: the attribute to read - * @value: filled with the attribute value - * - * Fills @value with a pointer to the value associated - * with the identifying attribute @attr in @ident. If - * @attr is not set, then it will simply be initialized - * to NULL and considered as a successful read - * - * Returns 0 on success, -1 on error - */ -static int -virIdentityGetAttr(virIdentityPtr ident, - unsigned int attr, - const char **value) -{ - VIR_DEBUG("ident=%p attribute=%d value=%p", ident, attr, value); - - *value = ident->attrs[attr]; - - return 0; -} - - -/** - * virIdentityIsEqual: - * @identA: the first identity - * @identB: the second identity - * - * Compares every attribute in @identA and @identB - * to determine if they refer to the same identity - * - * Returns true if they are equal, false if not equal - */ -bool virIdentityIsEqual(virIdentityPtr identA, - virIdentityPtr identB) -{ - bool ret = false; - size_t i; - VIR_DEBUG("identA=%p identB=%p", identA, identB); - - for (i = 0; i < VIR_IDENTITY_ATTR_LAST; i++) { - if (STRNEQ_NULLABLE(identA->attrs[i], - identB->attrs[i])) - goto cleanup; - } - - ret = true; - cleanup: - return ret; + virTypedParamsFree(ident->params, ident->nparams); } int virIdentityGetOSUserName(virIdentityPtr ident, const char **username) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - username); + return virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_USER_NAME, + username); } int virIdentityGetOSUserID(virIdentityPtr ident, uid_t *uid) { - int val; - const char *userid; + unsigned long long val; + int ret; *uid = -1; - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_ID, - &userid) < 0) - return -1; - - if (!userid) - return -1; - if (virStrToLong_i(userid, NULL, 10, &val) < 0) + ret = virTypedParamsGetULLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_USER_ID, + &val); + if (ret < 0) return -1; - *uid = (uid_t)val; + if (ret == 1) + *uid = (uid_t)val; return 0; } @@ -361,31 +257,32 @@ int virIdentityGetOSUserID(virIdentityPtr ident, int virIdentityGetOSGroupName(virIdentityPtr ident, const char **groupname) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - groupname); + *groupname = NULL; + if (virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_GROUP_NAME, + groupname) < 0) + return -1; + return 0; } int virIdentityGetOSGroupID(virIdentityPtr ident, gid_t *gid) { - int val; - const char *groupid; + int ret; + unsigned long long val; *gid = -1; - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_ID, - &groupid) < 0) + ret = virTypedParamsGetULLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_GROUP_ID, + &val); + if (ret < 0) return -1; - if (!groupid) - return -1; - - if (virStrToLong_i(groupid, NULL, 10, &val) < 0) - return -1; - - *gid = (gid_t)val; + if (ret == 1) + *gid = (gid_t)val; return 0; } @@ -394,22 +291,19 @@ int virIdentityGetOSGroupID(virIdentityPtr ident, int virIdentityGetOSProcessID(virIdentityPtr ident, pid_t *pid) { - unsigned long long val; - const char *processid; + int ret; + long long val; *pid = 0; - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_PROCESS_ID, - &processid) < 0) - return -1; - - if (!processid) + ret = virTypedParamsGetLLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_PROCESS_ID, + &val); + if (ret < 0) return -1; - if (virStrToLong_ull(processid, NULL, 10, &val) < 0) - return -1; - - *pid = (pid_t)val; + if (ret == 1) + *pid = (gid_t)val; return 0; } @@ -418,16 +312,11 @@ int virIdentityGetOSProcessID(virIdentityPtr ident, int virIdentityGetOSProcessTime(virIdentityPtr ident, unsigned long long *timestamp) { - const char *processtime; - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_PROCESS_TIME, - &processtime) < 0) - return -1; - - if (!processtime) - return -1; - - if (virStrToLong_ull(processtime, NULL, 10, timestamp) < 0) + *timestamp = 0; + if (virTypedParamsGetULLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_PROCESS_TIME, + timestamp) < 0) return -1; return 0; @@ -437,101 +326,153 @@ int virIdentityGetOSProcessTime(virIdentityPtr ident, int virIdentityGetSASLUserName(virIdentityPtr ident, const char **username) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - username); + *username = NULL; + if (virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SASL_USER_NAME, + username) < 0) + return -1; + return 0; } int virIdentityGetX509DName(virIdentityPtr ident, const char **dname) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - dname); + *dname = NULL; + if (virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME, + dname) < 0) + return -1; + return 0; } int virIdentityGetSELinuxContext(virIdentityPtr ident, const char **context) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - context); + *context = NULL; + if (virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SELINUX_CONTEXT, + context) < 0) + return -1; + return 0; } int virIdentitySetOSUserName(virIdentityPtr ident, const char *username) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - username); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_USER_NAME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_OS_USER_NAME, + username); } int virIdentitySetOSUserID(virIdentityPtr ident, uid_t uid) { - VIR_AUTOFREE(char *) val = NULL; - - if (virAsprintf(&val, "%d", (int)uid) < 0) + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_USER_ID)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); return -1; + } - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_ID, - val); + return virTypedParamsAddULLong(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_OS_USER_ID, + uid); } int virIdentitySetOSGroupName(virIdentityPtr ident, const char *groupname) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_NAME, - groupname); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_GROUP_NAME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_OS_GROUP_NAME, + groupname); } int virIdentitySetOSGroupID(virIdentityPtr ident, gid_t gid) { - VIR_AUTOFREE(char *) val = NULL; - - if (virAsprintf(&val, "%d", (int)gid) < 0) + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_GROUP_ID)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); return -1; + } - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_GROUP_ID, - val); + return virTypedParamsAddULLong(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_OS_GROUP_ID, + gid); } int virIdentitySetOSProcessID(virIdentityPtr ident, pid_t pid) { - VIR_AUTOFREE(char *) val = NULL; - - if (virAsprintf(&val, "%lld", (long long) pid) < 0) + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_PROCESS_ID)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); return -1; + } - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_PROCESS_ID, - val); + return virTypedParamsAddLLong(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_OS_PROCESS_ID, + pid); } int virIdentitySetOSProcessTime(virIdentityPtr ident, unsigned long long timestamp) { - VIR_AUTOFREE(char *) val = NULL; - - if (virAsprintf(&val, "%llu", timestamp) < 0) + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_PROCESS_TIME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); return -1; + } - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_OS_PROCESS_TIME, - val); + return virTypedParamsAddULLong(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_OS_PROCESS_TIME, + timestamp); } @@ -539,25 +480,55 @@ int virIdentitySetOSProcessTime(virIdentityPtr ident, int virIdentitySetSASLUserName(virIdentityPtr ident, const char *username) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - username); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SASL_USER_NAME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_SASL_USER_NAME, + username); } int virIdentitySetX509DName(virIdentityPtr ident, const char *dname) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - dname); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME, + dname); } int virIdentitySetSELinuxContext(virIdentityPtr ident, const char *context) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - context); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SELINUX_CONTEXT)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_SELINUX_CONTEXT, + context); } diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 0925b740d9..6dc0393810 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -33,12 +33,6 @@ virIdentityPtr virIdentityGetSystem(void); virIdentityPtr virIdentityNew(void); - -bool virIdentityIsEqual(virIdentityPtr identA, - virIdentityPtr identB) - ATTRIBUTE_NONNULL(1) - ATTRIBUTE_NONNULL(2); - int virIdentityGetOSUserName(virIdentityPtr ident, const char **username); int virIdentityGetOSUserID(virIdentityPtr ident, diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index e57b68ec43..ba85c90d6c 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -85,63 +85,6 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED) } -static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) -{ - int ret = -1; - virIdentityPtr identa = NULL; - virIdentityPtr identb = NULL; - - if (!(identa = virIdentityNew())) - goto cleanup; - if (!(identb = virIdentityNew())) - goto cleanup; - - if (!virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Empty identities were not equal"); - goto cleanup; - } - - if (virIdentitySetOSUserName(identa, "fred") < 0) - goto cleanup; - - if (virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Mis-matched identities should not be equal"); - goto cleanup; - } - - if (virIdentitySetOSUserName(identb, "fred") < 0) - goto cleanup; - - if (!virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Matched identities were not equal"); - goto cleanup; - } - - if (virIdentitySetOSGroupName(identa, "flintstone") < 0) - goto cleanup; - if (virIdentitySetOSGroupName(identb, "flintstone") < 0) - goto cleanup; - - if (!virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Matched identities were not equal"); - goto cleanup; - } - - if (virIdentitySetSASLUserName(identb, "fred@FLINTSTONE.COM") < 0) - goto cleanup; - - if (virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Mis-matched identities should not be equal"); - goto cleanup; - } - - ret = 0; - cleanup: - virObjectUnref(identa); - virObjectUnref(identb); - return ret; -} - static int testIdentityGetSystem(const void *data) { const char *context = data; @@ -166,7 +109,8 @@ static int testIdentityGetSystem(const void *data) goto cleanup; if (STRNEQ_NULLABLE(val, context)) { - VIR_DEBUG("Unexpected SELinux context attribute"); + VIR_DEBUG("Unexpected SELinux context attribute '%s' != '%s'", + val, context); goto cleanup; } @@ -204,8 +148,6 @@ mymain(void) if (virTestRun("Identity attributes ", testIdentityAttrs, NULL) < 0) ret = -1; - if (virTestRun("Identity equality ", testIdentityEqual, NULL) < 0) - ret = -1; if (virTestRun("Setting fake SELinux context ", testSetFakeSELinuxContext, context) < 0) ret = -1; if (virTestRun("System identity (fake SELinux enabled) ", testIdentityGetSystem, context) < 0) -- 2.21.0
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
util: storage identity attrs as virTypedParameter internally
s/storage/store/ [...]
+++ b/src/util/viridentity.c @@ -188,6 +176,7 @@ virIdentityPtr virIdentityGetSystem(void) _("Unable to lookup SELinux process context")); return ret; } + VIR_DEBUG("Set con %s", con);
This looks like a leftover from development. [...]
-/** - * virIdentityIsEqual: - * @identA: the first identity - * @identB: the second identity - * - * Compares every attribute in @identA and @identB - * to determine if they refer to the same identity - * - * Returns true if they are equal, false if not equal - */ -bool virIdentityIsEqual(virIdentityPtr identA, - virIdentityPtr identB)
This function was introduced with commit 3aabe27247711324df2bfa623e9a5e8d2442e3a5 Author: Daniel P. Berrange <berrange@redhat.com> Date: Fri Jan 20 17:49:32 2012 +0000 Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com> and apparently never used. Please drop it in a separate commit. [...]
int virIdentityGetOSUserName(virIdentityPtr ident, const char **username) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_OS_USER_NAME, - username);
You forgot to do *username = NULL; here. [...]
int virIdentityGetOSUserID(virIdentityPtr ident, uid_t *uid) { - int val; - const char *userid; + unsigned long long val; + int ret;
Usually we use 'ret' to store the return value of the current function, and 'rc' for the return value of any sub-function we might need to call. Please use 'rc' here to avoid any confusion.
- if (virStrToLong_i(userid, NULL, 10, &val) < 0) + ret = virTypedParamsGetULLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_USER_ID, + &val); + if (ret < 0) return -1;
- *uid = (uid_t)val; + if (ret == 1) + *uid = (uid_t)val;
In case Christophe is following along: this is one of the cases where libvirt functions don't follow the usual 0 means success, <0 means failure mantra. [...]
int virIdentityGetOSProcessID(virIdentityPtr ident, pid_t *pid) { - unsigned long long val; - const char *processid; + int ret; + long long val;
I still think we should be using ull for pids.
- *pid = (pid_t)val; + if (ret == 1) + *pid = (gid_t)val;
This should be *pid = (pid_t)val; [...]
+++ b/tests/viridentitytest.c @@ -166,7 +109,8 @@ static int testIdentityGetSystem(const void *data) goto cleanup;
if (STRNEQ_NULLABLE(val, context)) { - VIR_DEBUG("Unexpected SELinux context attribute"); + VIR_DEBUG("Unexpected SELinux context attribute '%s' != '%s'", + val, context); goto cleanup; }
This change also doesn't belong in this patch. You can put it in the same one as the other SELinux-related test suite fix, though. And since you're tweaking the message, I suggest something like VIR_DEBUG("Unexpected SELinux context: expected='%s' actual='%s'", context, val); for easier debugging. -- Andrea Bolognani / Red Hat / Virtualization
Andrea Bolognani writes:
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
util: storage identity attrs as virTypedParameter internally
- if (virStrToLong_i(userid, NULL, 10, &val) < 0) + ret = virTypedParamsGetULLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_OS_USER_ID, + &val); + if (ret < 0) return -1;
- *uid = (uid_t)val; + if (ret == 1) + *uid = (uid_t)val;
In case Christophe is following along: this is one of the cases where libvirt functions don't follow the usual 0 means success, <0 means failure mantra.
Thanks ;-)
[...]
int virIdentityGetOSProcessID(virIdentityPtr ident, pid_t *pid) { - unsigned long long val; - const char *processid; + int ret; + long long val;
I still think we should be using ull for pids.
Curious why (I'm too lazy to look it up in earlier discussions)? In general, giving a name to an int type is a good idea, isn't it?
- *pid = (pid_t)val; + if (ret == 1) + *pid = (gid_t)val;
This should be
*pid = (pid_t)val;
You made me look at that code again, and now I'm confused as to why it's OK to leave garbage in *pid if we fail to find the corresponding typed param. Previously, the function returned -1 in that case, to indicate failure. Now, it returns 0, but does not update *uid. Is that intentional?
[...]
+++ b/tests/viridentitytest.c @@ -166,7 +109,8 @@ static int testIdentityGetSystem(const void *data) goto cleanup;
if (STRNEQ_NULLABLE(val, context)) { - VIR_DEBUG("Unexpected SELinux context attribute"); + VIR_DEBUG("Unexpected SELinux context attribute '%s' != '%s'", + val, context); goto cleanup; }
This change also doesn't belong in this patch. You can put it in the same one as the other SELinux-related test suite fix, though.
And since you're tweaking the message, I suggest something like
VIR_DEBUG("Unexpected SELinux context: expected='%s' actual='%s'", context, val);
for easier debugging.
-- Andrea Bolognani / Red Hat / Virtualization
-- Cheers, Christophe de Dinechin (IRC c3d)
Add ability to import/export all the parameters associated with an identity, so that they can be exposed via the public API. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt_private.syms | 2 ++ src/util/viridentity.c | 54 ++++++++++++++++++++++++++++++++++++++++ src/util/viridentity.h | 8 ++++++ 3 files changed, 64 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index d42a939f5d..a33b84efe0 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2143,6 +2143,7 @@ virIdentityGetOSProcessID; virIdentityGetOSProcessTime; virIdentityGetOSUserID; virIdentityGetOSUserName; +virIdentityGetParameters; virIdentityGetSASLUserName; virIdentityGetSELinuxContext; virIdentityGetSystem; @@ -2155,6 +2156,7 @@ virIdentitySetOSProcessID; virIdentitySetOSProcessTime; virIdentitySetOSUserID; virIdentitySetOSUserName; +virIdentitySetParameters; virIdentitySetSASLUserName; virIdentitySetSELinuxContext; virIdentitySetX509DName; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 5324400650..461e41ec3d 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -36,6 +36,7 @@ #include "virutil.h" #include "virstring.h" #include "virprocess.h" +#include "virtypedparam.h" #define VIR_FROM_THIS VIR_FROM_IDENTITY @@ -532,3 +533,56 @@ int virIdentitySetSELinuxContext(virIdentityPtr ident, VIR_CONNECT_IDENTITY_SELINUX_CONTEXT, context); } + + +int virIdentitySetParameters(virIdentityPtr ident, + virTypedParameterPtr params, + int nparams) +{ + if (virTypedParamsValidate(params, nparams, + VIR_CONNECT_IDENTITY_OS_USER_NAME, + VIR_TYPED_PARAM_STRING, + VIR_CONNECT_IDENTITY_OS_USER_ID, + VIR_TYPED_PARAM_ULLONG, + VIR_CONNECT_IDENTITY_OS_GROUP_NAME, + VIR_TYPED_PARAM_STRING, + VIR_CONNECT_IDENTITY_OS_GROUP_ID, + VIR_TYPED_PARAM_ULLONG, + VIR_CONNECT_IDENTITY_OS_PROCESS_ID, + VIR_TYPED_PARAM_LLONG, + VIR_CONNECT_IDENTITY_OS_PROCESS_TIME, + VIR_TYPED_PARAM_ULLONG, + VIR_CONNECT_IDENTITY_SASL_USER_NAME, + VIR_TYPED_PARAM_STRING, + VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME, + VIR_TYPED_PARAM_STRING, + VIR_CONNECT_IDENTITY_SELINUX_CONTEXT, + VIR_TYPED_PARAM_STRING, + NULL) < 0) + return -1; + + virTypedParamsFree(ident->params, ident->nparams); + ident->params = NULL; + ident->nparams = 0; + if (virTypedParamsCopy(&ident->params, params, nparams) < 0) + return -1; + ident->nparams = nparams; + + return 0; +} + + +int virIdentityGetParameters(virIdentityPtr ident, + virTypedParameterPtr *params, + int *nparams) +{ + *params = NULL; + *nparams = 0; + + if (virTypedParamsCopy(params, ident->params, ident->nparams) < 0) + return -1; + + *nparams = ident->nparams; + + return 0; +} diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 6dc0393810..edb838cf17 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -71,3 +71,11 @@ int virIdentitySetX509DName(virIdentityPtr ident, const char *dname); int virIdentitySetSELinuxContext(virIdentityPtr ident, const char *context); + +int virIdentitySetParameters(virIdentityPtr ident, + virTypedParameterPtr params, + int nparams); + +int virIdentityGetParameters(virIdentityPtr ident, + virTypedParameterPtr *params, + int *nparams); -- 2.21.0
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
+++ b/src/util/viridentity.c +int virIdentitySetParameters(virIdentityPtr ident, + virTypedParameterPtr params, + int nparams)
Return type on a separate line. [...]
+ virTypedParamsFree(ident->params, ident->nparams); + ident->params = NULL; + ident->nparams = 0;
I'm obviously a bit unclear on some pretty fundamental details of the virTypedParam API. More specifically: shouldn't you set ident->maxparams = 0; here as well? I don't see how it could work otherwise.
+ if (virTypedParamsCopy(&ident->params, params, nparams) < 0) + return -1; + ident->nparams = nparams;
And here too, don't you need to do ident->maxparams = ident->nparams; for subsequent calls to virTypedParamAdd*() to know whether they need to allocate additional memeory? [...]
+int virIdentityGetParameters(virIdentityPtr ident, + virTypedParameterPtr *params, + int *nparams)
Return type on a separate line. -- Andrea Bolognani / Red Hat / Virtualization
When opening a connection to a second driver inside the daemon, we must ensure the identity of the current user is passed across. This allows the second daemon to perform access control checks against the real end users, instead of against the libvirt daemon that's proxying across the API calls. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt_remote.syms | 1 + src/remote/remote_daemon_dispatch.c | 110 +++++++++++++++++++++++++--- src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 18 ++++- src/remote_protocol-structs | 8 ++ src/rpc/virnetserverclient.c | 12 +++ src/rpc/virnetserverclient.h | 2 + 7 files changed, 140 insertions(+), 12 deletions(-) diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms index 3307d74324..0493467f46 100644 --- a/src/libvirt_remote.syms +++ b/src/libvirt_remote.syms @@ -178,6 +178,7 @@ virNetServerClientSetAuthLocked; virNetServerClientSetAuthPendingLocked; virNetServerClientSetCloseHook; virNetServerClientSetDispatcher; +virNetServerClientSetIdentity; virNetServerClientSetQuietEOF; virNetServerClientSetReadonly; virNetServerClientStartKeepAlive; diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 9ef76daa55..f828b75f3b 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -51,6 +51,7 @@ #include "virpolkit.h" #include "virthreadjob.h" #include "configmake.h" +#include "access/viraccessapicheck.h" #define VIR_FROM_THIS VIR_FROM_RPC @@ -1945,10 +1946,15 @@ static void remoteClientCloseFunc(virNetServerClientPtr client) static int remoteOpenConn(const char *uri, bool readonly, + bool preserveIdentity, virConnectPtr *conn) { - VIR_DEBUG("Getting secondary uri=%s readonly=%d conn=%p", - NULLSTR(uri), readonly, conn); + virTypedParameterPtr params = NULL; + int nparams = 0; + + VIR_DEBUG("Getting secondary uri=%s readonly=%d preserveIdent=%d conn=%p", + NULLSTR(uri), readonly, preserveIdentity, conn); + if (*conn) return 0; @@ -1957,15 +1963,42 @@ remoteOpenConn(const char *uri, return -1; } + if (preserveIdentity) { + VIR_AUTOUNREF(virIdentityPtr) ident = NULL; + + if (!(ident = virIdentityGetCurrent())) + return -1; + + if (virIdentityGetParameters(ident, ¶ms, &nparams) < 0) + goto error; + } + VIR_DEBUG("Opening driver %s", uri); if (readonly) *conn = virConnectOpenReadOnly(uri); else *conn = virConnectOpen(uri); if (!*conn) - return -1; + goto error; VIR_DEBUG("Opened driver %p", *conn); + + if (preserveIdentity) { + if (virConnectSetIdentity(*conn, params, nparams, 0) < 0) + goto error; + + virTypedParamsFree(params, nparams); + VIR_DEBUG("Forwarded current identity to secondary driver"); + } + return 0; + + error: + virTypedParamsFree(params, nparams); + if (*conn) { + virConnectClose(*conn); + *conn = NULL; + } + return -1; } @@ -1992,6 +2025,7 @@ remoteGetInterfaceConn(virNetServerClientPtr client) if (remoteOpenConn(priv->interfaceURI, priv->readonly, + true, &priv->interfaceConn) < 0) return NULL; @@ -2007,6 +2041,7 @@ remoteGetNetworkConn(virNetServerClientPtr client) if (remoteOpenConn(priv->networkURI, priv->readonly, + true, &priv->networkConn) < 0) return NULL; @@ -2022,6 +2057,7 @@ remoteGetNodeDevConn(virNetServerClientPtr client) if (remoteOpenConn(priv->nodedevURI, priv->readonly, + true, &priv->nodedevConn) < 0) return NULL; @@ -2037,6 +2073,7 @@ remoteGetNWFilterConn(virNetServerClientPtr client) if (remoteOpenConn(priv->nwfilterURI, priv->readonly, + true, &priv->nwfilterConn) < 0) return NULL; @@ -2052,6 +2089,7 @@ remoteGetSecretConn(virNetServerClientPtr client) if (remoteOpenConn(priv->secretURI, priv->readonly, + true, &priv->secretConn) < 0) return NULL; @@ -2067,6 +2105,7 @@ remoteGetStorageConn(virNetServerClientPtr client) if (remoteOpenConn(priv->storageURI, priv->readonly, + true, &priv->storageConn) < 0) return NULL; @@ -2235,6 +2274,7 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, #ifndef LIBVIRTD const char *type = NULL; #endif + bool preserveIdentity = false; VIR_DEBUG("priv=%p conn=%p", priv, priv->conn); virMutexLock(&priv->lock); @@ -2264,14 +2304,16 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, } #endif +#ifdef VIRTPROXYD + preserveIdentity = true; +#endif /* VIRTPROXYD */ + VIR_DEBUG("Opening driver %s", name); - if (priv->readonly) { - if (!(priv->conn = virConnectOpenReadOnly(name))) - goto cleanup; - } else { - if (!(priv->conn = virConnectOpen(name))) - goto cleanup; - } + if (remoteOpenConn(name, + priv->readonly, + preserveIdentity, + &priv->conn) < 0) + goto cleanup; VIR_DEBUG("Opened %p", priv->conn); #ifndef LIBVIRTD @@ -2375,6 +2417,54 @@ remoteDispatchConnectClose(virNetServerPtr server ATTRIBUTE_UNUSED, } +static int +remoteDispatchConnectSetIdentity(virNetServerPtr server ATTRIBUTE_UNUSED, + virNetServerClientPtr client, + virNetMessagePtr msg ATTRIBUTE_UNUSED, + virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED, + remote_connect_set_identity_args *args) +{ + virTypedParameterPtr params = NULL; + int nparams = 0; + int rv = -1; + virConnectPtr conn = remoteGetHypervisorConn(client); + virIdentityPtr ident = NULL; + if (!conn) + goto cleanup; + + VIR_DEBUG("Received forwarded identity"); + if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val, + args->params.params_len, + REMOTE_CONNECT_IDENTITY_PARAMS_MAX, + ¶ms, + &nparams) < 0) + goto cleanup; + + VIR_TYPED_PARAMS_DEBUG(params, nparams); + + if (virConnectSetIdentityEnsureACL(conn) < 0) + goto cleanup; + + if (!(ident = virIdentityNew())) + goto cleanup; + + if (virIdentitySetParameters(ident, params, nparams) < 0) + goto cleanup; + + virNetServerClientSetIdentity(client, ident); + + rv = 0; + + cleanup: + virTypedParamsFree(params, nparams); + virObjectUnref(ident); + if (rv < 0) + virNetMessageSaveError(rerr); + return rv; +} + + + static int remoteDispatchDomainGetSchedulerType(virNetServerPtr server ATTRIBUTE_UNUSED, virNetServerClientPtr client, diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 889d62ba4f..e2d2dc66be 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -8510,6 +8510,7 @@ static virHypervisorDriver hypervisor_driver = { .name = "remote", .connectOpen = remoteConnectOpen, /* 0.3.0 */ .connectClose = remoteConnectClose, /* 0.3.0 */ + .connectSetIdentity = remoteConnectSetIdentity, /* 5.6.0 */ .connectSupportsFeature = remoteConnectSupportsFeature, /* 0.3.0 */ .connectGetType = remoteConnectGetType, /* 0.3.0 */ .connectGetVersion = remoteConnectGetVersion, /* 0.3.0 */ diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 2f91bd1921..42e61ba20f 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -53,6 +53,9 @@ typedef string remote_nonnull_string<REMOTE_STRING_MAX>; /* A long string, which may be NULL. */ typedef remote_nonnull_string *remote_string; +/* Upper limit on identity parameters */ +const REMOTE_CONNECT_IDENTITY_PARAMS_MAX = 20; + /* Upper limit on lists of domains. */ const REMOTE_DOMAIN_LIST_MAX = 16384; @@ -3723,6 +3726,11 @@ struct remote_domain_checkpoint_delete_args { unsigned int flags; }; +struct remote_connect_set_identity_args { + remote_typed_param params<REMOTE_DOMAIN_BLOCK_IO_TUNE_PARAMETERS_MAX>; + unsigned int flags; +}; + /*----- Protocol. -----*/ /* Define the program number, protocol version and procedure numbers here. */ @@ -6538,7 +6546,7 @@ enum remote_procedure { */ REMOTE_PROC_NETWORK_PORT_DELETE = 410, - /** + /** * @generate: both * @acl: domain:checkpoint * @acl: domain:fs_freeze:VIR_DOMAIN_CHECKPOINT_CREATE_QUIESCE @@ -6584,5 +6592,11 @@ enum remote_procedure { * @generate: both * @acl: domain:checkpoint */ - REMOTE_PROC_DOMAIN_CHECKPOINT_DELETE = 417 + REMOTE_PROC_DOMAIN_CHECKPOINT_DELETE = 417, + + /** + * @generate: client + * @acl: connect:write + */ + REMOTE_PROC_CONNECT_SET_IDENTITY = 418 }; diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs index a42b4a9671..05229f00c5 100644 --- a/src/remote_protocol-structs +++ b/src/remote_protocol-structs @@ -3105,6 +3105,13 @@ struct remote_domain_checkpoint_delete_args { remote_nonnull_domain_checkpoint checkpoint; u_int flags; }; +struct remote_connect_set_identity_args { + struct { + u_int params_len; + remote_typed_param * params_val; + } params; + u_int flags; +}; enum remote_procedure { REMOTE_PROC_CONNECT_OPEN = 1, REMOTE_PROC_CONNECT_CLOSE = 2, @@ -3523,4 +3530,5 @@ enum remote_procedure { REMOTE_PROC_DOMAIN_CHECKPOINT_LOOKUP_BY_NAME = 415, REMOTE_PROC_DOMAIN_CHECKPOINT_GET_PARENT = 416, REMOTE_PROC_DOMAIN_CHECKPOINT_DELETE = 417, + REMOTE_PROC_CONNECT_SET_IDENTITY = 418, }; diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 1f020a5a04..2a278171f5 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -844,6 +844,18 @@ virIdentityPtr virNetServerClientGetIdentity(virNetServerClientPtr client) } +void virNetServerClientSetIdentity(virNetServerClientPtr client, + virIdentityPtr identity) +{ + virObjectLock(client); + virObjectUnref(client->identity); + client->identity = identity; + if (client->identity) + virObjectRef(client->identity); + virObjectUnlock(client); +} + + int virNetServerClientGetSELinuxContext(virNetServerClientPtr client, char **context) { diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h index 1b01bedbcb..1c520fef6b 100644 --- a/src/rpc/virnetserverclient.h +++ b/src/rpc/virnetserverclient.h @@ -123,6 +123,8 @@ int virNetServerClientGetSELinuxContext(virNetServerClientPtr client, char **context); virIdentityPtr virNetServerClientGetIdentity(virNetServerClientPtr client); +void virNetServerClientSetIdentity(virNetServerClientPtr client, + virIdentityPtr identity); void *virNetServerClientGetPrivateData(virNetServerClientPtr client); -- 2.21.0
Daniel P. Berrangé writes:
When opening a connection to a second driver inside the daemon, we must ensure the identity of the current user is passed across. This allows the second daemon to perform access control checks against the real end users, instead of against the libvirt daemon that's proxying across the API calls.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt_remote.syms | 1 + src/remote/remote_daemon_dispatch.c | 110 +++++++++++++++++++++++++--- src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 18 ++++- src/remote_protocol-structs | 8 ++ src/rpc/virnetserverclient.c | 12 +++ src/rpc/virnetserverclient.h | 2 + 7 files changed, 140 insertions(+), 12 deletions(-)
diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms index 3307d74324..0493467f46 100644 --- a/src/libvirt_remote.syms +++ b/src/libvirt_remote.syms @@ -178,6 +178,7 @@ virNetServerClientSetAuthLocked; virNetServerClientSetAuthPendingLocked; virNetServerClientSetCloseHook; virNetServerClientSetDispatcher; +virNetServerClientSetIdentity; virNetServerClientSetQuietEOF; virNetServerClientSetReadonly; virNetServerClientStartKeepAlive; diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 9ef76daa55..f828b75f3b 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -51,6 +51,7 @@ #include "virpolkit.h" #include "virthreadjob.h" #include "configmake.h" +#include "access/viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_RPC
@@ -1945,10 +1946,15 @@ static void remoteClientCloseFunc(virNetServerClientPtr client) static int remoteOpenConn(const char *uri, bool readonly, + bool preserveIdentity, virConnectPtr *conn) { - VIR_DEBUG("Getting secondary uri=%s readonly=%d conn=%p", - NULLSTR(uri), readonly, conn); + virTypedParameterPtr params = NULL; + int nparams = 0; + + VIR_DEBUG("Getting secondary uri=%s readonly=%d preserveIdent=%d conn=%p", + NULLSTR(uri), readonly, preserveIdentity, conn); + if (*conn) return 0;
@@ -1957,15 +1963,42 @@ remoteOpenConn(const char *uri, return -1; }
+ if (preserveIdentity) { + VIR_AUTOUNREF(virIdentityPtr) ident = NULL; + + if (!(ident = virIdentityGetCurrent())) + return -1; + + if (virIdentityGetParameters(ident, ¶ms, &nparams) < 0) + goto error; + } + VIR_DEBUG("Opening driver %s", uri); if (readonly) *conn = virConnectOpenReadOnly(uri); else *conn = virConnectOpen(uri); if (!*conn) - return -1; + goto error; VIR_DEBUG("Opened driver %p", *conn); + + if (preserveIdentity) { + if (virConnectSetIdentity(*conn, params, nparams, 0) < 0) + goto error; + + virTypedParamsFree(params, nparams); + VIR_DEBUG("Forwarded current identity to secondary driver"); + } + return 0; + + error: + virTypedParamsFree(params, nparams); + if (*conn) { + virConnectClose(*conn); + *conn = NULL; + } + return -1; }
@@ -1992,6 +2025,7 @@ remoteGetInterfaceConn(virNetServerClientPtr client)
if (remoteOpenConn(priv->interfaceURI, priv->readonly, + true, &priv->interfaceConn) < 0)
Consider adding a variable "preserveIdentity = true" and passing that around to make it easier to read what that "true" is about?
return NULL;
@@ -2007,6 +2041,7 @@ remoteGetNetworkConn(virNetServerClientPtr client)
if (remoteOpenConn(priv->networkURI, priv->readonly, + true, &priv->networkConn) < 0) return NULL;
@@ -2022,6 +2057,7 @@ remoteGetNodeDevConn(virNetServerClientPtr client)
if (remoteOpenConn(priv->nodedevURI, priv->readonly, + true, &priv->nodedevConn) < 0) return NULL;
@@ -2037,6 +2073,7 @@ remoteGetNWFilterConn(virNetServerClientPtr client)
if (remoteOpenConn(priv->nwfilterURI, priv->readonly, + true, &priv->nwfilterConn) < 0) return NULL;
@@ -2052,6 +2089,7 @@ remoteGetSecretConn(virNetServerClientPtr client)
if (remoteOpenConn(priv->secretURI, priv->readonly, + true, &priv->secretConn) < 0) return NULL;
@@ -2067,6 +2105,7 @@ remoteGetStorageConn(virNetServerClientPtr client)
if (remoteOpenConn(priv->storageURI, priv->readonly, + true, &priv->storageConn) < 0) return NULL;
@@ -2235,6 +2274,7 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, #ifndef LIBVIRTD const char *type = NULL; #endif + bool preserveIdentity = false;
VIR_DEBUG("priv=%p conn=%p", priv, priv->conn); virMutexLock(&priv->lock); @@ -2264,14 +2304,16 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, } #endif
+#ifdef VIRTPROXYD + preserveIdentity = true; +#endif /* VIRTPROXYD */ + VIR_DEBUG("Opening driver %s", name); - if (priv->readonly) { - if (!(priv->conn = virConnectOpenReadOnly(name))) - goto cleanup; - } else { - if (!(priv->conn = virConnectOpen(name))) - goto cleanup; - } + if (remoteOpenConn(name, + priv->readonly, + preserveIdentity, + &priv->conn) < 0) + goto cleanup; VIR_DEBUG("Opened %p", priv->conn);
#ifndef LIBVIRTD @@ -2375,6 +2417,54 @@ remoteDispatchConnectClose(virNetServerPtr server ATTRIBUTE_UNUSED, }
+static int +remoteDispatchConnectSetIdentity(virNetServerPtr server ATTRIBUTE_UNUSED, + virNetServerClientPtr client, + virNetMessagePtr msg ATTRIBUTE_UNUSED, + virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
Why ATTRIBUTE_UNUSED? Seems used in the cleanup?
+ remote_connect_set_identity_args *args) +{ + virTypedParameterPtr params = NULL; + int nparams = 0; + int rv = -1; + virConnectPtr conn = remoteGetHypervisorConn(client); + virIdentityPtr ident = NULL;
(Trying to learn about coding style and conventions) Why is this not autounref here? Is there a convention that if you have explicit cleanup, you don't autounref?
+ if (!conn) + goto cleanup; + + VIR_DEBUG("Received forwarded identity"); + if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val, + args->params.params_len, + REMOTE_CONNECT_IDENTITY_PARAMS_MAX, + ¶ms, + &nparams) < 0) + goto cleanup;
Would it be useful to change the value rv over these cases, and if rv < 0, add a VIR_DEBUG with its value? Or is there sufficient debugging info from the individual calls already?
+ + VIR_TYPED_PARAMS_DEBUG(params, nparams); + + if (virConnectSetIdentityEnsureACL(conn) < 0) + goto cleanup; + + if (!(ident = virIdentityNew())) + goto cleanup; + + if (virIdentitySetParameters(ident, params, nparams) < 0) + goto cleanup; + + virNetServerClientSetIdentity(client, ident); + + rv = 0; + + cleanup: + virTypedParamsFree(params, nparams); + virObjectUnref(ident); + if (rv < 0) + virNetMessageSaveError(rerr); + return rv; +} + + + static int remoteDispatchDomainGetSchedulerType(virNetServerPtr server ATTRIBUTE_UNUSED, virNetServerClientPtr client, diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 889d62ba4f..e2d2dc66be 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -8510,6 +8510,7 @@ static virHypervisorDriver hypervisor_driver = { .name = "remote", .connectOpen = remoteConnectOpen, /* 0.3.0 */ .connectClose = remoteConnectClose, /* 0.3.0 */ + .connectSetIdentity = remoteConnectSetIdentity, /* 5.6.0 */ .connectSupportsFeature = remoteConnectSupportsFeature, /* 0.3.0 */ .connectGetType = remoteConnectGetType, /* 0.3.0 */ .connectGetVersion = remoteConnectGetVersion, /* 0.3.0 */ diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 2f91bd1921..42e61ba20f 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -53,6 +53,9 @@ typedef string remote_nonnull_string<REMOTE_STRING_MAX>; /* A long string, which may be NULL. */ typedef remote_nonnull_string *remote_string;
+/* Upper limit on identity parameters */ +const REMOTE_CONNECT_IDENTITY_PARAMS_MAX = 20; + /* Upper limit on lists of domains. */ const REMOTE_DOMAIN_LIST_MAX = 16384;
@@ -3723,6 +3726,11 @@ struct remote_domain_checkpoint_delete_args { unsigned int flags; };
+struct remote_connect_set_identity_args { + remote_typed_param params<REMOTE_DOMAIN_BLOCK_IO_TUNE_PARAMETERS_MAX>; + unsigned int flags; +}; + /*----- Protocol. -----*/
/* Define the program number, protocol version and procedure numbers here. */ @@ -6538,7 +6546,7 @@ enum remote_procedure { */ REMOTE_PROC_NETWORK_PORT_DELETE = 410,
- /** + /** * @generate: both * @acl: domain:checkpoint * @acl: domain:fs_freeze:VIR_DOMAIN_CHECKPOINT_CREATE_QUIESCE @@ -6584,5 +6592,11 @@ enum remote_procedure { * @generate: both * @acl: domain:checkpoint */ - REMOTE_PROC_DOMAIN_CHECKPOINT_DELETE = 417 + REMOTE_PROC_DOMAIN_CHECKPOINT_DELETE = 417, + + /** + * @generate: client + * @acl: connect:write + */ + REMOTE_PROC_CONNECT_SET_IDENTITY = 418 }; diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs index a42b4a9671..05229f00c5 100644 --- a/src/remote_protocol-structs +++ b/src/remote_protocol-structs @@ -3105,6 +3105,13 @@ struct remote_domain_checkpoint_delete_args { remote_nonnull_domain_checkpoint checkpoint; u_int flags; }; +struct remote_connect_set_identity_args { + struct { + u_int params_len; + remote_typed_param * params_val;
Indent by 8 spaces and try to align variables in the same file? Nothing good could come out of it ;-)
+ } params; + u_int flags; +}; enum remote_procedure { REMOTE_PROC_CONNECT_OPEN = 1, REMOTE_PROC_CONNECT_CLOSE = 2, @@ -3523,4 +3530,5 @@ enum remote_procedure { REMOTE_PROC_DOMAIN_CHECKPOINT_LOOKUP_BY_NAME = 415, REMOTE_PROC_DOMAIN_CHECKPOINT_GET_PARENT = 416, REMOTE_PROC_DOMAIN_CHECKPOINT_DELETE = 417, + REMOTE_PROC_CONNECT_SET_IDENTITY = 418, }; diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 1f020a5a04..2a278171f5 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -844,6 +844,18 @@ virIdentityPtr virNetServerClientGetIdentity(virNetServerClientPtr client) }
+void virNetServerClientSetIdentity(virNetServerClientPtr client, + virIdentityPtr identity) +{ + virObjectLock(client); + virObjectUnref(client->identity); + client->identity = identity; + if (client->identity) + virObjectRef(client->identity); + virObjectUnlock(client); +} + + int virNetServerClientGetSELinuxContext(virNetServerClientPtr client, char **context) { diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h index 1b01bedbcb..1c520fef6b 100644 --- a/src/rpc/virnetserverclient.h +++ b/src/rpc/virnetserverclient.h @@ -123,6 +123,8 @@ int virNetServerClientGetSELinuxContext(virNetServerClientPtr client, char **context);
virIdentityPtr virNetServerClientGetIdentity(virNetServerClientPtr client); +void virNetServerClientSetIdentity(virNetServerClientPtr client, + virIdentityPtr identity);
void *virNetServerClientGetPrivateData(virNetServerClientPtr client);
-- 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> -- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, Jul 30, 2019 at 11:32:22AM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
When opening a connection to a second driver inside the daemon, we must ensure the identity of the current user is passed across. This allows the second daemon to perform access control checks against the real end users, instead of against the libvirt daemon that's proxying across the API calls.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt_remote.syms | 1 + src/remote/remote_daemon_dispatch.c | 110 +++++++++++++++++++++++++--- src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 18 ++++- src/remote_protocol-structs | 8 ++ src/rpc/virnetserverclient.c | 12 +++ src/rpc/virnetserverclient.h | 2 + 7 files changed, 140 insertions(+), 12 deletions(-)
+static int +remoteDispatchConnectSetIdentity(virNetServerPtr server ATTRIBUTE_UNUSED, + virNetServerClientPtr client, + virNetMessagePtr msg ATTRIBUTE_UNUSED, + virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
Why ATTRIBUTE_UNUSED? Seems used in the cleanup?
copy+paste mistake
+ remote_connect_set_identity_args *args) +{ + virTypedParameterPtr params = NULL; + int nparams = 0; + int rv = -1; + virConnectPtr conn = remoteGetHypervisorConn(client); + virIdentityPtr ident = NULL;
(Trying to learn about coding style and conventions) Why is this not autounref here? Is there a convention that if you have explicit cleanup, you don't autounref?
autounref is our preferred modern style. I'm just not in the habit well enough, especially when copying existnig code.
+ if (!conn) + goto cleanup; + + VIR_DEBUG("Received forwarded identity"); + if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val, + args->params.params_len, + REMOTE_CONNECT_IDENTITY_PARAMS_MAX, + ¶ms, + &nparams) < 0) + goto cleanup;
Would it be useful to change the value rv over these cases, and if rv < 0, add a VIR_DEBUG with its value? Or is there sufficient debugging info from the individual calls already?
By convention in libvirt the return values are usually only ever -1 or 0. We have only a few places with return '-errno' in the code. So we don't need to report the return value most of the time.
+ + VIR_TYPED_PARAMS_DEBUG(params, nparams); + + if (virConnectSetIdentityEnsureACL(conn) < 0) + goto cleanup; + + if (!(ident = virIdentityNew())) + goto cleanup; + + if (virIdentitySetParameters(ident, params, nparams) < 0) + goto cleanup; + + virNetServerClientSetIdentity(client, ident); + + rv = 0; + + cleanup: + virTypedParamsFree(params, nparams); + virObjectUnref(ident); + if (rv < 0) + virNetMessageSaveError(rerr); + return rv; +} + + + static int remoteDispatchDomainGetSchedulerType(virNetServerPtr server ATTRIBUTE_UNUSED, virNetServerClientPtr client,
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs index a42b4a9671..05229f00c5 100644 --- a/src/remote_protocol-structs +++ b/src/remote_protocol-structs @@ -3105,6 +3105,13 @@ struct remote_domain_checkpoint_delete_args { remote_nonnull_domain_checkpoint checkpoint; u_int flags; }; +struct remote_connect_set_identity_args { + struct { + u_int params_len; + remote_typed_param * params_val;
Indent by 8 spaces and try to align variables in the same file? Nothing good could come out of it ;-)
This particular file content has to match the auto-generated output from the 'pdwtags' command. It is basically a sanity check to catch people who mistakenly change something in the remote protocol which would break ABI.
+ } params; + u_int flags; +};
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
+++ b/src/remote/remote_daemon_dispatch.c @@ -1945,10 +1946,15 @@ static void remoteClientCloseFunc(virNetServerClientPtr client) static int remoteOpenConn(const char *uri, bool readonly, + bool preserveIdentity, virConnectPtr *conn) { [...] if (!*conn) - return -1; + goto error; VIR_DEBUG("Opened driver %p", *conn); + + if (preserveIdentity) { + if (virConnectSetIdentity(*conn, params, nparams, 0) < 0) + goto error; + + virTypedParamsFree(params, nparams); + VIR_DEBUG("Forwarded current identity to secondary driver"); + } + return 0; + + error: + virTypedParamsFree(params, nparams); + if (*conn) { + virConnectClose(*conn); + *conn = NULL; + } + return -1;
Here I would go for the tried and true virTypedParameterPtr params = NULL; int nparams = 0; int ret = -1; if (operationFailed) goto error; ret = 0; cleanup: virTypedParamsFree(params, nparams); return ret; error: if (*conn) { virConnectClose(*conn); *conn = NULL; } goto cleanup; Less repetition, and more difficult to get wrong even as other people come in and make changes :) [...]
@@ -1992,6 +2025,7 @@ remoteGetInterfaceConn(virNetServerClientPtr client)
if (remoteOpenConn(priv->interfaceURI, priv->readonly, + true, &priv->interfaceConn) < 0)
So when opening secondary drivers, we'll always attempt to preserve the user identity... [...]
@@ -2264,14 +2304,16 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED, } #endif
+#ifdef VIRTPROXYD + preserveIdentity = true; +#endif /* VIRTPROXYD */
... and we'll do the same when forwarding a connection to hypervisor daemons through virtproxyd. Makes sense to me, I'm just not seeing the check ensuring we're running as the same user that you hinted to in patch 43... Is it enough to consider virtproxyd trusted for the hypervisor drivers, and in turn the hypervisor drivers trusted for the secondary drivers, as we seem to be doing here?
+static int +remoteDispatchConnectSetIdentity(virNetServerPtr server ATTRIBUTE_UNUSED, + virNetServerClientPtr client, + virNetMessagePtr msg ATTRIBUTE_UNUSED, + virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED, + remote_connect_set_identity_args *args)
As Christophe already pointed out, rerr is actually used.
+{ + virTypedParameterPtr params = NULL; + int nparams = 0; + int rv = -1;
Usually we call this 'ret'.
+ virConnectPtr conn = remoteGetHypervisorConn(client); + virIdentityPtr ident = NULL;
Again as pointed out by Christophe, this can be VIR_AUTOUNREF()d.
+++ b/src/remote/remote_protocol.x +struct remote_connect_set_identity_args { + remote_typed_param params<REMOTE_DOMAIN_BLOCK_IO_TUNE_PARAMETERS_MAX>;
Pretty sure you want to use REMOTE_CONNECT_IDENTITY_PARAMS_MAX here.
@@ -6538,7 +6546,7 @@ enum remote_procedure { */ REMOTE_PROC_NETWORK_PORT_DELETE = 410,
- /** + /**
Unrelated indentation change, but one that's probably not deserving of its own patch... Anyway, while the changes overall look good, there are still a few open questions that I hope you'll address. It also doesn't work at all for me, at least in legacy mode on a Fedora 30 machine where I installed the result of 'make rpm' on top of the distro packages: $ sudo systemctl start libvirtd Job for libvirtd.service failed because the control process exited with error code. See "systemctl status libvirtd.service" and "journalctl -xe" for details. $ sudo journalctl -b 0 -u libvirtd ... Jul 30 20:06:10 kinshicho systemd[1]: Failed to start Virtualization daemon. Jul 30 23:24:39 kinshicho systemd[1]: Starting Virtualization daemon... Jul 30 23:24:40 kinshicho systemd[1]: libvirtd.service: Main process exited, code=exited, status=6/NOTCONFIGURED Jul 30 23:24:40 kinshicho systemd[1]: libvirtd.service: Failed with result 'exit-code'. -- Andrea Bolognani / Red Hat / Virtualization
On Tue, 2019-07-30 at 23:30 +0200, Andrea Bolognani wrote:
On Mon, 2019-07-29 at 18:11 +0100, Daniel P. Berrangé wrote:
+++ b/src/remote/remote_protocol.x @@ -6538,7 +6546,7 @@ enum remote_procedure { */ REMOTE_PROC_NETWORK_PORT_DELETE = 410,
- /** + /**
Unrelated indentation change, but one that's probably not deserving of its own patch...
Nevermind :) commit b0ecc0a04cfcfc706e252d3960f7f10db45c9186 Author: Eric Blake <eblake@redhat.com> Date: Tue Jul 30 16:46:55 2019 -0500 backup: remote: Trivial whitespace fix I messed up formatting during conflict resolution across rebasing while preparing my checkpoint patches :) Signed-off-by: Eric Blake <eblake@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
Daniel P. Berrangé writes:
This is what all the driver refactoring I've done has been about enabling.
We gain new daemons for each driver, for the primary virt drivers:
virtlibxld
virtxend?
virtlxcd virtqemud virtvboxd virtvzd
And again for the secondary drivers
virtinterfaced virtnetworkd virtnodedevd virtnwfilterd virtsecretd virtstoraged
Finally to support IP connectivity, and also the legacy lbivirtd UNIX domain socket (for the old libvirt remote driver SSH tunnelling):
virtproxyd
The the sake of facilitating upgrades, the existing libvirtd still exists and works the same way it always has.
You either run libvirtd, or you run the per-driver daemons, never both.
What happens if you run both? (I'll try to figure out by reviewing the rest of the code and/or testing)
The remote driver will look to see whether libvirtd is running to figure out whether to connect to libvirtd or the new per-driver daemons.
When auto-spawning daemons for nonroot users, we default to spawning the per-driver daemons.
This can be controlled with a UR parameter "?mode=direct|legacy|auto", where 'direct' means per-driver and 'legacy' means libvirtd (or indirect via virtproxyd if that's running).
Changed in v3:
- Add identity forwarding between daemons for polkit auth - Make virtxend sockets conditional on Xen kernel - Other misc review fixes
Changed in v2:
- Added systemd unit files for service & sockets, ensuring conflicts with libvirtd - Fixed proxy to actually handle probing of URIs (still not quite perfect) - Renamed virtlibxld to virtxend as "xen" is the user facing name of the URI - Lazy loading of secondary drivers, so connecting to virtqemud does't auto-spawn all secondary driver daemons, until a relevant API is actually invoked - Actually generated config files / augeas files per daemon - Abort daemon startup if driver fails to load - Many other fixes
A few nice to have things, but not merge blocking
- MAYBE make it possible to disable build of libvirtd, or of the per-driver daemons so downstream vendors can decide which to ship. Alternatively they can just not include the binary in the package file list ? - Tuning of the daemon defaults for worker threads to better suit the fact that we have per-driver daemons - More work on RPM packaging to allow install of per-driver daemosn
"daemons"
without pulling in libvirtd too
Daniel P. Berrangé (48): build: make augeas-gentest.pl write to stdout build: collapse rules adding augeas tests to CLEANFILES build: create all augeas test files in same dir as their source build: use a common rule for checking augeas test data files build: centralize rule for handling generated config files remote: stop trying to print help as giant blocks of text remote: conditionalize socket names in libvirtd daemon remote: conditionalize daemon name in libvirtd daemon remote: conditionalize driver loading in libvirtd daemon remote: conditionalize IP socket usage in libvirtd daemon build: use @CONFIG@ instead of ::CONFIG:: in augeas tests remote: conditionalize IP socket config in libvirtd.conf remote: conditionalize IP socket config in augeas definitions remote: refactor & rename variables for building libvirtd build: don't hardcode /etc in the config related files remote: reduce duplication in systemd unit file make rules into one remote: conditionalize systemd socket unit files remote: refactor how list of systemd unit files is built remote: in per-driver daemons ensure that state initialize succeeds remote: introduce virtproxyd daemon to handle IP connectivity secret: introduce virtsecretd daemon network: introduce virtnetworkd daemon interface: introduce virtinterfaced daemon storage: introduce virtstoraged daemon nodedev: introduce virtnodedevd daemon nwfilter: introduce virtnwfilterd daemon libxl: introduce virtxend daemon qemu: introduce virtqemud daemon lxc: introduce virtlxcd daemon vbox: introduce virtvboxd daemon bhyve: introduce virtbhyved daemon vz: introduce virtvzd daemon admin: add ability to connect to the per-driver daemon sockets remote: get rid of bogus ATTRIBUTE_UNUSED annotation client param remote: change generated methods to not directly access connection remote: fix lock ordering mistake in event registration remote: change hand written methods to not directly access connection remote: open secondary drivers via remote driver if needed remote: handle autoprobing of driver within virtproxyd remote: use enum helpers for parsing remote driver transport remote: refactor the code for choosing the UNIX socket path remote: enable connecting to the per-driver daemons api: introduce virConnectSetIdentity for pasing uid, gid, selinux info util: change identity class attribute names util: make generic identity accessors private util: storage identity attrs as virTypedParameter internally util: allow identity to be imported/exported as typed parameters remote: pass identity across to newly opened daemons
.gitignore | 62 +- build-aux/augeas-gentest.pl | 22 +- docs/remote.html.in | 18 + include/libvirt/libvirt-host.h | 75 + libvirt.spec.in | 91 ++ m4/virt-driver-remote.m4 | 15 + src/Makefile.am | 30 +- src/access/viraccessdriverpolkit.c | 12 +- src/admin/admin_server.c | 10 +- src/admin/admin_server_dispatch.c | 9 + src/bhyve/Makefile.inc.am | 55 +- src/bhyve/bhyve_driver.c | 10 +- src/bhyve/test_libvirtd_bhyve.aug.in | 2 +- src/driver-hypervisor.h | 7 + src/driver-state.h | 8 +- src/driver.h | 2 + src/interface/Makefile.inc.am | 62 + src/interface/interface_backend_netcf.c | 8 +- src/interface/interface_backend_udev.c | 4 +- src/interface/virtinterfaced.service.in | 24 + src/libvirt-admin.c | 32 +- src/libvirt-host.c | 51 + src/libvirt.c | 42 +- src/libvirt_internal.h | 1 + src/libvirt_private.syms | 29 +- src/libvirt_public.syms | 1 + src/libvirt_remote.syms | 1 + src/libxl/Makefile.inc.am | 80 +- src/libxl/libxl_driver.c | 10 +- src/libxl/test_libvirtd_libxl.aug.in | 2 +- src/libxl/virtxend.service.in | 26 + src/locking/Makefile.inc.am | 77 +- src/locking/test_libvirt_lockd.aug.in | 2 +- src/locking/test_libvirt_sanlock.aug.in | 2 +- src/locking/test_virtlockd.aug.in | 2 +- src/locking/virtlockd.service.in | 2 +- src/logging/Makefile.inc.am | 23 +- src/logging/test_virtlogd.aug.in | 2 +- src/logging/virtlogd.service.in | 2 +- src/lxc/Makefile.inc.am | 77 +- src/lxc/lxc_driver.c | 12 +- src/lxc/test_libvirtd_lxc.aug.in | 2 +- src/lxc/virtlxcd.service.in | 40 + src/network/Makefile.inc.am | 61 + src/network/bridge_driver.c | 4 +- src/network/virtnetworkd.service.in | 25 + src/node_device/Makefile.inc.am | 62 + src/node_device/node_device_hal.c | 12 +- src/node_device/node_device_udev.c | 8 +- src/node_device/virtnodedevd.service.in | 24 + src/nwfilter/Makefile.inc.am | 62 + src/nwfilter/nwfilter_driver.c | 12 +- src/nwfilter/virtnwfilterd.service.in | 24 + src/qemu/Makefile.inc.am | 76 +- src/qemu/qemu_driver.c | 8 +- src/qemu/test_libvirtd_qemu.aug.in | 2 +- src/qemu/virtqemud.service.in | 40 + src/remote/Makefile.inc.am | 285 ++-- src/remote/libvirtd-admin.socket.in | 15 +- src/remote/libvirtd-ro.socket.in | 15 +- src/remote/libvirtd-tcp.socket.in | 13 +- src/remote/libvirtd-tls.socket.in | 13 +- src/remote/{libvirtd.aug => libvirtd.aug.in} | 26 +- .../{libvirtd.conf => libvirtd.conf.in} | 60 +- src/remote/libvirtd.service.in | 2 +- src/remote/libvirtd.socket.in | 11 +- src/remote/remote_daemon.c | 302 ++-- src/remote/remote_daemon.h | 13 + src/remote/remote_daemon_config.c | 47 +- src/remote/remote_daemon_config.h | 10 +- src/remote/remote_daemon_dispatch.c | 1354 ++++++++++------- src/remote/remote_driver.c | 424 ++++-- src/remote/remote_driver.h | 4 - src/remote/remote_protocol.x | 18 +- src/remote/test_libvirtd.aug.in | 24 +- src/remote/virtproxyd.service.in | 24 + src/remote_protocol-structs | 8 + src/rpc/gendispatch.pl | 96 +- src/rpc/virnetserverclient.c | 24 +- src/rpc/virnetserverclient.h | 2 + src/secret/Makefile.inc.am | 62 + src/secret/secret_driver.c | 8 +- src/secret/virtsecretd.service.in | 24 + src/storage/Makefile.inc.am | 61 + src/storage/storage_driver.c | 8 +- src/storage/virtstoraged.service.in | 26 + src/util/viridentity.c | 483 +++--- src/util/viridentity.h | 87 +- src/vbox/Makefile.inc.am | 62 + src/vbox/virtvboxd.service.in | 25 + src/vz/Makefile.inc.am | 62 + src/vz/virtvzd.service.in | 25 + src/vz/vz_driver.c | 14 +- tests/viridentitytest.c | 97 +- tests/virnetserverclienttest.c | 45 +- tools/libvirt-guests.service.in | 2 +- 96 files changed, 3642 insertions(+), 1703 deletions(-) create mode 100644 src/interface/virtinterfaced.service.in create mode 100644 src/libxl/virtxend.service.in create mode 100644 src/lxc/virtlxcd.service.in create mode 100644 src/network/virtnetworkd.service.in create mode 100644 src/node_device/virtnodedevd.service.in create mode 100644 src/nwfilter/virtnwfilterd.service.in create mode 100644 src/qemu/virtqemud.service.in rename src/remote/{libvirtd.aug => libvirtd.aug.in} (89%) rename src/remote/{libvirtd.conf => libvirtd.conf.in} (92%) create mode 100644 src/remote/virtproxyd.service.in create mode 100644 src/secret/virtsecretd.service.in create mode 100644 src/storage/virtstoraged.service.in create mode 100644 src/vbox/virtvboxd.service.in create mode 100644 src/vz/virtvzd.service.in
-- 2.21.0
-- Cheers, Christophe de Dinechin (IRC c3d)
On Tue, Jul 30, 2019 at 11:05:25AM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
This is what all the driver refactoring I've done has been about enabling.
We gain new daemons for each driver, for the primary virt drivers:
virtlibxld
virtxend?
virtlxcd virtqemud virtvboxd virtvzd
And again for the secondary drivers
virtinterfaced virtnetworkd virtnodedevd virtnwfilterd virtsecretd virtstoraged
Finally to support IP connectivity, and also the legacy lbivirtd UNIX domain socket (for the old libvirt remote driver SSH tunnelling):
virtproxyd
The the sake of facilitating upgrades, the existing libvirtd still exists and works the same way it always has.
You either run libvirtd, or you run the per-driver daemons, never both.
What happens if you run both? (I'll try to figure out by reviewing the rest of the code and/or testing)
The drivers acquire an exclusive lock, causing the 2nd daemon to fail to startup $ ./src/libvirtd & $ ./src/virtqemud 2019-07-30 09:36:34.339+0000: 22809: info : libvirt version: 5.6.0 2019-07-30 09:36:34.339+0000: 22809: info : hostname: dhcp-16-132.lcy.redhat.com 2019-07-30 09:36:34.339+0000: 22809: error : virPidFileAcquirePath:376 : Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:36:34.339+0000: 22809: error : virStateInitialize:688 : Initialisation of QEMU state driver failed: Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:36:34.339+0000: 22809: error : daemonRunStateInit:821 : Driver state initialisation failed The same works the other way around too $ ./src/virtqemud & $ ./src/libvirtd 2019-07-30 09:37:45.398+0000: 23109: info : libvirt version: 5.6.0 2019-07-30 09:37:45.398+0000: 23109: info : hostname: dhcp-16-132.lcy.redhat.com 2019-07-30 09:37:45.398+0000: 23109: error : virPidFileAcquirePath:376 : Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:37:45.398+0000: 23109: error : virStateInitialize:688 : Initialisation of QEMU state driver failed: Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:37:45.398+0000: 23109: error : daemonRunStateInit:821 : Driver state initialisation failed the systemd unit files also have Conflicts rules which should prevent even getting that far Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 30 Jul 2019, at 11:38, Daniel P. Berrangé <berrange@redhat.com> wrote:
On Tue, Jul 30, 2019 at 11:05:25AM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
This is what all the driver refactoring I've done has been about enabling.
We gain new daemons for each driver, for the primary virt drivers:
virtlibxld
virtxend?
virtlxcd virtqemud virtvboxd virtvzd
And again for the secondary drivers
virtinterfaced virtnetworkd virtnodedevd virtnwfilterd virtsecretd virtstoraged
Finally to support IP connectivity, and also the legacy lbivirtd UNIX domain socket (for the old libvirt remote driver SSH tunnelling):
virtproxyd
The the sake of facilitating upgrades, the existing libvirtd still exists and works the same way it always has.
You either run libvirtd, or you run the per-driver daemons, never both.
What happens if you run both? (I'll try to figure out by reviewing the rest of the code and/or testing)
The drivers acquire an exclusive lock, causing the 2nd daemon to fail to startup
$ ./src/libvirtd &
$ ./src/virtqemud 2019-07-30 09:36:34.339+0000: 22809: info : libvirt version: 5.6.0 2019-07-30 09:36:34.339+0000: 22809: info : hostname: dhcp-16-132.lcy.redhat.com 2019-07-30 09:36:34.339+0000: 22809: error : virPidFileAcquirePath:376 : Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:36:34.339+0000: 22809: error : virStateInitialize:688 : Initialisation of QEMU state driver failed: Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:36:34.339+0000: 22809: error : daemonRunStateInit:821 : Driver state initialisation failed
The same works the other way around too
$ ./src/virtqemud &
$ ./src/libvirtd 2019-07-30 09:37:45.398+0000: 23109: info : libvirt version: 5.6.0 2019-07-30 09:37:45.398+0000: 23109: info : hostname: dhcp-16-132.lcy.redhat.com 2019-07-30 09:37:45.398+0000: 23109: error : virPidFileAcquirePath:376 : Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:37:45.398+0000: 23109: error : virStateInitialize:688 : Initialisation of QEMU state driver failed: Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:37:45.398+0000: 23109: error : daemonRunStateInit:821 : Driver state initialisation failed
the systemd unit files also have Conflicts rules which should prevent even getting that far
Thanks for testing. But that can only work for one deamon which shares the lock file name with libvirtd. What about the other drivers? I guess they can’t all share the same lock file, or I missed something big in the design. (Sorry, still reviewing, so did not really have time to try it yet)
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Tue, Jul 30, 2019 at 12:13:30PM +0200, Christophe de Dinechin wrote:
On 30 Jul 2019, at 11:38, Daniel P. Berrangé <berrange@redhat.com> wrote:
On Tue, Jul 30, 2019 at 11:05:25AM +0200, Christophe de Dinechin wrote:
Daniel P. Berrangé writes:
This is what all the driver refactoring I've done has been about enabling.
We gain new daemons for each driver, for the primary virt drivers:
virtlibxld
virtxend?
virtlxcd virtqemud virtvboxd virtvzd
And again for the secondary drivers
virtinterfaced virtnetworkd virtnodedevd virtnwfilterd virtsecretd virtstoraged
Finally to support IP connectivity, and also the legacy lbivirtd UNIX domain socket (for the old libvirt remote driver SSH tunnelling):
virtproxyd
The the sake of facilitating upgrades, the existing libvirtd still exists and works the same way it always has.
You either run libvirtd, or you run the per-driver daemons, never both.
What happens if you run both? (I'll try to figure out by reviewing the rest of the code and/or testing)
The drivers acquire an exclusive lock, causing the 2nd daemon to fail to startup
$ ./src/libvirtd &
$ ./src/virtqemud 2019-07-30 09:36:34.339+0000: 22809: info : libvirt version: 5.6.0 2019-07-30 09:36:34.339+0000: 22809: info : hostname: dhcp-16-132.lcy.redhat.com 2019-07-30 09:36:34.339+0000: 22809: error : virPidFileAcquirePath:376 : Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:36:34.339+0000: 22809: error : virStateInitialize:688 : Initialisation of QEMU state driver failed: Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:36:34.339+0000: 22809: error : daemonRunStateInit:821 : Driver state initialisation failed
The same works the other way around too
$ ./src/virtqemud &
$ ./src/libvirtd 2019-07-30 09:37:45.398+0000: 23109: info : libvirt version: 5.6.0 2019-07-30 09:37:45.398+0000: 23109: info : hostname: dhcp-16-132.lcy.redhat.com 2019-07-30 09:37:45.398+0000: 23109: error : virPidFileAcquirePath:376 : Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:37:45.398+0000: 23109: error : virStateInitialize:688 : Initialisation of QEMU state driver failed: Failed to acquire pid file '/run/user/501/libvirt/qemu/run/driver.pid': Resource temporarily unavailable 2019-07-30 09:37:45.398+0000: 23109: error : daemonRunStateInit:821 : Driver state initialisation failed
the systemd unit files also have Conflicts rules which should prevent even getting that far
Thanks for testing. But that can only work for one deamon which shares the lock file name with libvirtd. What about the other drivers? I guess they can’t all share the same lock file, or I missed something big in the design.
Libvirt has many drivers (qemu, lxc, bhyve, libxl, storage, network). Each one of these acquires its own lock file under its own private directory - either /var/run/libvirt/$DRIVERNAME/driver.pid (as root) or /run/user/$UID/libvirt/$DRIVERNAME/run/driver.pid (as non-root). Libvirtd loads all the drivers, so will end up holding a lock for every driver it has loaded. Each new driver only loads a single driver and so will hold a single lock. The daemons themselves also hold their own locks to prevent the same daemon being started twice. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (5)
-
Andrea Bolognani -
Christophe de Dinechin -
Christophe de Dinechin -
Daniel P. Berrangé -
Ján Tomko