12:09 p.m.
Peter Krempa (3):
kbase: debuglogs: Emphasize disabling daemon timeout in 'TL;DR'
section
docs: manpages: Clarify that only TLS/TCP remote access needs
'virtproxyd'
docs: manpages: State that TCP connection is insecure in 'virtproxyd'
man page
docs/kbase/debuglogs.rst | 6 ++++--
docs/manpages/virtbhyved.rst | 4 ++--
docs/manpages/virtinterfaced.rst | 4 ++--
docs/manpages/virtlxcd.rst | 4 ++--
docs/manpages/virtnetworkd.rst | 4 ++--
docs/manpages/virtnodedevd.rst | 4 ++--
docs/manpages/virtnwfilterd.rst | 4 ++--
docs/manpages/virtproxyd.rst | 3 +++
docs/manpages/virtqemud.rst | 4 ++--
docs/manpages/virtsecretd.rst | 4 ++--
docs/manpages/virtstoraged.rst | 4 ++--
docs/manpages/virtvboxd.rst | 4 ++--
docs/manpages/virtvzd.rst | 4 ++--
docs/manpages/virtxend.rst | 4 ++--
14 files changed, 31 insertions(+), 26 deletions(-)
--
2.39.2
12:09 p.m.
New subject: [PATCH 1/3] kbase: debuglogs: Emphasize disabling daemon timeout in 'TL; DR' section
Disabling the daemon timeout is important so that the settings don't get
discarded. Remove the comment saying it's optional and add a paragraph
outlining what to do if it is not available.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/kbase/debuglogs.rst | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/docs/kbase/debuglogs.rst b/docs/kbase/debuglogs.rst
index 811ccf0102..f08132d099 100644
--- a/docs/kbase/debuglogs.rst
+++ b/docs/kbase/debuglogs.rst
@@ -25,10 +25,12 @@ the system clears this setting::
# virt-admin -c virtqemud:///system daemon-log-outputs "3:journald
1:file:/var/log/libvirt/libvirtd.log"
# virt-admin -c virtqemud:///system daemon-log-filters "3:remote 4:event
3:util.json 3:util.object 3:util.dbus 3:util.netlink 3:node_device 3:rpc 3:access
1:*"
-
- # # optionally disable timeout of the daemon
# virt-admin -c virtqemud:///system daemon-timeout 0
+The last command disabling timeout of the daemon is available since
+``libvirt-8.6.0``. With older versions make sure to reproduce the issue within
+120 seconds or have a VM running which prevents the daemon from timing out.
+
For any other configuration please read the rest of the document. If you want
to persist the log level and log outputs settings edit
``/etc/libvirt/virtqemud.conf`` and look for ``log-filters`` and ``log-outputs``
--
2.39.2
12:09 p.m.
New subject: [PATCH 2/3] docs: manpages: Clarify that only TLS/TCP remote access needs 'virtproxyd'
Spell out that TCP and TLS needs virtproxyd as 'off-host' might mean
that also ssh transport requires it.
Also fix the name of the 'virtproxyd' daemon.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/manpages/virtbhyved.rst | 4 ++--
docs/manpages/virtinterfaced.rst | 4 ++--
docs/manpages/virtlxcd.rst | 4 ++--
docs/manpages/virtnetworkd.rst | 4 ++--
docs/manpages/virtnodedevd.rst | 4 ++--
docs/manpages/virtnwfilterd.rst | 4 ++--
docs/manpages/virtqemud.rst | 4 ++--
docs/manpages/virtsecretd.rst | 4 ++--
docs/manpages/virtstoraged.rst | 4 ++--
docs/manpages/virtvboxd.rst | 4 ++--
docs/manpages/virtvzd.rst | 4 ++--
docs/manpages/virtxend.rst | 4 ++--
12 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/docs/manpages/virtbhyved.rst b/docs/manpages/virtbhyved.rst
index 895fb97ffe..b9e0402f85 100644
--- a/docs/manpages/virtbhyved.rst
+++ b/docs/manpages/virtbhyved.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for bhyve
virtual
machines.
The ``virtbhyved`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtbhyved`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtinterfaced.rst b/docs/manpages/virtinterfaced.rst
index bdd4be7d87..247a8c4009 100644
--- a/docs/manpages/virtinterfaced.rst
+++ b/docs/manpages/virtinterfaced.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for host
network
interfaces.
The ``virtinterfaced`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtinterfaced`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtlxcd.rst b/docs/manpages/virtlxcd.rst
index 709c893ca6..a0c1dbbbaa 100644
--- a/docs/manpages/virtlxcd.rst
+++ b/docs/manpages/virtlxcd.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for LXC
containers.
The ``virtlxcd`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtlxcd`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtnetworkd.rst b/docs/manpages/virtnetworkd.rst
index 2932e7c213..22b3fc0f2d 100644
--- a/docs/manpages/virtnetworkd.rst
+++ b/docs/manpages/virtnetworkd.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for
virtual
networks.
The ``virtnetworkd`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtnetworkd`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtnodedevd.rst b/docs/manpages/virtnodedevd.rst
index 9044946ad6..0948318907 100644
--- a/docs/manpages/virtnodedevd.rst
+++ b/docs/manpages/virtnodedevd.rst
@@ -29,8 +29,8 @@ previously provided by the monolithic ``libvirtd`` daemon.
This daemon runs on virtualization hosts to provide management for host devices.
The ``virtnodedevd`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtnodedevd`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtnwfilterd.rst b/docs/manpages/virtnwfilterd.rst
index c90f71cfd2..b1fc45e7a2 100644
--- a/docs/manpages/virtnwfilterd.rst
+++ b/docs/manpages/virtnwfilterd.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for
network
filters.
The ``virtnwfilterd`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtnwfilterd`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtqemud.rst b/docs/manpages/virtqemud.rst
index 25cd5361dc..42810d7146 100644
--- a/docs/manpages/virtqemud.rst
+++ b/docs/manpages/virtqemud.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for QEMU
virtual
machines.
The ``virtqemud`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtqemud`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtsecretd.rst b/docs/manpages/virtsecretd.rst
index 3c88f9b4d0..21138b630a 100644
--- a/docs/manpages/virtsecretd.rst
+++ b/docs/manpages/virtsecretd.rst
@@ -29,8 +29,8 @@ previously provided by the monolithic ``libvirtd`` daemon.
This daemon runs on virtualization hosts to provide management for secret data.
The ``virtsecretd`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtsecretd`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtstoraged.rst b/docs/manpages/virtstoraged.rst
index 5164547e88..70863282d1 100644
--- a/docs/manpages/virtstoraged.rst
+++ b/docs/manpages/virtstoraged.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for
storage
pools.
The ``virtstoraged`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtstoraged`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtvboxd.rst b/docs/manpages/virtvboxd.rst
index 0c551b8c09..f449e0e29d 100644
--- a/docs/manpages/virtvboxd.rst
+++ b/docs/manpages/virtvboxd.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for
VirtualBox
virtual machines.
The ``virtvboxd`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtvboxd`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtvzd.rst b/docs/manpages/virtvzd.rst
index a5f351c27e..aa44885d46 100644
--- a/docs/manpages/virtvzd.rst
+++ b/docs/manpages/virtvzd.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for
Virtuozzo
virtual machines.
The ``virtvzd`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtvzd`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
diff --git a/docs/manpages/virtxend.rst b/docs/manpages/virtxend.rst
index eda210f5dd..39ddcc4efc 100644
--- a/docs/manpages/virtxend.rst
+++ b/docs/manpages/virtxend.rst
@@ -30,8 +30,8 @@ This daemon runs on virtualization hosts to provide management for Xen
virtual
machines.
The ``virtxend`` daemon only listens for requests on a local Unix domain
-socket. Remote off-host access and backwards compatibility with legacy
-clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+socket. Remote access via TLS/TCP and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxyd`` daemon.
Restarting ``virtxend`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
--
2.39.2
12:09 p.m.
New subject: [PATCH 3/3] docs: manpages: State that TCP connection is insecure in 'virtproxyd' man page
Copy the wording we have in docs/uri.rst
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/manpages/virtproxyd.rst | 3 +++
1 file changed, 3 insertions(+)
diff --git a/docs/manpages/virtproxyd.rst b/docs/manpages/virtproxyd.rst
index 814575e504..cb29ccbaad 100644
--- a/docs/manpages/virtproxyd.rst
+++ b/docs/manpages/virtproxyd.rst
@@ -73,6 +73,9 @@ Or
$ systemctl start virtproxyd-tcp.socket
+**Note**: The TCP socket uses plain unencrypted TCP connection and thus is
+insecure and should not be used.
+
Traditional service mode
------------------------
--
2.39.2
1:36 p.m.
On 4/20/23 11:09, Peter Krempa wrote:
Peter Krempa (3):
kbase: debuglogs: Emphasize disabling daemon timeout in 'TL;DR'
section
docs: manpages: Clarify that only TLS/TCP remote access needs
'virtproxyd'
docs: manpages: State that TCP connection is insecure in 'virtproxyd'
man page
docs/kbase/debuglogs.rst | 6 ++++--
docs/manpages/virtbhyved.rst | 4 ++--
docs/manpages/virtinterfaced.rst | 4 ++--
docs/manpages/virtlxcd.rst | 4 ++--
docs/manpages/virtnetworkd.rst | 4 ++--
docs/manpages/virtnodedevd.rst | 4 ++--
docs/manpages/virtnwfilterd.rst | 4 ++--
docs/manpages/virtproxyd.rst | 3 +++
docs/manpages/virtqemud.rst | 4 ++--
docs/manpages/virtsecretd.rst | 4 ++--
docs/manpages/virtstoraged.rst | 4 ++--
docs/manpages/virtvboxd.rst | 4 ++--
docs/manpages/virtvzd.rst | 4 ++--
docs/manpages/virtxend.rst | 4 ++--
14 files changed, 31 insertions(+), 26 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Michal
728
days inactive
728
days old
4 comments
2 participants
participants (2)
-
Michal Prívozník -
Peter Krempa