[libvirt] [PATCH 3/4] remote: forbid the --listen arg when systemd socket activation

Mon Aug 26 14:06:47 UTC 2019

On Fri, Aug 23, 2019 at 04:11:42PM +0100, Daniel P. Berrangé wrote:
>When using systemd socket activation the --listen arg has no
>effect. This is confusing to users upgrading from previous versions of
>libvirt as their config is silently ignored. Turn use of --listen into a
>fatal error when sockets are passed from systemd.
>
>This helps the admin discover the change in behaviour and thus decide
>whether to stick with socket activation or revert to previous behaviour.
>
>Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
>---
> src/remote/libvirtd.pod    | 33 ++++++++++++++++++++++++++++++++-
> src/remote/remote_daemon.c |  7 +++++++
> 2 files changed, 39 insertions(+), 1 deletion(-)
>
>diff --git a/src/remote/libvirtd.pod b/src/remote/libvirtd.pod
>index 4721e0f4ec..fa30d6a37a 100644
>--- a/src/remote/libvirtd.pod
>+++ b/src/remote/libvirtd.pod
>@@ -30,6 +30,35 @@ and will be picked up automatically if their XML configuration has been
> defined.  Any guests whose XML configuration has not been defined will be lost
> from the configuration.
>
>+=head1 SYSTEM SOCKET ACTIVATION
>+
>+The B<libvirtd> daemon is capable of starting in two modes.
>+
>+In the traditional mode, it will create and listen on UNIX sockets itself.
>+If the B<--listen> parameter is given, it will also listen on TCP/IP socket(s),
>+according to the B<listen_tcp> and B<listen_tls> options in
>+B</etc/libvirt/libvirtd.conf>
>+
>+In socket activation mode, it will rely on systemd to create and listen
>+on the UNIX, and optionally TCP/IP, sockets and pass them as pre-opened
>+file descriptors. In this mode, it is not permitted to pass the B<--listen>
>+parameter, and most of the socket related config options in
>+B</etc/libvirt/libvirtd.conf> will no longer have any effect. To enable
>+TCP or TLS sockets use either
>+
>+B<$ systemctl start libvirtd-tls.socket>
>+
>+Or
>+
>+B<$ systemctl start libvirtd-tcp.socket>
>+
>+Socket activation mode is generally the default when running on a host
>+OS that uses systemd. To revert to the traditional mode, all the socket
>+unit files must be masked:
>+
>+B<$ systemctl mask libvirtd.socket libvirtd-ro.socket \
>+      libvirtd-admin.socket libvirtd-tls.socket libvirtd-tcp.socket>
>+
> =head1 OPTIONS
>
> =over
>@@ -48,7 +77,9 @@ Use this configuration file, overriding the default value.
>
> =item B<-l, --listen>
>
>-Listen for TCP/IP connections.
>+Listen for TCP/IP connections. This should not be set if using systemd
>+socket activation. Instead activate the libvirtd-tls.socket or
>+libvirtd-tcp.socket unit files.
>
> =item B<-p, --pid-file> I<FILE>
>
>diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
>index 1138485870..3970db09c0 100644
>--- a/src/remote/remote_daemon.c
>+++ b/src/remote/remote_daemon.c
>@@ -422,6 +422,13 @@ daemonSetupNetworking(virNetServerPtr srv,
>     if (virSystemdGetActivation(actmap, ARRAY_CARDINALITY(actmap), &act) < 0)
>         return -1;
>
>+#ifdef WITH_IP
>+    if (act && ipsock) {
>+        VIR_ERROR(_("--listen parameter not permitted with systemd activation sockets"));

Would it be possible to somehow fit in a reference to the man page?

Reviewed-by: Ján Tomko <jtomko at redhat.com>

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190826/f18c2642/attachment-0001.sig>