[libvirt] [PATCH v3 21/48] secret: introduce virtsecretd daemon

Christophe de Dinechin dinechin at redhat.com
Tue Jul 30 11:07:13 UTC 2019 

Daniel P. Berrangé writes:

> The virtsecretd daemon will be responsible for providing the secret API
> driver functionality. The secret driver is still loaded by the main
> libvirtd daemon at this stage, so virtsecretd must not be running at
> the same time.
>
> Reviewed-by: Andrea Bolognani <abologna at redhat.com>
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> ---
>  .gitignore                        |  4 ++
>  libvirt.spec.in                   |  8 ++++
>  src/secret/Makefile.inc.am        | 62 +++++++++++++++++++++++++++++++
>  src/secret/virtsecretd.service.in | 24 ++++++++++++
>  4 files changed, 98 insertions(+)
>  create mode 100644 src/secret/virtsecretd.service.in
>
> diff --git a/.gitignore b/.gitignore
> index 05bc166860..162b017c4a 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -166,12 +166,16 @@
>  /src/remote/virtproxyd.conf
>  /src/rpc/virkeepaliveprotocol.[ch]
>  /src/rpc/virnetprotocol.[ch]
> +/src/secret/test_virtsecretd.aug
> +/src/secret/virtsecretd.aug
> +/src/secret/virtsecretd.conf
>  /src/util/virkeycodetable*.h
>  /src/util/virkeynametable*.h
>  /src/virt-aa-helper
>  /src/virtlockd
>  /src/virtlogd
>  /src/virtproxyd
> +/src/virtsecretd
>  /src/virt-guest-shutdown.target
>  /tests/*.log
>  /tests/*.pid
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index c7f276b2bc..7eeb2b4f07 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -1634,6 +1634,14 @@ exit 0
>  %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
>
>  %files daemon-driver-secret
> +%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
> +%{_datadir}/augeas/lenses/virtsecretd.aug
> +%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
> +%{_unitdir}/virtsecretd.service
> +%{_unitdir}/virtsecretd.socket
> +%{_unitdir}/virtsecretd-ro.socket
> +%{_unitdir}/virtsecretd-admin.socket
> +%attr(0755, root, root) %{_sbindir}/virtsecretd
>  %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
>
>  %files daemon-driver-storage
> diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am
> index 7a1c8f8e1a..5535fc5862 100644
> --- a/src/secret/Makefile.inc.am
> +++ b/src/secret/Makefile.inc.am
> @@ -37,4 +37,66 @@ libvirt_driver_secret_la_LIBADD = \
>  	$(NULL)
>  libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
>  libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
> +
> +sbin_PROGRAMS += virtsecretd
> +
> +nodist_conf_DATA += secret/virtsecretd.conf
> +augeas_DATA += secret/virtsecretd.aug
> +augeastest_DATA += secret/test_virtsecretd.aug
> +CLEANFILES += secret/virtsecretd.aug
> +
> +virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES)
> +virtsecretd_CFLAGS = \
> +	$(REMOTE_DAEMON_CFLAGS) \
> +	-DDAEMON_NAME="\"virtsecretd\"" \
> +	-DMODULE_NAME="\"secret\"" \
> +	$(NULL)
> +virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
> +virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD)
> +
> +SYSTEMD_UNIT_FILES += \
> +	virtsecretd.service \
> +	virtsecretd.socket \
> +	virtsecretd-ro.socket \
> +	virtsecretd-admin.socket \
> +	$(NULL)
> +SYSTEMD_UNIT_FILES_IN += \
> +	secret/virtsecretd.service.in \
> +	$(NULL)
> +
> +VIRTSECRETD_UNIT_VARS = \
> +	$(VIRTD_UNIT_VARS) \
> +	-e 's|[@]name[@]|Libvirt secret|g' \
> +	-e 's|[@]service[@]|virtsecretd|g' \
> +	-e 's|[@]sockprefix[@]|virtsecretd|g' \
> +	$(NULL)
> +
> +virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status
> +	$(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
> +
> +virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
> +	$(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
> +
> +secret/virtsecretd.conf: remote/libvirtd.conf.in
> +	$(AM_V_GEN)sed \
> +		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
> +		-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
> +		< $^ > $@
> +
> +secret/virtsecretd.aug: remote/libvirtd.aug.in
> +	$(AM_V_GEN)$(SED) \
> +		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
> +		-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
> +		-e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
> +		$< > $@
> +
> +secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \
> +		secret/virtsecretd.conf $(AUG_GENTEST)
> +	$(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \
> +		$(srcdir)/remote/test_libvirtd.aug.in | \
> +		$(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
> +		-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
> +		-e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
> +		> $@ || rm -f $@
> +
>  endif WITH_SECRETS
> diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in
> new file mode 100644
> index 0000000000..00cdc26b97
> --- /dev/null
> +++ b/src/secret/virtsecretd.service.in
> @@ -0,0 +1,24 @@
> +[Unit]
> +Description=Virtualization secret daemon
> +Conflicts=libvirtd.service
> +Requires=virtsecretd.socket
> +Requires=virtsecretd-ro.socket
> +Requires=virtsecretd-admin.socket
> +After=network.target
> +After=dbus.service
> +After=apparmor.service
> +After=local-fs.target
> +Documentation=man:libvirtd(8)
> +Documentation=https://libvirt.org

At some point, would it be useful to have one doc page per driver?

> +
> +[Service]
> +Type=notify
> +ExecStart=@sbindir@/virtsecretd --timeout 120
> +ExecReload=/bin/kill -HUP $MAINPID
> +Restart=on-failure
> +
> +[Install]
> +WantedBy=multi-user.target
> +Also=virtsecretd.socket
> +Also=virtsecretd-ro.socket
> +Also=virtsecretd-admin.socket
> --
> 2.21.0

Reviewed-by: Christophe de Dinechin <dinechin at redhat.com>

--
Cheers,
Christophe de Dinechin (IRC c3d)

More information about the libvir-list mailing list