[PATCH v3 21/48] secret: introduce virtsecretd daemon

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The virtsecretd daemon will be responsible for providing the secret API
driver functionality. The secret driver is still loaded by the main
libvirtd daemon at this stage, so virtsecretd must not be running at
the same time.

Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx>
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 .gitignore                        |  4 ++
 libvirt.spec.in                   |  8 ++++
 src/secret/Makefile.inc.am        | 62 +++++++++++++++++++++++++++++++
 src/secret/virtsecretd.service.in | 24 ++++++++++++
 4 files changed, 98 insertions(+)
 create mode 100644 src/secret/virtsecretd.service.in

diff --git a/.gitignore b/.gitignore
index 05bc166860..162b017c4a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -166,12 +166,16 @@
 /src/remote/virtproxyd.conf
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
+/src/secret/test_virtsecretd.aug
+/src/secret/virtsecretd.aug
+/src/secret/virtsecretd.conf
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
 /src/virt-aa-helper
 /src/virtlockd
 /src/virtlogd
 /src/virtproxyd
+/src/virtsecretd
 /src/virt-guest-shutdown.target
 /tests/*.log
 /tests/*.pid
diff --git a/libvirt.spec.in b/libvirt.spec.in
index c7f276b2bc..7eeb2b4f07 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1634,6 +1634,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
 
 %files daemon-driver-secret
+%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
+%{_datadir}/augeas/lenses/virtsecretd.aug
+%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
+%{_unitdir}/virtsecretd.service
+%{_unitdir}/virtsecretd.socket
+%{_unitdir}/virtsecretd-ro.socket
+%{_unitdir}/virtsecretd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtsecretd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
 
 %files daemon-driver-storage
diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am
index 7a1c8f8e1a..5535fc5862 100644
--- a/src/secret/Makefile.inc.am
+++ b/src/secret/Makefile.inc.am
@@ -37,4 +37,66 @@ libvirt_driver_secret_la_LIBADD = \
 	$(NULL)
 libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
 libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
+
+sbin_PROGRAMS += virtsecretd
+
+nodist_conf_DATA += secret/virtsecretd.conf
+augeas_DATA += secret/virtsecretd.aug
+augeastest_DATA += secret/test_virtsecretd.aug
+CLEANFILES += secret/virtsecretd.aug
+
+virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtsecretd_CFLAGS = \
+	$(REMOTE_DAEMON_CFLAGS) \
+	-DDAEMON_NAME="\"virtsecretd\"" \
+	-DMODULE_NAME="\"secret\"" \
+	$(NULL)
+virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+	virtsecretd.service \
+	virtsecretd.socket \
+	virtsecretd-ro.socket \
+	virtsecretd-admin.socket \
+	$(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+	secret/virtsecretd.service.in \
+	$(NULL)
+
+VIRTSECRETD_UNIT_VARS = \
+	$(VIRTD_UNIT_VARS) \
+	-e 's|[@]name[@]|Libvirt secret|g' \
+	-e 's|[@]service[@]|virtsecretd|g' \
+	-e 's|[@]sockprefix[@]|virtsecretd|g' \
+	$(NULL)
+
+virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+secret/virtsecretd.conf: remote/libvirtd.conf.in
+	$(AM_V_GEN)sed \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+		< $^ > $@
+
+secret/virtsecretd.aug: remote/libvirtd.aug.in
+	$(AM_V_GEN)$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+		-e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
+		$< > $@
+
+secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \
+		secret/virtsecretd.conf $(AUG_GENTEST)
+	$(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \
+		$(srcdir)/remote/test_libvirtd.aug.in | \
+		$(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+		-e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
+		> $@ || rm -f $@
+
 endif WITH_SECRETS
diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in
new file mode 100644
index 0000000000..00cdc26b97
--- /dev/null
+++ b/src/secret/virtsecretd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=Virtualization secret daemon
+Conflicts=libvirtd.service
+Requires=virtsecretd.socket
+Requires=virtsecretd-ro.socket
+Requires=virtsecretd-admin.socket
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+ExecStart=@sbindir@/virtsecretd --timeout 120
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Also=virtsecretd.socket
+Also=virtsecretd-ro.socket
+Also=virtsecretd-admin.socket
-- 
2.21.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux