Daniel P. Berrangé writes:
> The virtsecretd daemon will be responsible for providing the secret API
> driver functionality. The secret driver is still loaded by the main
> libvirtd daemon at this stage, so virtsecretd must not be running at
> the same time.
>
> Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx>
> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> ---
> .gitignore | 4 ++
> libvirt.spec.in | 8 ++++
> src/secret/Makefile.inc.am | 62 +++++++++++++++++++++++++++++++
> src/secret/virtsecretd.service.in | 24 ++++++++++++
> 4 files changed, 98 insertions(+)
> create mode 100644 src/secret/virtsecretd.service.in
>
> diff --git a/.gitignore b/.gitignore
> index 05bc166860..162b017c4a 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -166,12 +166,16 @@
> /src/remote/virtproxyd.conf
> /src/rpc/virkeepaliveprotocol.[ch]
> /src/rpc/virnetprotocol.[ch]
> +/src/secret/test_virtsecretd.aug
> +/src/secret/virtsecretd.aug
> +/src/secret/virtsecretd.conf
> /src/util/virkeycodetable*.h
> /src/util/virkeynametable*.h
> /src/virt-aa-helper
> /src/virtlockd
> /src/virtlogd
> /src/virtproxyd
> +/src/virtsecretd
> /src/virt-guest-shutdown.target
> /tests/*.log
> /tests/*.pid
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index c7f276b2bc..7eeb2b4f07 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -1634,6 +1634,14 @@ exit 0
> %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
>
> %files daemon-driver-secret
> +%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
> +%{_datadir}/augeas/lenses/virtsecretd.aug
> +%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
> +%{_unitdir}/virtsecretd.service
> +%{_unitdir}/virtsecretd.socket
> +%{_unitdir}/virtsecretd-ro.socket
> +%{_unitdir}/virtsecretd-admin.socket
> +%attr(0755, root, root) %{_sbindir}/virtsecretd
> %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
>
> %files daemon-driver-storage
> diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am
> index 7a1c8f8e1a..5535fc5862 100644
> --- a/src/secret/Makefile.inc.am
> +++ b/src/secret/Makefile.inc.am
> @@ -37,4 +37,66 @@ libvirt_driver_secret_la_LIBADD = \
> $(NULL)
> libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
> libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
> +
> +sbin_PROGRAMS += virtsecretd
> +
> +nodist_conf_DATA += secret/virtsecretd.conf
> +augeas_DATA += secret/virtsecretd.aug
> +augeastest_DATA += secret/test_virtsecretd.aug
> +CLEANFILES += secret/virtsecretd.aug
> +
> +virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES)
> +virtsecretd_CFLAGS = \
> + $(REMOTE_DAEMON_CFLAGS) \
> + -DDAEMON_NAME="\"virtsecretd\"" \
> + -DMODULE_NAME="\"secret\"" \
> + $(NULL)
> +virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
> +virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD)
> +
> +SYSTEMD_UNIT_FILES += \
> + virtsecretd.service \
> + virtsecretd.socket \
> + virtsecretd-ro.socket \
> + virtsecretd-admin.socket \
> + $(NULL)
> +SYSTEMD_UNIT_FILES_IN += \
> + secret/virtsecretd.service.in \
> + $(NULL)
> +
> +VIRTSECRETD_UNIT_VARS = \
> + $(VIRTD_UNIT_VARS) \
> + -e 's|[@]name[@]|Libvirt secret|g' \
> + -e 's|[@]service[@]|virtsecretd|g' \
> + -e 's|[@]sockprefix[@]|virtsecretd|g' \
> + $(NULL)
> +
> +virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status
> + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
> +
> +virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
> + $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
> +
> +secret/virtsecretd.conf: remote/libvirtd.conf.in
> + $(AM_V_GEN)sed \
> + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
> + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
> + < $^ > $@
> +
> +secret/virtsecretd.aug: remote/libvirtd.aug.in
> + $(AM_V_GEN)$(SED) \
> + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
> + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
> + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
> + $< > $@
> +
> +secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \
> + secret/virtsecretd.conf $(AUG_GENTEST)
> + $(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \
> + $(srcdir)/remote/test_libvirtd.aug.in | \
> + $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
> + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
> + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
> + > $@ || rm -f $@
> +
> endif WITH_SECRETS
> diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in
> new file mode 100644
> index 0000000000..00cdc26b97
> --- /dev/null
> +++ b/src/secret/virtsecretd.service.in
> @@ -0,0 +1,24 @@
> +[Unit]
> +Description=Virtualization secret daemon
> +Conflicts=libvirtd.service
> +Requires=virtsecretd.socket
> +Requires=virtsecretd-ro.socket
> +Requires=virtsecretd-admin.socket
> +After=network.target
> +After=dbus.service
> +After=apparmor.service
> +After=local-fs.target
> +Documentation=man:libvirtd(8)
> +Documentation=https://libvirt.org
At some point, would it be useful to have one doc page per driver?
> +
> +[Service]
> +Type=notify
> +ExecStart=@sbindir@/virtsecretd --timeout 120
> +ExecReload=/bin/kill -HUP $MAINPID
> +Restart=on-failure
> +
> +[Install]
> +WantedBy=multi-user.target
> +Also=virtsecretd.socket
> +Also=virtsecretd-ro.socket
> +Also=virtsecretd-admin.socket
> --
> 2.21.0
Reviewed-by: Christophe de Dinechin <dinechin@xxxxxxxxxx>
--
Cheers,
Christophe de Dinechin (IRC c3d)
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
