[PATCH v4 21/42] secret: introduce virtsecretd daemon

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The virtsecretd daemon will be responsible for providing the secret API
driver functionality. The secret driver is still loaded by the main
libvirtd daemon at this stage, so virtsecretd must not be running at
the same time.

Reviewed-by: Christophe de Dinechin <dinechin@xxxxxxxxxx>
Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx>
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 .gitignore                        |  4 ++
 libvirt.spec.in                   |  8 ++++
 src/secret/Makefile.inc.am        | 63 +++++++++++++++++++++++++++++++
 src/secret/virtsecretd.service.in | 24 ++++++++++++
 4 files changed, 99 insertions(+)
 create mode 100644 src/secret/virtsecretd.service.in

diff --git a/.gitignore b/.gitignore
index 9ad159ecfd..cf39177250 100644
--- a/.gitignore
+++ b/.gitignore
@@ -166,6 +166,9 @@
 /src/remote/virtproxyd.conf
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
+/src/secret/test_virtsecretd.aug
+/src/secret/virtsecretd.aug
+/src/secret/virtsecretd.conf
 /src/test*.aug
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
@@ -173,6 +176,7 @@
 /src/virtlockd
 /src/virtlogd
 /src/virtproxyd
+/src/virtsecretd
 /src/virt-guest-shutdown.target
 /tests/*.log
 /tests/*.pid
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 2acff40ea7..31da3f7581 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1634,6 +1634,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
 
 %files daemon-driver-secret
+%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
+%{_datadir}/augeas/lenses/virtsecretd.aug
+%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
+%{_unitdir}/virtsecretd.service
+%{_unitdir}/virtsecretd.socket
+%{_unitdir}/virtsecretd-ro.socket
+%{_unitdir}/virtsecretd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtsecretd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
 
 %files daemon-driver-storage
diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am
index 7a1c8f8e1a..37f816406e 100644
--- a/src/secret/Makefile.inc.am
+++ b/src/secret/Makefile.inc.am
@@ -37,4 +37,67 @@ libvirt_driver_secret_la_LIBADD = \
 	$(NULL)
 libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
 libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
+
+sbin_PROGRAMS += virtsecretd
+
+nodist_conf_DATA += secret/virtsecretd.conf
+augeas_DATA += secret/virtsecretd.aug
+augeastest_DATA += secret/test_virtsecretd.aug
+CLEANFILES += secret/virtsecretd.aug
+
+virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtsecretd_CFLAGS = \
+	$(REMOTE_DAEMON_CFLAGS) \
+	-DDAEMON_NAME="\"virtsecretd\"" \
+	-DMODULE_NAME="\"secret\"" \
+	$(NULL)
+virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+	virtsecretd.service \
+	virtsecretd.socket \
+	virtsecretd-ro.socket \
+	virtsecretd-admin.socket \
+	$(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+	secret/virtsecretd.service.in \
+	$(NULL)
+
+VIRTSECRETD_UNIT_VARS = \
+	$(VIRTD_UNIT_VARS) \
+	-e 's|[@]name[@]|Libvirt secret|g' \
+	-e 's|[@]service[@]|virtsecretd|g' \
+	-e 's|[@]sockprefix[@]|virtsecretd|g' \
+	$(NULL)
+
+virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status
+	$(AM_V_GEN)$(SED) $(VIRTSECRETD_UNIT_VARS) $< > $@-t && mv $@-t $@
+
+virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+	$(AM_V_GEN)$(SED) $(VIRTSECRETD_UNIT_VARS) $< > $@-t && mv $@-t $@
+
+secret/virtsecretd.conf: remote/libvirtd.conf.in
+	$(AM_V_GEN)$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+		$< > $@
+
+secret/virtsecretd.aug: remote/libvirtd.aug.in
+	$(AM_V_GEN)$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+		-e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
+		$< > $@
+
+secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \
+		secret/virtsecretd.conf $(AUG_GENTEST)
+	$(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \
+		$(srcdir)/remote/test_libvirtd.aug.in | \
+		$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+		-e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
+		> $@ || rm -f $@
+
 endif WITH_SECRETS
diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in
new file mode 100644
index 0000000000..00cdc26b97
--- /dev/null
+++ b/src/secret/virtsecretd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=Virtualization secret daemon
+Conflicts=libvirtd.service
+Requires=virtsecretd.socket
+Requires=virtsecretd-ro.socket
+Requires=virtsecretd-admin.socket
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+ExecStart=@sbindir@/virtsecretd --timeout 120
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Also=virtsecretd.socket
+Also=virtsecretd-ro.socket
+Also=virtsecretd-admin.socket
-- 
2.21.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux