Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> --- src/lxc/meson.build | 27 +++++++++++++++++++---- src/lxc/virtlxcd.service.in | 44 ------------------------------------- 2 files changed, 23 insertions(+), 48 deletions(-) delete mode 100644 src/lxc/virtlxcd.service.in diff --git a/src/lxc/meson.build b/src/lxc/meson.build index 531078448c..9b933023dd 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -164,11 +164,30 @@ if conf.has('WITH_LXC') virt_daemon_units += { 'service': 'virtlxcd', - 'service_in': files('virtlxcd.service.in'), 'name': 'Libvirt lxc', - 'socket_in': libvirtd_socket_in, - 'socket_ro_in': libvirtd_socket_ro_in, - 'socket_admin_in': libvirtd_socket_admin_in, + 'service_unit_extra': [ + 'Wants=systemd-machined.service', + 'After=systemd-machined.service', + 'After=remote-fs.target', + ], + 'service_service_extra': [ + 'KillMode=process', + '# Raise hard limits to match behaviour of systemd >= 240.', + '# During startup, daemon will set soft limit to match hard limit', + '# per systemd recommendations', + 'LimitNOFILE=1024:524288', + '# The cgroups pids controller can limit the number of tasks started by', + '# the daemon, which can limit the number of domains for some hypervisors.', + '# A conservative default of 8 tasks per guest results in a TasksMax of', + '# 32k to support 4096 guests.', + 'TasksMax=32768', + '# With cgroups v2 there is no devices controller anymore, we have to use', + '# eBPF to control access to devices. In order to do that we create a eBPF', + '# hash MAP which locks memory. The default map size for 64 devices together', + '# with program takes 12k per guest. After rounding up we will get 64M to', + '# support 4096 guests.', + 'LimitMEMLOCK=64M', + ], } openrc_init_files += { diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in deleted file mode 100644 index ee3a7f1083..0000000000 --- a/src/lxc/virtlxcd.service.in +++ /dev/null @@ -1,44 +0,0 @@ -[Unit] -Description=Virtualization lxc daemon -Conflicts=libvirtd.service -Requires=virtlxcd.socket -Requires=virtlxcd-ro.socket -Requires=virtlxcd-admin.socket -Wants=systemd-machined.service -After=network.target -After=dbus.service -After=apparmor.service -After=remote-fs.target -After=systemd-machined.service -Documentation=man:virtlxcd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTLXCD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtlxcd -ExecStart=@sbindir@/virtlxcd $VIRTLXCD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest results in a TasksMax of -# 32k to support 4096 guests. -TasksMax=32768 -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M - -[Install] -WantedBy=multi-user.target -Also=virtlxcd.socket -Also=virtlxcd-ro.socket -Also=virtlxcd-admin.socket -- 2.41.0