1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH 00/41] Split the libvirtd daemon into per-driver daemons
  4. View patch

[libvirt] [PATCH 20/41] secret: introduce virtsecretd daemon

Daniel P. Berrangé posted 41 patches 6 years, 6 months ago
There is a newer version of this series
[libvirt] [PATCH 20/41] secret: introduce virtsecretd daemon
Posted by Daniel P. Berrangé 6 years, 6 months ago 
The virtsecretd daemon will be responsible for providing the secret API
driver functionality. The secret driver is still loaded by the main
libvirtd daemon at this stage, so virtsecretd must not be running at
the same time.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 .gitignore                        |  4 ++
 libvirt.spec.in                   |  8 ++++
 src/secret/Makefile.inc.am        | 62 +++++++++++++++++++++++++++++++
 src/secret/virtsecretd.service.in | 24 ++++++++++++
 4 files changed, 98 insertions(+)
 create mode 100644 src/secret/virtsecretd.service.in

diff --git a/.gitignore b/.gitignore
index 05bc166860..162b017c4a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -166,12 +166,16 @@
 /src/remote/virtproxyd.conf
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
+/src/secret/test_virtsecretd.aug
+/src/secret/virtsecretd.aug
+/src/secret/virtsecretd.conf
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
 /src/virt-aa-helper
 /src/virtlockd
 /src/virtlogd
 /src/virtproxyd
+/src/virtsecretd
 /src/virt-guest-shutdown.target
 /tests/*.log
 /tests/*.pid
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 2f64dcabe3..8b78415761 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1634,6 +1634,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
 
 %files daemon-driver-secret
+%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
+%{_datadir}/augeas/lenses/virtsecretd.aug
+%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
+%{_unitdir}/virtsecretd.service
+%{_unitdir}/virtsecretd.socket
+%{_unitdir}/virtsecretd-ro.socket
+%{_unitdir}/virtsecretd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtsecretd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
 
 %files daemon-driver-storage
diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am
index 7a1c8f8e1a..653c95b584 100644
--- a/src/secret/Makefile.inc.am
+++ b/src/secret/Makefile.inc.am
@@ -37,4 +37,66 @@ libvirt_driver_secret_la_LIBADD = \
 	$(NULL)
 libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
 libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
+
+sbin_PROGRAMS += virtsecretd
+
+nodist_conf_DATA += secret/virtsecretd.conf
+augeas_DATA += secret/virtsecretd.aug
+augeastest_DATA += secret/test_virtsecretd.aug
+CLEANFILES += secret/virtsecretd.aug
+
+virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtsecretd_CFLAGS = \
+	$(REMOTE_DAEMON_CFLAGS) \
+	-DDAEMON_NAME="\"virtsecretd\"" \
+	-DMODULE_NAME="\"secret\"" \
+	$(NULL)
+virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+	virtsecretd.service \
+	virtsecretd.socket \
+	virtsecretd-ro.socket \
+	virtsecretd-admin.socket \
+	$(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+	secret/virtsecretd.service.in \
+	$(NULL)
+
+VIRTSECRETD_UNIT_VARS = \
+	$(VIRTD_UNIT_VARS) \
+	-e 's|[@]name[@]|Libvirt secret|g' \
+	-e 's|[@]service[@]|virtsecretd|g' \
+	-e 's|[@]sockprefix[@]|virtsecretd|g' \
+	$(NULL)
+
+virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+secret/virtsecretd.conf: remote/libvirtd.conf.in
+	$(AM_V_GEN)sed \
+		-e '/:: CUT ENABLE_IP ::/,/:: END ::/d' \
+		-e 's/:: DAEMON_NAME ::/virtsecretd/' \
+		< $^ > $@
+
+secret/virtsecretd.aug: remote/libvirtd.aug.in
+	$(AM_V_GEN)$(SED) \
+		-e '/:: CUT ENABLE_IP ::/,/:: END ::/d' \
+		-e 's/:: DAEMON_NAME ::/virtsecretd/' \
+		-e 's/:: DAEMON_NAME_UC ::/Virtsecretd/' \
+		$< > $@
+
+secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \
+		secret/virtsecretd.conf $(AUG_GENTEST)
+	$(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \
+		$(srcdir)/remote/test_libvirtd.aug.in | \
+		$(SED) -e '/:: CUT ENABLE_IP ::/,/:: END ::/d' \
+		-e 's/:: DAEMON_NAME ::/virtsecretd/' \
+		-e 's/:: DAEMON_NAME_UC ::/Virtsecretd/' \
+		> $@ || rm -f $@
+
 endif WITH_SECRETS
diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in
new file mode 100644
index 0000000000..00cdc26b97
--- /dev/null
+++ b/src/secret/virtsecretd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=Virtualization secret daemon
+Conflicts=libvirtd.service
+Requires=virtsecretd.socket
+Requires=virtsecretd-ro.socket
+Requires=virtsecretd-admin.socket
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+ExecStart=@sbindir@/virtsecretd --timeout 120
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Also=virtsecretd.socket
+Also=virtsecretd-ro.socket
+Also=virtsecretd-admin.socket
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 20/41] secret: introduce virtsecretd daemon
Posted by Andrea Bolognani 6 years, 6 months ago 
On Tue, 2019-07-23 at 17:02 +0100, Daniel P. Berrangé wrote:
[...]
> +++ b/src/secret/virtsecretd.service.in
[...]
> +[Install]
> +WantedBy=multi-user.target
> +Also=virtsecretd.socket
> +Also=virtsecretd-ro.socket
> +Also=virtsecretd-admin.socket

Interestingly, we *do* include the admin socket here, and for all
other newly-introduced daemons too it would seem!

Anyway, with the caveat that the comments made for previous patches
are addressed here as well if they apply,

  Reviewed-by: Andrea Bolognani <abologna@redhat.com>

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 20/41] secret: introduce virtsecretd daemon
Posted by Andrea Bolognani 6 years, 6 months ago 
On Sun, 2019-07-28 at 17:22 +0200, Andrea Bolognani wrote:
> Anyway, with the caveat that the comments made for previous patches
> are addressed here as well if they apply,
> 
>   Reviewed-by: Andrea Bolognani <abologna@redhat.com>

Patches 21-31 are basically the same as this one, so they also get
a R-b with the same caveats.

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.