We recently forbid the use of --listen with socket activation:
commit 3a6a725b8f575890ee6c151ad1f46ea0ceea1f3b
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Thu Aug 22 14:52:16 2019 +0100
remote: forbid the --listen arg when systemd socket activation
In this change we forgot that virtproxyd doesn't have a --listen
parameter, and instead behaves as if it was always present. Thus
when systemd socket activation is present, we must disable this
built-in default
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
src/remote/remote_daemon.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index 7195ac9218..43409edd24 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -423,11 +423,20 @@ daemonSetupNetworking(virNetServerPtr srv,
return -1;
#ifdef WITH_IP
+# ifdef (LIBVIRTD
if (act && ipsock) {
VIR_ERROR(_("--listen parameter not permitted with systemd activation "
"sockets, see 'man libvirtd' for further guidance"));
return -1;
}
+# else /* ! LIBVIRTD */
+ /* We don't have a --listen arg with virtproxyd, we're just
+ * hardcoded to assume --listen. Thus with systemd we must
+ * change that default
+ */
+ if (act)
+ ipsock = 0;
+# endif /* ! LIBVIRTD */
#endif /* ! WITH_IP */
if (config->unix_sock_group) {
--
2.21.0
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Tue, Sep 24, 2019 at 04:07:17PM +0100, Daniel P. Berrangé wrote: > We recently forbid the use of --listen with socket activation: > > commit 3a6a725b8f575890ee6c151ad1f46ea0ceea1f3b > Author: Daniel P. Berrangé <berrange@redhat.com> > Date: Thu Aug 22 14:52:16 2019 +0100 > > remote: forbid the --listen arg when systemd socket activation > > In this change we forgot that virtproxyd doesn't have a --listen > parameter, and instead behaves as if it was always present. Thus > when systemd socket activation is present, we must disable this > built-in default > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > src/remote/remote_daemon.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c > index 7195ac9218..43409edd24 100644 > --- a/src/remote/remote_daemon.c > +++ b/src/remote/remote_daemon.c > @@ -423,11 +423,20 @@ daemonSetupNetworking(virNetServerPtr srv, > return -1; > > #ifdef WITH_IP > +# ifdef (LIBVIRTD ^fails to compile: s/(// > if (act && ipsock) { > VIR_ERROR(_("--listen parameter not permitted with systemd activation " > "sockets, see 'man libvirtd' for further guidance")); > return -1; > } > +# else /* ! LIBVIRTD */ > + /* We don't have a --listen arg with virtproxyd, we're just > + * hardcoded to assume --listen. Thus with systemd we must > + * change that default > + */ > + if (act) > + ipsock = 0; I'm a bit confused with this bit wrt to what actually happens later in the code. Basically this @ipsock is only relevant up until the point where we start registering services listening for traffic e.g.virNetServerAddServiceTCP (this is one is easier as an example). If I look at the condition: if (((ipsock && config->listen_tcp) || act) ... why does it even matter that we clear ipsock when socket activation is enabled? The condition is true regardless of @ipsock and it's also not populated further into the function being called unlike @act, so this bit is making me confused, so what exactly is happening if we don't clear @ipsock with virtproxyd? Erik -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Sep 25, 2019 at 09:42:57AM +0200, Erik Skultety wrote: > On Tue, Sep 24, 2019 at 04:07:17PM +0100, Daniel P. Berrangé wrote: > > We recently forbid the use of --listen with socket activation: > > > > commit 3a6a725b8f575890ee6c151ad1f46ea0ceea1f3b > > Author: Daniel P. Berrangé <berrange@redhat.com> > > Date: Thu Aug 22 14:52:16 2019 +0100 > > > > remote: forbid the --listen arg when systemd socket activation > > > > In this change we forgot that virtproxyd doesn't have a --listen > > parameter, and instead behaves as if it was always present. Thus > > when systemd socket activation is present, we must disable this > > built-in default > > > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > > --- > > src/remote/remote_daemon.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c > > index 7195ac9218..43409edd24 100644 > > --- a/src/remote/remote_daemon.c > > +++ b/src/remote/remote_daemon.c > > @@ -423,11 +423,20 @@ daemonSetupNetworking(virNetServerPtr srv, > > return -1; > > > > #ifdef WITH_IP > > +# ifdef (LIBVIRTD > > ^fails to compile: > s/(// Sigh, clearly I didn't test :-( > > > if (act && ipsock) { > > VIR_ERROR(_("--listen parameter not permitted with systemd activation " > > "sockets, see 'man libvirtd' for further guidance")); > > return -1; > > } > > +# else /* ! LIBVIRTD */ > > + /* We don't have a --listen arg with virtproxyd, we're just > > + * hardcoded to assume --listen. Thus with systemd we must > > + * change that default > > + */ > > + if (act) > > + ipsock = 0; > > I'm a bit confused with this bit wrt to what actually happens later in the > code. Basically this @ipsock is only relevant up until the point where we start > registering services listening for traffic e.g.virNetServerAddServiceTCP (this > is one is easier as an example). If I look at the condition: > > if (((ipsock && config->listen_tcp) || act) ... > > why does it even matter that we clear ipsock when socket activation is enabled? > The condition is true regardless of @ipsock and it's also not populated further > into the function being called unlike @act, so this bit is making me confused, > so what exactly is happening if we don't clear @ipsock with virtproxyd? Currently there are *no* ill effects if we don't clear @ipsock. The important bit of the patch is simply avoiding the VIR_ERROR in the first part of the ifdef. I chose to clear @ipsock, to reduce chance of suprises later if we refactor again. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Fri, Sep 27, 2019 at 01:09:31PM +0100, Daniel P. Berrangé wrote: > On Wed, Sep 25, 2019 at 09:42:57AM +0200, Erik Skultety wrote: > > On Tue, Sep 24, 2019 at 04:07:17PM +0100, Daniel P. Berrangé wrote: > > > We recently forbid the use of --listen with socket activation: > > > > > > commit 3a6a725b8f575890ee6c151ad1f46ea0ceea1f3b > > > Author: Daniel P. Berrangé <berrange@redhat.com> > > > Date: Thu Aug 22 14:52:16 2019 +0100 > > > > > > remote: forbid the --listen arg when systemd socket activation > > > > > > In this change we forgot that virtproxyd doesn't have a --listen > > > parameter, and instead behaves as if it was always present. Thus > > > when systemd socket activation is present, we must disable this > > > built-in default > > > > > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > > > --- > > > src/remote/remote_daemon.c | 9 +++++++++ > > > 1 file changed, 9 insertions(+) > > > > > > diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c > > > index 7195ac9218..43409edd24 100644 > > > --- a/src/remote/remote_daemon.c > > > +++ b/src/remote/remote_daemon.c > > > @@ -423,11 +423,20 @@ daemonSetupNetworking(virNetServerPtr srv, > > > return -1; > > > > > > #ifdef WITH_IP > > > +# ifdef (LIBVIRTD > > > > ^fails to compile: > > s/(// > > Sigh, clearly I didn't test :-( > > > > > > if (act && ipsock) { > > > VIR_ERROR(_("--listen parameter not permitted with systemd activation " > > > "sockets, see 'man libvirtd' for further guidance")); > > > return -1; > > > } > > > +# else /* ! LIBVIRTD */ > > > + /* We don't have a --listen arg with virtproxyd, we're just > > > + * hardcoded to assume --listen. Thus with systemd we must > > > + * change that default > > > + */ > > > + if (act) > > > + ipsock = 0; > > > > I'm a bit confused with this bit wrt to what actually happens later in the > > code. Basically this @ipsock is only relevant up until the point where we start > > registering services listening for traffic e.g.virNetServerAddServiceTCP (this > > is one is easier as an example). If I look at the condition: > > > > if (((ipsock && config->listen_tcp) || act) ... > > > > why does it even matter that we clear ipsock when socket activation is enabled? > > The condition is true regardless of @ipsock and it's also not populated further > > into the function being called unlike @act, so this bit is making me confused, > > so what exactly is happening if we don't clear @ipsock with virtproxyd? > > Currently there are *no* ill effects if we don't clear @ipsock. The > important bit of the patch is simply avoiding the VIR_ERROR in the > first part of the ifdef. I chose to clear @ipsock, to reduce chance > of suprises later if we refactor again. Ah, thanks for explanation. With the build fix: Reviewed-by: Erik Skultety <eskultet@redhat.com> -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Fri, Sep 27, 2019 at 02:15:45PM +0200, Erik Skultety wrote: > On Fri, Sep 27, 2019 at 01:09:31PM +0100, Daniel P. Berrangé wrote: > > On Wed, Sep 25, 2019 at 09:42:57AM +0200, Erik Skultety wrote: > > > On Tue, Sep 24, 2019 at 04:07:17PM +0100, Daniel P. Berrangé wrote: > > > > We recently forbid the use of --listen with socket activation: > > > > > > > > commit 3a6a725b8f575890ee6c151ad1f46ea0ceea1f3b > > > > Author: Daniel P. Berrangé <berrange@redhat.com> > > > > Date: Thu Aug 22 14:52:16 2019 +0100 > > > > > > > > remote: forbid the --listen arg when systemd socket activation > > > > > > > > In this change we forgot that virtproxyd doesn't have a --listen > > > > parameter, and instead behaves as if it was always present. Thus > > > > when systemd socket activation is present, we must disable this > > > > built-in default > > > > > > > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > > > > --- > > > > src/remote/remote_daemon.c | 9 +++++++++ > > > > 1 file changed, 9 insertions(+) > > > > > > > > diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c > > > > index 7195ac9218..43409edd24 100644 > > > > --- a/src/remote/remote_daemon.c > > > > +++ b/src/remote/remote_daemon.c > > > > @@ -423,11 +423,20 @@ daemonSetupNetworking(virNetServerPtr srv, > > > > return -1; > > > > > > > > #ifdef WITH_IP > > > > +# ifdef (LIBVIRTD > > > > > > ^fails to compile: > > > s/(// > > > > Sigh, clearly I didn't test :-( > > > > > > > > > if (act && ipsock) { > > > > VIR_ERROR(_("--listen parameter not permitted with systemd activation " > > > > "sockets, see 'man libvirtd' for further guidance")); > > > > return -1; > > > > } > > > > +# else /* ! LIBVIRTD */ > > > > + /* We don't have a --listen arg with virtproxyd, we're just > > > > + * hardcoded to assume --listen. Thus with systemd we must > > > > + * change that default > > > > + */ > > > > + if (act) > > > > + ipsock = 0; > > > > > > I'm a bit confused with this bit wrt to what actually happens later in the > > > code. Basically this @ipsock is only relevant up until the point where we start > > > registering services listening for traffic e.g.virNetServerAddServiceTCP (this > > > is one is easier as an example). If I look at the condition: > > > > > > if (((ipsock && config->listen_tcp) || act) ... > > > > > > why does it even matter that we clear ipsock when socket activation is enabled? > > > The condition is true regardless of @ipsock and it's also not populated further > > > into the function being called unlike @act, so this bit is making me confused, > > > so what exactly is happening if we don't clear @ipsock with virtproxyd? > > > > Currently there are *no* ill effects if we don't clear @ipsock. The > > important bit of the patch is simply avoiding the VIR_ERROR in the > > first part of the ifdef. I chose to clear @ipsock, to reduce chance > > of suprises later if we refactor again. > > Ah, thanks for explanation. With the build fix: > Reviewed-by: Erik Skultety <eskultet@redhat.com> I'm going to comit with this expanded comment since this code is quite subtle in its behaviour /* * "ipsock" traditionally reflected whether --listen is set. * The listen_tcp & listen_tls params in libvirtd.conf were * not honoured unless --listen was set. * * In virtproxyd we dropped --listen, and have listen_tcp and * listen_tls in the config file both default to 0. The user * can turn on listening simply by setting the libvirtd.conf * file setting and don't have to worry about also adding * --listen which is saner. * * Hence, we initialized ipsock == 1 by default with virtproxyd. * When using systemd activation though, we clear ipsock, so * later code doesn't have any surprising behaviour differences * for virtproxyd vs libvirtd. */ Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Fri, Sep 27, 2019 at 01:20:51PM +0100, Daniel P. Berrangé wrote: > On Fri, Sep 27, 2019 at 02:15:45PM +0200, Erik Skultety wrote: > > On Fri, Sep 27, 2019 at 01:09:31PM +0100, Daniel P. Berrangé wrote: > > > On Wed, Sep 25, 2019 at 09:42:57AM +0200, Erik Skultety wrote: > > > > On Tue, Sep 24, 2019 at 04:07:17PM +0100, Daniel P. Berrangé wrote: > > > > > We recently forbid the use of --listen with socket activation: > > > > > > > > > > commit 3a6a725b8f575890ee6c151ad1f46ea0ceea1f3b > > > > > Author: Daniel P. Berrangé <berrange@redhat.com> > > > > > Date: Thu Aug 22 14:52:16 2019 +0100 > > > > > > > > > > remote: forbid the --listen arg when systemd socket activation > > > > > > > > > > In this change we forgot that virtproxyd doesn't have a --listen > > > > > parameter, and instead behaves as if it was always present. Thus > > > > > when systemd socket activation is present, we must disable this > > > > > built-in default > > > > > > > > > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > > > > > --- > > > > > src/remote/remote_daemon.c | 9 +++++++++ > > > > > 1 file changed, 9 insertions(+) > > > > > > > > > > diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c > > > > > index 7195ac9218..43409edd24 100644 > > > > > --- a/src/remote/remote_daemon.c > > > > > +++ b/src/remote/remote_daemon.c > > > > > @@ -423,11 +423,20 @@ daemonSetupNetworking(virNetServerPtr srv, > > > > > return -1; > > > > > > > > > > #ifdef WITH_IP > > > > > +# ifdef (LIBVIRTD > > > > > > > > ^fails to compile: > > > > s/(// > > > > > > Sigh, clearly I didn't test :-( > > > > > > > > > > > > if (act && ipsock) { > > > > > VIR_ERROR(_("--listen parameter not permitted with systemd activation " > > > > > "sockets, see 'man libvirtd' for further guidance")); > > > > > return -1; > > > > > } > > > > > +# else /* ! LIBVIRTD */ > > > > > + /* We don't have a --listen arg with virtproxyd, we're just > > > > > + * hardcoded to assume --listen. Thus with systemd we must > > > > > + * change that default > > > > > + */ > > > > > + if (act) > > > > > + ipsock = 0; > > > > > > > > I'm a bit confused with this bit wrt to what actually happens later in the > > > > code. Basically this @ipsock is only relevant up until the point where we start > > > > registering services listening for traffic e.g.virNetServerAddServiceTCP (this > > > > is one is easier as an example). If I look at the condition: > > > > > > > > if (((ipsock && config->listen_tcp) || act) ... > > > > > > > > why does it even matter that we clear ipsock when socket activation is enabled? > > > > The condition is true regardless of @ipsock and it's also not populated further > > > > into the function being called unlike @act, so this bit is making me confused, > > > > so what exactly is happening if we don't clear @ipsock with virtproxyd? > > > > > > Currently there are *no* ill effects if we don't clear @ipsock. The > > > important bit of the patch is simply avoiding the VIR_ERROR in the > > > first part of the ifdef. I chose to clear @ipsock, to reduce chance > > > of suprises later if we refactor again. > > > > Ah, thanks for explanation. With the build fix: > > Reviewed-by: Erik Skultety <eskultet@redhat.com> > > I'm going to comit with this expanded comment since this code is quite > subtle in its behaviour > > /* > * "ipsock" traditionally reflected whether --listen is set. > * The listen_tcp & listen_tls params in libvirtd.conf were > * not honoured unless --listen was set. > * > * In virtproxyd we dropped --listen, and have listen_tcp and > * listen_tls in the config file both default to 0. The user > * can turn on listening simply by setting the libvirtd.conf > * file setting and don't have to worry about also adding > * --listen which is saner. > * > * Hence, we initialized ipsock == 1 by default with virtproxyd. > * When using systemd activation though, we clear ipsock, so > * later code doesn't have any surprising behaviour differences > * for virtproxyd vs libvirtd. > */ Appreciated. Erik -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.