From 0737f4d492c3d883bc5ea31933c1dbcce7eff4e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 24 Sep 2020 15:08:37 +0100 Subject: [PATCH] docs: add manpage for virtnwfilterd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is an adaptation of the libvirtd manpage. Reviewed-by: Jiri Denemark Signed-off-by: Daniel P. Berrangé --- docs/manpages/index.rst | 1 + docs/manpages/meson.build | 1 + docs/manpages/virtnwfilterd.rst | 215 ++++++++++++++++++++++++++++++++ libvirt.spec.in | 1 + 4 files changed, 218 insertions(+) create mode 100644 docs/manpages/virtnwfilterd.rst diff --git a/docs/manpages/index.rst b/docs/manpages/index.rst index 5e87870f4b..e70b560a0d 100644 --- a/docs/manpages/index.rst +++ b/docs/manpages/index.rst @@ -22,6 +22,7 @@ These daemons provide functionality to a single libvirt driver * `virtlxcd(8) `__ - libvirt LXC management daemon * `virtnetworkd(8) `__ - libvirt virtual network management daemon * `virtnodedevd(8) `__ - libvirt host device management daemon +* `virtnwfilterd(8) `__ - libvirt network filter management daemon Tools ===== diff --git a/docs/manpages/meson.build b/docs/manpages/meson.build index 85f45410a0..019accbca2 100644 --- a/docs/manpages/meson.build +++ b/docs/manpages/meson.build @@ -29,6 +29,7 @@ docs_man_files = [ { 'name': 'virtlxcd', 'section': '8', 'install': conf.has('WITH_LXC') }, { 'name': 'virtnetworkd', 'section': '8', 'install': conf.has('WITH_NETWORK') }, { 'name': 'virtnodedevd', 'section': '8', 'install': conf.has('WITH_NODE_DEVICES') }, + { 'name': 'virtnwfilterd', 'section': '8', 'install': conf.has('WITH_NWFILTER') }, { 'name': 'virtproxyd', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') }, ] diff --git a/docs/manpages/virtnwfilterd.rst b/docs/manpages/virtnwfilterd.rst new file mode 100644 index 0000000000..4faa6b225d --- /dev/null +++ b/docs/manpages/virtnwfilterd.rst @@ -0,0 +1,215 @@ +============= +virtnwfilterd +============= + +---------------------------------------- +libvirt network filter management daemon +---------------------------------------- + +:Manual section: 8 +:Manual group: Virtualization Support + +.. contents:: + +SYNOPSIS +======== + +``virtnwfilterd`` [*OPTION*]... + + +DESCRIPTION +=========== + +The ``virtnwfilterd`` program is a server side daemon component of the libvirt +virtualization management system. + +It is one of a collection of modular daemons that replace functionality +previously provided by the monolithic ``libvirtd`` daemon. + +This daemon runs on virtualization hosts to provide management for network +filters. + +The ``virtnwfilterd`` daemon only listens for requests on a local Unix domain +socket. Remote off-host access and backwards compatibility with legacy +clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon. + +Restarting ``virtnwfilterd`` does not interrupt running guests. Guests continue to +operate and changes in their state will generally be picked up automatically +during startup. None the less it is recommended to avoid restarting with +running guests whenever practical. + + +SYSTEM SOCKET ACTIVATION +======================== + +The ``virtnwfilterd`` daemon is capable of starting in two modes. + +In the traditional mode, it will create and listen on UNIX sockets itself. + +In socket activation mode, it will rely on systemd to create and listen +on the UNIX sockets and pass them as pre-opened file descriptors. In this +mode most of the socket related config options in +``/etc/libvirt/virtnwfilterd.conf`` will no longer have any effect. + +Socket activation mode is generally the default when running on a host +OS that uses systemd. To revert to the traditional mode, all the socket +unit files must be masked: + +:: + + $ systemctl mask virtnwfilterd.socket virtnwfilterd-ro.socket \ + virtnwfilterd-admin.socket + + +OPTIONS +======= + +``-h``, ``--help`` + +Display command line help usage then exit. + +``-d``, ``--daemon`` + +Run as a daemon & write PID file. + +``-f``, ``--config *FILE*`` + +Use this configuration file, overriding the default value. + +``-p``, ``--pid-file *FILE*`` + +Use this name for the PID file, overriding the default value. + +``-t``, ``--timeout *SECONDS*`` + +Exit after timeout period (in seconds), provided there are neither any client +connections nor any running domains. + +``-v``, ``--verbose`` + +Enable output of verbose messages. + +``--version`` + +Display version information then exit. + + +SIGNALS +======= + +On receipt of ``SIGHUP`` ``virtnwfilterd`` will reload its configuration. + + +FILES +===== + +When run as *root* +------------------ + +* ``@SYSCONFDIR@/libvirt/virtnwfilterd.conf`` + +The default configuration file used by ``virtnwfilterd``, unless overridden on the +command line using the ``-f`` | ``--config`` option. + +* ``@RUNSTATEDIR@/libvirt/virtnwfilterd-sock`` +* ``@RUNSTATEDIR@/libvirt/virtnwfilterd-sock-ro`` +* ``@RUNSTATEDIR@/libvirt/virtnwfilterd-admin-sock`` + +The sockets ``virtnwfilterd`` will use. + +The TLS **Server** private key ``virtnwfilterd`` will use. + +* ``@RUNSTATEDIR@/virtnwfilterd.pid`` + +The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` option. + + +When run as *non-root* +---------------------- + +* ``$XDG_CONFIG_HOME/libvirt/virtnwfilterd.conf`` + +The default configuration file used by ``virtnwfilterd``, unless overridden on the +command line using the ``-f``|``--config`` option. + +* ``$XDG_RUNTIME_DIR/libvirt/virtnwfilterd-sock`` +* ``$XDG_RUNTIME_DIR/libvirt/virtnwfilterd-admin-sock`` + +The sockets ``virtnwfilterd`` will use. + +* ``$XDG_RUNTIME_DIR/libvirt/virtnwfilterd.pid`` + +The PID file to use, unless overridden by the ``-p``|``--pid-file`` option. + + +If ``$XDG_CONFIG_HOME`` is not set in your environment, ``virtnwfilterd`` will use +``$HOME/.config`` + +If ``$XDG_RUNTIME_DIR`` is not set in your environment, ``virtnwfilterd`` will use +``$HOME/.cache`` + + +EXAMPLES +======== + +To retrieve the version of ``virtnwfilterd``: + +:: + + # virtnwfilterd --version + virtnwfilterd (libvirt) @VERSION@ + + +To start ``virtnwfilterd``, instructing it to daemonize and create a PID file: + +:: + + # virtnwfilterd -d + # ls -la @RUNSTATEDIR@/virtnwfilterd.pid + -rw-r--r-- 1 root root 6 Jul 9 02:40 @RUNSTATEDIR@/virtnwfilterd.pid + + +BUGS +==== + +Please report all bugs you discover. This should be done via either: + +#. the mailing list + + `https://libvirt.org/contact.html `_ + +#. the bug tracker + + `https://libvirt.org/bugs.html `_ + +Alternatively, you may report bugs to your software distributor / vendor. + + +AUTHORS +======= + +Please refer to the AUTHORS file distributed with libvirt. + + +COPYRIGHT +========= + +Copyright (C) 2006-2020 Red Hat, Inc., and the authors listed in the +libvirt AUTHORS file. + + +LICENSE +======= + +``virtnwfilterd`` is distributed under the terms of the GNU LGPL v2.1+. +This is free software; see the source for copying conditions. There +is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE + + +SEE ALSO +======== + +virsh(1), libvirtd(8), +`https://www.libvirt.org/daemons.html `_, +`https://www.libvirt.org/drvnwfilter.html `_ diff --git a/libvirt.spec.in b/libvirt.spec.in index 697c3e0064..4a331f2825 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1657,6 +1657,7 @@ exit 0 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/ %ghost %dir %{_rundir}/libvirt/network/ %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so +%{_mandir}/man8/virtnwfilterd.8* %files daemon-driver-secret %config(noreplace) %{_sysconfdir}/sysconfig/virtsecretd