diff --git a/src/lxc/meson.build b/src/lxc/meson.build index 531078448c..84e6c313ea 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -164,11 +164,8 @@ if conf.has('WITH_LXC') virt_daemon_units += { 'service': 'virtlxcd', - 'service_in': files('virtlxcd.service.in'), 'name': 'Libvirt lxc', - 'socket_in': libvirtd_socket_in, - 'socket_ro_in': libvirtd_socket_ro_in, - 'socket_admin_in': libvirtd_socket_admin_in, + 'service_extra_in': files('virtlxcd.service.extra.in'), } openrc_init_files += { diff --git a/src/lxc/virtlxcd.service.extra.in b/src/lxc/virtlxcd.service.extra.in new file mode 100644 index 0000000000..bc2fef57cc --- /dev/null +++ b/src/lxc/virtlxcd.service.extra.in @@ -0,0 +1,22 @@ +[Unit] +Wants=systemd-machined.service +After=systemd-machined.service +After=remote-fs.target + +[Service] +KillMode=process +# Raise hard limits to match behaviour of systemd >= 240. +# During startup, daemon will set soft limit to match hard limit +# per systemd recommendations +LimitNOFILE=1024:524288 +# The cgroups pids controller can limit the number of tasks started by +# the daemon, which can limit the number of domains for some hypervisors. +# A conservative default of 8 tasks per guest results in a TasksMax of +# 32k to support 4096 guests. +TasksMax=32768 +# With cgroups v2 there is no devices controller anymore, we have to use +# eBPF to control access to devices. In order to do that we create a eBPF +# hash MAP which locks memory. The default map size for 64 devices together +# with program takes 12k per guest. After rounding up we will get 64M to +# support 4096 guests. +LimitMEMLOCK=64M diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in deleted file mode 100644 index ee3a7f1083..0000000000 --- a/src/lxc/virtlxcd.service.in +++ /dev/null @@ -1,44 +0,0 @@ -[Unit] -Description=Virtualization lxc daemon -Conflicts=libvirtd.service -Requires=virtlxcd.socket -Requires=virtlxcd-ro.socket -Requires=virtlxcd-admin.socket -Wants=systemd-machined.service -After=network.target -After=dbus.service -After=apparmor.service -After=remote-fs.target -After=systemd-machined.service -Documentation=man:virtlxcd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTLXCD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtlxcd -ExecStart=@sbindir@/virtlxcd $VIRTLXCD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest results in a TasksMax of -# 32k to support 4096 guests. -TasksMax=32768 -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M - -[Install] -WantedBy=multi-user.target -Also=virtlxcd.socket -Also=virtlxcd-ro.socket -Also=virtlxcd-admin.socket