docs: add manpage for virtsecretd

This is an adaptation of the libvirtd manpage.

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2020-09-24 15:08:37 +01:00
parent ec897594a4
commit 110f3a9b73
4 changed files with 217 additions and 0 deletions

View File

@ -24,6 +24,7 @@ These daemons provide functionality to a single libvirt driver
* `virtnodedevd(8) <virtnodedevd.html>`__ - libvirt host device management daemon * `virtnodedevd(8) <virtnodedevd.html>`__ - libvirt host device management daemon
* `virtnwfilterd(8) <virtnwfilterd.html>`__ - libvirt network filter management daemon * `virtnwfilterd(8) <virtnwfilterd.html>`__ - libvirt network filter management daemon
* `virtqemud(8) <virtqemud.html>`__ - libvirt QEMU management daemon * `virtqemud(8) <virtqemud.html>`__ - libvirt QEMU management daemon
* `virtsecretd(8) <virtsecretd.html>`__ - libvirt secret data management daemon
Tools Tools
===== =====

View File

@ -32,6 +32,7 @@ docs_man_files = [
{ 'name': 'virtnwfilterd', 'section': '8', 'install': conf.has('WITH_NWFILTER') }, { 'name': 'virtnwfilterd', 'section': '8', 'install': conf.has('WITH_NWFILTER') },
{ 'name': 'virtproxyd', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') }, { 'name': 'virtproxyd', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') },
{ 'name': 'virtqemud', 'section': '8', 'install': conf.has('WITH_QEMU') }, { 'name': 'virtqemud', 'section': '8', 'install': conf.has('WITH_QEMU') },
{ 'name': 'virtsecretd', 'section': '8', 'install': conf.has('WITH_SECRETS') },
] ]
foreach name : keycode_list foreach name : keycode_list

View File

@ -0,0 +1,214 @@
===========
virtsecretd
===========
-------------------------------------
libvirt secret data management daemon
-------------------------------------
:Manual section: 8
:Manual group: Virtualization Support
.. contents::
SYNOPSIS
========
``virtsecretd`` [*OPTION*]...
DESCRIPTION
===========
The ``virtsecretd`` program is a server side daemon component of the libvirt
virtualization management system.
It is one of a collection of modular daemons that replace functionality
previously provided by the monolithic ``libvirtd`` daemon.
This daemon runs on virtualization hosts to provide management for secret data.
The ``virtsecretd`` daemon only listens for requests on a local Unix domain
socket. Remote off-host access and backwards compatibility with legacy
clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
Restarting ``virtsecretd`` does not interrupt running guests. Guests continue to
operate and changes in their state will generally be picked up automatically
during startup. None the less it is recommended to avoid restarting with
running guests whenever practical.
SYSTEM SOCKET ACTIVATION
========================
The ``virtsecretd`` daemon is capable of starting in two modes.
In the traditional mode, it will create and listen on UNIX sockets itself.
In socket activation mode, it will rely on systemd to create and listen
on the UNIX sockets and pass them as pre-opened file descriptors. In this
mode most of the socket related config options in
``/etc/libvirt/virtsecretd.conf`` will no longer have any effect.
Socket activation mode is generally the default when running on a host
OS that uses systemd. To revert to the traditional mode, all the socket
unit files must be masked:
::
$ systemctl mask virtsecretd.socket virtsecretd-ro.socket \
virtsecretd-admin.socket
OPTIONS
=======
``-h``, ``--help``
Display command line help usage then exit.
``-d``, ``--daemon``
Run as a daemon & write PID file.
``-f``, ``--config *FILE*``
Use this configuration file, overriding the default value.
``-p``, ``--pid-file *FILE*``
Use this name for the PID file, overriding the default value.
``-t``, ``--timeout *SECONDS*``
Exit after timeout period (in seconds), provided there are neither any client
connections nor any running domains.
``-v``, ``--verbose``
Enable output of verbose messages.
``--version``
Display version information then exit.
SIGNALS
=======
On receipt of ``SIGHUP`` ``virtsecretd`` will reload its configuration.
FILES
=====
When run as *root*
------------------
* ``@SYSCONFDIR@/libvirt/virtsecretd.conf``
The default configuration file used by ``virtsecretd``, unless overridden on the
command line using the ``-f`` | ``--config`` option.
* ``@RUNSTATEDIR@/libvirt/virtsecretd-sock``
* ``@RUNSTATEDIR@/libvirt/virtsecretd-sock-ro``
* ``@RUNSTATEDIR@/libvirt/virtsecretd-admin-sock``
The sockets ``virtsecretd`` will use.
The TLS **Server** private key ``virtsecretd`` will use.
* ``@RUNSTATEDIR@/virtsecretd.pid``
The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` option.
When run as *non-root*
----------------------
* ``$XDG_CONFIG_HOME/libvirt/virtsecretd.conf``
The default configuration file used by ``virtsecretd``, unless overridden on the
command line using the ``-f``|``--config`` option.
* ``$XDG_RUNTIME_DIR/libvirt/virtsecretd-sock``
* ``$XDG_RUNTIME_DIR/libvirt/virtsecretd-admin-sock``
The sockets ``virtsecretd`` will use.
* ``$XDG_RUNTIME_DIR/libvirt/virtsecretd.pid``
The PID file to use, unless overridden by the ``-p``|``--pid-file`` option.
If ``$XDG_CONFIG_HOME`` is not set in your environment, ``virtsecretd`` will use
``$HOME/.config``
If ``$XDG_RUNTIME_DIR`` is not set in your environment, ``virtsecretd`` will use
``$HOME/.cache``
EXAMPLES
========
To retrieve the version of ``virtsecretd``:
::
# virtsecretd --version
virtsecretd (libvirt) @VERSION@
To start ``virtsecretd``, instructing it to daemonize and create a PID file:
::
# virtsecretd -d
# ls -la @RUNSTATEDIR@/virtsecretd.pid
-rw-r--r-- 1 root root 6 Jul 9 02:40 @RUNSTATEDIR@/virtsecretd.pid
BUGS
====
Please report all bugs you discover. This should be done via either:
#. the mailing list
`https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
#. the bug tracker
`https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
Alternatively, you may report bugs to your software distributor / vendor.
AUTHORS
=======
Please refer to the AUTHORS file distributed with libvirt.
COPYRIGHT
=========
Copyright (C) 2006-2020 Red Hat, Inc., and the authors listed in the
libvirt AUTHORS file.
LICENSE
=======
``virtsecretd`` is distributed under the terms of the GNU LGPL v2.1+.
This is free software; see the source for copying conditions. There
is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE
SEE ALSO
========
virsh(1), libvirtd(8),
`https://www.libvirt.org/daemons.html <https://www.libvirt.org/daemons.html>`_,
`https://www.libvirt.org/drvsecret.html <https://www.libvirt.org/drvsecret.html>`_

View File

@ -1670,6 +1670,7 @@ exit 0
%{_unitdir}/virtsecretd-admin.socket %{_unitdir}/virtsecretd-admin.socket
%attr(0755, root, root) %{_sbindir}/virtsecretd %attr(0755, root, root) %{_sbindir}/virtsecretd
%{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
%{_mandir}/man8/virtsecretd.8*
%files daemon-driver-storage %files daemon-driver-storage