Enable systemd socket activation with virtlockd

This enhancement virtlockd so that it can receive a pre-opened UNIX domain socket from systemd at launch time, and adds the systemd service/socket unit files * daemon/libvirtd.service.in: Require virtlockd to be running * libvirt.spec.in: Add virtlockd systemd files * src/Makefile.am: Install systemd files * src/locking/lock_daemon.c: Support socket activation * src/locking/virtlockd.service.in, src/locking/virtlockd.socket.in: systemd unit files * src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Add virNetServerServiceNewFD() method * src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virNetSocketNewListenFD method Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2024-10-01 20:05:46 +00:00 · 2011-07-07 15:02:32 +01:00 · 2011-07-07 15:02:32 +01:00 · 74c0353e4f
commit 74c0353e4f
parent 0e49b83912
5 changed files with 147 additions and 4 deletions
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@ -1497,6 +1497,7 @@ done
 %else
 if [ $1 -eq 1 ] ; then
    # Initial installation
+    /bin/systemctl enable virtlockd.socket >/dev/null 2>&1 || :
    /bin/systemctl enable libvirtd.service >/dev/null 2>&1 || :
 fi
 %endif
@ -1524,8 +1525,10 @@ fi
 %else
 if [ $1 -eq 0 ] ; then
    # Package removal, not upgrade
+    /bin/systemctl --no-reload disable virtlockd.socket > /dev/null 2>&1 || :
    /bin/systemctl --no-reload disable libvirtd.service > /dev/null 2>&1 || :
    /bin/systemctl stop libvirtd.service > /dev/null 2>&1 || :
+    /bin/systemctl stop virtlockd.service > /dev/null 2>&1 || :
 fi
 %endif
 %else
@ -1543,6 +1546,7 @@ fi
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 if [ $1 -ge 1 ] ; then
    # Package upgrade, not uninstall
+    /bin/systemctl try-restart virtlockd.service >/dev/null 2>&1 || :
    /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
 fi
 %endif
@ -1659,6 +1663,8 @@ fi
 %if %{with_systemd}
 %{_unitdir}/libvirtd.service
 %{_unitdir}/libvirt-guests.service
+%{_unitdir}/virtlockd.service
+%{_unitdir}/virtlockd.socket
 %else
 %{_sysconfdir}/rc.d/init.d/libvirtd
 %{_sysconfdir}/rc.d/init.d/libvirt-guests
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -1613,6 +1613,53 @@ virtlockd.init: locking/virtlockd.init.in $(top_builddir)/config.status



+EXTRA_DIST += locking/virtlockd.service.in locking/virtlockd.socket.in
+
+if WITH_LIBVIRTD
+if LIBVIRT_INIT_SCRIPT_SYSTEMD
+
+SYSTEMD_UNIT_DIR = /lib/systemd/system
+
+BUILT_SOURCES += virtlockd.service virtlockd.socket
+
+install-systemd: virtlockd.init install-sysconfig
+	mkdir -p $(DESTDIR)$(SYSTEMD_UNIT_DIR)
+	$(INSTALL_SCRIPT) virtlockd.service \
+	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
+	$(INSTALL_SCRIPT) virtlockd.socket \
+	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
+
+uninstall-systemd: uninstall-sysconfig
+	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/virtlockd.service
+	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/virtlockd.socket
+else
+install-systemd:
+uninstall-systemd:
+endif
+else
+install-systemd:
+uninstall-systemd:
+endif
+
+virtlockd.service: locking/virtlockd.service.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed					\
+	    -e "s!::localstatedir::!$(localstatedir)!g"	\
+	    -e "s!::sbindir::!$(sbindir)!g"		\
+	    -e "s!::sysconfdir::!$(sysconfdir)!g"	\
+	    < $< > $@-t &&				\
+	    chmod a+x $@-t &&				\
+	    mv $@-t $@
+
+virtlockd.socket: locking/virtlockd.socket.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed					\
+	    -e "s!::localstatedir::!$(localstatedir)!g"	\
+	    -e "s!::sbindir::!$(sbindir)!g"		\
+	    -e "s!::sysconfdir::!$(sysconfdir)!g"	\
+	    < $< > $@-t &&				\
+	    chmod a+x $@-t &&				\
+	    mv $@-t $@
+
+
 if HAVE_SANLOCK
 lockdriverdir = $(libdir)/libvirt/lock-driver
 lockdriver_LTLIBRARIES = sanlock.la
@ -1850,7 +1897,7 @@ endif
 endif
 EXTRA_DIST += $(SECURITY_DRIVER_APPARMOR_HELPER_SOURCES)

-install-data-local: install-init
+install-data-local: install-init install-systemd
 if WITH_LIBVIRTD
 	$(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/lockd"
 	$(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/lockd"
@ -1903,7 +1950,7 @@ if WITH_NETWORK
 	    $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml
 endif

-uninstall-local:: uninstall-init
+uninstall-local:: uninstall-init uninstall-systemd
 if WITH_LIBVIRTD
 	rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/lockd" ||:
 	rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/lockd" ||:
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@ -496,8 +496,69 @@ virLockDaemonSetupSignals(virNetServerPtr srv)
    return 0;
 }

+
 static int
-virLockDaemonSetupNetworking(virNetServerPtr srv, const char *sock_path)
+virLockDaemonSetupNetworkingSystemD(virNetServerPtr srv)
+{
+    virNetServerServicePtr svc;
+    const char *pidstr;
+    const char *fdstr;
+    unsigned long long procid;
+    unsigned int nfds;
+
+    if (!(pidstr = getenv("LISTEN_PID"))) {
+        VIR_DEBUG("No LISTEN_FDS from systemd");
+        return 0;
+    }
+
+    if (virStrToLong_ull(pidstr, NULL, 10, &procid) < 0) {
+        VIR_DEBUG("Malformed LISTEN_PID from systemd %s", pidstr);
+        return 0;
+    }
+
+    if ((pid_t)procid != getpid()) {
+        VIR_DEBUG("LISTEN_PID %s is not for us %llu",
+                  pidstr, (unsigned long long)getpid());
+        return 0;
+    }
+
+    if (!(fdstr = getenv("LISTEN_FDS"))) {
+        VIR_DEBUG("No LISTEN_FDS from systemd");
+        return 0;
+    }
+
+    if (virStrToLong_ui(fdstr, NULL, 10, &nfds) < 0) {
+        VIR_DEBUG("Malformed LISTEN_FDS from systemd %s", fdstr);
+        return 0;
+    }
+
+    if (nfds > 1) {
+        VIR_DEBUG("Too many (%d) file descriptors from systemd",
+                  nfds);
+        nfds = 1;
+    }
+
+    unsetenv("LISTEN_PID");
+    unsetenv("LISTEN_FDS");
+
+    if (nfds == 0)
+        return 0;
+
+    /* Systemd passes FDs, starting immediately after stderr,
+     * so the first FD we'll get is '3'. */
+    if (!(svc = virNetServerServiceNewFD(3, 0, false, 1, NULL)))
+        return -1;
+
+    if (virNetServerAddService(srv, svc, NULL) < 0) {
+        virObjectUnref(svc);
+        return -1;
+    }
+    return 1;
+}
+
+
+static int
+virLockDaemonSetupNetworkingNative(virNetServerPtr srv, const char *sock_path)
 {
    virNetServerServicePtr svc;

@ -726,6 +787,7 @@ int main(int argc, char **argv) {
    mode_t old_umask;
    bool privileged = false;
    virLockDaemonConfigPtr config = NULL;
+    int rv;

    struct option opts[] = {
        { "verbose", no_argument, &verbose, 1},
@ -901,7 +963,14 @@ int main(int argc, char **argv) {
        goto cleanup;
    }

-    if (virLockDaemonSetupNetworking(lockDaemon->srv, sock_file) < 0) {
+    if ((rv = virLockDaemonSetupNetworkingSystemD(lockDaemon->srv)) < 0) {
+        ret = VIR_LOCK_DAEMON_ERR_NETWORK;
+        goto cleanup;
+    }
+
+    /* Only do this, if systemd did not pass a FD */
+    if (rv == 0 &&
+        virLockDaemonSetupNetworkingNative(lockDaemon->srv, sock_file) < 0) {
        ret = VIR_LOCK_DAEMON_ERR_NETWORK;
        goto cleanup;
    }
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@ -0,0 +1,13 @@
+[Unit]
+Description=Virtual machine lock manager
+Requires=virtlockd.socket
+After=syslog.target
+
+[Service]
+EnvironmentFile=-/etc/sysconfig/virtlockd
+ExecStart=@sbindir@/virtlockd
+ExecReload=/bin/kill -HUP $MAINPID
+# Loosing the locks is a really bad thing that will
+# cause the machine to be fenced (rebooted), so make
+# sure we discourage OOM killer
+OOMScoreAdjust=-900
--- a/src/locking/virtlockd.socket.in
+++ b/src/locking/virtlockd.socket.in
@ -0,0 +1,8 @@
+[Unit]
+Description=Virtual machine lock manager socket
+
+[Socket]
+ListenStream=/var/run/libvirt/virtlockd/virtlockd.sock
+
+[Install]
+WantedBy=multi-user.target