mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 05:35:25 +00:00
secret: introduce virtsecretd daemon
The virtsecretd daemon will be responsible for providing the secret API driver functionality. The secret driver is still loaded by the main libvirtd daemon at this stage, so virtsecretd must not be running at the same time. Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé
parent
b7ed8ce981
commit
d353d57fcd
4
.gitignore
vendored
4
.gitignore
vendored
@ -166,6 +166,9 @@
|
||||
/src/remote/virtproxyd.conf
|
||||
/src/rpc/virkeepaliveprotocol.[ch]
|
||||
/src/rpc/virnetprotocol.[ch]
|
||||
/src/secret/test_virtsecretd.aug
|
||||
/src/secret/virtsecretd.aug
|
||||
/src/secret/virtsecretd.conf
|
||||
/src/test*.aug
|
||||
/src/util/virkeycodetable*.h
|
||||
/src/util/virkeynametable*.h
|
||||
@ -173,6 +176,7 @@
|
||||
/src/virtlockd
|
||||
/src/virtlogd
|
||||
/src/virtproxyd
|
||||
/src/virtsecretd
|
||||
/src/virt-guest-shutdown.target
|
||||
/tests/*.log
|
||||
/tests/*.pid
|
||||
|
||||
@ -1634,6 +1634,14 @@ exit 0
|
||||
%{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
|
||||
|
||||
%files daemon-driver-secret
|
||||
%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
|
||||
%{_datadir}/augeas/lenses/virtsecretd.aug
|
||||
%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
|
||||
%{_unitdir}/virtsecretd.service
|
||||
%{_unitdir}/virtsecretd.socket
|
||||
%{_unitdir}/virtsecretd-ro.socket
|
||||
%{_unitdir}/virtsecretd-admin.socket
|
||||
%attr(0755, root, root) %{_sbindir}/virtsecretd
|
||||
%{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
|
||||
|
||||
%files daemon-driver-storage
|
||||
|
||||
@ -37,4 +37,67 @@ libvirt_driver_secret_la_LIBADD = \
|
||||
$(NULL)
|
||||
libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
|
||||
libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
|
||||
|
||||
sbin_PROGRAMS += virtsecretd
|
||||
|
||||
nodist_conf_DATA += secret/virtsecretd.conf
|
||||
augeas_DATA += secret/virtsecretd.aug
|
||||
augeastest_DATA += secret/test_virtsecretd.aug
|
||||
CLEANFILES += secret/virtsecretd.aug
|
||||
|
||||
virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES)
|
||||
virtsecretd_CFLAGS = \
|
||||
$(REMOTE_DAEMON_CFLAGS) \
|
||||
-DDAEMON_NAME="\"virtsecretd\"" \
|
||||
-DMODULE_NAME="\"secret\"" \
|
||||
$(NULL)
|
||||
virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
|
||||
virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD)
|
||||
|
||||
SYSTEMD_UNIT_FILES += \
|
||||
virtsecretd.service \
|
||||
virtsecretd.socket \
|
||||
virtsecretd-ro.socket \
|
||||
virtsecretd-admin.socket \
|
||||
$(NULL)
|
||||
SYSTEMD_UNIT_FILES_IN += \
|
||||
secret/virtsecretd.service.in \
|
||||
$(NULL)
|
||||
|
||||
VIRTSECRETD_UNIT_VARS = \
|
||||
$(VIRTD_UNIT_VARS) \
|
||||
-e 's|[@]name[@]|Libvirt secret|g' \
|
||||
-e 's|[@]service[@]|virtsecretd|g' \
|
||||
-e 's|[@]sockprefix[@]|virtsecretd|g' \
|
||||
$(NULL)
|
||||
|
||||
virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status
|
||||
$(AM_V_GEN)$(SED) $(VIRTSECRETD_UNIT_VARS) $< > $@-t && mv $@-t $@
|
||||
|
||||
virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
|
||||
$(AM_V_GEN)$(SED) $(VIRTSECRETD_UNIT_VARS) $< > $@-t && mv $@-t $@
|
||||
|
||||
secret/virtsecretd.conf: remote/libvirtd.conf.in
|
||||
$(AM_V_GEN)$(SED) \
|
||||
-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
|
||||
-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
|
||||
$< > $@
|
||||
|
||||
secret/virtsecretd.aug: remote/libvirtd.aug.in
|
||||
$(AM_V_GEN)$(SED) \
|
||||
-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
|
||||
-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
|
||||
-e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
|
||||
$< > $@
|
||||
|
||||
secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \
|
||||
secret/virtsecretd.conf $(AUG_GENTEST)
|
||||
$(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \
|
||||
$(srcdir)/remote/test_libvirtd.aug.in | \
|
||||
$(SED) \
|
||||
-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
|
||||
-e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
|
||||
-e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
|
||||
> $@ || rm -f $@
|
||||
|
||||
endif WITH_SECRETS
|
||||
|
||||
24
src/secret/virtsecretd.service.in
Normal file
24
src/secret/virtsecretd.service.in
Normal file
@ -0,0 +1,24 @@
|
||||
[Unit]
|
||||
Description=Virtualization secret daemon
|
||||
Conflicts=libvirtd.service
|
||||
Requires=virtsecretd.socket
|
||||
Requires=virtsecretd-ro.socket
|
||||
Requires=virtsecretd-admin.socket
|
||||
After=network.target
|
||||
After=dbus.service
|
||||
After=apparmor.service
|
||||
After=local-fs.target
|
||||
Documentation=man:libvirtd(8)
|
||||
Documentation=https://libvirt.org
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
ExecStart=@sbindir@/virtsecretd --timeout 120
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Also=virtsecretd.socket
|
||||
Also=virtsecretd-ro.socket
|
||||
Also=virtsecretd-admin.socket
|
||||
Loading…
Reference in New Issue
Block a user