From d353d57fcd4893c076cfe3c85d8ba4aeb3a62cdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 23 Jul 2019 12:22:41 +0100 Subject: [PATCH] secret: introduce virtsecretd daemon MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The virtsecretd daemon will be responsible for providing the secret API driver functionality. The secret driver is still loaded by the main libvirtd daemon at this stage, so virtsecretd must not be running at the same time. Reviewed-by: Christophe de Dinechin Reviewed-by: Andrea Bolognani Signed-off-by: Daniel P. Berrangé --- .gitignore | 4 ++ libvirt.spec.in | 8 ++++ src/secret/Makefile.inc.am | 63 +++++++++++++++++++++++++++++++ src/secret/virtsecretd.service.in | 24 ++++++++++++ 4 files changed, 99 insertions(+) create mode 100644 src/secret/virtsecretd.service.in diff --git a/.gitignore b/.gitignore index 9ad159ecfd..cf39177250 100644 --- a/.gitignore +++ b/.gitignore @@ -166,6 +166,9 @@ /src/remote/virtproxyd.conf /src/rpc/virkeepaliveprotocol.[ch] /src/rpc/virnetprotocol.[ch] +/src/secret/test_virtsecretd.aug +/src/secret/virtsecretd.aug +/src/secret/virtsecretd.conf /src/test*.aug /src/util/virkeycodetable*.h /src/util/virkeynametable*.h @@ -173,6 +176,7 @@ /src/virtlockd /src/virtlogd /src/virtproxyd +/src/virtsecretd /src/virt-guest-shutdown.target /tests/*.log /tests/*.pid diff --git a/libvirt.spec.in b/libvirt.spec.in index 2acff40ea7..31da3f7581 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1634,6 +1634,14 @@ exit 0 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so %files daemon-driver-secret +%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf +%{_datadir}/augeas/lenses/virtsecretd.aug +%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug +%{_unitdir}/virtsecretd.service +%{_unitdir}/virtsecretd.socket +%{_unitdir}/virtsecretd-ro.socket +%{_unitdir}/virtsecretd-admin.socket +%attr(0755, root, root) %{_sbindir}/virtsecretd %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so %files daemon-driver-storage diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am index 7a1c8f8e1a..37f816406e 100644 --- a/src/secret/Makefile.inc.am +++ b/src/secret/Makefile.inc.am @@ -37,4 +37,67 @@ libvirt_driver_secret_la_LIBADD = \ $(NULL) libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES) + +sbin_PROGRAMS += virtsecretd + +nodist_conf_DATA += secret/virtsecretd.conf +augeas_DATA += secret/virtsecretd.aug +augeastest_DATA += secret/test_virtsecretd.aug +CLEANFILES += secret/virtsecretd.aug + +virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES) +virtsecretd_CFLAGS = \ + $(REMOTE_DAEMON_CFLAGS) \ + -DDAEMON_NAME="\"virtsecretd\"" \ + -DMODULE_NAME="\"secret\"" \ + $(NULL) +virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS) +virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD) + +SYSTEMD_UNIT_FILES += \ + virtsecretd.service \ + virtsecretd.socket \ + virtsecretd-ro.socket \ + virtsecretd-admin.socket \ + $(NULL) +SYSTEMD_UNIT_FILES_IN += \ + secret/virtsecretd.service.in \ + $(NULL) + +VIRTSECRETD_UNIT_VARS = \ + $(VIRTD_UNIT_VARS) \ + -e 's|[@]name[@]|Libvirt secret|g' \ + -e 's|[@]service[@]|virtsecretd|g' \ + -e 's|[@]sockprefix[@]|virtsecretd|g' \ + $(NULL) + +virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status + $(AM_V_GEN)$(SED) $(VIRTSECRETD_UNIT_VARS) $< > $@-t && mv $@-t $@ + +virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status + $(AM_V_GEN)$(SED) $(VIRTSECRETD_UNIT_VARS) $< > $@-t && mv $@-t $@ + +secret/virtsecretd.conf: remote/libvirtd.conf.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + $< > $@ + +secret/virtsecretd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \ + $< > $@ + +secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \ + secret/virtsecretd.conf $(AUG_GENTEST) + $(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \ + -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \ + -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \ + > $@ || rm -f $@ + endif WITH_SECRETS diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in new file mode 100644 index 0000000000..00cdc26b97 --- /dev/null +++ b/src/secret/virtsecretd.service.in @@ -0,0 +1,24 @@ +[Unit] +Description=Virtualization secret daemon +Conflicts=libvirtd.service +Requires=virtsecretd.socket +Requires=virtsecretd-ro.socket +Requires=virtsecretd-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +After=local-fs.target +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org + +[Service] +Type=notify +ExecStart=@sbindir@/virtsecretd --timeout 120 +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Also=virtsecretd.socket +Also=virtsecretd-ro.socket +Also=virtsecretd-admin.socket