[Unit] Description=Virtualization daemon Requires=virtlogd.socket Requires=virtlockd.socket # Use Wants instead of Requires so that users # can disable these three .socket units to revert # to a traditional non-activation deployment setup Wants=libvirtd.socket Wants=libvirtd-ro.socket Wants=libvirtd-admin.socket Wants=systemd-machined.service Before=libvirt-guests.service After=network.target After=firewalld.service After=iptables.service After=ip6tables.service After=dbus.service After=iscsid.service After=apparmor.service After=local-fs.target After=remote-fs.target After=systemd-logind.service After=systemd-machined.service After=xencommons.service Conflicts=xendomains.service Documentation=man:libvirtd(8) Documentation=https://libvirt.org [Service] Type=notify Environment=LIBVIRTD_ARGS="--timeout 120" EnvironmentFile=-@sysconfdir@/sysconfig/libvirtd ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure # At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent). # eg if we want to support 4096 guests, we'll typically need 8192 FDs # If changing this, also consider virtlogd.service & virtlockd.service # limits which are also related to number of guests LimitNOFILE=8192 # The cgroups pids controller can limit the number of tasks started by # the daemon, which can limit the number of domains for some hypervisors. # A conservative default of 8 tasks per guest results in a TasksMax of # 32k to support 4096 guests. TasksMax=32768 # With cgroups v2 there is no devices controller anymore, we have to use # eBPF to control access to devices. In order to do that we create a eBPF # hash MAP which locks memory. The default map size for 64 devices together # with program takes 12k per guest. After rounding up we will get 64M to # support 4096 guests. LimitMEMLOCK=64M [Install] WantedBy=multi-user.target Also=virtlockd.socket Also=virtlogd.socket Also=libvirtd.socket Also=libvirtd-ro.socket