mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-05 04:41:20 +00:00
3916df52a4
As of commit 9e3cc0ff5
the virtsecretd daemon does not timeout
while it keeps any ephemeral secrets.
https://bugzilla.redhat.com/show_bug.cgi?id=2035985
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
214 lines
4.9 KiB
ReStructuredText
214 lines
4.9 KiB
ReStructuredText
===========
|
|
virtsecretd
|
|
===========
|
|
|
|
-------------------------------------
|
|
libvirt secret data management daemon
|
|
-------------------------------------
|
|
|
|
:Manual section: 8
|
|
:Manual group: Virtualization Support
|
|
|
|
.. contents::
|
|
|
|
SYNOPSIS
|
|
========
|
|
|
|
``virtsecretd`` [*OPTION*]...
|
|
|
|
|
|
DESCRIPTION
|
|
===========
|
|
|
|
The ``virtsecretd`` program is a server side daemon component of the libvirt
|
|
virtualization management system.
|
|
|
|
It is one of a collection of modular daemons that replace functionality
|
|
previously provided by the monolithic ``libvirtd`` daemon.
|
|
|
|
This daemon runs on virtualization hosts to provide management for secret data.
|
|
|
|
The ``virtsecretd`` daemon only listens for requests on a local Unix domain
|
|
socket. Remote off-host access and backwards compatibility with legacy
|
|
clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
|
|
|
|
Restarting ``virtsecretd`` does not interrupt running guests. Guests continue to
|
|
operate and changes in their state will generally be picked up automatically
|
|
during startup. None the less it is recommended to avoid restarting with
|
|
running guests whenever practical.
|
|
|
|
|
|
DAEMON STARTUP MODES
|
|
====================
|
|
|
|
The ``virtsecretd`` daemon is capable of starting in two modes.
|
|
|
|
|
|
Socket activation mode
|
|
----------------------
|
|
|
|
On hosts with systemd it is started in socket activation mode and it will rely
|
|
on systemd to create and listen on the UNIX sockets and pass them as pre-opened
|
|
file descriptors. In this mode most of the socket related config options in
|
|
``/etc/libvirt/virtsecretd.conf`` will no longer have any effect.
|
|
|
|
|
|
Traditional service mode
|
|
------------------------
|
|
|
|
On hosts without systemd, it will create and listen on UNIX sockets itself.
|
|
|
|
|
|
OPTIONS
|
|
=======
|
|
|
|
``-h``, ``--help``
|
|
|
|
Display command line help usage then exit.
|
|
|
|
``-d``, ``--daemon``
|
|
|
|
Run as a daemon & write PID file.
|
|
|
|
``-f``, ``--config *FILE*``
|
|
|
|
Use this configuration file, overriding the default value.
|
|
|
|
``-p``, ``--pid-file *FILE*``
|
|
|
|
Use this name for the PID file, overriding the default value.
|
|
|
|
``-t``, ``--timeout *SECONDS*``
|
|
|
|
Exit after timeout period (in seconds), provided there are neither any client
|
|
connections nor any ephemeral secrets.
|
|
|
|
``-v``, ``--verbose``
|
|
|
|
Enable output of verbose messages.
|
|
|
|
``--version``
|
|
|
|
Display version information then exit.
|
|
|
|
|
|
SIGNALS
|
|
=======
|
|
|
|
On receipt of ``SIGHUP`` ``virtsecretd`` will reload its configuration.
|
|
|
|
|
|
FILES
|
|
=====
|
|
|
|
When run as *root*
|
|
------------------
|
|
|
|
* ``@SYSCONFDIR@/libvirt/virtsecretd.conf``
|
|
|
|
The default configuration file used by ``virtsecretd``, unless overridden on the
|
|
command line using the ``-f`` | ``--config`` option.
|
|
|
|
* ``@RUNSTATEDIR@/libvirt/virtsecretd-sock``
|
|
* ``@RUNSTATEDIR@/libvirt/virtsecretd-sock-ro``
|
|
* ``@RUNSTATEDIR@/libvirt/virtsecretd-admin-sock``
|
|
|
|
The sockets ``virtsecretd`` will use.
|
|
|
|
The TLS **Server** private key ``virtsecretd`` will use.
|
|
|
|
* ``@RUNSTATEDIR@/virtsecretd.pid``
|
|
|
|
The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` option.
|
|
|
|
|
|
When run as *non-root*
|
|
----------------------
|
|
|
|
* ``$XDG_CONFIG_HOME/libvirt/virtsecretd.conf``
|
|
|
|
The default configuration file used by ``virtsecretd``, unless overridden on the
|
|
command line using the ``-f``|``--config`` option.
|
|
|
|
* ``$XDG_RUNTIME_DIR/libvirt/virtsecretd-sock``
|
|
* ``$XDG_RUNTIME_DIR/libvirt/virtsecretd-admin-sock``
|
|
|
|
The sockets ``virtsecretd`` will use.
|
|
|
|
* ``$XDG_RUNTIME_DIR/libvirt/virtsecretd.pid``
|
|
|
|
The PID file to use, unless overridden by the ``-p``|``--pid-file`` option.
|
|
|
|
|
|
If ``$XDG_CONFIG_HOME`` is not set in your environment, ``virtsecretd`` will use
|
|
``$HOME/.config``
|
|
|
|
If ``$XDG_RUNTIME_DIR`` is not set in your environment, ``virtsecretd`` will use
|
|
``$HOME/.cache``
|
|
|
|
|
|
EXAMPLES
|
|
========
|
|
|
|
To retrieve the version of ``virtsecretd``:
|
|
|
|
::
|
|
|
|
# virtsecretd --version
|
|
virtsecretd (libvirt) @VERSION@
|
|
|
|
|
|
To start ``virtsecretd``, instructing it to daemonize and create a PID file:
|
|
|
|
::
|
|
|
|
# virtsecretd -d
|
|
# ls -la @RUNSTATEDIR@/virtsecretd.pid
|
|
-rw-r--r-- 1 root root 6 Jul 9 02:40 @RUNSTATEDIR@/virtsecretd.pid
|
|
|
|
|
|
BUGS
|
|
====
|
|
|
|
Please report all bugs you discover. This should be done via either:
|
|
|
|
#. the mailing list
|
|
|
|
`https://libvirt.org/contact.html <https://libvirt.org/contact.html>`_
|
|
|
|
#. the bug tracker
|
|
|
|
`https://libvirt.org/bugs.html <https://libvirt.org/bugs.html>`_
|
|
|
|
Alternatively, you may report bugs to your software distributor / vendor.
|
|
|
|
|
|
AUTHORS
|
|
=======
|
|
|
|
Please refer to the AUTHORS file distributed with libvirt.
|
|
|
|
|
|
COPYRIGHT
|
|
=========
|
|
|
|
Copyright (C) 2006-2020 Red Hat, Inc., and the authors listed in the
|
|
libvirt AUTHORS file.
|
|
|
|
|
|
LICENSE
|
|
=======
|
|
|
|
``virtsecretd`` is distributed under the terms of the GNU LGPL v2.1+.
|
|
This is free software; see the source for copying conditions. There
|
|
is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
PURPOSE
|
|
|
|
|
|
SEE ALSO
|
|
========
|
|
|
|
virsh(1), libvirtd(8),
|
|
`https://www.libvirt.org/daemons.html <https://www.libvirt.org/daemons.html>`_,
|
|
`https://www.libvirt.org/drvsecret.html <https://www.libvirt.org/drvsecret.html>`_
|