From 653ddc2e649a7f59a1277b46c711a4835b47bbab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 16 Mar 2018 17:05:24 +0000
Subject: [PATCH] nwfilter: introduce virtnwfilterd daemon
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The virtnwfilterd daemon will be responsible for providing the nwfilter API
driver functionality. The nwfilter driver is still loaded by the main
libvirtd daemon at this stage, so virtnwfilterd must not be running at
the same time.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 .gitignore                            |  4 ++
 libvirt.spec.in                       |  8 ++++
 src/nwfilter/Makefile.inc.am          | 63 +++++++++++++++++++++++++++
 src/nwfilter/virtnwfilterd.service.in | 24 ++++++++++
 4 files changed, 99 insertions(+)
 create mode 100644 src/nwfilter/virtnwfilterd.service.in

diff --git a/.gitignore b/.gitignore
index c4f6c0ab2f..e726ecff98 100644
--- a/.gitignore
+++ b/.gitignore
@@ -163,6 +163,9 @@
 /src/node_device/test_virtnodedevd.aug
 /src/node_device/virtnodedevd.aug
 /src/node_device/virtnodedevd.conf
+/src/nwfilter/test_virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.conf
 /src/qemu/test_libvirtd_qemu.aug
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
@@ -190,6 +193,7 @@
 /src/virtlogd
 /src/virtnetworkd
 /src/virtnodedevd
+/src/virtnwfilterd
 /src/virtproxyd
 /src/virtsecretd
 /src/virtstoraged
diff --git a/libvirt.spec.in b/libvirt.spec.in
index a3c01e7d21..6f94ccaf32 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1653,6 +1653,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so
 
 %files daemon-driver-nwfilter
+%config(noreplace) %{_sysconfdir}/libvirt/virtnwfilterd.conf
+%{_datadir}/augeas/lenses/virtnwfilterd.aug
+%{_datadir}/augeas/lenses/tests/test_virtnwfilterd.aug
+%{_unitdir}/virtnwfilterd.service
+%{_unitdir}/virtnwfilterd.socket
+%{_unitdir}/virtnwfilterd-ro.socket
+%{_unitdir}/virtnwfilterd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtnwfilterd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
 %ghost %dir %{_localstatedir}/run/libvirt/network/
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
diff --git a/src/nwfilter/Makefile.inc.am b/src/nwfilter/Makefile.inc.am
index 810ca54bcc..277f75a9bd 100644
--- a/src/nwfilter/Makefile.inc.am
+++ b/src/nwfilter/Makefile.inc.am
@@ -41,4 +41,67 @@ libvirt_driver_nwfilter_impl_la_LIBADD = \
 	../gnulib/lib/libgnu.la \
 	$(NULL)
 libvirt_driver_nwfilter_impl_la_SOURCES = $(NWFILTER_DRIVER_SOURCES)
+
+sbin_PROGRAMS += virtnwfilterd
+
+nodist_conf_DATA += nwfilter/virtnwfilterd.conf
+augeas_DATA += nwfilter/virtnwfilterd.aug
+augeastest_DATA += nwfilter/test_virtnwfilterd.aug
+CLEANFILES += nwfilter/virtnwfilterd.aug
+
+virtnwfilterd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtnwfilterd_CFLAGS = \
+       $(REMOTE_DAEMON_CFLAGS) \
+       -DDAEMON_NAME="\"virtnwfilterd\"" \
+       -DMODULE_NAME="\"nwfilter\"" \
+       $(NULL)
+virtnwfilterd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtnwfilterd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+	virtnwfilterd.service \
+	virtnwfilterd.socket \
+	virtnwfilterd-ro.socket \
+	virtnwfilterd-admin.socket \
+	$(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+	nwfilter/virtnwfilterd.service.in \
+	$(NULL)
+
+VIRTNWFILTERD_UNIT_VARS = \
+	$(VIRTD_UNIT_VARS) \
+	-e 's|[@]name[@]|Libvirt nwfilter|g' \
+	-e 's|[@]service[@]|virtnwfilterd|g' \
+	-e 's|[@]sockprefix[@]|virtnwfilterd|g' \
+	$(NULL)
+
+virtnwfilterd.service: nwfilter/virtnwfilterd.service.in $(top_builddir)/config.status
+	$(AM_V_GEN)$(SED) $(VIRTNWFILTERD_UNIT_VARS) $< > $@-t && mv $@-t $@
+
+virtnwfilter%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+	$(AM_V_GEN)$(SED) $(VIRTNWFILTERD_UNIT_VARS) $< > $@-t && mv $@-t $@
+
+nwfilter/virtnwfilterd.conf: remote/libvirtd.conf.in
+	$(AM_V_GEN)$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \
+		$< > $@
+
+nwfilter/virtnwfilterd.aug: remote/libvirtd.aug.in
+	$(AM_V_GEN)$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \
+		-e 's/[@]DAEMON_NAME_UC[@]/Virtnwfilterd/' \
+		$< > $@
+
+nwfilter/test_virtnwfilterd.aug: remote/test_libvirtd.aug.in \
+		nwfilter/virtnwfilterd.conf $(AUG_GENTEST)
+	$(AM_V_GEN)$(AUG_GENTEST) nwfilter/virtnwfilterd.conf \
+		$(srcdir)/remote/test_libvirtd.aug.in | \
+		$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \
+		-e 's/[@]DAEMON_NAME_UC[@]/Virtnwfilterd/' \
+		> $@ || rm -f $@
+
 endif WITH_NWFILTER
diff --git a/src/nwfilter/virtnwfilterd.service.in b/src/nwfilter/virtnwfilterd.service.in
new file mode 100644
index 0000000000..57c2fafe43
--- /dev/null
+++ b/src/nwfilter/virtnwfilterd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=Virtualization nwfilter daemon
+Conflicts=libvirtd.service
+Requires=virtnwfilterd.socket
+Requires=virtnwfilterd-ro.socket
+Requires=virtnwfilterd-admin.socket
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+ExecStart=@sbindir@/virtnwfilterd --timeout 120
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Also=virtnwfilterd.socket
+Also=virtnwfilterd-ro.socket
+Also=virtnwfilterd-admin.socket
-- 
GitLab