提交 6d9e520d 编写于 作者: D Daniel P. Berrangé

remote: conditionalize IP socket config in libvirtd.conf

Prepare for reusing libvirtd config to create other daemons by making
the config parameters for IP sockets conditionally defined by the make
rules.

The main libvirtd daemon will retain IP listen ability, but all the
driver specific daemons will be local UNIX sockets only. Apps needing
IP connectivity will connect via the libvirtd daemon which will proxy
to the driver specfic daemon.
Reviewed-by: NChristophe de Dinechin <dinechin@redhat.com>
Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
上级 697371c2
......@@ -158,6 +158,7 @@
/src/remote/*_client_bodies.h
/src/remote/*_protocol.[ch]
/src/remote/*_stubs.h
/src/remote/libvirtd.conf
/src/remote/test_libvirtd.aug
/src/rpc/virkeepaliveprotocol.[ch]
/src/rpc/virnetprotocol.[ch]
......
......@@ -76,7 +76,7 @@ EXTRA_DIST += \
$(LIBVIRTD_SOURCES) \
remote/test_libvirtd.aug.in \
remote/libvirtd.aug \
remote/libvirtd.conf \
remote/libvirtd.conf.in \
remote/libvirtd.policy \
remote/libvirtd.rules \
remote/libvirtd.sasl \
......@@ -93,6 +93,9 @@ MAINTAINERCLEANFILES += \
$(REMOTE_DRIVER_GENERATED) \
$(LIBVIRTD_GENERATED) \
$(NULL)
CLEANFILES += \
remote/libvirtd.conf \
$(NULL)
if WITH_REMOTE
noinst_LTLIBRARIES += libvirt_driver_remote.la
......@@ -128,7 +131,7 @@ augeas_DATA += remote/libvirtd.aug
augeastest_DATA += remote/test_libvirtd.aug
conf_DATA += remote/libvirtd.conf
nodist_conf_DATA += remote/libvirtd.conf
man8_MANS += libvirtd.8
......@@ -179,6 +182,13 @@ libvirtd_LDADD += \
$(LIBSOCKET) \
$(NULL)
remote/libvirtd.conf: remote/libvirtd.conf.in
$(AM_V_GEN)$(SED) \
-e '/[@]CUT_ENABLE_IP[@]/d' \
-e '/[@]END[@]/d' \
-e 's|[@]DAEMON_NAME[@]|libvirtd|' \
$< > $@
INSTALL_DATA_DIRS += remote
install-data-remote:
......@@ -189,7 +199,7 @@ uninstall-data-remote:
remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \
remote/libvirtd.conf $(AUG_GENTEST)
$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/remote/libvirtd.conf $< > $@
$(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf $< > $@
if WITH_SYSCTL
# Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on
......
# Master libvirt daemon configuration file
#
@CUT_ENABLE_IP@
#################################################################
#
# Network connectivity controls
#
# Flag listening for secure TLS connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to
# have any effect.
#
# This setting is not required or honoured if using systemd socket
......@@ -20,7 +21,7 @@
#listen_tls = 0
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to
# have any effect.
#
# This setting is not required or honoured if using systemd socket
......@@ -58,13 +59,14 @@
# This setting is not required or honoured if using systemd socket
# activation.
#
# If the libvirtd service is started in parallel with network
# If the @DAEMON_NAME@ service is started in parallel with network
# startup (e.g. with systemd), binding to addresses other than
# the wildcards (0.0.0.0/::) might not be available yet.
#
#listen_addr = "192.168.0.1"
@END@
#################################################################
#
# UNIX socket access controls
......@@ -157,6 +159,7 @@
# If the unix_sock_rw_perms are changed you may wish to enable
# an authentication mechanism here
#auth_unix_rw = "none"
@CUT_ENABLE_IP@
# Change the authentication scheme for TCP sockets.
#
......@@ -174,6 +177,7 @@
# It is possible to make use of any SASL authentication
# mechanism as well, by using 'sasl' for this option
#auth_tls = "none"
@END@
# Change the API access control scheme
......@@ -182,10 +186,11 @@
# to all APIs. Access drivers can place restrictions
# on this. By default the 'nop' driver is enabled,
# meaning no access control checks are done once a
# client has authenticated with libvirtd
# client has authenticated with @DAEMON_NAME@
#
#access_drivers = [ "polkit" ]
@CUT_ENABLE_IP@
#################################################################
#
# TLS x509 certificate configuration
......@@ -225,15 +230,17 @@
@END@
#################################################################
#
# Authorization controls
#
@CUT_ENABLE_IP@
# Flag to disable verification of our own server certificates
#
# When libvirtd starts it performs some sanity checks against
# When @DAEMON_NAME@ starts it performs some sanity checks against
# its own certificates.
#
# Default is to always run sanity checks. Uncommenting this
......@@ -265,6 +272,15 @@
#tls_allowed_dn_list = ["DN1", "DN2"]
# Override the compile time default TLS priority string. The
# default is usually "NORMAL" unless overridden at build time.
# Only set this is it is desired for libvirt to deviate from
# the global default settings.
#
#tls_priority="NORMAL"
@END@
# A whitelist of allowed SASL usernames. The format for username
# depends on the SASL authentication mechanism. Kerberos usernames
# look like username@REALM
......@@ -282,14 +298,6 @@
#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
# Override the compile time default TLS priority string. The
# default is usually "NORMAL" unless overridden at build time.
# Only set this is it is desired for libvirt to deviate from
# the global default settings.
#
#tls_priority="NORMAL"
#################################################################
#
# Processing controls
......@@ -417,8 +425,8 @@
# 4: ERROR
#
# Multiple outputs can be defined, they just need to be separated by spaces.
# e.g. to log all warnings and errors to syslog under the libvirtd ident:
#log_outputs="3:syslog:libvirtd"
# e.g. to log all warnings and errors to syslog under the @DAEMON_NAME@ ident:
#log_outputs="3:syslog:@DAEMON_NAME@"
##################################################################
......@@ -461,7 +469,7 @@
###################################################################
# Keepalive protocol:
# This allows libvirtd to detect broken client connections or even
# This allows @DAEMON_NAME@ to detect broken client connections or even
# dead clients. A keepalive message is sent to a client after
# keepalive_interval seconds of inactivity to check if the client is
# still responding; keepalive_count is a maximum number of keepalive
......@@ -470,7 +478,7 @@
# words, the connection is automatically closed approximately after
# keepalive_interval * (keepalive_count + 1) seconds since the last
# message received from the client. If keepalive_interval is set to
# -1, libvirtd will never send keepalive requests; however clients
# -1, @DAEMON_NAME@ will never send keepalive requests; however clients
# can still send them and the daemon will send responses. When
# keepalive_count is set to 0, connections will be automatically
# closed after keepalive_interval seconds of inactivity without
......
......@@ -29,11 +29,11 @@ module Test_libvirtd =
{ "1" = "DN1"}
{ "2" = "DN2"}
}
{ "tls_priority" = "NORMAL" }
{ "sasl_allowed_username_list"
{ "1" = "joe@EXAMPLE.COM" }
{ "2" = "fred@EXAMPLE.COM" }
}
{ "tls_priority" = "NORMAL" }
{ "max_clients" = "5000" }
{ "max_queued_clients" = "1000" }
{ "max_anonymous_clients" = "20" }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册