remote: update config files to note usage wrt systemd socket activation

Certain libvirtd.conf settings are not honoured when using systemd socket activation. Certain systemd unit file settings must match those defined in libvirtd.conf for systemd socket activation to work with systemd version < 227, otherwise libvirtd cannot determine which inherited FD to use for which service. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-03-20 06:50:22 +03:00 · 2019-06-24 12:00:37 +01:00 · 2019-06-24 12:00:37 +01:00 · ee04bfaf9d
commit ee04bfaf9d
parent 4304222f50
7 changed files with 43 additions and 1 deletions
--- a/src/remote/libvirtd-admin.socket.in
+++ b/src/remote/libvirtd-admin.socket.in
@ -5,6 +5,8 @@ BindsTo=libvirtd.socket
 After=libvirtd.socket

 [Socket]
+# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting
+# when using systemd version < 227
 ListenStream=@localstatedir@/run/libvirt/libvirt-admin-sock
 Service=libvirtd.service
 SocketMode=0600
--- a/src/remote/libvirtd-ro.socket.in
+++ b/src/remote/libvirtd-ro.socket.in
@ -5,6 +5,8 @@ BindsTo=libvirtd.socket
 After=libvirtd.socket

 [Socket]
+# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting
+# when using systemd version < 227
 ListenStream=@localstatedir@/run/libvirt/libvirt-sock-ro
 Service=libvirtd.service
 SocketMode=0666
--- a/src/remote/libvirtd-tcp.socket.in
+++ b/src/remote/libvirtd-tcp.socket.in
@ -5,6 +5,8 @@ BindsTo=libvirtd.socket
 After=libvirtd.socket

 [Socket]
+# This must match the /etc/libvirt/libvirtd.conf tcp_port setting
+# when using systemd version < 227
 ListenStream=16509
 Service=libvirtd.service

--- a/src/remote/libvirtd-tls.socket.in
+++ b/src/remote/libvirtd-tls.socket.in
@ -5,6 +5,8 @@ BindsTo=libvirtd.socket
 After=libvirtd.socket

 [Socket]
+# This must match the /etc/libvirt/libvirtd.conf tls_port setting
+# when using systemd version < 227
 ListenStream=16514
 Service=libvirtd.service

--- a/src/remote/libvirtd.conf
+++ b/src/remote/libvirtd.conf
@ -10,6 +10,9 @@
 # NB, must pass the --listen flag to the libvirtd process for this to
 # have any effect.
 #
+# This setting is not required or honoured if using systemd socket
+# activation.
+#
 # It is necessary to setup a CA and issue server certificates before
 # using this capability.
 #
@ -20,6 +23,9 @@
 # NB, must pass the --listen flag to the libvirtd process for this to
 # have any effect.
 #
+# This setting is not required or honoured if using systemd socket
+# activation.
+#
 # Using the TCP socket requires SASL authentication by default. Only
 # SASL mechanisms which support data encryption are allowed. This is
 # DIGEST_MD5 and GSSAPI (Kerberos5)
@ -32,17 +38,26 @@
 # Override the port for accepting secure TLS connections
 # This can be a port number, or service name
 #
+# This setting is not required or honoured if using systemd socket
+# activation with systemd version >= 227
+#
 #tls_port = "16514"

 # Override the port for accepting insecure TCP connections
 # This can be a port number, or service name
 #
+# This setting is not required or honoured if using systemd socket
+# activation with systemd version >= 227
+#
 #tcp_port = "16509"


 # Override the default configuration which binds to all network
 # interfaces. This can be a numeric IPv4/6 address, or hostname
 #
+# This setting is not required or honoured if using systemd socket
+# activation.
+#
 # If the libvirtd service is started in parallel with network
 # startup (e.g. with systemd), binding to addresses other than
 # the wildcards (0.0.0.0/::) might not be available yet.
@ -59,12 +74,18 @@
 # allow a 'trusted' set of users access to management capabilities
 # without becoming root.
 #
+# This setting is not required or honoured if using systemd socket
+# activation.
+#
 # This is restricted to 'root' by default.
 #unix_sock_group = "libvirt"

 # Set the UNIX socket permissions for the R/O socket. This is used
 # for monitoring VM status only
 #
+# This setting is not required or honoured if using systemd socket
+# activation.
+#
 # Default allows any user. If setting group ownership, you may want to
 # restrict this too.
 #unix_sock_ro_perms = "0777"
@ -72,6 +93,9 @@
 # Set the UNIX socket permissions for the R/W socket. This is used
 # for full management of VMs
 #
+# This setting is not required or honoured if using systemd socket
+# activation.
+#
 # Default allows only root. If PolicyKit is enabled on the socket,
 # the default will change to allow everyone (eg, 0777)
 #
@ -81,11 +105,18 @@

 # Set the UNIX socket permissions for the admin interface socket.
 #
+# This setting is not required or honoured if using systemd socket
+# activation.
+#
 # Default allows only owner (root), do not change it unless you are
 # sure to whom you are exposing the access to.
 #unix_sock_admin_perms = "0700"

 # Set the name of the directory in which sockets will be found/created.
+#
+# This setting is not required or honoured if using systemd socket
+# activation with systemd version >= 227
+#
 #unix_sock_dir = "/var/run/libvirt"


--- a/src/remote/libvirtd.socket.in
+++ b/src/remote/libvirtd.socket.in
@ -3,6 +3,8 @@ Description=Libvirt local socket
 Before=libvirtd.service

 [Socket]
+# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting
+# when using systemd version < 227
 ListenStream=@localstatedir@/run/libvirt/libvirt-sock
 Service=libvirtd.service
 SocketMode=0666
--- a/src/remote/libvirtd.sysconf
+++ b/src/remote/libvirtd.sysconf
@ -1,6 +1,7 @@
 # Customizations for the libvirtd.service systemd unit

-# Listen for TCP/IP connections
+# Listen for TCP/IP connections. This is not required if using systemd
+# socket activation.
 # NB. must setup TLS/SSL keys prior to using this
 #LIBVIRTD_ARGS="--listen"