diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index b791a2eb1b..307c9ba24b 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -5,6 +5,8 @@ BindsTo=libvirtd.socket After=libvirtd.socket [Socket] +# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting +# when using systemd version < 227 ListenStream=@localstatedir@/run/libvirt/libvirt-admin-sock Service=libvirtd.service SocketMode=0600 diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index 55c44944b4..876daf0c9c 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -5,6 +5,8 @@ BindsTo=libvirtd.socket After=libvirtd.socket [Socket] +# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting +# when using systemd version < 227 ListenStream=@localstatedir@/run/libvirt/libvirt-sock-ro Service=libvirtd.service SocketMode=0666 diff --git a/src/remote/libvirtd-tcp.socket.in b/src/remote/libvirtd-tcp.socket.in index 09d5d3d67a..16a4764283 100644 --- a/src/remote/libvirtd-tcp.socket.in +++ b/src/remote/libvirtd-tcp.socket.in @@ -5,6 +5,8 @@ BindsTo=libvirtd.socket After=libvirtd.socket [Socket] +# This must match the /etc/libvirt/libvirtd.conf tcp_port setting +# when using systemd version < 227 ListenStream=16509 Service=libvirtd.service diff --git a/src/remote/libvirtd-tls.socket.in b/src/remote/libvirtd-tls.socket.in index c60f0c9c77..e904583cf9 100644 --- a/src/remote/libvirtd-tls.socket.in +++ b/src/remote/libvirtd-tls.socket.in @@ -5,6 +5,8 @@ BindsTo=libvirtd.socket After=libvirtd.socket [Socket] +# This must match the /etc/libvirt/libvirtd.conf tls_port setting +# when using systemd version < 227 ListenStream=16514 Service=libvirtd.service diff --git a/src/remote/libvirtd.conf b/src/remote/libvirtd.conf index bbeb053495..b63b8d61b7 100644 --- a/src/remote/libvirtd.conf +++ b/src/remote/libvirtd.conf @@ -10,6 +10,9 @@ # NB, must pass the --listen flag to the libvirtd process for this to # have any effect. # +# This setting is not required or honoured if using systemd socket +# activation. +# # It is necessary to setup a CA and issue server certificates before # using this capability. # @@ -20,6 +23,9 @@ # NB, must pass the --listen flag to the libvirtd process for this to # have any effect. # +# This setting is not required or honoured if using systemd socket +# activation. +# # Using the TCP socket requires SASL authentication by default. Only # SASL mechanisms which support data encryption are allowed. This is # DIGEST_MD5 and GSSAPI (Kerberos5) @@ -32,17 +38,26 @@ # Override the port for accepting secure TLS connections # This can be a port number, or service name # +# This setting is not required or honoured if using systemd socket +# activation with systemd version >= 227 +# #tls_port = "16514" # Override the port for accepting insecure TCP connections # This can be a port number, or service name # +# This setting is not required or honoured if using systemd socket +# activation with systemd version >= 227 +# #tcp_port = "16509" # Override the default configuration which binds to all network # interfaces. This can be a numeric IPv4/6 address, or hostname # +# This setting is not required or honoured if using systemd socket +# activation. +# # If the libvirtd service is started in parallel with network # startup (e.g. with systemd), binding to addresses other than # the wildcards (0.0.0.0/::) might not be available yet. @@ -59,12 +74,18 @@ # allow a 'trusted' set of users access to management capabilities # without becoming root. # +# This setting is not required or honoured if using systemd socket +# activation. +# # This is restricted to 'root' by default. #unix_sock_group = "libvirt" # Set the UNIX socket permissions for the R/O socket. This is used # for monitoring VM status only # +# This setting is not required or honoured if using systemd socket +# activation. +# # Default allows any user. If setting group ownership, you may want to # restrict this too. #unix_sock_ro_perms = "0777" @@ -72,6 +93,9 @@ # Set the UNIX socket permissions for the R/W socket. This is used # for full management of VMs # +# This setting is not required or honoured if using systemd socket +# activation. +# # Default allows only root. If PolicyKit is enabled on the socket, # the default will change to allow everyone (eg, 0777) # @@ -81,11 +105,18 @@ # Set the UNIX socket permissions for the admin interface socket. # +# This setting is not required or honoured if using systemd socket +# activation. +# # Default allows only owner (root), do not change it unless you are # sure to whom you are exposing the access to. #unix_sock_admin_perms = "0700" # Set the name of the directory in which sockets will be found/created. +# +# This setting is not required or honoured if using systemd socket +# activation with systemd version >= 227 +# #unix_sock_dir = "/var/run/libvirt" diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in index e194c6e76e..2ee4d7d7a2 100644 --- a/src/remote/libvirtd.socket.in +++ b/src/remote/libvirtd.socket.in @@ -3,6 +3,8 @@ Description=Libvirt local socket Before=libvirtd.service [Socket] +# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting +# when using systemd version < 227 ListenStream=@localstatedir@/run/libvirt/libvirt-sock Service=libvirtd.service SocketMode=0666 diff --git a/src/remote/libvirtd.sysconf b/src/remote/libvirtd.sysconf index 60a47c252f..5969518bf2 100644 --- a/src/remote/libvirtd.sysconf +++ b/src/remote/libvirtd.sysconf @@ -1,6 +1,7 @@ # Customizations for the libvirtd.service systemd unit -# Listen for TCP/IP connections +# Listen for TCP/IP connections. This is not required if using systemd +# socket activation. # NB. must setup TLS/SSL keys prior to using this #LIBVIRTD_ARGS="--listen"