]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b7ed8ce)
secret: introduce virtsecretd daemon
authorDaniel P. Berrangé <berrange@redhat.com>
Tue, 23 Jul 2019 11:22:41 +0000 (12:22 +0100)
committerDaniel P. Berrangé <berrange@redhat.com>
Fri, 9 Aug 2019 13:06:31 +0000 (14:06 +0100)
The virtsecretd daemon will be responsible for providing the secret API
driver functionality. The secret driver is still loaded by the main
libvirtd daemon at this stage, so virtsecretd must not be running at
the same time.

Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
.gitignore patch | blob | blame | history
libvirt.spec.in patch | blob | blame | history
src/secret/Makefile.inc.am patch | blob | blame | history
src/secret/virtsecretd.service.in [new file with mode: 0644] patch | blob

diff --git a/.gitignore b/.gitignore
index 9ad159ecfd43b60d4f25b33b05fb1c3fe521e5f5..cf3917725024a93f80a42e9bc8e96cbcc8b46878 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -166,6 +166,9 @@
 /src/remote/virtproxyd.conf
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
+/src/secret/test_virtsecretd.aug
+/src/secret/virtsecretd.aug
+/src/secret/virtsecretd.conf
 /src/test*.aug
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
@@ -173,6 +176,7 @@
 /src/virtlockd
 /src/virtlogd
 /src/virtproxyd
+/src/virtsecretd
 /src/virt-guest-shutdown.target
 /tests/*.log
 /tests/*.pid
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 2acff40ea7e0308cf8c64f95ca3797c26958a657..31da3f7581eb5ad23cee6a8882cea78c6876c61f 100644 (file)
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1634,6 +1634,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
 
 %files daemon-driver-secret
+%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
+%{_datadir}/augeas/lenses/virtsecretd.aug
+%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
+%{_unitdir}/virtsecretd.service
+%{_unitdir}/virtsecretd.socket
+%{_unitdir}/virtsecretd-ro.socket
+%{_unitdir}/virtsecretd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtsecretd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
 
 %files daemon-driver-storage
diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am
index 7a1c8f8e1a998228c8f85ef3b3dd25a9203163bd..37f816406ec19c0e09bb4cb6a67fccf994e632a6 100644 (file)
--- a/src/secret/Makefile.inc.am
+++ b/src/secret/Makefile.inc.am
@@ -37,4 +37,67 @@ libvirt_driver_secret_la_LIBADD = \
        $(NULL)
 libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
 libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
+
+sbin_PROGRAMS += virtsecretd
+
+nodist_conf_DATA += secret/virtsecretd.conf
+augeas_DATA += secret/virtsecretd.aug
+augeastest_DATA += secret/test_virtsecretd.aug
+CLEANFILES += secret/virtsecretd.aug
+
+virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtsecretd_CFLAGS = \
+       $(REMOTE_DAEMON_CFLAGS) \
+       -DDAEMON_NAME="\"virtsecretd\"" \
+       -DMODULE_NAME="\"secret\"" \
+       $(NULL)
+virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+       virtsecretd.service \
+       virtsecretd.socket \
+       virtsecretd-ro.socket \
+       virtsecretd-admin.socket \
+       $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+       secret/virtsecretd.service.in \
+       $(NULL)
+
+VIRTSECRETD_UNIT_VARS = \
+       $(VIRTD_UNIT_VARS) \
+       -e 's|[@]name[@]|Libvirt secret|g' \
+       -e 's|[@]service[@]|virtsecretd|g' \
+       -e 's|[@]sockprefix[@]|virtsecretd|g' \
+       $(NULL)
+
+virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.status
+       $(AM_V_GEN)$(SED) $(VIRTSECRETD_UNIT_VARS) $< > $@-t && mv $@-t $@
+
+virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+       $(AM_V_GEN)$(SED) $(VIRTSECRETD_UNIT_VARS) $< > $@-t && mv $@-t $@
+
+secret/virtsecretd.conf: remote/libvirtd.conf.in
+       $(AM_V_GEN)$(SED) \
+               -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+               -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+               $< > $@
+
+secret/virtsecretd.aug: remote/libvirtd.aug.in
+       $(AM_V_GEN)$(SED) \
+               -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+               -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+               -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
+               $< > $@
+
+secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \
+               secret/virtsecretd.conf $(AUG_GENTEST)
+       $(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \
+               $(srcdir)/remote/test_libvirtd.aug.in | \
+               $(SED) \
+               -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+               -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+               -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
+               > $@ || rm -f $@
+
 endif WITH_SECRETS
diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in
new file mode 100644 (file)
index 0000000..00cdc26
--- /dev/null
+++ b/src/secret/virtsecretd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=Virtualization secret daemon
+Conflicts=libvirtd.service
+Requires=virtsecretd.socket
+Requires=virtsecretd-ro.socket
+Requires=virtsecretd-admin.socket
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+ExecStart=@sbindir@/virtsecretd --timeout 120
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Also=virtsecretd.socket
+Also=virtsecretd-ro.socket
+Also=virtsecretd-admin.socket
Unnamed repository; edit this file 'description' to name the repository.