This is an adaptation of the libvirtd manpage.
Signed-off-by: Daniel P. Berrangé
---
docs/manpages/index.rst | 1 +
docs/manpages/meson.build | 1 +
docs/manpages/virtsecretd.rst | 214 ++
3 files changed, 216 insertions(+)
create mode 100644 docs/manpages/virtsecretd.rst
diff --git a/docs/manpages/index.rst b/docs/manpages/index.rst
index 67357419eb..fb62dc86a2 100644
--- a/docs/manpages/index.rst
+++ b/docs/manpages/index.rst
@@ -24,6 +24,7 @@ These daemons provide functionality to a single libvirt driver
* `virtnodedevd(8) `__ - libvirt host device management
daemon
* `virtnwfilterd(8) `__ - libvirt network filter
management daemon
* `virtqemud(8) `__ - libvirt QEMU management daemon
+* `virtsecretd(8) `__ - libvirt secret data management daemon
Tools
=
diff --git a/docs/manpages/meson.build b/docs/manpages/meson.build
index e08365b780..1476722bde 100644
--- a/docs/manpages/meson.build
+++ b/docs/manpages/meson.build
@@ -32,6 +32,7 @@ docs_man_files = [
{ 'name': 'virtnwfilterd', 'section': '8', 'install':
conf.has('WITH_NWFILTER') },
{ 'name': 'virtproxyd', 'section': '8', 'install': conf.has('WITH_LIBVIRTD')
},
{ 'name': 'virtqemud', 'section': '8', 'install': conf.has('WITH_QEMU') },
+ { 'name': 'virtsecretd', 'section': '8', 'install': conf.has('WITH_SECRETS')
},
]
foreach name : keycode_list
diff --git a/docs/manpages/virtsecretd.rst b/docs/manpages/virtsecretd.rst
new file mode 100644
index 00..2fa01ef147
--- /dev/null
+++ b/docs/manpages/virtsecretd.rst
@@ -0,0 +1,214 @@
+===
+virtsecretd
+===
+
+-
+libvirt secret data management daemon
+-
+
+:Manual section: 8
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+
+
+``virtsecretd`` [*OPTION*]...
+
+
+DESCRIPTION
+===
+
+The ``virtsecretd`` program is a server side daemon component of the libvirt
+virtualization management system.
+
+It is one of a collection of modular daemons that replace functionality
+previously provided by the monolithic ``libvirtd`` daemon.
+
+This daemon runs on virtualization hosts to provide management for secret data.
+
+The ``virtsecretd`` daemon only listens for requests on a local Unix domain
+socket. Remote off-host access and backwards compatibility with legacy
+clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon.
+
+Restarting ``virtsecretd`` does not interrupt running guests. Guests continue
to
+operate and changes in their state will generally be picked up automatically
+during startup. None the less it is recommended to avoid restarting with
+running guests whenever practical.
+
+
+SYSTEM SOCKET ACTIVATION
+
+
+The ``virtsecretd`` daemon is capable of starting in two modes.
+
+In the traditional mode, it will create and listen on UNIX sockets itself.
+
+In socket activation mode, it will rely on systemd to create and listen
+on the UNIX sockets and pass them as pre-opened file descriptors. In this
+mode most of the socket related config options in
+``/etc/libvirt/virtsecretd.conf`` will no longer have any effect.
+
+Socket activation mode is generally the default when running on a host
+OS that uses systemd. To revert to the traditional mode, all the socket
+unit files must be masked:
+
+::
+
+ $ systemctl mask virtsecretd.socket virtsecretd-ro.socket \
+ virtsecretd-admin.socket
+
+
+OPTIONS
+===
+
+``-h``, ``--help``
+
+Display command line help usage then exit.
+
+``-d``, ``--daemon``
+
+Run as a daemon & write PID file.
+
+``-f``, ``--config *FILE*``
+
+Use this configuration file, overriding the default value.
+
+``-p``, ``--pid-file *FILE*``
+
+Use this name for the PID file, overriding the default value.
+
+``-t``, ``--timeout *SECONDS*``
+
+Exit after timeout period (in seconds), provided there are neither any client
+connections nor any running domains.
+
+``-v``, ``--verbose``
+
+Enable output of verbose messages.
+
+``--version``
+
+Display version information then exit.
+
+
+SIGNALS
+===
+
+On receipt of ``SIGHUP`` ``virtsecretd`` will reload its configuration.
+
+
+FILES
+=
+
+When run as *root*
+--
+
+* ``@SYSCONFDIR@/libvirt/virtsecretd.conf``
+
+The default configuration file used by ``virtsecretd``, unless overridden on
the
+command line using the ``-f`` | ``--config`` option.
+
+* ``@RUNSTATEDIR@/libvirt/virtsecretd-sock``
+* ``@RUNSTATEDIR@/libvirt/virtsecretd-sock-ro``
+* ``@RUNSTATEDIR@/libvirt/virtsecretd-admin-sock``
+
+The sockets ``virtsecretd`` will use.
+
+The TLS **Server** private key ``virtsecretd`` will use.
+
+* ``@RUNSTATEDIR@/virtsecretd.pid``
+
+The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` option.
+
+
+When run as *non-root*
+--
+
+* ``$XDG_CONFIG_HOME/libvirt/virtsecretd.conf``
+
+The default configuration file used by ``virtsecretd``, unless
