RFC: Switch to a date-based versioning scheme
Since we're just a few months away from the 10.0.0 release, I thought it would be a good time to bring up this idea. Can we move to date-based version numbers? I suggest having libvirt 24.01.0 instead of 10.0.0 24.03.010.1.0 24.04.010.2.0 ... 24.11.010.9.0 24.12.010.10.0 The big advantage is that, once version numbers are obviously date-based, any expectation of them being interpreted according to semver[1] are immediately gone. Of course semver doesn't make sense for us, given our extremely strong backwards compatibility guarantees, and that's exactly why we've left it behind with 2.0.0; however, that's something that's not immediately obvious to someone who's not very involved with our development process, and regarless of our intentions libvirt version numbers *will* be mistakenly assumed to be semver-compliant on occasion. People are quite used to date-based version numbers thanks to Ubuntu having used them for almost two decades, so I don't think anyone is going to be confused by the move. And since our release schedule is already date-based, having the versioning scheme match that just makes perfect sense IMO. Up until now, one could have argued in favor of the current versioning scheme because of the single-digit major version component, but that's going away next year regardless, which makes this the perfect time to raise the topic :) Thoughts? [1] https://semver.org/ -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 0/6] meson: Improve handling of tests
On Wed, Oct 25, 2023 at 09:41:40AM +0200, Michal Prívozník wrote: > On 10/3/23 16:56, Andrea Bolognani wrote: > > Andrea Bolognani (6): > > meson: Do less when not building from git > > meson: Move all handling of test options together > > meson: Handle -Dtests=enabled with Clang > > meson: Make -Dexpensive_tests depend on -Dtests > > meson: Disable all tests when tests are disabled > > meson: Rename build_tests -> tests_enabled > > Reviewed-by: Michal Privoznik Thanks a lot for the review! Unfortunately I have realized that this, merged as-is, would break things quite badly on macOS and consequently result in every single pipeline failing. Wouldn't want that :) Luckily the fix is not complicated and doesn't invalidate most of the series either. v2 here: https://listman.redhat.com/archives/libvir-list/2023-October/242876.html -- Andrea Bolognani / Red Hat / Virtualization
Re: [PATCH] util:hostcpu: Report physical address size based on Architecture
On Wed, Oct 25, 2023 at 05:27:07PM +0100, Daniel P. Berrangé wrote: > On Wed, Oct 25, 2023 at 09:12:32AM -0700, Andrea Bolognani wrote: > > On Fri, Oct 20, 2023 at 12:48:26PM +0200, Michal Prívozník wrote: > > > On 10/4/23 07:58, Narayana Murty N wrote: > > > > This patch fixes this issue by returning the size=0 for architectures > > > > other than x86 and SuperH. > > > > > > Whoa, I had no idea that SH is still alive (an well?). > > > > As of a few months ago, Debian builds libvirt on SuperH: > > > > https://buildd.debian.org/status/logs.php?pkg=libvirt=sh4 > > > > The QEMU driver is disabled, since there is no matching qemu-system > > binary, but the LXC driver should (at least theoretically) work :) > > Maybe I misinterpret what you're saying here, but the lack of a > qemu-system-sh binary shouldn't be a reason to disable the QEMU > driver, as the user can use non-native qemu-system binaries. Yeah, sorry, my use of "matching" here was misleading. What I wanted to say is that none of the qemu-system binaries are built on sh4[1], so there is no way for the QEMU driver to do anything useful. [1] https://salsa.debian.org/qemu-team/qemu/-/blob/6d78618959cfae452801b596074dc67c55e5b087/debian/rules#L39-52 -- Andrea Bolognani / Red Hat / Virtualization
[libvirt PATCH v2 5/8] meson: Handle -Dtests=enabled with Clang
There are some cases in which we automatically disable tests when using Clang as the compiler. If the user has explicitly asked for tests to be enabled, however, we should error out instead of silently disabling things. Signed-off-by: Andrea Bolognani Reviewed-by: Michal Privoznik --- meson.build | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index a372f99c21..ea8ee84ba0 100644 --- a/meson.build +++ b/meson.build @@ -2035,7 +2035,11 @@ if build_tests[0] and \ # If CLang doesn't support -fsemantic-interposition then our # mocking doesn't work. The best we can do is to not run the # test suite. - build_tests = [ false, '!!! Forcibly disabling tests because CLang lacks -fsemantic-interposition. Update CLang or disable optimization !!!' ] + msg = 'Forcibly disabling tests because CLang lacks -fsemantic-interposition. Update CLang or disable optimization' + if get_option('tests').enabled() + error(msg) + endif + build_tests = [ false, '!!! @0@ !!!'.format(msg) ] endif if get_option('expensive_tests').auto() -- 2.41.0
[libvirt PATCH v2 7/8] meson: Disable all tests when tests are disabled
Currently, passing -Dtests=disabled only disables a subset of tests: those that are written in C and thus require compilation. Other tests, such as the syntax-check ones and those that are implemented as scripts, are always enabled. There's a potentially dangerous consequence of this behavior: when tests are disabled, 'meson test' will succeed as if they had been enabled. No indication of this will be shown, so the user will likely make the reasonable assumption that everything is fine when in fact the significantly reduced coverage might be hiding failures. To solve this issues, disable *all* tests when asked to do so, and inject an intentionally failing test to ensure that 'meson test' doesn't succeed. Best viewed with 'git show -w'. Signed-off-by: Andrea Bolognani --- build-aux/meson.build | 2 +- docs/html/meson.build | 20 ++-- docs/meson.build | 24 ++--- meson.build| 7 ++ src/access/meson.build | 16 ++-- src/meson.build| 204 + 6 files changed, 144 insertions(+), 129 deletions(-) diff --git a/build-aux/meson.build b/build-aux/meson.build index b5d88a4c44..84405c5ec8 100644 --- a/build-aux/meson.build +++ b/build-aux/meson.build @@ -1,6 +1,6 @@ # Skip syntax-check if not building from git because we get the list of files # to check using git commands and it fails if we are not in git repository. -if git +if git and build_tests[0] flake8_path = '' if flake8_prog.found() flake8_path = flake8_prog.full_path() diff --git a/docs/html/meson.build b/docs/html/meson.build index c0a666f4e1..b4e81f8501 100644 --- a/docs/html/meson.build +++ b/docs/html/meson.build @@ -119,12 +119,14 @@ html_xslt_gen = [] # --- end of XSLT processing --- -test( - 'check-html', - xmllint_prog, - args: [ -'--nonet', '--noout', docs_html_paths, - ], - depends: docs_html_dep, - suite: 'script' -) +if build_tests[0] + test( +'check-html', +xmllint_prog, +args: [ + '--nonet', '--noout', docs_html_paths, +], +depends: docs_html_dep, +suite: 'script' + ) +endif diff --git a/docs/meson.build b/docs/meson.build index b20ef1c926..52763a8597 100644 --- a/docs/meson.build +++ b/docs/meson.build @@ -351,14 +351,16 @@ run_target( depends: install_web_deps, ) -test( - 'check-html-references', - python3_prog, - args: [ -check_html_references_prog.full_path(), -'--webroot', -meson.project_build_root() / 'docs' - ], - env: runutf8, - suite: 'script' -) +if build_tests[0] + test( +'check-html-references', +python3_prog, +args: [ + check_html_references_prog.full_path(), + '--webroot', + meson.project_build_root() / 'docs' +], +env: runutf8, +suite: 'script' + ) +endif diff --git a/meson.build b/meson.build index 33027404f6..b30150d605 100644 --- a/meson.build +++ b/meson.build @@ -2085,6 +2085,13 @@ subdir('tools') if build_tests[0] subdir('tests') +else + # Ensure that 'meson test' fails when tests are disabled, as opposed to + # misleadingly succeeding at doing absolutely nothing + test( +'tests-are-disabled', +python3_prog, args: [ '-c', 'raise Exception("tests are disabled")' ], + ) endif subdir('examples') diff --git a/src/access/meson.build b/src/access/meson.build index e65f17c0a2..6ca953c932 100644 --- a/src/access/meson.build +++ b/src/access/meson.build @@ -105,10 +105,12 @@ access_dep = declare_dependency( generated_sym_files += access_gen_sym -test( - 'check-aclperms', - python3_prog, - args: [ check_aclperms_prog.full_path(), access_perm_h, files('viraccessperm.c') ], - env: runutf8, - suite: 'script' -) +if build_tests[0] + test( +'check-aclperms', +python3_prog, +args: [ check_aclperms_prog.full_path(), access_perm_h, files('viraccessperm.c') ], +env: runutf8, +suite: 'script' + ) +endif diff --git a/src/meson.build b/src/meson.build index 43146fe3c3..e25b3e5980 100644 --- a/src/meson.build +++ b/src/meson.build @@ -946,121 +946,123 @@ meson.add_install_script( # Check driver files -if host_machine.system() == 'linux' - test( -'check-symfile', -python3_prog, -args: [ check_symfile_prog.full_path(), libvirt_syms, libvirt_lib ], -env: runutf8, -suite: 'script' - ) - - if conf.has('WITH_REMOTE') +if build_tests[0] + if host_machine.system() == 'linux' test( - 'check-admin-symfile', + 'check-symfile', python3_prog, - args: [ check_symfile_prog.full_path(), libvirt_admin_syms, libvirt_admin_lib ], + args: [ check_symfile_prog.full_path(), libvirt_syms, libvirt_lib ], env: runutf8, suite: 'script' ) + +if conf.has('WITH_REMOTE') + test( +'check-admin-symfile', +python3_prog, +args: [ check_symfile_prog.full_path(), libvirt_admin_syms, libvirt_admin_lib ], +env: runutf8, +suite: 'script' + ) +endif endif -endif -test(
[libvirt PATCH v2 1/8] tests: Fix some test cases on macOS
Test cases that depend on duplicating fds are using fairly big values as targets. This works fine on Linux, where RLIMIT_NOFILE is 1024 by default, but fails on macOS which uses 256 as the default. Decrease the values so that they're valid across all platforms. Signed-off-by: Andrea Bolognani --- .../qemuxml2argvdata/disk-source-fd.x86_64-latest.args | 10 +- .../qemuxml2argvdata/disk-vhostvdpa.x86_64-latest.args | 2 +- tests/qemuxml2argvtest.c | 8 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/qemuxml2argvdata/disk-source-fd.x86_64-latest.args b/tests/qemuxml2argvdata/disk-source-fd.x86_64-latest.args index 9d8109a8f4..1341b7d032 100644 --- a/tests/qemuxml2argvdata/disk-source-fd.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-source-fd.x86_64-latest.args @@ -27,18 +27,18 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -no-shutdown \ -boot strict=on \ -device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \ --add-fd set=2,fd=700,opaque=libvirt-4-storage0 \ --add-fd set=2,fd=705,opaque=libvirt-4-storage1 \ +-add-fd set=2,fd=200,opaque=libvirt-4-storage0 \ +-add-fd set=2,fd=205,opaque=libvirt-4-storage1 \ -blockdev '{"driver":"file","filename":"/dev/fdset/2","node-name":"libvirt-4-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"qcow2","file":"libvirt-4-storage"}' \ -device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x2","drive":"libvirt-4-format","id":"virtio-disk4","bootindex":1}' \ -blockdev '{"driver":"file","filename":"/var/lib/libvirt/images/rhel7.1484071876","node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-3-format","read-only":true,"driver":"qcow2","file":"libvirt-3-storage","backing":null}' \ --add-fd set=1,fd=777,opaque=libvirt-2-storage0 \ --add-fd set=1,fd=778,opaque=libvirt-2-storage1 \ +-add-fd set=1,fd=247,opaque=libvirt-2-storage0 \ +-add-fd set=1,fd=248,opaque=libvirt-2-storage1 \ -blockdev '{"driver":"file","filename":"/dev/fdset/1","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-2-format","read-only":true,"driver":"qcow2","file":"libvirt-2-storage","backing":"libvirt-3-format"}' \ --add-fd set=0,fd=704,opaque=libvirt-1-storage0 \ +-add-fd set=0,fd=204,opaque=libvirt-1-storage0 \ -blockdev '{"driver":"file","filename":"/dev/fdset/0","node-name":"libvirt-1-storage","read-only":false,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":"libvirt-2-format"}' \ -device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x3","drive":"libvirt-1-format","id":"virtio-disk5"}' \ diff --git a/tests/qemuxml2argvdata/disk-vhostvdpa.x86_64-latest.args b/tests/qemuxml2argvdata/disk-vhostvdpa.x86_64-latest.args index b987455ee4..27035184ad 100644 --- a/tests/qemuxml2argvdata/disk-vhostvdpa.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-vhostvdpa.x86_64-latest.args @@ -27,7 +27,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -no-shutdown \ -boot strict=on \ -device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \ --add-fd set=0,fd=801,opaque=libvirt-1-storage-vdpa \ +-add-fd set=0,fd=201,opaque=libvirt-1-storage-vdpa \ -blockdev '{"driver":"virtio-blk-vhost-vdpa","path":"/dev/fdset/0","node-name":"libvirt-1-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-1-format","read-only":false,"c
[libvirt PATCH v2 8/8] meson: Rename build_tests -> tests_enabled
Given that this variable now controls not just whether C tests are built, but also whether any test at all is executed, the new name is more appropriate. Update the description for the corresponding meson option accordingly. Signed-off-by: Andrea Bolognani Reviewed-by: Michal Privoznik --- build-aux/meson.build | 2 +- docs/html/meson.build | 2 +- docs/meson.build | 2 +- meson.build| 14 +++--- meson_options.txt | 2 +- src/access/meson.build | 2 +- src/meson.build| 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/build-aux/meson.build b/build-aux/meson.build index 84405c5ec8..f96d46c445 100644 --- a/build-aux/meson.build +++ b/build-aux/meson.build @@ -1,6 +1,6 @@ # Skip syntax-check if not building from git because we get the list of files # to check using git commands and it fails if we are not in git repository. -if git and build_tests[0] +if git and tests_enabled[0] flake8_path = '' if flake8_prog.found() flake8_path = flake8_prog.full_path() diff --git a/docs/html/meson.build b/docs/html/meson.build index b4e81f8501..e2758ed177 100644 --- a/docs/html/meson.build +++ b/docs/html/meson.build @@ -119,7 +119,7 @@ html_xslt_gen = [] # --- end of XSLT processing --- -if build_tests[0] +if tests_enabled[0] test( 'check-html', xmllint_prog, diff --git a/docs/meson.build b/docs/meson.build index 52763a8597..87d728213c 100644 --- a/docs/meson.build +++ b/docs/meson.build @@ -351,7 +351,7 @@ run_target( depends: install_web_deps, ) -if build_tests[0] +if tests_enabled[0] test( 'check-html-references', python3_prog, diff --git a/meson.build b/meson.build index b30150d605..e51ba9231e 100644 --- a/meson.build +++ b/meson.build @@ -2027,8 +2027,8 @@ conf.set_quoted('TLS_PRIORITY', get_option('tls_priority')) # test options -build_tests = [ not get_option('tests').disabled() ] -if build_tests[0] and \ +tests_enabled = [ not get_option('tests').disabled() ] +if tests_enabled[0] and \ cc.get_id() == 'clang' and \ not supported_cc_flags.contains('-fsemantic-interposition') \ and get_option('optimization') != '0' @@ -2039,14 +2039,14 @@ if build_tests[0] and \ if get_option('tests').enabled() error(msg) endif - build_tests = [ false, '!!! @0@ !!!'.format(msg) ] + tests_enabled = [ false, '!!! @0@ !!!'.format(msg) ] endif if get_option('expensive_tests').auto() - use_expensive_tests = not git and build_tests[0] + use_expensive_tests = not git and tests_enabled[0] else use_expensive_tests = get_option('expensive_tests').enabled() - if use_expensive_tests and not build_tests[0] + if use_expensive_tests and not tests_enabled[0] error('cannot enable expensive tests when tests are disabled') endif endif @@ -2083,7 +2083,7 @@ subdir('src') subdir('tools') -if build_tests[0] +if tests_enabled[0] subdir('tests') else # Ensure that 'meson test' fails when tests are disabled, as opposed to @@ -2307,7 +2307,7 @@ endif misc_summary = { 'Warning Flags': supported_cc_flags, 'docs': gen_docs, - 'tests': build_tests, + 'tests': tests_enabled, 'DTrace': conf.has('WITH_DTRACE_PROBES'), 'firewalld': conf.has('WITH_FIREWALLD'), 'firewalld-zone': conf.has('WITH_FIREWALLD_ZONE'), diff --git a/meson_options.txt b/meson_options.txt index 7c428a9eb0..a0928102bf 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -10,7 +10,7 @@ option('git_werror', type: 'feature', value: 'auto', description: 'use -Werror i option('rpath', type: 'feature', value: 'auto', description: 'whether to include rpath information in installed binaries and libraries') option('docdir', type: 'string', value: '', description: 'documentation installation directory') option('docs', type: 'feature', value: 'auto', description: 'whether to generate documentation') -option('tests', type: 'feature', value: 'auto', description: 'whether to build tests') +option('tests', type: 'feature', value: 'auto', description: 'whether to build and run tests') # build dependencies options diff --git a/src/access/meson.build b/src/access/meson.build index 6ca953c932..fc5ba5b342 100644 --- a/src/access/meson.build +++ b/src/access/meson.build @@ -105,7 +105,7 @@ access_dep = declare_dependency( generated_sym_files += access_gen_sym -if build_tests[0] +if tests_enabled[0] test( 'check-aclperms', python3_prog, diff --git a/src/meson.build b/src/meson.build index e25b3e5980..5fc4d03b4a 100644 --- a/src/meson.build +++ b/src/meson.build @@ -946,7 +946,7 @@ meson.add_install_script( # Check driver files -if build_tests[0] +if tests_enabled[0] if host_machine.system() == 'linux' test( 'check-symfile', -- 2.41.0
[libvirt PATCH v2 6/8] meson: Make -Dexpensive_tests depend on -Dtests
It only makes sense to enable expensive tests when tests are enabled. Disallow invalid configurations. Signed-off-by: Andrea Bolognani Reviewed-by: Michal Privoznik --- meson.build | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index ea8ee84ba0..33027404f6 100644 --- a/meson.build +++ b/meson.build @@ -2043,9 +2043,12 @@ if build_tests[0] and \ endif if get_option('expensive_tests').auto() - use_expensive_tests = not git + use_expensive_tests = not git and build_tests[0] else use_expensive_tests = get_option('expensive_tests').enabled() + if use_expensive_tests and not build_tests[0] +error('cannot enable expensive tests when tests are disabled') + endif endif coverage_flags = [] -- 2.41.0
[libvirt PATCH v2 3/8] meson: Do less when not building from git
As explained in the comment, the syntax-check machinery uses git to figure out the list of files it should operate on, so we can only enable it when building from git. Despite only registering the various tests with meson in that case, however, we unconditionally perform a bunch of preparation that is only useful for the purpose of registering and running the tests. If we're not going to do that, we can skip a few steps and save a bit of time. Best viewed with 'git show -w'. Signed-off-by: Andrea Bolognani Reviewed-by: Michal Privoznik --- build-aux/meson.build | 99 +-- 1 file changed, 49 insertions(+), 50 deletions(-) diff --git a/build-aux/meson.build b/build-aux/meson.build index 16d085505d..b5d88a4c44 100644 --- a/build-aux/meson.build +++ b/build-aux/meson.build @@ -1,63 +1,62 @@ -flake8_path = '' -if flake8_prog.found() - flake8_path = flake8_prog.full_path() -endif +# Skip syntax-check if not building from git because we get the list of files +# to check using git commands and it fails if we are not in git repository. +if git + flake8_path = '' + if flake8_prog.found() +flake8_path = flake8_prog.full_path() + endif -if host_machine.system() == 'freebsd' or host_machine.system() == 'darwin' - make_prog = find_program('gmake') - sed_prog = find_program('gsed') -else - make_prog = find_program('make') - sed_prog = find_program('sed') -endif + if host_machine.system() == 'freebsd' or host_machine.system() == 'darwin' +make_prog = find_program('gmake') +sed_prog = find_program('gsed') + else +make_prog = find_program('make') +sed_prog = find_program('sed') + endif -if host_machine.system() == 'freebsd' - grep_prog = find_program('grep') - grep_cmd = run_command(grep_prog, '--version', check: true) - if grep_cmd.stdout().startswith('grep (BSD grep') -grep_prog = find_program('/usr/local/bin/grep', required: false) -if not grep_prog.found() - error('GNU grep not found') + if host_machine.system() == 'freebsd' +grep_prog = find_program('grep') +grep_cmd = run_command(grep_prog, '--version', check: true) +if grep_cmd.stdout().startswith('grep (BSD grep') + grep_prog = find_program('/usr/local/bin/grep', required: false) + if not grep_prog.found() +error('GNU grep not found') + endif endif + elif host_machine.system() == 'darwin' +grep_prog = find_program('ggrep') + else +grep_prog = find_program('grep') endif -elif host_machine.system() == 'darwin' - grep_prog = find_program('ggrep') -else - grep_prog = find_program('grep') -endif - -awk_prog = find_program('awk') -syntax_check_conf = configuration_data({ - 'top_srcdir': meson.project_source_root(), - 'top_builddir': meson.project_build_root(), - 'flake8_path': flake8_path, - 'runutf8': ' '.join(runutf8), - 'PYTHON3': python3_prog.full_path(), - 'GREP': grep_prog.full_path(), - 'SED': sed_prog.full_path(), - 'AWK': awk_prog.full_path(), -}) + awk_prog = find_program('awk') -configure_file( - input: 'Makefile.in', - output: '@BASENAME@', - configuration: syntax_check_conf, -) + syntax_check_conf = configuration_data({ +'top_srcdir': meson.project_source_root(), +'top_builddir': meson.project_build_root(), +'flake8_path': flake8_path, +'runutf8': ' '.join(runutf8), +'PYTHON3': python3_prog.full_path(), +'GREP': grep_prog.full_path(), +'SED': sed_prog.full_path(), +'AWK': awk_prog.full_path(), + }) -rc = run_command( - 'sed', '-n', - 's/^sc_\\([a-zA-Z0-9_-]*\\):.*/\\1/p', - meson.current_source_dir() / 'syntax-check.mk', - check: true, -) + configure_file( +input: 'Makefile.in', +output: '@BASENAME@', +configuration: syntax_check_conf, + ) -sc_tests = rc.stdout().strip().split() + rc = run_command( +'sed', '-n', +'s/^sc_\\([a-zA-Z0-9_-]*\\):.*/\\1/p', +meson.current_source_dir() / 'syntax-check.mk', +check: true, + ) + sc_tests = rc.stdout().strip().split() -# Skip syntax-check if not building from git because we get the list of files -# to check using git commands and it fails if we are not in git repository. -if git foreach target : sc_tests test( target, -- 2.41.0
[libvirt PATCH v2 4/8] meson: Move all handling of test options together
This will make future patches nicer. Note that we need to handle these somewhat late because of the dependency on information about the compiler and the flags it supports. Signed-off-by: Andrea Bolognani Reviewed-by: Michal Privoznik --- meson.build | 57 +++-- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/meson.build b/meson.build index 47748febb8..a372f99c21 100644 --- a/meson.build +++ b/meson.build @@ -151,23 +151,6 @@ if packager_version != '' endif -# test options - -if get_option('expensive_tests').auto() - use_expensive_tests = not git -else - use_expensive_tests = get_option('expensive_tests').enabled() -endif - -coverage_flags = [] -if get_option('test_coverage') - coverage_flags = [ -'-fprofile-arcs', -'-ftest-coverage', - ] -endif - - # Add RPATH information when building for a non-standard prefix, or # when explicitly requested to do so @@ -2041,6 +2024,35 @@ endif conf.set_quoted('TLS_PRIORITY', get_option('tls_priority')) + +# test options + +build_tests = [ not get_option('tests').disabled() ] +if build_tests[0] and \ + cc.get_id() == 'clang' and \ + not supported_cc_flags.contains('-fsemantic-interposition') \ + and get_option('optimization') != '0' + # If CLang doesn't support -fsemantic-interposition then our + # mocking doesn't work. The best we can do is to not run the + # test suite. + build_tests = [ false, '!!! Forcibly disabling tests because CLang lacks -fsemantic-interposition. Update CLang or disable optimization !!!' ] +endif + +if get_option('expensive_tests').auto() + use_expensive_tests = not git +else + use_expensive_tests = get_option('expensive_tests').enabled() +endif + +coverage_flags = [] +if get_option('test_coverage') + coverage_flags = [ +'-fprofile-arcs', +'-ftest-coverage', + ] +endif + + # Various definitions # Python3 < 3.7 treats the C locale as 7-bit only. We must force env vars so @@ -2064,17 +2076,6 @@ subdir('src') subdir('tools') -build_tests = [ not get_option('tests').disabled() ] -if build_tests[0] and \ - cc.get_id() == 'clang' and \ - not supported_cc_flags.contains('-fsemantic-interposition') \ - and get_option('optimization') != '0' - # If CLang doesn't support -fsemantic-interposition then our - # mocking doesn't work. The best we can do is to not run the - # test suite. - build_tests = [ false, '!!! Forcibly disabling tests because CLang lacks -fsemantic-interposition. Update CLang or disable optimization !!!' ] -endif - if build_tests[0] subdir('tests') endif -- 2.41.0
[libvirt PATCH v2 2/8] ci: Disable optimizations on macOS
Clang can be too aggressive at optimizations, which can end up breaking our test suite. See f9f5ab57189b for details. As a result of this, since 7944700b4037 we are automatically disabling tests when Clang is used unless it supports the -fsemantic-interposition compiler flag. Since the version of Clang included in macOS doesn't support that compiler flag, we end up always disabling the test suite on that platform. This is already far from ideal, considering that it was just last year when we finally managed to get the test suite to successfully pass on macOS, and it would be a real shame if the situation regressed again. With the upcoming changes, which will turn running 'meson test' into a hard failure if tests are disabled, this behavior will result in every single pipeline failing. Work around the problem the only way we can: disabling optimizations entirely for the macOS CI jobs. Signed-off-by: Andrea Bolognani --- ci/cirrus/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/cirrus/build.yml b/ci/cirrus/build.yml index 519e5ae144..60ac90eee0 100644 --- a/ci/cirrus/build.yml +++ b/ci/cirrus/build.yml @@ -24,7 +24,7 @@ build_task: - git fetch origin "${CI_MERGE_REQUEST_REF_PATH:-$CI_COMMIT_REF_NAME}" - git reset --hard "$CI_COMMIT_SHA" build_script: -- meson setup build +- if test "$(uname)" = "Darwin"; then meson setup build --optimization 0; else meson setup build; fi - meson dist -C build --no-tests - meson compile -C build - meson test -C build --no-suite syntax-check --print-errorlogs || (cat ~/Library/Logs/DiagnosticReports/*.crash && exit 1) -- 2.41.0
[libvirt PATCH v2 0/8] meson: Improve handling of tests
Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/1049326523 Changes from [v1] * fix test suite on macOS and ensure it is run as part of the pipeline (with the previous version it would just always fail); * disable a couple of tests (check-html, check-html-references) that I had missed the first time around. [v1] https://listman.redhat.com/archives/libvir-list/2023-October/242491.html Andrea Bolognani (8): tests: Fix some test cases on macOS ci: Disable optimizations on macOS meson: Do less when not building from git meson: Move all handling of test options together meson: Handle -Dtests=enabled with Clang meson: Make -Dexpensive_tests depend on -Dtests meson: Disable all tests when tests are disabled meson: Rename build_tests -> tests_enabled build-aux/meson.build | 99 + ci/cirrus/build.yml | 2 +- docs/html/meson.build | 20 +- docs/meson.build | 24 ++- meson.build | 75 --- meson_options.txt | 2 +- src/access/meson.build| 16 +- src/meson.build | 204 +- .../disk-source-fd.x86_64-latest.args | 10 +- .../disk-vhostvdpa.x86_64-latest.args | 2 +- tests/qemuxml2argvtest.c | 8 +- 11 files changed, 242 insertions(+), 220 deletions(-) -- 2.41.0
Re: [PATCH] util:hostcpu: Report physical address size based on Architecture
On Fri, Oct 20, 2023 at 12:48:26PM +0200, Michal Prívozník wrote: > On 10/4/23 07:58, Narayana Murty N wrote: > > This patch fixes this issue by returning the size=0 for architectures > > other than x86 and SuperH. > > Whoa, I had no idea that SH is still alive (an well?). As of a few months ago, Debian builds libvirt on SuperH: https://buildd.debian.org/status/logs.php?pkg=libvirt=sh4 The QEMU driver is disabled, since there is no matching qemu-system binary, but the LXC driver should (at least theoretically) work :) -- Andrea Bolognani / Red Hat / Virtualization
[libvirt PATCH 1/1] meson: Fix XDR check for GNU/Hurd
The situation is the same as Linux: since glibc no longer includes the RPC functionality, libtirpc must be used to complement it. Signed-off-by: Andrea Bolognani --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index de23fbda1e..47748febb8 100644 --- a/meson.build +++ b/meson.build @@ -867,7 +867,7 @@ if not get_option('driver_remote').disabled() # use extra library as it's provided by libc directly. if host_machine.system() == 'windows' xdr_dep = cc.find_library('portablexdr', required: get_option('driver_remote')) - elif host_machine.system() == 'linux' + elif host_machine.system() in [ 'linux', 'gnu' ] xdr_dep = dependency('libtirpc', required: get_option('driver_remote')) elif host_machine.system() in [ 'freebsd', 'darwin' ] xdr_dep = cc.find_library('c', required: get_option('driver_remote')) -- 2.41.0
[libvirt PATCH 0/1] meson: Fix XDR check for GNU/Hurd
The inability of libvirt to successfully build on GNU/Hurd has been, I'm sure we all agree, a major sticking point for the project. No more! Note that there are a bunch of known issues in the storage driver and elsewhere, some of which I'm going to address in future patches, but this one-liner is enough to get a working client-only build going. This patch has already been added to the Debian package[1], resulting in the first known successful build ever[2] for the platform. [1] https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/208 [2] https://buildd.debian.org/status/fetch.php?pkg=libvirt=hurd-i386=9.8.0-2=1697204567=0 Andrea Bolognani (1): meson: Fix XDR check for GNU/Hurd meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.41.0
Re: [PATCH libvirt v1 0/3] Ensure full early console access with libvirt
On Tue, Oct 24, 2023 at 05:14:41PM +0200, Marc Hartmayer wrote: > On Tue, Oct 24, 2023 at 02:12 PM +0200, Michal Prívozník > wrote: > > On 9/28/23 17:37, Marc Hartmayer wrote: > >> Marc Hartmayer (3): > >> virsh: add `console --resume` support > >> Improve `virsh start --console` behavior > >> Improve `virsh create --console` behavior > > > > All 'issues' I've raised are trivial. I've fixed them and pushed. Sorry > > for leaving this to rot this long on the list. > > > > Reviewed-by: Michal Privoznik > > Thanks a ton! Marc, can you please add a couple of lines about this change to the release notes (NEWS.rst)? It's a really nice improvement and we definitely want users to learn about it :) Thanks in advance! -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 00/11] systemd: Further improvements
On Mon, Oct 02, 2023 at 10:51:15AM +0200, Andrea Bolognani wrote: > This series addresses two pieces of feedback from my recent systemd > changes: that some settings, such as LimitNOFILE, where still being > repeated verbatim in multiple locations, and that only having the > foo.{service,socket}.extra.in files for some services and not others > could be confusing. > > Andrea Bolognani (11): > systemd: libvirtd doesn't need @sockprefix@ > systemd: Support merging multiple units > systemd: Accept multiple files for service_extra_in/socket_extra_in > systemd: Introduce systemd_service_limitnofile_extra > systemd: Introduce systemd_service_taskmax_extra > systemd: Introduce systemd_service_limitmemlock_extra > systemd: Introduce systemd_service_oomscoreadjust_extra > systemd: Allow comments at the top of units > systemd: Set service_extra_in/socket_extra_in everywhere > systemd: Make service_extra_in/socket_extra_in required > systemd: Tweak service definitions Ping It still applies cleanly. I've noticed that I've called one of the new meson variables systemd_service_taskmax_extra instead of systemd_service_tasksmax_extra The latter is consistent with the name of the corresponding file (src/virtd.service.tasksmax.extra.in) and the systemd knob it changes (TasksMax=). I've changed it locally, but it doesn't seem worthwhile to post a v2 just because of that. -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 0/6] meson: Improve handling of tests
On Tue, Oct 03, 2023 at 04:56:31PM +0200, Andrea Bolognani wrote: > Andrea Bolognani (6): > meson: Do less when not building from git > meson: Move all handling of test options together > meson: Handle -Dtests=enabled with Clang > meson: Make -Dexpensive_tests depend on -Dtests > meson: Disable all tests when tests are disabled > meson: Rename build_tests -> tests_enabled > > build-aux/meson.build | 99 ++-- > meson.build| 75 +-- > meson_options.txt | 2 +- > src/access/meson.build | 16 ++-- > src/meson.build| 204 + > 5 files changed, 207 insertions(+), 189 deletions(-) Ping. This no longer applies cleanly after 7cbd8c423057 but the conflict is easy enough to handle, so I don't think it's worth posting v2 because of it. -- Andrea Bolognani / Red Hat / Virtualization
Re: [PATCH] specfile: use correct option for nbdkit in mingw build
On Sun, Oct 22, 2023 at 10:48:33PM -0400, Laine Stump wrote: > +++ b/libvirt.spec.in > @@ -1356,7 +1356,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' > %{_specdir}/libvirt.spec) >-Dglusterfs=disabled \ >-Dhost_validate=disabled \ >-Dlibiscsi=disabled \ > - -Dlibnbd=disabled \ > + -Dnbdkit=disabled \ My bad. Please add Resolves: https://gitlab.com/libvirt/libvirt/-/issues/550 in addition to Reviewed-by: Andrea Bolognani before pushing. -- Andrea Bolognani / Red Hat / Virtualization
[libvirt PATCH v2 1/1] meson: Improve nbdkit configurability
Currently, nbdkit support will automatically be enabled as long as the pidfd_open(2) syscall is available. Optionally, libnbd is used to generate more user-friendly error messages. In theory this is all good, since use of nbdkit is supposed to be transparent to the user. In practice, however, there is a problem: if support for it is enabled at build time and the necessary runtime components are installed, nbdkit will always be preferred, with no way for the user to opt out. This will arguably be fine in the long run, but right now none of the platforms that we target ships with a SELinux policy that allows libvirt to launch nbdkit, and the AppArmor policy that we maintain ourselves hasn't been updated either. So, in practice, as of today having nbdkit installed on the host makes network disks completely unusable unless you're willing to compromise the overall security of the system by disabling SELinux/AppArmor. In order to make the transition smoother, provide a convenient way for users and distro packagers to disable nbdkit support at compile time until SELinux and AppArmor are ready. In the process, detection is completely overhauled. libnbd is made mandatory when nbdkit support is enabled, since availability across operating systems is comparable and offering users the option to make error messages worse doesn't make a lot of sense; we also make sure that an explicit request from the user to enable/disable nbdkit support is either complied with, or results in a build failure when that's not possible. Last but not least, we avoid linking against libnbd when nbdkit support is disabled. At the RPM level, we disable the feature when building against anything older than Fedora 40, which still doesn't have the necessary SELinux bits but will hopefully gain them by the time it's released. We also allow nbdkit support to be disabled at build time the same way as other optional features, that is, by passing "--define '_without_nbdkit 1'" to rpmbuild. Finally, if nbdkit support has been disabled, installing libvirt will no longer drag it in as a (weak) dependency. Signed-off-by: Andrea Bolognani --- libvirt.spec.in| 28 +--- meson.build| 29 + meson_options.txt | 2 +- src/qemu/qemu_nbdkit.c | 6 +++--- 4 files changed, 50 insertions(+), 15 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index f3d21ccc8f..fe54c45c5c 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -95,6 +95,7 @@ %define with_fuse 0 %define with_sanlock 0 %define with_numad0 +%define with_nbdkit 0 %define with_firewalld_zone 0 %define with_netcf0 %define with_libssh2 0 @@ -173,6 +174,18 @@ %endif %endif +# We should only enable nbdkit support if the OS ships a SELinux policy that +# allows libvirt to launch it. Right now that's not the case anywhere, but +# things should be fine by the time Fedora 40 is released. +# +# TODO: add RHEL 9 once a minor release that contains the necessary SELinux +# bits exists (we only support the most recent minor release) +%if %{with_qemu} +%if 0%{?fedora} >= 40 +%define with_nbdkit 0%{!?_without_nbdkit:1} +%endif +%endif + %ifarch %{arches_dmidecode} %define with_dmidecode 0%{!?_without_dmidecode:1} %endif @@ -312,6 +325,9 @@ BuildRequires: util-linux BuildRequires: libacl-devel # From QEMU RPMs, used by virstoragetest BuildRequires: /usr/bin/qemu-img +%endif +# nbdkit support requires libnbd +%if %{with_nbdkit} BuildRequires: libnbd-devel %endif # For LVM drivers @@ -769,9 +785,11 @@ Requires: numad Recommends: passt Recommends: passt-selinux %endif +%if %{with_nbdkit} Recommends: nbdkit Recommends: nbdkit-curl-plugin Recommends: nbdkit-ssh-plugin +%endif %description daemon-driver-qemu The qemu driver plugin for the libvirtd daemon, providing @@ -1078,10 +1096,8 @@ exit 1 %if %{with_qemu} %define arg_qemu -Ddriver_qemu=enabled -%define arg_libnbd -Dlibnbd=enabled %else %define arg_qemu -Ddriver_qemu=disabled -%define arg_libnbd -Dlibnbd=disabled %endif %if %{with_openvz} @@ -1158,6 +1174,12 @@ exit 1 %define arg_numad -Dnumad=disabled %endif +%if %{with_nbdkit} +%define arg_nbdkit -Dnbdkit=enabled +%else +%define arg_nbdkit -Dnbdkit=disabled +%endif + %if %{with_fuse} %define arg_fuse -Dfuse=enabled %else @@ -1270,7 +1292,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dyajl=enabled \ %{?arg_sanlock} \ -Dlibpcap=enabled \ - %{?arg_libnbd} \ + %{?arg_nbdkit} \ -Dlibnl=enabled \ -Daudit=enabled \ -Ddtrace=enabled \ diff --git a/meson.build b/meson.build index 6fa1f74670..de23fbda1e 100644 --- a/meson.build +++ b/meson.build @@ -1011,10 +1011,27 @@ endif libiscsi_version = '1.18.0'
[libvirt PATCH v2 0/1] meson: Improve nbdkit configurability
Changes from [v1]: * disable nbdkit on anything older than Fedora 40 in the RPM. [v1] https://listman.redhat.com/archives/libvir-list/2023-October/242498.html Andrea Bolognani (1): meson: Improve nbdkit configurability libvirt.spec.in| 28 +--- meson.build| 29 + meson_options.txt | 2 +- src/qemu/qemu_nbdkit.c | 6 +++--- 4 files changed, 50 insertions(+), 15 deletions(-) -- 2.41.0
[libvirt PATCH] meson: Improve nbdkit configurability
Currently, nbdkit support will automatically be enabled as long as the pidfd_open(2) syscall is available. Optionally, libnbd is used to generate more user-friendly error messages. In theory this is all good, since use of nbdkit is supposed to be transparent to the user. In practice, however, there is a problem: if support for it is enabled at build time and the necessary runtime components are installed, nbdkit will always be preferred, with no way for the user to opt out. This will arguably be fine in the long run, but right now none of the platforms that we target ships with a SELinux policy that allows libvirt to launch nbdkit, and the AppArmor policy that we maintain ourselves hasn't been updated either. So, in practice, as of today having nbdkit installed on the host makes network disks completely unusable unless you're willing to compromise the overall security of the system by disabling SELinux/AppArmor. In order to make the transition smoother, provide a convenient way for users and distro packagers to disable nbdkit support at compile time until SELinux and AppArmor are ready. In the process, detection is completely overhauled. libnbd is made mandatory when nbdkit support is enabled, since availability across operating systems is comparable and offering users the option to make error messages worse doesn't make a lot of sense; we also make sure that an explicit request from the user to enable/disable nbdkit support is either complied with, or results in a build failure when that's not possible. Last but not least, we avoid linking against libnbd when nbdkit support is disabled. At the RPM level, we disable the feature when building against RHEL 8, which doesn't have pidfd_open(2), and also allow it to be disabled at build time the same as other optional features, that is, by passing "--define '_without_nbdkit 1'" to rpmbuild. Finally, if nbdkit support has been disabled, installing libvirt will no longer drag it in as a (weak) dependency. Signed-off-by: Andrea Bolognani --- libvirt.spec.in| 23 --- meson.build| 29 + meson_options.txt | 2 +- src/qemu/qemu_nbdkit.c | 6 +++--- 4 files changed, 45 insertions(+), 15 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index f3d21ccc8f..2ea465348c 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -95,6 +95,7 @@ %define with_fuse 0 %define with_sanlock 0 %define with_numad0 +%define with_nbdkit 0 %define with_firewalld_zone 0 %define with_netcf0 %define with_libssh2 0 @@ -173,6 +174,13 @@ %endif %endif +# nbdkit support requires pidfd_open(2), which is not in RHEL 8 +%if %{with_qemu} +%if 0%{?fedora} || 0%{?rhel} >= 9 +%define with_nbdkit 0%{!?_without_nbdkit:1} +%endif +%endif + %ifarch %{arches_dmidecode} %define with_dmidecode 0%{!?_without_dmidecode:1} %endif @@ -312,6 +320,9 @@ BuildRequires: util-linux BuildRequires: libacl-devel # From QEMU RPMs, used by virstoragetest BuildRequires: /usr/bin/qemu-img +%endif +# nbdkit support requires libnbd +%if %{with_nbdkit} BuildRequires: libnbd-devel %endif # For LVM drivers @@ -769,9 +780,11 @@ Requires: numad Recommends: passt Recommends: passt-selinux %endif +%if %{with_nbdkit} Recommends: nbdkit Recommends: nbdkit-curl-plugin Recommends: nbdkit-ssh-plugin +%endif %description daemon-driver-qemu The qemu driver plugin for the libvirtd daemon, providing @@ -1078,10 +1091,8 @@ exit 1 %if %{with_qemu} %define arg_qemu -Ddriver_qemu=enabled -%define arg_libnbd -Dlibnbd=enabled %else %define arg_qemu -Ddriver_qemu=disabled -%define arg_libnbd -Dlibnbd=disabled %endif %if %{with_openvz} @@ -1158,6 +1169,12 @@ exit 1 %define arg_numad -Dnumad=disabled %endif +%if %{with_nbdkit} +%define arg_nbdkit -Dnbdkit=enabled +%else +%define arg_nbdkit -Dnbdkit=disabled +%endif + %if %{with_fuse} %define arg_fuse -Dfuse=enabled %else @@ -1270,7 +1287,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dyajl=enabled \ %{?arg_sanlock} \ -Dlibpcap=enabled \ - %{?arg_libnbd} \ + %{?arg_nbdkit} \ -Dlibnl=enabled \ -Daudit=enabled \ -Ddtrace=enabled \ diff --git a/meson.build b/meson.build index 6fa1f74670..de23fbda1e 100644 --- a/meson.build +++ b/meson.build @@ -1011,10 +1011,27 @@ endif libiscsi_version = '1.18.0' libiscsi_dep = dependency('libiscsi', version: '>=' + libiscsi_version, required: get_option('libiscsi')) -libnbd_version = '1.0' -libnbd_dep = dependency('libnbd', version: '>=' + libnbd_version, required: get_option('libnbd')) -if libnbd_dep.found() - conf.set('WITH_LIBNBD', 1) +if not get_option('nbdkit').disabled() + libnbd_version = '1.0' + libnbd_dep = dependency('libnbd', version: '&
[libvirt PATCH 1/6] meson: Do less when not building from git
As explained in the comment, the syntax-check machinery uses git to figure out the list of files it should operate on, so we can only enable it when building from git. Despite only registering the various tests with meson in that case, however, we unconditionally perform a bunch of preparation that is only useful for the purpose of registering and running the tests. If we're not going to do that, we can skip a few steps and save a bit of time. Best viewed with 'git show -w'. Signed-off-by: Andrea Bolognani --- build-aux/meson.build | 99 +-- 1 file changed, 49 insertions(+), 50 deletions(-) diff --git a/build-aux/meson.build b/build-aux/meson.build index 16d085505d..b5d88a4c44 100644 --- a/build-aux/meson.build +++ b/build-aux/meson.build @@ -1,63 +1,62 @@ -flake8_path = '' -if flake8_prog.found() - flake8_path = flake8_prog.full_path() -endif +# Skip syntax-check if not building from git because we get the list of files +# to check using git commands and it fails if we are not in git repository. +if git + flake8_path = '' + if flake8_prog.found() +flake8_path = flake8_prog.full_path() + endif -if host_machine.system() == 'freebsd' or host_machine.system() == 'darwin' - make_prog = find_program('gmake') - sed_prog = find_program('gsed') -else - make_prog = find_program('make') - sed_prog = find_program('sed') -endif + if host_machine.system() == 'freebsd' or host_machine.system() == 'darwin' +make_prog = find_program('gmake') +sed_prog = find_program('gsed') + else +make_prog = find_program('make') +sed_prog = find_program('sed') + endif -if host_machine.system() == 'freebsd' - grep_prog = find_program('grep') - grep_cmd = run_command(grep_prog, '--version', check: true) - if grep_cmd.stdout().startswith('grep (BSD grep') -grep_prog = find_program('/usr/local/bin/grep', required: false) -if not grep_prog.found() - error('GNU grep not found') + if host_machine.system() == 'freebsd' +grep_prog = find_program('grep') +grep_cmd = run_command(grep_prog, '--version', check: true) +if grep_cmd.stdout().startswith('grep (BSD grep') + grep_prog = find_program('/usr/local/bin/grep', required: false) + if not grep_prog.found() +error('GNU grep not found') + endif endif + elif host_machine.system() == 'darwin' +grep_prog = find_program('ggrep') + else +grep_prog = find_program('grep') endif -elif host_machine.system() == 'darwin' - grep_prog = find_program('ggrep') -else - grep_prog = find_program('grep') -endif - -awk_prog = find_program('awk') -syntax_check_conf = configuration_data({ - 'top_srcdir': meson.project_source_root(), - 'top_builddir': meson.project_build_root(), - 'flake8_path': flake8_path, - 'runutf8': ' '.join(runutf8), - 'PYTHON3': python3_prog.full_path(), - 'GREP': grep_prog.full_path(), - 'SED': sed_prog.full_path(), - 'AWK': awk_prog.full_path(), -}) + awk_prog = find_program('awk') -configure_file( - input: 'Makefile.in', - output: '@BASENAME@', - configuration: syntax_check_conf, -) + syntax_check_conf = configuration_data({ +'top_srcdir': meson.project_source_root(), +'top_builddir': meson.project_build_root(), +'flake8_path': flake8_path, +'runutf8': ' '.join(runutf8), +'PYTHON3': python3_prog.full_path(), +'GREP': grep_prog.full_path(), +'SED': sed_prog.full_path(), +'AWK': awk_prog.full_path(), + }) -rc = run_command( - 'sed', '-n', - 's/^sc_\\([a-zA-Z0-9_-]*\\):.*/\\1/p', - meson.current_source_dir() / 'syntax-check.mk', - check: true, -) + configure_file( +input: 'Makefile.in', +output: '@BASENAME@', +configuration: syntax_check_conf, + ) -sc_tests = rc.stdout().strip().split() + rc = run_command( +'sed', '-n', +'s/^sc_\\([a-zA-Z0-9_-]*\\):.*/\\1/p', +meson.current_source_dir() / 'syntax-check.mk', +check: true, + ) + sc_tests = rc.stdout().strip().split() -# Skip syntax-check if not building from git because we get the list of files -# to check using git commands and it fails if we are not in git repository. -if git foreach target : sc_tests test( target, -- 2.41.0
[libvirt PATCH 6/6] meson: Rename build_tests -> tests_enabled
Given that this variable now controls not just whether C tests are built, but also whether any test at all is executed, the new name is more appropriate. Update the description for the corresponding meson option accordingly. Signed-off-by: Andrea Bolognani --- build-aux/meson.build | 2 +- meson.build| 14 +++--- meson_options.txt | 2 +- src/access/meson.build | 2 +- src/meson.build| 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/build-aux/meson.build b/build-aux/meson.build index 84405c5ec8..f96d46c445 100644 --- a/build-aux/meson.build +++ b/build-aux/meson.build @@ -1,6 +1,6 @@ # Skip syntax-check if not building from git because we get the list of files # to check using git commands and it fails if we are not in git repository. -if git and build_tests[0] +if git and tests_enabled[0] flake8_path = '' if flake8_prog.found() flake8_path = flake8_prog.full_path() diff --git a/meson.build b/meson.build index 5a1a81d087..397315a77d 100644 --- a/meson.build +++ b/meson.build @@ -2014,8 +2014,8 @@ endif # test options -build_tests = [ not get_option('tests').disabled() ] -if build_tests[0] and \ +tests_enabled = [ not get_option('tests').disabled() ] +if tests_enabled[0] and \ cc.get_id() == 'clang' and \ not supported_cc_flags.contains('-fsemantic-interposition') \ and get_option('optimization') != '0' @@ -2026,14 +2026,14 @@ if build_tests[0] and \ if get_option('tests').enabled() error(msg) endif - build_tests = [ false, '!!! @0@ !!!'.format(msg) ] + tests_enabled = [ false, '!!! @0@ !!!'.format(msg) ] endif if get_option('expensive_tests').auto() - use_expensive_tests = not git and build_tests[0] + use_expensive_tests = not git and tests_enabled[0] else use_expensive_tests = get_option('expensive_tests').enabled() - if use_expensive_tests and not build_tests[0] + if use_expensive_tests and not tests_enabled[0] error('cannot enable expensive tests when tests are disabled') endif endif @@ -2070,7 +2070,7 @@ subdir('src') subdir('tools') -if build_tests[0] +if tests_enabled[0] subdir('tests') else # Ensure that 'meson test' fails when tests are disabled, as opposed to @@ -2294,7 +2294,7 @@ endif misc_summary = { 'Warning Flags': supported_cc_flags, 'docs': gen_docs, - 'tests': build_tests, + 'tests': tests_enabled, 'DTrace': conf.has('WITH_DTRACE_PROBES'), 'firewalld': conf.has('WITH_FIREWALLD'), 'firewalld-zone': conf.has('WITH_FIREWALLD_ZONE'), diff --git a/meson_options.txt b/meson_options.txt index ba6e49afc5..16812f7ade 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -10,7 +10,7 @@ option('git_werror', type: 'feature', value: 'auto', description: 'use -Werror i option('rpath', type: 'feature', value: 'auto', description: 'whether to include rpath information in installed binaries and libraries') option('docdir', type: 'string', value: '', description: 'documentation installation directory') option('docs', type: 'feature', value: 'auto', description: 'whether to generate documentation') -option('tests', type: 'feature', value: 'auto', description: 'whether to build tests') +option('tests', type: 'feature', value: 'auto', description: 'whether to build and run tests') # build dependencies options diff --git a/src/access/meson.build b/src/access/meson.build index 6ca953c932..fc5ba5b342 100644 --- a/src/access/meson.build +++ b/src/access/meson.build @@ -105,7 +105,7 @@ access_dep = declare_dependency( generated_sym_files += access_gen_sym -if build_tests[0] +if tests_enabled[0] test( 'check-aclperms', python3_prog, diff --git a/src/meson.build b/src/meson.build index 0c64cef04e..14686065bf 100644 --- a/src/meson.build +++ b/src/meson.build @@ -942,7 +942,7 @@ meson.add_install_script( # Check driver files -if build_tests[0] +if tests_enabled[0] if host_machine.system() == 'linux' test( 'check-symfile', -- 2.41.0
[libvirt PATCH 5/6] meson: Disable all tests when tests are disabled
Currently, passing -Dtests=disabled only disables a subset of tests: those that are written in C and thus require compilation. Other tests, such as the syntax-check ones and those that are implemented as scripts, are always enabled. There's a potentially dangerous consequence of this behavior: when tests are disabled, 'meson test' will succeed as if they had been enabled. No indication of this will be shown, so the user will likely make the reasonable assumption that everything is fine when in fact the significantly reduced coverage might be hiding failures. To solve this issues, disable *all* tests when asked to do so, and inject an intentionally failing test to ensure that 'meson test' doesn't succeed. Best viewed with 'git show -w'. Signed-off-by: Andrea Bolognani --- build-aux/meson.build | 2 +- meson.build| 7 ++ src/access/meson.build | 16 ++-- src/meson.build| 204 + 4 files changed, 120 insertions(+), 109 deletions(-) diff --git a/build-aux/meson.build b/build-aux/meson.build index b5d88a4c44..84405c5ec8 100644 --- a/build-aux/meson.build +++ b/build-aux/meson.build @@ -1,6 +1,6 @@ # Skip syntax-check if not building from git because we get the list of files # to check using git commands and it fails if we are not in git repository. -if git +if git and build_tests[0] flake8_path = '' if flake8_prog.found() flake8_path = flake8_prog.full_path() diff --git a/meson.build b/meson.build index 7ec2a6fd1e..5a1a81d087 100644 --- a/meson.build +++ b/meson.build @@ -2072,6 +2072,13 @@ subdir('tools') if build_tests[0] subdir('tests') +else + # Ensure that 'meson test' fails when tests are disabled, as opposed to + # misleadingly succeeding at doing absolutely nothing + test( +'tests-are-disabled', +python3_prog, args: [ '-c', 'raise Exception("tests are disabled")' ], + ) endif subdir('examples') diff --git a/src/access/meson.build b/src/access/meson.build index e65f17c0a2..6ca953c932 100644 --- a/src/access/meson.build +++ b/src/access/meson.build @@ -105,10 +105,12 @@ access_dep = declare_dependency( generated_sym_files += access_gen_sym -test( - 'check-aclperms', - python3_prog, - args: [ check_aclperms_prog.full_path(), access_perm_h, files('viraccessperm.c') ], - env: runutf8, - suite: 'script' -) +if build_tests[0] + test( +'check-aclperms', +python3_prog, +args: [ check_aclperms_prog.full_path(), access_perm_h, files('viraccessperm.c') ], +env: runutf8, +suite: 'script' + ) +endif diff --git a/src/meson.build b/src/meson.build index 144f24e526..0c64cef04e 100644 --- a/src/meson.build +++ b/src/meson.build @@ -942,121 +942,123 @@ meson.add_install_script( # Check driver files -if host_machine.system() == 'linux' - test( -'check-symfile', -python3_prog, -args: [ check_symfile_prog.full_path(), libvirt_syms, libvirt_lib ], -env: runutf8, -suite: 'script' - ) - - if conf.has('WITH_REMOTE') +if build_tests[0] + if host_machine.system() == 'linux' test( - 'check-admin-symfile', + 'check-symfile', python3_prog, - args: [ check_symfile_prog.full_path(), libvirt_admin_syms, libvirt_admin_lib ], + args: [ check_symfile_prog.full_path(), libvirt_syms, libvirt_lib ], env: runutf8, suite: 'script' ) + +if conf.has('WITH_REMOTE') + test( +'check-admin-symfile', +python3_prog, +args: [ check_symfile_prog.full_path(), libvirt_admin_syms, libvirt_admin_lib ], +env: runutf8, +suite: 'script' + ) +endif endif -endif -test( - 'check-symsorting', - python3_prog, - args: [ -check_symsorting_prog.full_path(), -meson.current_source_dir(), -files(sym_files, used_sym_files), - ], - env: runutf8, - suite: 'script' -) + test( +'check-symsorting', +python3_prog, +args: [ + check_symsorting_prog.full_path(), + meson.current_source_dir(), + files(sym_files, used_sym_files), +], +env: runutf8, +suite: 'script' + ) -test( - 'check-admin-symsorting', - python3_prog, - args: [ -check_symsorting_prog.full_path(), -meson.current_source_dir(), -libvirt_admin_private_syms, - ], - env: runutf8, - suite: 'script' -) + test( +'check-admin-symsorting', +python3_prog, +args: [ + check_symsorting_prog.full_path(), + meson.current_source_dir(), + libvirt_admin_private_syms, +], +env: runutf8, +suite: 'script' + ) -test( - 'check-drivername', - python3_prog, - args: [ -check_drivername_prog.full_path(), files(driver_headers), -files('libvirt_public.syms'), libvirt_qemu_syms, libvirt_lxc_syms, - ], - env: runutf8, - suite: 'script' -) + test( +'check-drivername', +python3_prog, +args: [ + check_drivername_prog.full_path(), files(driver_headers), + files('libvirt_public.syms'), libvirt
[libvirt PATCH 4/6] meson: Make -Dexpensive_tests depend on -Dtests
It only makes sense to enable expensive tests when tests are enabled. Disallow invalid configurations. Signed-off-by: Andrea Bolognani --- meson.build | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index ed9a07942d..7ec2a6fd1e 100644 --- a/meson.build +++ b/meson.build @@ -2030,9 +2030,12 @@ if build_tests[0] and \ endif if get_option('expensive_tests').auto() - use_expensive_tests = not git + use_expensive_tests = not git and build_tests[0] else use_expensive_tests = get_option('expensive_tests').enabled() + if use_expensive_tests and not build_tests[0] +error('cannot enable expensive tests when tests are disabled') + endif endif coverage_flags = [] -- 2.41.0
[libvirt PATCH 3/6] meson: Handle -Dtests=enabled with Clang
There are some cases in which we automatically disable tests when using Clang as the compiler. If the user has explicitly asked for tests to be enabled, however, we should error out instead of silently disabling things. Signed-off-by: Andrea Bolognani --- meson.build | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index ef0b5641de..ed9a07942d 100644 --- a/meson.build +++ b/meson.build @@ -2022,7 +2022,11 @@ if build_tests[0] and \ # If CLang doesn't support -fsemantic-interposition then our # mocking doesn't work. The best we can do is to not run the # test suite. - build_tests = [ false, '!!! Forcibly disabling tests because CLang lacks -fsemantic-interposition. Update CLang or disable optimization !!!' ] + msg = 'Forcibly disabling tests because CLang lacks -fsemantic-interposition. Update CLang or disable optimization' + if get_option('tests').enabled() + error(msg) + endif + build_tests = [ false, '!!! @0@ !!!'.format(msg) ] endif if get_option('expensive_tests').auto() -- 2.41.0
[libvirt PATCH 2/6] meson: Move all handling of test options together
This will make future patches nicer. Note that we need to handle these somewhat late because of the dependency on information about the compiler and the flags it supports. Signed-off-by: Andrea Bolognani --- meson.build | 57 +++-- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/meson.build b/meson.build index 6fa1f74670..ef0b5641de 100644 --- a/meson.build +++ b/meson.build @@ -151,23 +151,6 @@ if packager_version != '' endif -# test options - -if get_option('expensive_tests').auto() - use_expensive_tests = not git -else - use_expensive_tests = get_option('expensive_tests').enabled() -endif - -coverage_flags = [] -if get_option('test_coverage') - coverage_flags = [ -'-fprofile-arcs', -'-ftest-coverage', - ] -endif - - # Add RPATH information when building for a non-standard prefix, or # when explicitly requested to do so @@ -2028,6 +2011,35 @@ if conf.has('WITH_DECL_SYS_PIDFD_OPEN') conf.set('WITH_NBDKIT', 1) endif + +# test options + +build_tests = [ not get_option('tests').disabled() ] +if build_tests[0] and \ + cc.get_id() == 'clang' and \ + not supported_cc_flags.contains('-fsemantic-interposition') \ + and get_option('optimization') != '0' + # If CLang doesn't support -fsemantic-interposition then our + # mocking doesn't work. The best we can do is to not run the + # test suite. + build_tests = [ false, '!!! Forcibly disabling tests because CLang lacks -fsemantic-interposition. Update CLang or disable optimization !!!' ] +endif + +if get_option('expensive_tests').auto() + use_expensive_tests = not git +else + use_expensive_tests = get_option('expensive_tests').enabled() +endif + +coverage_flags = [] +if get_option('test_coverage') + coverage_flags = [ +'-fprofile-arcs', +'-ftest-coverage', + ] +endif + + # Various definitions # Python3 < 3.7 treats the C locale as 7-bit only. We must force env vars so @@ -2051,17 +2063,6 @@ subdir('src') subdir('tools') -build_tests = [ not get_option('tests').disabled() ] -if build_tests[0] and \ - cc.get_id() == 'clang' and \ - not supported_cc_flags.contains('-fsemantic-interposition') \ - and get_option('optimization') != '0' - # If CLang doesn't support -fsemantic-interposition then our - # mocking doesn't work. The best we can do is to not run the - # test suite. - build_tests = [ false, '!!! Forcibly disabling tests because CLang lacks -fsemantic-interposition. Update CLang or disable optimization !!!' ] -endif - if build_tests[0] subdir('tests') endif -- 2.41.0
[libvirt PATCH 0/6] meson: Improve handling of tests
Andrea Bolognani (6): meson: Do less when not building from git meson: Move all handling of test options together meson: Handle -Dtests=enabled with Clang meson: Make -Dexpensive_tests depend on -Dtests meson: Disable all tests when tests are disabled meson: Rename build_tests -> tests_enabled build-aux/meson.build | 99 ++-- meson.build| 75 +-- meson_options.txt | 2 +- src/access/meson.build | 16 ++-- src/meson.build| 204 + 5 files changed, 207 insertions(+), 189 deletions(-) -- 2.41.0
[libvirt PATCH 10/11] systemd: Make service_extra_in/socket_extra_in required
We want at least one file to always be present, so that it can serve as a pointer for users. Ensure that this is the case by unconditionally using the value of the respective keys. Signed-off-by: Andrea Bolognani --- src/meson.build | 32 ++-- 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/src/meson.build b/src/meson.build index 29c37a030a..0104e51571 100644 --- a/src/meson.build +++ b/src/meson.build @@ -207,8 +207,8 @@ systemd_service_oomscoreadjust_extra_in = files('virtd.service.oomscoreadjust.ex # * sockets - array of additional sockets (optional, default [ 'main', 'ro', 'admin' ]) # * service_in - service source file (optional, default virtd.service.in) # * socket_$name_in - additional socket source files (optional, default virtd.socket.in or virtd-$name.socket.in) -# * service_extra_in - units to merge with service_in (optional, default []) -# * socket_extra_in - units to merge with socket_$name_in (optional, default []) +# * service_extra_in - units to merge with service_in (required) +# * socket_extra_in - units to merge with socket_$name_in (required) virt_daemon_units = [] # openrc_init_files @@ -830,14 +830,12 @@ if conf.has('WITH_LIBVIRTD') service_in = unit.get('service_in', service_in_default) service_out = '@0@.service'.format(unit['service']) - if 'service_extra_in' in unit -service_in = configure_file( - input: [ service_in ] + unit['service_extra_in'], - output: '@0@.in'.format(service_out), - command: [ merge_systemd_units_prog, '@INPUT@' ], - capture: true, -) - endif + service_in = configure_file( +input: [ service_in ] + unit['service_extra_in'], +output: '@0@.in'.format(service_out), +command: [ merge_systemd_units_prog, '@INPUT@' ], +capture: true, + ) configure_file( input: service_in, @@ -858,14 +856,12 @@ if conf.has('WITH_LIBVIRTD') socket_out = '@0@-@1@.socket'.format(unit['service'], socket) endif -if 'socket_extra_in' in unit - socket_in = configure_file( -input: [ socket_in ] + unit['socket_extra_in'], -output: '@0@.in'.format(socket_out), -command: [ merge_systemd_units_prog, '@INPUT@' ], -capture: true, - ) -endif +socket_in = configure_file( + input: [ socket_in ] + unit['socket_extra_in'], + output: '@0@.in'.format(socket_out), + command: [ merge_systemd_units_prog, '@INPUT@' ], + capture: true, +) configure_file( input: socket_in, -- 2.41.0
[libvirt PATCH 04/11] systemd: Introduce systemd_service_limitnofile_extra
Signed-off-by: Andrea Bolognani --- src/ch/meson.build | 1 + src/ch/virtchd.service.extra.in| 4 src/locking/meson.build| 3 +++ src/locking/virtlockd.service.in | 4 src/logging/meson.build| 3 +++ src/logging/virtlogd.service.in| 4 src/lxc/meson.build| 1 + src/lxc/virtlxcd.service.extra.in | 4 src/meson.build| 5 + src/qemu/meson.build | 1 + src/qemu/virtqemud.service.extra.in| 4 src/remote/libvirtd.service.in | 4 src/remote/meson.build | 3 +++ src/virtd.service.limitnofile.extra.in | 5 + 14 files changed, 22 insertions(+), 24 deletions(-) create mode 100644 src/virtd.service.limitnofile.extra.in diff --git a/src/ch/meson.build b/src/ch/meson.build index 7cee90d0da..0760d1f8e1 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -60,6 +60,7 @@ if conf.has('WITH_CH') 'name': 'Cloud Hypervisor', 'service_extra_in': [ files('virtchd.service.extra.in'), + systemd_service_limitnofile_extra_in, ], } diff --git a/src/ch/virtchd.service.extra.in b/src/ch/virtchd.service.extra.in index bc2fef57cc..626cf0a21b 100644 --- a/src/ch/virtchd.service.extra.in +++ b/src/ch/virtchd.service.extra.in @@ -5,10 +5,6 @@ After=remote-fs.target [Service] KillMode=process -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 # The cgroups pids controller can limit the number of tasks started by # the daemon, which can limit the number of domains for some hypervisors. # A conservative default of 8 tasks per guest results in a TasksMax of diff --git a/src/locking/meson.build b/src/locking/meson.build index 6b3cd781d1..f3bdf57483 100644 --- a/src/locking/meson.build +++ b/src/locking/meson.build @@ -144,6 +144,9 @@ if conf.has('WITH_LIBVIRTD') virt_daemon_units += { 'service': 'virtlockd', 'service_in': files('virtlockd.service.in'), +'service_extra_in': [ + systemd_service_limitnofile_extra_in, +], 'name': 'locking', 'sockets': [ 'main', 'admin' ], 'socket_in': files('virtlockd.socket.in'), diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index ce00b6def9..5c374fea8f 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -17,10 +17,6 @@ ExecReload=/bin/kill -USR1 $MAINPID # cause the machine to be fenced (rebooted), so make # sure we discourage OOM killer OOMScoreAdjust=-900 -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 [Install] WantedBy=multi-user.target diff --git a/src/logging/meson.build b/src/logging/meson.build index 1527f91faf..a3d0ad297c 100644 --- a/src/logging/meson.build +++ b/src/logging/meson.build @@ -91,6 +91,9 @@ if conf.has('WITH_LIBVIRTD') virt_daemon_units += { 'service': 'virtlogd', 'service_in': files('virtlogd.service.in'), +'service_extra_in': [ + systemd_service_limitnofile_extra_in, +], 'name': 'logging', 'sockets': [ 'main', 'admin' ], 'socket_in': files('virtlogd.socket.in'), diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index 52c9e5bb9e..9108dd1ff9 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -17,10 +17,6 @@ ExecReload=/bin/kill -USR1 $MAINPID # cause the machine to be fenced (rebooted), so make # sure we discourage OOM killer OOMScoreAdjust=-900 -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 [Install] WantedBy=multi-user.target diff --git a/src/lxc/meson.build b/src/lxc/meson.build index 198e282e63..0c4d51d8b9 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -167,6 +167,7 @@ if conf.has('WITH_LXC') 'name': 'LXC', 'service_extra_in': [ files('virtlxcd.service.extra.in'), + systemd_service_limitnofile_extra_in, ], } diff --git a/src/lxc/virtlxcd.service.extra.in b/src/lxc/virtlxcd.service.extra.in index bc2fef57cc..626cf0a21b 100644 --- a/src/lxc/virtlxcd.service.extra.in +++ b/src/lxc/virtlxcd.service.extra.in @@ -5,10 +5,6 @@ After=remote-fs.target [Service] KillMode=process -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 # The cgroups pids controller can limit the number of tasks started by # the daemon, which can limit the number of domains for some hypervisors. # A conservative default of 8 tasks per guest results in a Task
[libvirt PATCH 11/11] systemd: Tweak service definitions
Use a consistent style everywhere. Signed-off-by: Andrea Bolognani --- src/locking/meson.build | 2 +- src/logging/meson.build | 2 +- src/remote/meson.build | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/locking/meson.build b/src/locking/meson.build index 71e628de04..ff1578cfcb 100644 --- a/src/locking/meson.build +++ b/src/locking/meson.build @@ -143,13 +143,13 @@ if conf.has('WITH_LIBVIRTD') virt_daemon_units += { 'service': 'virtlockd', +'name': 'locking', 'service_in': files('virtlockd.service.in'), 'service_extra_in': [ files('virtlockd.service.extra.in'), systemd_service_oomscoreadjust_extra_in, systemd_service_limitnofile_extra_in, ], -'name': 'locking', 'sockets': [ 'main', 'admin' ], 'socket_in': files('virtlockd.socket.in'), 'socket_admin_in': files('virtlockd-admin.socket.in'), diff --git a/src/logging/meson.build b/src/logging/meson.build index f538a663fb..4d98113ac7 100644 --- a/src/logging/meson.build +++ b/src/logging/meson.build @@ -90,13 +90,13 @@ if conf.has('WITH_LIBVIRTD') virt_daemon_units += { 'service': 'virtlogd', +'name': 'logging', 'service_in': files('virtlogd.service.in'), 'service_extra_in': [ files('virtlogd.service.extra.in'), systemd_service_oomscoreadjust_extra_in, systemd_service_limitnofile_extra_in, ], -'name': 'logging', 'sockets': [ 'main', 'admin' ], 'socket_in': files('virtlogd.socket.in'), 'socket_admin_in': files('virtlogd-admin.socket.in'), diff --git a/src/remote/meson.build b/src/remote/meson.build index 49d19b3cbf..fba7e34c88 100644 --- a/src/remote/meson.build +++ b/src/remote/meson.build @@ -190,6 +190,7 @@ if conf.has('WITH_REMOTE') virt_daemon_units += { 'service': 'libvirtd', + 'name': 'legacy monolithic', 'service_in': files('libvirtd.service.in'), 'service_extra_in': [ files('libvirtd.service.extra.in'), @@ -197,7 +198,6 @@ if conf.has('WITH_REMOTE') systemd_service_taskmax_extra_in, systemd_service_limitmemlock_extra_in, ], - 'name': 'legacy monolithic', 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], 'socket_in': files('libvirtd.socket.in'), 'socket_ro_in': files('libvirtd-ro.socket.in'), -- 2.41.0
[libvirt PATCH 06/11] systemd: Introduce systemd_service_limitmemlock_extra
Signed-off-by: Andrea Bolognani --- src/ch/meson.build | 1 + src/ch/virtchd.service.extra.in | 6 -- src/lxc/meson.build | 1 + src/lxc/virtlxcd.service.extra.in | 6 -- src/meson.build | 1 + src/qemu/meson.build| 1 + src/qemu/virtqemud.service.extra.in | 6 -- src/remote/libvirtd.service.in | 6 -- src/remote/meson.build | 1 + ...service.extra.in => virtd.service.limitmemlock.extra.in} | 6 -- 10 files changed, 5 insertions(+), 30 deletions(-) copy src/{ch/virtchd.service.extra.in => virtd.service.limitmemlock.extra.in} (75%) diff --git a/src/ch/meson.build b/src/ch/meson.build index 9eecf8c27f..29e76b6938 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -62,6 +62,7 @@ if conf.has('WITH_CH') files('virtchd.service.extra.in'), systemd_service_limitnofile_extra_in, systemd_service_taskmax_extra_in, + systemd_service_limitmemlock_extra_in, ], } diff --git a/src/ch/virtchd.service.extra.in b/src/ch/virtchd.service.extra.in index 38d820c1af..3655c51130 100644 --- a/src/ch/virtchd.service.extra.in +++ b/src/ch/virtchd.service.extra.in @@ -5,9 +5,3 @@ After=remote-fs.target [Service] KillMode=process -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M diff --git a/src/lxc/meson.build b/src/lxc/meson.build index fb1aedb5fc..044a38c918 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -169,6 +169,7 @@ if conf.has('WITH_LXC') files('virtlxcd.service.extra.in'), systemd_service_limitnofile_extra_in, systemd_service_taskmax_extra_in, + systemd_service_limitmemlock_extra_in, ], } diff --git a/src/lxc/virtlxcd.service.extra.in b/src/lxc/virtlxcd.service.extra.in index 38d820c1af..3655c51130 100644 --- a/src/lxc/virtlxcd.service.extra.in +++ b/src/lxc/virtlxcd.service.extra.in @@ -5,9 +5,3 @@ After=remote-fs.target [Service] KillMode=process -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M diff --git a/src/meson.build b/src/meson.build index 37239fd969..611f05583d 100644 --- a/src/meson.build +++ b/src/meson.build @@ -196,6 +196,7 @@ guest_unit_files = [] # can be used in service_extra_in/socket_extra_in (see below) systemd_service_limitnofile_extra_in = files('virtd.service.limitnofile.extra.in') systemd_service_taskmax_extra_in = files('virtd.service.tasksmax.extra.in') +systemd_service_limitmemlock_extra_in = files('virtd.service.limitmemlock.extra.in') # virt_daemon_units: # generate libvirt daemon systemd unit files diff --git a/src/qemu/meson.build b/src/qemu/meson.build index b28089aa06..167ed849ea 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -188,6 +188,7 @@ if conf.has('WITH_QEMU') files('virtqemud.service.extra.in'), systemd_service_limitnofile_extra_in, systemd_service_taskmax_extra_in, + systemd_service_limitmemlock_extra_in, ], } diff --git a/src/qemu/virtqemud.service.extra.in b/src/qemu/virtqemud.service.extra.in index 164f672c08..32aba8be9c 100644 --- a/src/qemu/virtqemud.service.extra.in +++ b/src/qemu/virtqemud.service.extra.in @@ -9,12 +9,6 @@ After=remote-fs.target [Service] KillMode=process -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M [Install] Also=virtlogd.socket diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 900b734f82..250b4a6fc3 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -33,12 +33,6 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with p
[libvirt PATCH 05/11] systemd: Introduce systemd_service_taskmax_extra
Signed-off-by: Andrea Bolognani --- src/ch/meson.build | 1 + src/ch/virtchd.service.extra.in | 5 - src/lxc/meson.build | 1 + src/lxc/virtlxcd.service.extra.in | 5 - src/meson.build | 1 + src/qemu/meson.build| 1 + src/qemu/virtqemud.service.extra.in | 5 - src/remote/libvirtd.service.in | 5 - src/remote/meson.build | 1 + src/virtd.service.tasksmax.extra.in | 6 ++ 10 files changed, 11 insertions(+), 20 deletions(-) create mode 100644 src/virtd.service.tasksmax.extra.in diff --git a/src/ch/meson.build b/src/ch/meson.build index 0760d1f8e1..9eecf8c27f 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -61,6 +61,7 @@ if conf.has('WITH_CH') 'service_extra_in': [ files('virtchd.service.extra.in'), systemd_service_limitnofile_extra_in, + systemd_service_taskmax_extra_in, ], } diff --git a/src/ch/virtchd.service.extra.in b/src/ch/virtchd.service.extra.in index 626cf0a21b..38d820c1af 100644 --- a/src/ch/virtchd.service.extra.in +++ b/src/ch/virtchd.service.extra.in @@ -5,11 +5,6 @@ After=remote-fs.target [Service] KillMode=process -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest results in a TasksMax of -# 32k to support 4096 guests. -TasksMax=32768 # With cgroups v2 there is no devices controller anymore, we have to use # eBPF to control access to devices. In order to do that we create a eBPF # hash MAP which locks memory. The default map size for 64 devices together diff --git a/src/lxc/meson.build b/src/lxc/meson.build index 0c4d51d8b9..fb1aedb5fc 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -168,6 +168,7 @@ if conf.has('WITH_LXC') 'service_extra_in': [ files('virtlxcd.service.extra.in'), systemd_service_limitnofile_extra_in, + systemd_service_taskmax_extra_in, ], } diff --git a/src/lxc/virtlxcd.service.extra.in b/src/lxc/virtlxcd.service.extra.in index 626cf0a21b..38d820c1af 100644 --- a/src/lxc/virtlxcd.service.extra.in +++ b/src/lxc/virtlxcd.service.extra.in @@ -5,11 +5,6 @@ After=remote-fs.target [Service] KillMode=process -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest results in a TasksMax of -# 32k to support 4096 guests. -TasksMax=32768 # With cgroups v2 there is no devices controller anymore, we have to use # eBPF to control access to devices. In order to do that we create a eBPF # hash MAP which locks memory. The default map size for 64 devices together diff --git a/src/meson.build b/src/meson.build index a9e6b521ee..37239fd969 100644 --- a/src/meson.build +++ b/src/meson.build @@ -195,6 +195,7 @@ guest_unit_files = [] # snippets that are shared by multiple units # can be used in service_extra_in/socket_extra_in (see below) systemd_service_limitnofile_extra_in = files('virtd.service.limitnofile.extra.in') +systemd_service_taskmax_extra_in = files('virtd.service.tasksmax.extra.in') # virt_daemon_units: # generate libvirt daemon systemd unit files diff --git a/src/qemu/meson.build b/src/qemu/meson.build index 09f79f52ee..b28089aa06 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -187,6 +187,7 @@ if conf.has('WITH_QEMU') 'service_extra_in': [ files('virtqemud.service.extra.in'), systemd_service_limitnofile_extra_in, + systemd_service_taskmax_extra_in, ], } diff --git a/src/qemu/virtqemud.service.extra.in b/src/qemu/virtqemud.service.extra.in index 48b349b48a..164f672c08 100644 --- a/src/qemu/virtqemud.service.extra.in +++ b/src/qemu/virtqemud.service.extra.in @@ -9,11 +9,6 @@ After=remote-fs.target [Service] KillMode=process -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest results in a TasksMax of -# 32k to support 4096 guests. -TasksMax=32768 # With cgroups v2 there is no devices controller anymore, we have to use # eBPF to control access to devices. In order to do that we create a eBPF # hash MAP which locks memory. The default map size for 64 devices together diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 8dc6df2138..900b734f82 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -33,11 +33,6 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest
[libvirt PATCH 08/11] systemd: Allow comments at the top of units
Currently the script will reject any type of contents outside of a section, but we want to be able to have some useful comments at the top of each file to help users understand how they are processed. Signed-off-by: Andrea Bolognani --- scripts/merge-systemd-units.py | 5 + 1 file changed, 5 insertions(+) diff --git a/scripts/merge-systemd-units.py b/scripts/merge-systemd-units.py index 30e8757544..869d857f1d 100755 --- a/scripts/merge-systemd-units.py +++ b/scripts/merge-systemd-units.py @@ -24,6 +24,11 @@ def parse_unit(unit_path): if line == "": continue +# Comments at the very top of the file, outside of any +# section, are allowed and will not show up in the output +if line[0] == "#" and current_section == "[Invalid]": +continue + if line[0] == "[" and line[-1] == "]": if line not in SECTIONS: print("Unknown section {}".format(line)) -- 2.41.0
[libvirt PATCH 01/11] systemd: libvirtd doesn't need @sockprefix@
It uses custom templates which already hardcode the correct value. Signed-off-by: Andrea Bolognani --- src/remote/meson.build | 1 - 1 file changed, 1 deletion(-) diff --git a/src/remote/meson.build b/src/remote/meson.build index e14541f09e..41c73360d1 100644 --- a/src/remote/meson.build +++ b/src/remote/meson.build @@ -192,7 +192,6 @@ if conf.has('WITH_REMOTE') 'service': 'libvirtd', 'service_in': files('libvirtd.service.in'), 'name': 'legacy monolithic', - 'sockprefix': 'libvirt', 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], 'socket_in': files('libvirtd.socket.in'), 'socket_ro_in': files('libvirtd-ro.socket.in'), -- 2.41.0
[libvirt PATCH 07/11] systemd: Introduce systemd_service_oomscoreadjust_extra
Signed-off-by: Andrea Bolognani --- src/locking/meson.build | 1 + src/locking/virtlockd.service.in | 4 src/logging/meson.build | 1 + src/logging/virtlogd.service.in | 4 src/meson.build | 1 + src/virtd.service.oomscoreadjust.extra.in | 5 + 6 files changed, 8 insertions(+), 8 deletions(-) create mode 100644 src/virtd.service.oomscoreadjust.extra.in diff --git a/src/locking/meson.build b/src/locking/meson.build index f3bdf57483..d15e2cb84a 100644 --- a/src/locking/meson.build +++ b/src/locking/meson.build @@ -145,6 +145,7 @@ if conf.has('WITH_LIBVIRTD') 'service': 'virtlockd', 'service_in': files('virtlockd.service.in'), 'service_extra_in': [ + systemd_service_oomscoreadjust_extra_in, systemd_service_limitnofile_extra_in, ], 'name': 'locking', diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index 5c374fea8f..cd6c77c6af 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -13,10 +13,6 @@ Environment=VIRTLOCKD_ARGS= EnvironmentFile=-@initconfdir@/virtlockd ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS ExecReload=/bin/kill -USR1 $MAINPID -# Losing the locks is a really bad thing that will -# cause the machine to be fenced (rebooted), so make -# sure we discourage OOM killer -OOMScoreAdjust=-900 [Install] WantedBy=multi-user.target diff --git a/src/logging/meson.build b/src/logging/meson.build index a3d0ad297c..fbf492b16e 100644 --- a/src/logging/meson.build +++ b/src/logging/meson.build @@ -92,6 +92,7 @@ if conf.has('WITH_LIBVIRTD') 'service': 'virtlogd', 'service_in': files('virtlogd.service.in'), 'service_extra_in': [ + systemd_service_oomscoreadjust_extra_in, systemd_service_limitnofile_extra_in, ], 'name': 'logging', diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index 9108dd1ff9..569c9f88ad 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -13,10 +13,6 @@ Environment=VIRTLOGD_ARGS= EnvironmentFile=-@initconfdir@/virtlogd ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS ExecReload=/bin/kill -USR1 $MAINPID -# Losing the logs is a really bad thing that will -# cause the machine to be fenced (rebooted), so make -# sure we discourage OOM killer -OOMScoreAdjust=-900 [Install] WantedBy=multi-user.target diff --git a/src/meson.build b/src/meson.build index 611f05583d..29c37a030a 100644 --- a/src/meson.build +++ b/src/meson.build @@ -197,6 +197,7 @@ guest_unit_files = [] systemd_service_limitnofile_extra_in = files('virtd.service.limitnofile.extra.in') systemd_service_taskmax_extra_in = files('virtd.service.tasksmax.extra.in') systemd_service_limitmemlock_extra_in = files('virtd.service.limitmemlock.extra.in') +systemd_service_oomscoreadjust_extra_in = files('virtd.service.oomscoreadjust.extra.in') # virt_daemon_units: # generate libvirt daemon systemd unit files diff --git a/src/virtd.service.oomscoreadjust.extra.in b/src/virtd.service.oomscoreadjust.extra.in new file mode 100644 index 00..53b93efda8 --- /dev/null +++ b/src/virtd.service.oomscoreadjust.extra.in @@ -0,0 +1,5 @@ +[Service] +# Losing this daemon is a really bad thing that will +# cause the machine to be fenced (rebooted), so make +# sure we discourage OOM killer +OOMScoreAdjust=-900 -- 2.41.0
[libvirt PATCH 09/11] systemd: Set service_extra_in/socket_extra_in everywhere
It's somewhat confusing that some of the services have a corresponding foo.service.extra.in and foo.socket.extra.in, some have just one of the two, and some have neither. In order to make things more approachable, make sure that both files exists for each service. In most cases the extra units are currently unused, so they will just contain a comment briefly explaining their purpose and pointing users to meson.build, where they can find more information. The same comment is also added to the top of extra units that already have some contents in them for consistency. Signed-off-by: Andrea Bolognani --- src/ch/meson.build| 3 +++ src/ch/virtchd.service.extra.in | 3 +++ src/ch/virtchd.socket.extra.in| 2 ++ src/interface/meson.build | 6 ++ src/interface/virtinterfaced.service.extra.in | 2 ++ src/interface/virtinterfaced.socket.extra.in | 2 ++ src/libxl/virtxend.service.extra.in | 3 +++ src/libxl/virtxend.socket.extra.in| 3 +++ src/locking/meson.build | 4 src/locking/virtlockd.service.extra.in| 2 ++ src/locking/virtlockd.socket.extra.in | 2 ++ src/logging/meson.build | 4 src/logging/virtlogd.service.extra.in | 2 ++ src/logging/virtlogd.socket.extra.in | 2 ++ src/lxc/meson.build | 3 +++ src/lxc/virtlxcd.service.extra.in | 3 +++ src/lxc/virtlxcd.socket.extra.in | 2 ++ src/network/meson.build | 3 +++ src/network/virtnetworkd.service.extra.in | 3 +++ src/network/virtnetworkd.socket.extra.in | 2 ++ src/node_device/meson.build | 6 ++ src/node_device/virtnodedevd.service.extra.in | 2 ++ src/node_device/virtnodedevd.socket.extra.in | 2 ++ src/nwfilter/meson.build | 6 ++ src/nwfilter/virtnwfilterd.service.extra.in | 2 ++ src/nwfilter/virtnwfilterd.socket.extra.in| 2 ++ src/qemu/meson.build | 3 +++ src/qemu/virtqemud.service.extra.in | 3 +++ src/qemu/virtqemud.socket.extra.in| 2 ++ src/remote/libvirtd.service.extra.in | 2 ++ src/remote/libvirtd.socket.extra.in | 2 ++ src/remote/meson.build| 10 ++ src/remote/virtproxyd.service.extra.in| 2 ++ src/remote/virtproxyd.socket.extra.in | 2 ++ src/secret/meson.build| 6 ++ src/secret/virtsecretd.service.extra.in | 2 ++ src/secret/virtsecretd.socket.extra.in| 2 ++ src/storage/meson.build | 3 +++ src/storage/virtstoraged.service.extra.in | 3 +++ src/storage/virtstoraged.socket.extra.in | 2 ++ src/vbox/meson.build | 3 +++ src/vbox/virtvboxd.service.extra.in | 3 +++ src/vbox/virtvboxd.socket.extra.in| 2 ++ src/vz/meson.build| 3 +++ src/vz/virtvzd.service.extra.in | 3 +++ src/vz/virtvzd.socket.extra.in| 2 ++ 46 files changed, 136 insertions(+) create mode 100644 src/ch/virtchd.socket.extra.in create mode 100644 src/interface/virtinterfaced.service.extra.in create mode 100644 src/interface/virtinterfaced.socket.extra.in create mode 100644 src/locking/virtlockd.service.extra.in create mode 100644 src/locking/virtlockd.socket.extra.in create mode 100644 src/logging/virtlogd.service.extra.in create mode 100644 src/logging/virtlogd.socket.extra.in create mode 100644 src/lxc/virtlxcd.socket.extra.in create mode 100644 src/network/virtnetworkd.socket.extra.in create mode 100644 src/node_device/virtnodedevd.service.extra.in create mode 100644 src/node_device/virtnodedevd.socket.extra.in create mode 100644 src/nwfilter/virtnwfilterd.service.extra.in create mode 100644 src/nwfilter/virtnwfilterd.socket.extra.in create mode 100644 src/qemu/virtqemud.socket.extra.in create mode 100644 src/remote/libvirtd.service.extra.in create mode 100644 src/remote/libvirtd.socket.extra.in create mode 100644 src/remote/virtproxyd.service.extra.in create mode 100644 src/remote/virtproxyd.socket.extra.in create mode 100644 src/secret/virtsecretd.service.extra.in create mode 100644 src/secret/virtsecretd.socket.extra.in create mode 100644 src/storage/virtstoraged.socket.extra.in create mode 100644 src/vbox/virtvboxd.socket.extra.in create mode 100644 src/vz/virtvzd.socket.extra.in diff --git a/src/ch/meson.build b/src/ch/meson.build index 29e76b6938..335b10ffaf 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -64,6 +64,9 @@ if conf.has('WITH_CH') systemd_service_taskmax_extra_in, systemd_service_limitmemlock_extra_in, ], +'socket_extra_in': [ + files('virtchd.socket.extra.in'), +], } virt_install_dirs += [ diff --git a/src/ch
[libvirt PATCH 03/11] systemd: Accept multiple files for service_extra_in/socket_extra_in
Now that the underlying script is able to merge an arbitrary number of units into the base template, expose this possibility in the build system. Signed-off-by: Andrea Bolognani --- src/ch/meson.build | 4 +++- src/libxl/meson.build | 8 ++-- src/lxc/meson.build | 4 +++- src/meson.build | 12 ++-- src/network/meson.build | 4 +++- src/qemu/meson.build| 4 +++- src/storage/meson.build | 4 +++- src/vbox/meson.build| 4 +++- src/vz/meson.build | 4 +++- 9 files changed, 33 insertions(+), 15 deletions(-) diff --git a/src/ch/meson.build b/src/ch/meson.build index df246ef9b0..7cee90d0da 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -58,7 +58,9 @@ if conf.has('WITH_CH') virt_daemon_units += { 'service': 'virtchd', 'name': 'Cloud Hypervisor', -'service_extra_in': files('virtchd.service.extra.in'), +'service_extra_in': [ + files('virtchd.service.extra.in'), +], } virt_install_dirs += [ diff --git a/src/libxl/meson.build b/src/libxl/meson.build index 8e6f455139..e75a8f2fdb 100644 --- a/src/libxl/meson.build +++ b/src/libxl/meson.build @@ -67,8 +67,12 @@ if conf.has('WITH_LIBXL') virt_daemon_units += { 'service': 'virtxend', 'name': 'Xen', -'service_extra_in': files('virtxend.service.extra.in'), -'socket_extra_in': files('virtxend.socket.extra.in'), +'service_extra_in': [ + files('virtxend.service.extra.in'), +], +'socket_extra_in': [ + files('virtxend.socket.extra.in'), +], } openrc_init_files += { diff --git a/src/lxc/meson.build b/src/lxc/meson.build index 5eb23fbbbf..198e282e63 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -165,7 +165,9 @@ if conf.has('WITH_LXC') virt_daemon_units += { 'service': 'virtlxcd', 'name': 'LXC', -'service_extra_in': files('virtlxcd.service.extra.in'), +'service_extra_in': [ + files('virtlxcd.service.extra.in'), +], } openrc_init_files += { diff --git a/src/meson.build b/src/meson.build index 144f24e526..f3814d75ce 100644 --- a/src/meson.build +++ b/src/meson.build @@ -199,8 +199,8 @@ guest_unit_files = [] # * sockets - array of additional sockets (optional, default [ 'main', 'ro', 'admin' ]) # * service_in - service source file (optional, default virtd.service.in) # * socket_$name_in - additional socket source files (optional, default virtd.socket.in or virtd-$name.socket.in) -# * service_extra_in - unit to merge with service_in (optional, default None) -# * socket_extra_in - unit to merge with socket_$name_in (optional, default None) +# * service_extra_in - units to merge with service_in (optional, default []) +# * socket_extra_in - units to merge with socket_$name_in (optional, default []) virt_daemon_units = [] # openrc_init_files @@ -824,9 +824,9 @@ if conf.has('WITH_LIBVIRTD') if 'service_extra_in' in unit service_in = configure_file( - input: [ service_in, unit['service_extra_in'] ], + input: [ service_in ] + unit['service_extra_in'], output: '@0@.in'.format(service_out), - command: [ merge_systemd_units_prog, '@INPUT0@', '@INPUT1@' ], + command: [ merge_systemd_units_prog, '@INPUT@' ], capture: true, ) endif @@ -852,9 +852,9 @@ if conf.has('WITH_LIBVIRTD') if 'socket_extra_in' in unit socket_in = configure_file( -input: [ socket_in, unit['socket_extra_in'] ], +input: [ socket_in ] + unit['socket_extra_in'], output: '@0@.in'.format(socket_out), -command: [ merge_systemd_units_prog, '@INPUT0@', '@INPUT1@' ], +command: [ merge_systemd_units_prog, '@INPUT@' ], capture: true, ) endif diff --git a/src/network/meson.build b/src/network/meson.build index d0383cca1c..3cf2ef3d3d 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -63,7 +63,9 @@ if conf.has('WITH_NETWORK') virt_daemon_units += { 'service': 'virtnetworkd', 'name': 'network', -'service_extra_in': files('virtnetworkd.service.extra.in'), +'service_extra_in': [ + files('virtnetworkd.service.extra.in'), +], } openrc_init_files += { diff --git a/src/qemu/meson.build b/src/qemu/meson.build index 64c62e584f..fff61ddf27 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -184,7 +184,9 @@ if conf.has('WITH_QEMU') virt_daemon_units += { 'service': 'virtqemud', 'name': 'QEMU', -'service_extra_in': files('virtqemud.service.extra.in'), +'service_extra_in': [ + files('virtqemud.service.extra.in'), +], } openrc_init_files += { diff --git a/src/storage/meson.build b/src/storage/meson.build index 023353c1d6..daad8abf25 100644 --- a/src/storage/meson.build +++ b/src/storage/meson.build @@ -112,7 +112,9 @@ if conf.has('WITH_STORAGE') virt_daemon_units += { 'service': 'virtstoraged
[libvirt PATCH 02/11] systemd: Support merging multiple units
In order to further deduplicate the contents of the various unit files, we need to be able to merge multiple additional units into the initial one. Luckily the merge logic is in no way constrained to working with just two units, so achieving this is pretty much just a matter of lifting the existing limitation on the number of arguments that the script accepts. As a special case, it's now also possible to call the script with just the base unit as argument. No merging will be performed in that case, obviously, but we'll still go through the basic validation and cleanup steps. This also fixes a bug in the check for the number of arguments: sys.argv also contains the name of the script, so we should have checked that its size was at least 3. The check is now written in a way that's less prone to misunderstandings. Signed-off-by: Andrea Bolognani --- scripts/merge-systemd-units.py | 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/merge-systemd-units.py b/scripts/merge-systemd-units.py index bc3321230d..30e8757544 100755 --- a/scripts/merge-systemd-units.py +++ b/scripts/merge-systemd-units.py @@ -82,13 +82,18 @@ def merge_units(base, extra): return merged -if len(sys.argv) < 2: -print("usage: {} BASE EXTRA".format(sys.argv[0])) +prog = sys.argv[0] +args = sys.argv[1:] + +if len(args) < 1: +print("usage: {} BASE [EXTRA]...".format(prog)) sys.exit(1) -base = parse_unit(sys.argv[1]) -extra = parse_unit(sys.argv[2]) +merged = parse_unit(args[0]) + +for arg in args[1:]: +extra = parse_unit(arg) -merged = merge_units(base, extra) +merged = merge_units(merged, extra) sys.stdout.write(format_unit(merged)) -- 2.41.0
[libvirt PATCH 00/11] systemd: Further improvements
This series addresses two pieces of feedback from my recent systemd changes: that some settings, such as LimitNOFILE, where still being repeated verbatim in multiple locations, and that only having the foo.{service,socket}.extra.in files for some services and not others could be confusing. Andrea Bolognani (11): systemd: libvirtd doesn't need @sockprefix@ systemd: Support merging multiple units systemd: Accept multiple files for service_extra_in/socket_extra_in systemd: Introduce systemd_service_limitnofile_extra systemd: Introduce systemd_service_taskmax_extra systemd: Introduce systemd_service_limitmemlock_extra systemd: Introduce systemd_service_oomscoreadjust_extra systemd: Allow comments at the top of units systemd: Set service_extra_in/socket_extra_in everywhere systemd: Make service_extra_in/socket_extra_in required systemd: Tweak service definitions scripts/merge-systemd-units.py| 20 +++--- src/ch/meson.build| 10 - src/ch/virtchd.service.extra.in | 18 ++--- src/ch/virtchd.socket.extra.in| 2 + src/interface/meson.build | 6 +++ src/interface/virtinterfaced.service.extra.in | 2 + src/interface/virtinterfaced.socket.extra.in | 2 + src/libxl/meson.build | 8 +++- src/libxl/virtxend.service.extra.in | 3 ++ src/libxl/virtxend.socket.extra.in| 3 ++ src/locking/meson.build | 10 - src/locking/virtlockd.service.extra.in| 2 + src/locking/virtlockd.service.in | 8 src/locking/virtlockd.socket.extra.in | 2 + src/logging/meson.build | 10 - src/logging/virtlogd.service.extra.in | 2 + src/logging/virtlogd.service.in | 8 src/logging/virtlogd.socket.extra.in | 2 + src/lxc/meson.build | 10 - src/lxc/virtlxcd.service.extra.in | 18 ++--- src/lxc/virtlxcd.socket.extra.in | 2 + src/meson.build | 40 ++- src/network/meson.build | 7 +++- src/network/virtnetworkd.service.extra.in | 3 ++ src/network/virtnetworkd.socket.extra.in | 2 + src/node_device/meson.build | 6 +++ src/node_device/virtnodedevd.service.extra.in | 2 + src/node_device/virtnodedevd.socket.extra.in | 2 + src/nwfilter/meson.build | 6 +++ src/nwfilter/virtnwfilterd.service.extra.in | 2 + src/nwfilter/virtnwfilterd.socket.extra.in| 2 + src/qemu/meson.build | 10 - src/qemu/virtqemud.service.extra.in | 18 ++--- src/qemu/virtqemud.socket.extra.in| 2 + src/remote/libvirtd.service.extra.in | 2 + src/remote/libvirtd.service.in| 15 --- src/remote/libvirtd.socket.extra.in | 2 + src/remote/meson.build| 18 - src/remote/virtproxyd.service.extra.in| 2 + src/remote/virtproxyd.socket.extra.in | 2 + src/secret/meson.build| 6 +++ src/secret/virtsecretd.service.extra.in | 2 + src/secret/virtsecretd.socket.extra.in| 2 + src/storage/meson.build | 7 +++- src/storage/virtstoraged.service.extra.in | 3 ++ src/storage/virtstoraged.socket.extra.in | 2 + src/vbox/meson.build | 7 +++- src/vbox/virtvboxd.service.extra.in | 3 ++ src/vbox/virtvboxd.socket.extra.in| 2 + src/virtd.service.limitmemlock.extra.in | 7 src/virtd.service.limitnofile.extra.in| 5 +++ src/virtd.service.oomscoreadjust.extra.in | 5 +++ src/virtd.service.tasksmax.extra.in | 6 +++ src/vz/meson.build| 7 +++- src/vz/virtvzd.service.extra.in | 3 ++ src/vz/virtvzd.socket.extra.in| 2 + 56 files changed, 248 insertions(+), 112 deletions(-) create mode 100644 src/ch/virtchd.socket.extra.in create mode 100644 src/interface/virtinterfaced.service.extra.in create mode 100644 src/interface/virtinterfaced.socket.extra.in create mode 100644 src/locking/virtlockd.service.extra.in create mode 100644 src/locking/virtlockd.socket.extra.in create mode 100644 src/logging/virtlogd.service.extra.in create mode 100644 src/logging/virtlogd.socket.extra.in create mode 100644 src/lxc/virtlxcd.socket.extra.in create mode 100644 src/network/virtnetworkd.socket.extra.in create mode 100644 src/node_device/virtnodedevd.service.extra.in create mode 100644 src/node_device/virtnodedevd.socket.extra.in create mode 100644 src/nwfilter/virtnwfilterd.service.extra.in create mode 100644 src/nwfilter/virtnwfilterd.socket.extra.in create mode 100644 src/qemu/virtqemud.socket.extra.in create mode 100644 src/remote
[libvirt PATCH] rpm: Drop with_vz define
Commit 56edf2fefe30 removed the last use. Signed-off-by: Andrea Bolognani --- libvirt.spec.in | 1 - 1 file changed, 1 deletion(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 57cf46a16d..f3d21ccc8f 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -128,7 +128,6 @@ %define with_vmware 0 %define with_libxl 0 %define with_hyperv 0 -%define with_vz 0 %define with_lxc 0 %endif -- 2.41.0
Re: [libvirt PATCH v2 06/33] systemd: Introduce common templates
On Thu, Sep 28, 2023 at 04:30:03AM -0500, Andrea Bolognani wrote: > On Thu, Sep 28, 2023 at 09:24:11AM +0100, Daniel P. Berrangé wrote: > > On Wed, Sep 27, 2023 at 06:19:07PM +0200, Andrea Bolognani wrote: > > > +++ b/scripts/merge-systemd-units.py > > > @@ -0,0 +1,91 @@ > > > +#!/usr/bin/env python3 > > > > Stick a license header of SPDX tag on this. > > Done (patch below). > > > Also if you didn't already do it, run the file through 'black' > > and let it do whatever it wants todo to formatting. > > It just changed all single quotes into double quotes :) > > > - 8< - 8< - 8< - 8< - 8< - 8< - 8< - 8< - > diff --git a/scripts/merge-systemd-units.py b/scripts/merge-systemd-units.py > index f54c9556c9..bc3321230d 100755 > --- a/scripts/merge-systemd-units.py > +++ b/scripts/merge-systemd-units.py > @@ -1,5 +1,8 @@ > #!/usr/bin/env python3 > > +# Copyright (C) 2023 Red Hat, Inc. > +# SPDX-License-Identifier: LGPL-2.1-or-later > + > import sys > > SECTIONS = [ > - >8 - >8 - >8 - >8 - >8 - >8 - >8 - >8 - Can I consider the patch Reviewed-by: you with the above (and the trivial changes to quotess applied by black) squashed in, or do you want me to send a v3 for that? Everything else is ACKed at this point, but I'm not going to push until 9.9.0 is open for business anyway. By the way, thank you for the review! And thanks to both you and Pavel for pushing me in the direction of having most of the processing performed by an external Python script instead of directly by meson! It ended up looking *a lot* nicer than what I had :) -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH v2 08/33] systemd: Switch virtnodedevd to common templates
On Thu, Sep 28, 2023 at 11:16:53AM +0100, Daniel P. Berrangé wrote: > On Wed, Sep 27, 2023 at 06:19:09PM +0200, Andrea Bolognani wrote: > > Signed-off-by: Andrea Bolognani > > --- > > src/node_device/meson.build | 4 > > src/node_device/virtnodedevd.service.in | 25 - > > > 2 files changed, 29 deletions(-) > > delete mode 100644 src/node_device/virtnodedevd.service.in > > Reviewed-by: Daniel P. Berrangé > > Though I wonder if its worth just keeping an empty stub here, with > the section headings. It'd be a little confusing to see the stubs > present for some daemons but not others. We'd have to do the same for sockets then, on account of virtxend using an override for them. Maybe we could change the merge script so that contents before the start of the first section are simply ignored, and then have $ cat src/node_device/virtnodedevd.service.in # Merged into src/virtd.service.in $ cat src/node_device/virtnodedevd.socket.in # Merged into src/virtd*.socket.in for services that don't need any overrides, and $ cat src/libxl/virtxend.service.extra.in # Merged into src/virtd.service.in [Unit] Wants=virtlockd.socket After=virtlockd.socket ... $ cat src/libxl/virtxend.socket.extra.in # Merged into src/virtd*.socket.in [Unit] ConditionPathExists=/proc/xen/capabilities for services that do. It would mean introducing quite a number of additional files, but maybe the advantages in terms of discoverability make up for that downside? If we allow empty overrides, we might be even able to simplify the way the various services are defined in their meson.build files, by somehow deriving the path of the file instead of requiring it to be provided explicitly. That part could be tricky though. Overall I'm not opposed to the idea, but let's consider it for a follow-up instead of stalling this further, okay? -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH v2 06/33] systemd: Introduce common templates
On Thu, Sep 28, 2023 at 09:24:11AM +0100, Daniel P. Berrangé wrote: > On Wed, Sep 27, 2023 at 06:19:07PM +0200, Andrea Bolognani wrote: > > +++ b/scripts/merge-systemd-units.py > > @@ -0,0 +1,91 @@ > > +#!/usr/bin/env python3 > > Stick a license header of SPDX tag on this. Done (patch below). > Also if you didn't already do it, run the file through 'black' > and let it do whatever it wants todo to formatting. It just changed all single quotes into double quotes :) - 8< - 8< - 8< - 8< - 8< - 8< - 8< - 8< - diff --git a/scripts/merge-systemd-units.py b/scripts/merge-systemd-units.py index f54c9556c9..bc3321230d 100755 --- a/scripts/merge-systemd-units.py +++ b/scripts/merge-systemd-units.py @@ -1,5 +1,8 @@ #!/usr/bin/env python3 +# Copyright (C) 2023 Red Hat, Inc. +# SPDX-License-Identifier: LGPL-2.1-or-later + import sys SECTIONS = [ - >8 - >8 - >8 - >8 - >8 - >8 - >8 - >8 - -- Andrea Bolognani / Red Hat / Virtualization
[libvirt PATCH] docs: Go bindings release at the same time as the C library
The actual versioning policy[1] is a bit more nuanced, and in particular there are scenarios in which the monthly release is intentionally skipped, but overall it's not inaccurate to claim that the release cadence of the Go bindings follows the one of the C library. [1] https://gitlab.com/libvirt/libvirt-go-module/-/blob/master/VERSIONING.rst Signed-off-by: Andrea Bolognani --- docs/downloads.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/downloads.rst b/docs/downloads.rst index c7d4237f66..d3deec554d 100644 --- a/docs/downloads.rst +++ b/docs/downloads.rst @@ -261,7 +261,7 @@ The core libvirt module follows a time based plan, with releases made once a month on the 1st of each month give or take a few days. The only exception is at the start of the year where there are two 6 weeks gaps (first release in the middle of Jan, then skip the Feb release), giving a total of 11 releases a year. -The Python and Perl modules will aim to release at the same time as the core +The Python, Perl and Go modules will aim to release at the same time as the core libvirt module. Other modules have independent ad-hoc releases with no fixed time schedule. -- 2.41.0
[libvirt PATCH v2 22/33] systemd: Drop @deps@
It's no longer used anywhere. Signed-off-by: Andrea Bolognani --- src/meson.build | 2 -- src/remote/libvirtd-admin.socket.in | 1 - src/remote/libvirtd-ro.socket.in| 1 - src/remote/libvirtd-tcp.socket.in | 1 - src/remote/libvirtd-tls.socket.in | 1 - src/remote/libvirtd.socket.in | 1 - 6 files changed, 7 deletions(-) diff --git a/src/meson.build b/src/meson.build index 541ca61101..144f24e526 100644 --- a/src/meson.build +++ b/src/meson.build @@ -201,7 +201,6 @@ guest_unit_files = [] # * socket_$name_in - additional socket source files (optional, default virtd.socket.in or virtd-$name.socket.in) # * service_extra_in - unit to merge with service_in (optional, default None) # * socket_extra_in - unit to merge with socket_$name_in (optional, default None) -# * deps - socket dependencies (optional, default '') virt_daemon_units = [] # openrc_init_files @@ -817,7 +816,6 @@ if conf.has('WITH_LIBVIRTD') 'service': unit['service'], 'SERVICE': unit['service'].to_upper(), 'sockprefix': unit.get('sockprefix', unit['service']), -'deps': unit.get('deps', ''), 'sockmode': sockmode, }) diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index 01e1a08939..39bb0badea 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -3,7 +3,6 @@ Description=@name@ admin socket Before=@service@.service BindsTo=@service@.socket After=@service@.socket -@deps@ [Socket] ListenStream=@runstatedir@/libvirt/@sockprefix@-admin-sock diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index 58ae1beb95..b7b7ae0dd8 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -3,7 +3,6 @@ Description=@name@ local read-only socket Before=@service@.service BindsTo=@service@.socket After=@service@.socket -@deps@ [Socket] ListenStream=@runstatedir@/libvirt/@sockprefix@-sock-ro diff --git a/src/remote/libvirtd-tcp.socket.in b/src/remote/libvirtd-tcp.socket.in index 6949df315e..7c8bcdb525 100644 --- a/src/remote/libvirtd-tcp.socket.in +++ b/src/remote/libvirtd-tcp.socket.in @@ -3,7 +3,6 @@ Description=@name@ non-TLS IP socket Before=@service@.service BindsTo=@service@.socket After=@service@.socket -@deps@ [Socket] ListenStream=16509 diff --git a/src/remote/libvirtd-tls.socket.in b/src/remote/libvirtd-tls.socket.in index ada2b871f0..c6dceb2d4e 100644 --- a/src/remote/libvirtd-tls.socket.in +++ b/src/remote/libvirtd-tls.socket.in @@ -3,7 +3,6 @@ Description=@name@ TLS IP socket Before=@service@.service BindsTo=@service@.socket After=@service@.socket -@deps@ [Socket] ListenStream=16514 diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in index e6e903a8ce..aec0708fd4 100644 --- a/src/remote/libvirtd.socket.in +++ b/src/remote/libvirtd.socket.in @@ -1,7 +1,6 @@ [Unit] Description=@name@ local socket Before=@service@.service -@deps@ [Socket] ListenStream=@runstatedir@/libvirt/@sockprefix@-sock -- 2.41.0
[libvirt PATCH v2 31/33] systemd: Add RemoveOnStop=yes to all sockets
Currently we only set this for the main sockets, which means that $ systemctl stop virtqemud.socket will make the socket disappear from the filesystem while $ systemctl stop virtqemud-ro.socket won't. Get rid of this inconsistency. Signed-off-by: Andrea Bolognani --- src/locking/virtlockd-admin.socket.in | 1 + src/locking/virtlockd.socket.in | 1 + src/logging/virtlogd-admin.socket.in | 1 + src/logging/virtlogd.socket.in| 1 + src/remote/libvirtd-admin.socket.in | 1 + src/remote/libvirtd-ro.socket.in | 1 + src/virtd-admin.socket.in | 1 + src/virtd-ro.socket.in| 1 + 8 files changed, 8 insertions(+) diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in index d05ba982d9..0452a0cfdb 100644 --- a/src/locking/virtlockd-admin.socket.in +++ b/src/locking/virtlockd-admin.socket.in @@ -7,6 +7,7 @@ After=virtlockd.socket ListenStream=@runstatedir@/libvirt/virtlockd-admin-sock Service=virtlockd.service SocketMode=0600 +RemoveOnStop=yes [Install] WantedBy=sockets.target diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in index 98aabb2511..31a576aa16 100644 --- a/src/locking/virtlockd.socket.in +++ b/src/locking/virtlockd.socket.in @@ -5,6 +5,7 @@ Description=Virtual machine lock manager socket ListenStream=@runstatedir@/libvirt/virtlockd-sock Service=virtlockd.service SocketMode=0600 +RemoveOnStop=yes [Install] WantedBy=sockets.target diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in index 75ec7bd5fa..ddb9a1393b 100644 --- a/src/logging/virtlogd-admin.socket.in +++ b/src/logging/virtlogd-admin.socket.in @@ -7,6 +7,7 @@ After=virtlogd.socket ListenStream=@runstatedir@/libvirt/virtlogd-admin-sock Service=virtlogd.service SocketMode=0600 +RemoveOnStop=yes [Install] WantedBy=sockets.target diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in index b044d62e7c..084cbe179d 100644 --- a/src/logging/virtlogd.socket.in +++ b/src/logging/virtlogd.socket.in @@ -5,6 +5,7 @@ Description=Virtual machine log manager socket ListenStream=@runstatedir@/libvirt/virtlogd-sock Service=virtlogd.service SocketMode=0600 +RemoveOnStop=yes [Install] WantedBy=sockets.target diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index 6df038d95a..e0bbf9b1ac 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -7,6 +7,7 @@ After=libvirtd.socket ListenStream=@runstatedir@/libvirt/libvirt-admin-sock Service=libvirtd.service SocketMode=0600 +RemoveOnStop=yes [Install] WantedBy=sockets.target diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index 6797517c50..c8adc8109b 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -7,6 +7,7 @@ After=libvirtd.socket ListenStream=@runstatedir@/libvirt/libvirt-sock-ro Service=libvirtd.service SocketMode=0666 +RemoveOnStop=yes [Install] WantedBy=sockets.target diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in index 5a5f577041..818d4ab84f 100644 --- a/src/virtd-admin.socket.in +++ b/src/virtd-admin.socket.in @@ -9,6 +9,7 @@ After=libvirtd-admin.socket ListenStream=@runstatedir@/libvirt/@sockprefix@-admin-sock Service=@service@.service SocketMode=0600 +RemoveOnStop=yes [Install] WantedBy=sockets.target diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in index 692279665d..57b313e016 100644 --- a/src/virtd-ro.socket.in +++ b/src/virtd-ro.socket.in @@ -9,6 +9,7 @@ After=libvirtd-ro.socket ListenStream=@runstatedir@/libvirt/@sockprefix@-sock-ro Service=@service@.service SocketMode=0666 +RemoveOnStop=yes [Install] WantedBy=sockets.target -- 2.41.0
[libvirt PATCH v2 28/33] systemd: Drop Before=libvirtd from virtlogd/virtlockd
We have already declared the mirror relationship, so this one is now redundant. Moreover, this version was incomplete: it only ever worked for the monolithic daemon, but the modular daemons for QEMU and Xen also want the sockets to be active. Signed-off-by: Andrea Bolognani Reviewed-by: Daniel P. Berrangé --- src/locking/virtlockd-admin.socket.in | 1 - src/locking/virtlockd.service.in | 1 - src/locking/virtlockd.socket.in | 1 - src/logging/virtlogd-admin.socket.in | 1 - src/logging/virtlogd.service.in | 1 - src/logging/virtlogd.socket.in| 1 - 6 files changed, 6 deletions(-) diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in index c66e0f9693..d5ebd7f60b 100644 --- a/src/locking/virtlockd-admin.socket.in +++ b/src/locking/virtlockd-admin.socket.in @@ -1,6 +1,5 @@ [Unit] Description=Virtual machine lock manager admin socket -Before=libvirtd.service BindsTo=virtlockd.socket After=virtlockd.socket diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index e0a7040ad3..20b4b26f35 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -4,7 +4,6 @@ BindsTo=virtlockd.socket Wants=virtlockd-admin.socket After=virtlockd.socket After=virtlockd-admin.socket -Before=libvirtd.service Documentation=man:virtlockd(8) Documentation=https://libvirt.org diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in index 4ce75391ae..d2cc2a06a3 100644 --- a/src/locking/virtlockd.socket.in +++ b/src/locking/virtlockd.socket.in @@ -1,6 +1,5 @@ [Unit] Description=Virtual machine lock manager socket -Before=libvirtd.service [Socket] ListenStream=@runstatedir@/libvirt/virtlockd-sock diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in index 5c0fb1880e..67259803ca 100644 --- a/src/logging/virtlogd-admin.socket.in +++ b/src/logging/virtlogd-admin.socket.in @@ -1,6 +1,5 @@ [Unit] Description=Virtual machine log manager socket -Before=libvirtd.service BindsTo=virtlogd.socket After=virtlogd.socket diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index eab0d2c27c..776d753e9a 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -4,7 +4,6 @@ BindsTo=virtlogd.socket Wants=virtlogd-admin.socket After=virtlogd.socket After=virtlogd-admin.socket -Before=libvirtd.service Documentation=man:virtlogd(8) Documentation=https://libvirt.org diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in index ff3e66e09b..7b3fc73773 100644 --- a/src/logging/virtlogd.socket.in +++ b/src/logging/virtlogd.socket.in @@ -1,6 +1,5 @@ [Unit] Description=Virtual machine log manager socket -Before=libvirtd.service [Socket] ListenStream=@runstatedir@/libvirt/virtlogd-sock -- 2.41.0
[libvirt PATCH v2 33/33] systemd: Move Documentation lines
Like the Description, these are intended to be displayed to the user, so it makes sense to have them towards the top of the file before all the information that systemd will parse to calculate dependencies. Signed-off-by: Andrea Bolognani Reviewed-by: Daniel P. Berrangé --- src/locking/virtlockd.service.in | 4 ++-- src/logging/virtlogd.service.in | 4 ++-- src/remote/libvirtd.service.in | 4 ++-- src/virtd.service.in | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index 290a2887a5..ce00b6def9 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -1,11 +1,11 @@ [Unit] Description=libvirt locking daemon +Documentation=man:virtlockd(8) +Documentation=https://libvirt.org/ BindsTo=virtlockd.socket Wants=virtlockd-admin.socket After=virtlockd.socket After=virtlockd-admin.socket -Documentation=man:virtlockd(8) -Documentation=https://libvirt.org [Service] Type=notify diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index 4289ef1cb4..52c9e5bb9e 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -1,11 +1,11 @@ [Unit] Description=libvirt logging daemon +Documentation=man:virtlogd(8) +Documentation=https://libvirt.org/ BindsTo=virtlogd.socket Wants=virtlogd-admin.socket After=virtlogd.socket After=virtlogd-admin.socket -Documentation=man:virtlogd(8) -Documentation=https://libvirt.org [Service] Type=notify diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 9e303f29c8..24a6712b75 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -1,5 +1,7 @@ [Unit] Description=libvirt legacy monolithic daemon +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org/ # Use Wants instead of Requires so that users # can disable these three .socket units to revert # to a traditional non-activation deployment setup @@ -22,8 +24,6 @@ After=remote-fs.target After=systemd-machined.service After=xencommons.service Conflicts=xendomains.service -Documentation=man:libvirtd(8) -Documentation=https://libvirt.org [Service] Type=notify diff --git a/src/virtd.service.in b/src/virtd.service.in index 91ac4478bd..651a8d82d7 100644 --- a/src/virtd.service.in +++ b/src/virtd.service.in @@ -1,5 +1,7 @@ [Unit] Description=libvirt @name@ daemon +Documentation=man:@service@(8) +Documentation=https://libvirt.org/ BindsTo=@service@.socket Wants=@service@-ro.socket Wants=@service@-admin.socket @@ -11,8 +13,6 @@ After=libvirtd.service After=network.target After=dbus.service After=apparmor.service -Documentation=man:@service@(8) -Documentation=https://libvirt.org [Service] Type=notify -- 2.41.0
[libvirt PATCH v2 03/33] systemd: Make @service_in@ optional
It is currently considered required, but we're soon going to provide a default that will be suitable for most services. Since all services currently provide a value explicitly, we can implement a default without breaking anything. Signed-off-by: Andrea Bolognani --- src/meson.build | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/meson.build b/src/meson.build index c6728cc8f8..b7c2076c04 100644 --- a/src/meson.build +++ b/src/meson.build @@ -194,10 +194,10 @@ guest_unit_files = [] # virt_daemon_units: # generate libvirt daemon systemd unit files # * service - name of the service (required) -# * service_in - service source file (required) # * name - socket description (required) # * sockprefix - socket prefix name (optional, default unit['service']) # * sockets - array of additional sockets (optional, default [ 'main', 'ro', 'admin' ]) +# * service_in - service source file (optional, default remote/libvirtd.service.in) # * socket_$name_in - additional socket source files (optional, default remote/libvirtd.socket.in ) # * deps - socket dependencies (optional, default '') virt_daemon_units = [] @@ -803,6 +803,8 @@ if conf.has('WITH_LIBVIRTD') sockmode = '0600' endif +service_in_default = 'remote' / 'libvirtd.service.in' + foreach unit : virt_daemon_units unit_conf = configuration_data({ 'runstatedir': runstatedir, @@ -816,7 +818,7 @@ if conf.has('WITH_LIBVIRTD') 'sockmode': sockmode, }) - service_in = unit['service_in'] + service_in = unit.get('service_in', service_in_default) service_out = '@0@.service'.format(unit['service']) configure_file( -- 2.41.0
[libvirt PATCH v2 11/33] systemd: Switch virtsecretd to common templates
Signed-off-by: Andrea Bolognani --- src/secret/meson.build| 4 src/secret/virtsecretd.service.in | 25 - 2 files changed, 29 deletions(-) delete mode 100644 src/secret/virtsecretd.service.in diff --git a/src/secret/meson.build b/src/secret/meson.build index 58e47c22e8..e05b46abea 100644 --- a/src/secret/meson.build +++ b/src/secret/meson.build @@ -33,11 +33,7 @@ if conf.has('WITH_SECRETS') virt_daemon_units += { 'service': 'virtsecretd', -'service_in': files('virtsecretd.service.in'), 'name': 'Libvirt secret', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in deleted file mode 100644 index 3804fe553b..00 --- a/src/secret/virtsecretd.service.in +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Virtualization secret daemon -Conflicts=libvirtd.service -Requires=virtsecretd.socket -Requires=virtsecretd-ro.socket -Requires=virtsecretd-admin.socket -After=network.target -After=dbus.service -After=apparmor.service -Documentation=man:virtsecretd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTSECRETD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtsecretd -ExecStart=@sbindir@/virtsecretd $VIRTSECRETD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Also=virtsecretd.socket -Also=virtsecretd-ro.socket -Also=virtsecretd-admin.socket -- 2.41.0
[libvirt PATCH v2 02/33] systemd: Introduce service_in/service_out variables
They're similar to the existing socket_in/socket_out variables and will make future changes nicer. Signed-off-by: Andrea Bolognani --- src/meson.build | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/meson.build b/src/meson.build index 6c85cc9b9b..c6728cc8f8 100644 --- a/src/meson.build +++ b/src/meson.build @@ -816,9 +816,12 @@ if conf.has('WITH_LIBVIRTD') 'sockmode': sockmode, }) + service_in = unit['service_in'] + service_out = '@0@.service'.format(unit['service']) + configure_file( -input: unit['service_in'], -output: '@0@.service'.format(unit['service']), +input: service_in, +output: service_out, configuration: unit_conf, install: true, install_dir: systemd_unit_dir, -- 2.41.0
[libvirt PATCH v2 05/33] systemd: Provide all input files explicitly
We're about to change the defaults and start migrating to common templates: in order to be able to switch units over one at a time, make the input files that are currently used explicit rather than implicit. Signed-off-by: Andrea Bolognani --- src/ch/meson.build | 3 +++ src/interface/meson.build | 3 +++ src/libxl/meson.build | 3 +++ src/lxc/meson.build | 3 +++ src/network/meson.build | 3 +++ src/node_device/meson.build | 3 +++ src/nwfilter/meson.build| 3 +++ src/qemu/meson.build| 3 +++ src/remote/meson.build | 10 ++ src/secret/meson.build | 3 +++ src/storage/meson.build | 3 +++ src/vbox/meson.build| 3 +++ src/vz/meson.build | 3 +++ 13 files changed, 46 insertions(+) diff --git a/src/ch/meson.build b/src/ch/meson.build index 936b9bc95a..dc08069dcd 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -59,6 +59,9 @@ if conf.has('WITH_CH') 'service': 'virtchd', 'service_in': files('virtchd.service.in'), 'name': 'Libvirt ch', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } virt_install_dirs += [ diff --git a/src/interface/meson.build b/src/interface/meson.build index 06c5241fa3..6fa65117c3 100644 --- a/src/interface/meson.build +++ b/src/interface/meson.build @@ -46,6 +46,9 @@ if conf.has('WITH_INTERFACE') 'service': 'virtinterfaced', 'service_in': files('virtinterfaced.service.in'), 'name': 'Libvirt interface', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/libxl/meson.build b/src/libxl/meson.build index db8ccde38e..a1553dbe27 100644 --- a/src/libxl/meson.build +++ b/src/libxl/meson.build @@ -68,6 +68,9 @@ if conf.has('WITH_LIBXL') 'service': 'virtxend', 'service_in': files('virtxend.service.in'), 'name': 'Libvirt libxl', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, 'deps': 'ConditionPathExists=/proc/xen/capabilities', } diff --git a/src/lxc/meson.build b/src/lxc/meson.build index a8773f64a5..531078448c 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -166,6 +166,9 @@ if conf.has('WITH_LXC') 'service': 'virtlxcd', 'service_in': files('virtlxcd.service.in'), 'name': 'Libvirt lxc', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/network/meson.build b/src/network/meson.build index 40abfaef7e..2e51d5d47b 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -64,6 +64,9 @@ if conf.has('WITH_NETWORK') 'service': 'virtnetworkd', 'service_in': files('virtnetworkd.service.in'), 'name': 'Libvirt network', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/node_device/meson.build b/src/node_device/meson.build index 47d9f63600..dd60b1f819 100644 --- a/src/node_device/meson.build +++ b/src/node_device/meson.build @@ -54,6 +54,9 @@ if conf.has('WITH_NODE_DEVICES') 'service': 'virtnodedevd', 'service_in': files('virtnodedevd.service.in'), 'name': 'Libvirt nodedev', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/nwfilter/meson.build b/src/nwfilter/meson.build index 5efdee7189..de672bb827 100644 --- a/src/nwfilter/meson.build +++ b/src/nwfilter/meson.build @@ -52,6 +52,9 @@ if conf.has('WITH_NWFILTER') 'service': 'virtnwfilterd', 'service_in': files('virtnwfilterd.service.in'), 'name': 'Libvirt nwfilter', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/qemu/meson.build b/src/qemu/meson.build index afa9139d9a..b52497bdf0 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -185,6 +185,9 @@ if conf.has('WITH_QEMU') 'service': 'virtqemud', 'service_in': files('virtqemud.service.in'), 'name': 'Libvirt qemu', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/remote/meson.build b/src/remote/meson.build index dc2f528d0b..78c08bf5ad 100644 --- a/src/remote/meson.build +++ b/src/remote/meson.build @@ -194,6 +194,11 @@ if conf.has('WITH_REMOTE') 'name': 'Libvirt', 'sockprefix': 'libvirt', 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], + 'socket_in': files
[libvirt PATCH v2 12/33] systemd: Switch virtnetworkd to common templates
Signed-off-by: Andrea Bolognani --- src/network/meson.build | 5 + src/network/virtnetworkd.service.extra.in | 2 ++ src/network/virtnetworkd.service.in | 26 --- 3 files changed, 3 insertions(+), 30 deletions(-) create mode 100644 src/network/virtnetworkd.service.extra.in delete mode 100644 src/network/virtnetworkd.service.in diff --git a/src/network/meson.build b/src/network/meson.build index 2e51d5d47b..ed7707c714 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -62,11 +62,8 @@ if conf.has('WITH_NETWORK') virt_daemon_units += { 'service': 'virtnetworkd', -'service_in': files('virtnetworkd.service.in'), 'name': 'Libvirt network', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, +'service_extra_in': files('virtnetworkd.service.extra.in'), } openrc_init_files += { diff --git a/src/network/virtnetworkd.service.extra.in b/src/network/virtnetworkd.service.extra.in new file mode 100644 index 00..9fcabf652d --- /dev/null +++ b/src/network/virtnetworkd.service.extra.in @@ -0,0 +1,2 @@ +[Service] +KillMode=process diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in deleted file mode 100644 index 3d7374715d..00 --- a/src/network/virtnetworkd.service.in +++ /dev/null @@ -1,26 +0,0 @@ -[Unit] -Description=Virtualization network daemon -Conflicts=libvirtd.service -Requires=virtnetworkd.socket -Requires=virtnetworkd-ro.socket -Requires=virtnetworkd-admin.socket -After=network.target -After=dbus.service -After=apparmor.service -Documentation=man:virtnetworkd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTNETWORKD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtnetworkd -ExecStart=@sbindir@/virtnetworkd $VIRTNETWORKD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure -KillMode=process - -[Install] -WantedBy=multi-user.target -Also=virtnetworkd.socket -Also=virtnetworkd-ro.socket -Also=virtnetworkd-admin.socket -- 2.41.0
[libvirt PATCH v2 13/33] systemd: Switch virtstoraged to common templates
Signed-off-by: Andrea Bolognani --- src/storage/meson.build | 5 + src/storage/virtstoraged.service.extra.in | 3 +++ src/storage/virtstoraged.service.in | 27 --- 3 files changed, 4 insertions(+), 31 deletions(-) create mode 100644 src/storage/virtstoraged.service.extra.in delete mode 100644 src/storage/virtstoraged.service.in diff --git a/src/storage/meson.build b/src/storage/meson.build index e0a1e9f4de..fb7feea81d 100644 --- a/src/storage/meson.build +++ b/src/storage/meson.build @@ -111,11 +111,8 @@ if conf.has('WITH_STORAGE') virt_daemon_units += { 'service': 'virtstoraged', -'service_in': files('virtstoraged.service.in'), 'name': 'Libvirt storage', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, +'service_extra_in': files('virtstoraged.service.extra.in'), } openrc_init_files += { diff --git a/src/storage/virtstoraged.service.extra.in b/src/storage/virtstoraged.service.extra.in new file mode 100644 index 00..d134ae18da --- /dev/null +++ b/src/storage/virtstoraged.service.extra.in @@ -0,0 +1,3 @@ +[Unit] +After=iscsid.service +After=remote-fs.target diff --git a/src/storage/virtstoraged.service.in b/src/storage/virtstoraged.service.in deleted file mode 100644 index 235fbc6798..00 --- a/src/storage/virtstoraged.service.in +++ /dev/null @@ -1,27 +0,0 @@ -[Unit] -Description=Virtualization storage daemon -Conflicts=libvirtd.service -Requires=virtstoraged.socket -Requires=virtstoraged-ro.socket -Requires=virtstoraged-admin.socket -After=network.target -After=dbus.service -After=iscsid.service -After=apparmor.service -After=remote-fs.target -Documentation=man:virtstoraged(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTSTORAGED_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtstoraged -ExecStart=@sbindir@/virtstoraged $VIRTSTORAGED_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Also=virtstoraged.socket -Also=virtstoraged-ro.socket -Also=virtstoraged-admin.socket -- 2.41.0
[libvirt PATCH v2 04/33] systemd: Introduce temporary libvirtd_socket*_in values
These will be useful during the upcoming migration to common templates for systemd units and will be dropped as soon as all services have been converted. Signed-off-by: Andrea Bolognani --- src/meson.build | 4 1 file changed, 4 insertions(+) diff --git a/src/meson.build b/src/meson.build index b7c2076c04..2fbf98b9fe 100644 --- a/src/meson.build +++ b/src/meson.build @@ -191,6 +191,10 @@ virt_test_aug_dir = datadir / 'augeas' / 'lenses' / 'tests' # guest unit files to install guest_unit_files = [] +libvirtd_socket_in = files('remote' / 'libvirtd.socket.in') +libvirtd_socket_ro_in = files('remote' / 'libvirtd-ro.socket.in') +libvirtd_socket_admin_in = files('remote' / 'libvirtd-admin.socket.in') + # virt_daemon_units: # generate libvirt daemon systemd unit files # * service - name of the service (required) -- 2.41.0
[libvirt PATCH v2 06/33] systemd: Introduce common templates
We already use templating to generate sockets, which are all based off libvirtd's. Push the idea further, and extend it to cover services as well. This is more challenging, as the various modular daemons each have their own needs in terms of what system services needs to be available before they can be started, which other components of libvirt they depend on, and so on. In order to make this sort of per-service tweaks possible, we introduce a Python script that can merge two systemd units together. The script is aware of the semantics of systemd's unit definition format, so it can intelligently merge sections together. This generic systemd unit merging mechanism will also supersede the extremely ad-hoc @deps@ variable, which is currently used in a single scenario. Signed-off-by: Andrea Bolognani --- scripts/merge-systemd-units.py | 91 ++ scripts/meson.build| 1 + src/meson.build| 22 src/virtd-admin.socket.in | 13 + src/virtd-ro.socket.in | 13 + src/virtd-tcp.socket.in| 12 + src/virtd-tls.socket.in| 12 + src/virtd.service.in | 25 ++ src/virtd.socket.in| 12 + 9 files changed, 201 insertions(+) create mode 100755 scripts/merge-systemd-units.py create mode 100644 src/virtd-admin.socket.in create mode 100644 src/virtd-ro.socket.in create mode 100644 src/virtd-tcp.socket.in create mode 100644 src/virtd-tls.socket.in create mode 100644 src/virtd.service.in create mode 100644 src/virtd.socket.in diff --git a/scripts/merge-systemd-units.py b/scripts/merge-systemd-units.py new file mode 100755 index 00..136bc8d416 --- /dev/null +++ b/scripts/merge-systemd-units.py @@ -0,0 +1,91 @@ +#!/usr/bin/env python3 + +import sys + +SECTIONS = [ +'[Unit]', +'[Service]', +'[Socket]', +'[Install]', +] + + +def parse_unit(unit_path): +unit = {} +current_section = '[Invalid]' + +with open(unit_path) as f: +for line in f: +line = line.strip() + +if line == '': +continue + +if line[0] == '[' and line[-1] == ']': +if line not in SECTIONS: +print('Unknown section {}'.format(line)) +sys.exit(1) + +current_section = line +continue + +if current_section not in unit: +unit[current_section] = [] + +unit[current_section].append(line) + +if '[Invalid]' in unit: +print('Contents found outside of any section') +sys.exit(1) + +return unit + + +def format_unit(unit): +lines = [] + +for section in SECTIONS: +if section not in unit: +continue + +lines.append(section) + +for line in unit[section]: +lines.append(line) + +lines.append('') + +return '\n'.join(lines) + + +def merge_units(base, extra): +merged = {} + +for section in SECTIONS: +if section in extra and section not in base: +print('Section {} in extra but not in base'.format(section)) +sys.exit(1) + +if section not in base: +continue + +merged[section] = base[section] + +if section not in extra: +continue + +merged[section].extend(extra[section]) + +return merged + + +if len(sys.argv) < 2: +print('usage: {} BASE EXTRA'.format(sys.argv[0])) +sys.exit(1) + +base = parse_unit(sys.argv[1]) +extra = parse_unit(sys.argv[2]) + +merged = merge_units(base, extra) + +sys.stdout.write(format_unit(merged)) diff --git a/scripts/meson.build b/scripts/meson.build index 05b71184f1..65fd1e21c5 100644 --- a/scripts/meson.build +++ b/scripts/meson.build @@ -19,6 +19,7 @@ scripts = [ 'header-ifdef.py', 'hvsupport.py', 'hyperv_wmi_generator.py', + 'merge-systemd-units.py', 'meson-dist.py', 'meson-gen-authors.py', 'meson-gen-def.py', diff --git a/src/meson.build b/src/meson.build index 2fbf98b9fe..02c92621ba 100644 --- a/src/meson.build +++ b/src/meson.build @@ -203,6 +203,8 @@ libvirtd_socket_admin_in = files('remote' / 'libvirtd-admin.socket.in') # * sockets - array of additional sockets (optional, default [ 'main', 'ro', 'admin' ]) # * service_in - service source file (optional, default remote/libvirtd.service.in) # * socket_$name_in - additional socket source files (optional, default remote/libvirtd.socket.in ) +# * service_extra_in - unit to merge with service_in (optional, default None) +# * socket_extra_in - unit to merge with socket_$name_in (optional, default None) # * deps - socket dependencies (optional, default '') virt_daemon_units = [] @@ -817,6 +819,7 @@ if conf.has('WITH_LIBVIRTD') 'initconfdir': initconfdir, 'name': unit['name'], 'service': unit['service'], +'SERVICE': unit['service'].to_upper(), 'sockprefix': unit.
[libvirt PATCH v2 14/33] systemd: Switch virtvboxd to common templates
Signed-off-by: Andrea Bolognani --- src/vbox/meson.build| 5 + src/vbox/virtvboxd.service.extra.in | 2 ++ src/vbox/virtvboxd.service.in | 26 -- 3 files changed, 3 insertions(+), 30 deletions(-) create mode 100644 src/vbox/virtvboxd.service.extra.in delete mode 100644 src/vbox/virtvboxd.service.in diff --git a/src/vbox/meson.build b/src/vbox/meson.build index 2d6b71ab8f..ee6efbdb42 100644 --- a/src/vbox/meson.build +++ b/src/vbox/meson.build @@ -57,11 +57,8 @@ if conf.has('WITH_VBOX') virt_daemon_units += { 'service': 'virtvboxd', -'service_in': files('virtvboxd.service.in'), 'name': 'Libvirt vbox', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, +'service_extra_in': files('virtvboxd.service.extra.in'), } openrc_init_files += { diff --git a/src/vbox/virtvboxd.service.extra.in b/src/vbox/virtvboxd.service.extra.in new file mode 100644 index 00..ba3ad13ace --- /dev/null +++ b/src/vbox/virtvboxd.service.extra.in @@ -0,0 +1,2 @@ +[Unit] +After=remote-fs.target diff --git a/src/vbox/virtvboxd.service.in b/src/vbox/virtvboxd.service.in deleted file mode 100644 index a567ed2443..00 --- a/src/vbox/virtvboxd.service.in +++ /dev/null @@ -1,26 +0,0 @@ -[Unit] -Description=Virtualization vbox daemon -Conflicts=libvirtd.service -Requires=virtvboxd.socket -Requires=virtvboxd-ro.socket -Requires=virtvboxd-admin.socket -After=network.target -After=dbus.service -After=apparmor.service -After=remote-fs.target -Documentation=man:virtvboxd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTVBOXD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtvboxd -ExecStart=@sbindir@/virtvboxd $VIRTVBOXD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Also=virtvboxd.socket -Also=virtvboxd-ro.socket -Also=virtvboxd-admin.socket -- 2.41.0
[libvirt PATCH v2 07/33] systemd: Use common templates by default
All services are still listing their input files explicitly, so no changes to the output files will occur yet. Signed-off-by: Andrea Bolognani --- src/meson.build | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/meson.build b/src/meson.build index 02c92621ba..0fbefe37d5 100644 --- a/src/meson.build +++ b/src/meson.build @@ -201,8 +201,8 @@ libvirtd_socket_admin_in = files('remote' / 'libvirtd-admin.socket.in') # * name - socket description (required) # * sockprefix - socket prefix name (optional, default unit['service']) # * sockets - array of additional sockets (optional, default [ 'main', 'ro', 'admin' ]) -# * service_in - service source file (optional, default remote/libvirtd.service.in) -# * socket_$name_in - additional socket source files (optional, default remote/libvirtd.socket.in ) +# * service_in - service source file (optional, default virtd.service.in) +# * socket_$name_in - additional socket source files (optional, default virtd.socket.in or virtd-$name.socket.in) # * service_extra_in - unit to merge with service_in (optional, default None) # * socket_extra_in - unit to merge with socket_$name_in (optional, default None) # * deps - socket dependencies (optional, default '') @@ -809,7 +809,7 @@ if conf.has('WITH_LIBVIRTD') sockmode = '0600' endif -service_in_default = 'remote' / 'libvirtd.service.in' +service_in_default = 'virtd.service.in' foreach unit : virt_daemon_units unit_conf = configuration_data({ @@ -847,11 +847,11 @@ if conf.has('WITH_LIBVIRTD') foreach socket : unit.get('sockets', [ 'main', 'ro', 'admin' ]) if socket == 'main' - socket_in_default = 'remote' / 'libvirtd.socket.in' + socket_in_default = 'virtd.socket.in' socket_in = unit.get('socket_in', socket_in_default) socket_out = '@0@.socket'.format(unit['service']) else - socket_in_default = 'remote' / 'libvirtd-@0...@.socket.in'.format(socket) + socket_in_default = 'virtd-@0...@.socket.in'.format(socket) socket_in = unit.get('socket_@0@_in'.format(socket), socket_in_default) socket_out = '@0@-@1@.socket'.format(unit['service'], socket) endif -- 2.41.0
[libvirt PATCH v2 27/33] systemd: Augment Requires/Wants with After
Requires/Wants only tells systemd that the corresponding unit should be started when the current one is, but that could very well happen in parallel. For virtlogd/virtlockd, we want the socket to be already active when the hypervisor driver is started. Signed-off-by: Andrea Bolognani Reviewed-by: Daniel P. Berrangé --- src/libxl/virtxend.service.extra.in | 1 + src/locking/virtlockd.service.in| 1 + src/logging/virtlogd.service.in | 1 + src/qemu/virtqemud.service.extra.in | 2 ++ src/remote/libvirtd.service.in | 7 ++- src/virtd.service.in| 2 ++ 6 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/libxl/virtxend.service.extra.in b/src/libxl/virtxend.service.extra.in index ba38ba9160..55783aa3d5 100644 --- a/src/libxl/virtxend.service.extra.in +++ b/src/libxl/virtxend.service.extra.in @@ -1,5 +1,6 @@ [Unit] Wants=virtlockd.socket +After=virtlockd.socket After=remote-fs.target After=xencommons.service Conflicts=xendomains.service diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index fcf479c3c6..e0a7040ad3 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -3,6 +3,7 @@ Description=Virtual machine lock manager BindsTo=virtlockd.socket Wants=virtlockd-admin.socket After=virtlockd.socket +After=virtlockd-admin.socket Before=libvirtd.service Documentation=man:virtlockd(8) Documentation=https://libvirt.org diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index 3265ecd6af..eab0d2c27c 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -3,6 +3,7 @@ Description=Virtual machine log manager BindsTo=virtlogd.socket Wants=virtlogd-admin.socket After=virtlogd.socket +After=virtlogd-admin.socket Before=libvirtd.service Documentation=man:virtlogd(8) Documentation=https://libvirt.org diff --git a/src/qemu/virtqemud.service.extra.in b/src/qemu/virtqemud.service.extra.in index eaf616f575..585e1e82eb 100644 --- a/src/qemu/virtqemud.service.extra.in +++ b/src/qemu/virtqemud.service.extra.in @@ -1,6 +1,8 @@ [Unit] Requires=virtlogd.socket Wants=virtlockd.socket +After=virtlogd.socket +After=virtlockd.socket Wants=systemd-machined.service After=systemd-machined.service After=remote-fs.target diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 8839c00a15..a2c3c8f8fa 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -1,13 +1,18 @@ [Unit] Description=Virtualization daemon -Requires=virtlogd.socket # Use Wants instead of Requires so that users # can disable these three .socket units to revert # to a traditional non-activation deployment setup Wants=libvirtd.socket Wants=libvirtd-ro.socket Wants=libvirtd-admin.socket +After=libvirtd.socket +After=libvirtd-ro.socket +After=libvirtd-admin.socket +Requires=virtlogd.socket Wants=virtlockd.socket +After=virtlogd.socket +After=virtlockd.socket Wants=systemd-machined.service After=network.target After=dbus.service diff --git a/src/virtd.service.in b/src/virtd.service.in index f4f1bc217d..e1a5814b13 100644 --- a/src/virtd.service.in +++ b/src/virtd.service.in @@ -4,6 +4,8 @@ BindsTo=@service@.socket Wants=@service@-ro.socket Wants=@service@-admin.socket After=@service@.socket +After=@service@-ro.socket +After=@service@-admin.socket Conflicts=libvirtd.service After=libvirtd.service After=network.target -- 2.41.0
[libvirt PATCH v2 29/33] systemd: Drop Before=foo.service from sockets
systemd will automatically infer this dependency based on the socket's Service=foo.service setting. Signed-off-by: Andrea Bolognani Reviewed-by: Daniel P. Berrangé --- src/remote/libvirtd-admin.socket.in | 1 - src/remote/libvirtd-ro.socket.in| 1 - src/remote/libvirtd-tcp.socket.in | 1 - src/remote/libvirtd-tls.socket.in | 1 - src/remote/libvirtd.socket.in | 1 - src/virtd-admin.socket.in | 1 - src/virtd-ro.socket.in | 1 - src/virtd-tcp.socket.in | 1 - src/virtd-tls.socket.in | 1 - src/virtd.socket.in | 1 - 10 files changed, 10 deletions(-) diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index 8d927db63b..098e372971 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ admin socket -Before=libvirtd.service BindsTo=libvirtd.socket After=libvirtd.socket diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index cc10190ab4..101555e8a0 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ local read-only socket -Before=libvirtd.service BindsTo=libvirtd.socket After=libvirtd.socket diff --git a/src/remote/libvirtd-tcp.socket.in b/src/remote/libvirtd-tcp.socket.in index bc35f19c06..8b8fbcd01a 100644 --- a/src/remote/libvirtd-tcp.socket.in +++ b/src/remote/libvirtd-tcp.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ non-TLS IP socket -Before=libvirtd.service BindsTo=libvirtd.socket After=libvirtd.socket diff --git a/src/remote/libvirtd-tls.socket.in b/src/remote/libvirtd-tls.socket.in index 868a0be318..fefda22c6b 100644 --- a/src/remote/libvirtd-tls.socket.in +++ b/src/remote/libvirtd-tls.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ TLS IP socket -Before=libvirtd.service BindsTo=libvirtd.socket After=libvirtd.socket diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in index ea0554546a..3019821df3 100644 --- a/src/remote/libvirtd.socket.in +++ b/src/remote/libvirtd.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ local socket -Before=libvirtd.service [Socket] ListenStream=@runstatedir@/libvirt/libvirt-sock diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in index 42cc1f670f..63db2be5fe 100644 --- a/src/virtd-admin.socket.in +++ b/src/virtd-admin.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ admin socket -Before=@service@.service BindsTo=@service@.socket After=@service@.socket Conflicts=libvirtd-admin.socket diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in index 7b8cbdba20..32e4789b8b 100644 --- a/src/virtd-ro.socket.in +++ b/src/virtd-ro.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ local read-only socket -Before=@service@.service BindsTo=@service@.socket After=@service@.socket Conflicts=libvirtd-ro.socket diff --git a/src/virtd-tcp.socket.in b/src/virtd-tcp.socket.in index 9fe90ed0a0..10480d64e3 100644 --- a/src/virtd-tcp.socket.in +++ b/src/virtd-tcp.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ non-TLS IP socket -Before=@service@.service BindsTo=@service@.socket After=@service@.socket Conflicts=libvirtd-tcp.socket diff --git a/src/virtd-tls.socket.in b/src/virtd-tls.socket.in index bb89daddb5..83a1e343bc 100644 --- a/src/virtd-tls.socket.in +++ b/src/virtd-tls.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ TLS IP socket -Before=@service@.service BindsTo=@service@.socket After=@service@.socket Conflicts=libvirtd-tls.socket diff --git a/src/virtd.socket.in b/src/virtd.socket.in index 053dc1c782..d0a0bb3b1c 100644 --- a/src/virtd.socket.in +++ b/src/virtd.socket.in @@ -1,6 +1,5 @@ [Unit] Description=@name@ local socket -Before=@service@.service Conflicts=libvirtd.socket After=libvirtd.socket -- 2.41.0
[libvirt PATCH v2 25/33] systemd: Replace Requires with BindTo+After for main socket
This is the strongest relationship that can be declared between two units, and causes the service to be terminated immediately if its main socket disappears. This is the behavior we want. Note that we don't do the same for the read-only/admin sockets, because those are not as critical for the core functionality of services as the main socket it. Signed-off-by: Andrea Bolognani --- src/locking/virtlockd.service.in | 3 ++- src/logging/virtlogd.service.in | 3 ++- src/virtd.service.in | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index 9e91fa3261..35924a2ad7 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -1,7 +1,8 @@ [Unit] Description=Virtual machine lock manager -Requires=virtlockd.socket +BindsTo=virtlockd.socket Requires=virtlockd-admin.socket +After=virtlockd.socket Before=libvirtd.service Documentation=man:virtlockd(8) Documentation=https://libvirt.org diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index 97c942ffb0..79d34bc73e 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -1,7 +1,8 @@ [Unit] Description=Virtual machine log manager -Requires=virtlogd.socket +BindsTo=virtlogd.socket Requires=virtlogd-admin.socket +After=virtlogd.socket Before=libvirtd.service Documentation=man:virtlogd(8) Documentation=https://libvirt.org diff --git a/src/virtd.service.in b/src/virtd.service.in index 60ab122cbc..e7f08b4da9 100644 --- a/src/virtd.service.in +++ b/src/virtd.service.in @@ -1,8 +1,9 @@ [Unit] Description=@name@ daemon -Requires=@service@.socket +BindsTo=@service@.socket Requires=@service@-ro.socket Requires=@service@-admin.socket +After=@service@.socket Conflicts=libvirtd.service After=libvirtd.service After=network.target -- 2.41.0
[libvirt PATCH v2 18/33] systemd: Switch virtlxcd to common templates
Signed-off-by: Andrea Bolognani --- src/lxc/meson.build | 5 +--- src/lxc/virtlxcd.service.extra.in | 22 src/lxc/virtlxcd.service.in | 44 --- 3 files changed, 23 insertions(+), 48 deletions(-) create mode 100644 src/lxc/virtlxcd.service.extra.in delete mode 100644 src/lxc/virtlxcd.service.in diff --git a/src/lxc/meson.build b/src/lxc/meson.build index 531078448c..84e6c313ea 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -164,11 +164,8 @@ if conf.has('WITH_LXC') virt_daemon_units += { 'service': 'virtlxcd', -'service_in': files('virtlxcd.service.in'), 'name': 'Libvirt lxc', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, +'service_extra_in': files('virtlxcd.service.extra.in'), } openrc_init_files += { diff --git a/src/lxc/virtlxcd.service.extra.in b/src/lxc/virtlxcd.service.extra.in new file mode 100644 index 00..bc2fef57cc --- /dev/null +++ b/src/lxc/virtlxcd.service.extra.in @@ -0,0 +1,22 @@ +[Unit] +Wants=systemd-machined.service +After=systemd-machined.service +After=remote-fs.target + +[Service] +KillMode=process +# Raise hard limits to match behaviour of systemd >= 240. +# During startup, daemon will set soft limit to match hard limit +# per systemd recommendations +LimitNOFILE=1024:524288 +# The cgroups pids controller can limit the number of tasks started by +# the daemon, which can limit the number of domains for some hypervisors. +# A conservative default of 8 tasks per guest results in a TasksMax of +# 32k to support 4096 guests. +TasksMax=32768 +# With cgroups v2 there is no devices controller anymore, we have to use +# eBPF to control access to devices. In order to do that we create a eBPF +# hash MAP which locks memory. The default map size for 64 devices together +# with program takes 12k per guest. After rounding up we will get 64M to +# support 4096 guests. +LimitMEMLOCK=64M diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in deleted file mode 100644 index ee3a7f1083..00 --- a/src/lxc/virtlxcd.service.in +++ /dev/null @@ -1,44 +0,0 @@ -[Unit] -Description=Virtualization lxc daemon -Conflicts=libvirtd.service -Requires=virtlxcd.socket -Requires=virtlxcd-ro.socket -Requires=virtlxcd-admin.socket -Wants=systemd-machined.service -After=network.target -After=dbus.service -After=apparmor.service -After=remote-fs.target -After=systemd-machined.service -Documentation=man:virtlxcd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTLXCD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtlxcd -ExecStart=@sbindir@/virtlxcd $VIRTLXCD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest results in a TasksMax of -# 32k to support 4096 guests. -TasksMax=32768 -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M - -[Install] -WantedBy=multi-user.target -Also=virtlxcd.socket -Also=virtlxcd-ro.socket -Also=virtlxcd-admin.socket -- 2.41.0
[libvirt PATCH v2 21/33] systemd: Drop libvirtd_socket*_in values
Now that the migration to common templates has been completed, we no longer need these. Signed-off-by: Andrea Bolognani --- src/meson.build | 4 1 file changed, 4 deletions(-) diff --git a/src/meson.build b/src/meson.build index 0fbefe37d5..541ca61101 100644 --- a/src/meson.build +++ b/src/meson.build @@ -191,10 +191,6 @@ virt_test_aug_dir = datadir / 'augeas' / 'lenses' / 'tests' # guest unit files to install guest_unit_files = [] -libvirtd_socket_in = files('remote' / 'libvirtd.socket.in') -libvirtd_socket_ro_in = files('remote' / 'libvirtd-ro.socket.in') -libvirtd_socket_admin_in = files('remote' / 'libvirtd-admin.socket.in') - # virt_daemon_units: # generate libvirt daemon systemd unit files # * service - name of the service (required) -- 2.41.0
[libvirt PATCH v2 23/33] systemd: Drop parametrization from libvirtd sockets
Up until now the files have been used as template for most services, but now that those have been converted to common templates we can drop parametrization and make it clear that these files are for libvirtd only. Signed-off-by: Andrea Bolognani --- src/remote/libvirtd-admin.socket.in | 10 +- src/remote/libvirtd-ro.socket.in| 10 +- src/remote/libvirtd-tcp.socket.in | 8 src/remote/libvirtd-tls.socket.in | 8 src/remote/libvirtd.socket.in | 6 +++--- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index 39bb0badea..8d927db63b 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -1,12 +1,12 @@ [Unit] Description=@name@ admin socket -Before=@service@.service -BindsTo=@service@.socket -After=@service@.socket +Before=libvirtd.service +BindsTo=libvirtd.socket +After=libvirtd.socket [Socket] -ListenStream=@runstatedir@/libvirt/@sockprefix@-admin-sock -Service=@service@.service +ListenStream=@runstatedir@/libvirt/libvirt-admin-sock +Service=libvirtd.service SocketMode=0600 [Install] diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index b7b7ae0dd8..cc10190ab4 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -1,12 +1,12 @@ [Unit] Description=@name@ local read-only socket -Before=@service@.service -BindsTo=@service@.socket -After=@service@.socket +Before=libvirtd.service +BindsTo=libvirtd.socket +After=libvirtd.socket [Socket] -ListenStream=@runstatedir@/libvirt/@sockprefix@-sock-ro -Service=@service@.service +ListenStream=@runstatedir@/libvirt/libvirt-sock-ro +Service=libvirtd.service SocketMode=0666 [Install] diff --git a/src/remote/libvirtd-tcp.socket.in b/src/remote/libvirtd-tcp.socket.in index 7c8bcdb525..bc35f19c06 100644 --- a/src/remote/libvirtd-tcp.socket.in +++ b/src/remote/libvirtd-tcp.socket.in @@ -1,12 +1,12 @@ [Unit] Description=@name@ non-TLS IP socket -Before=@service@.service -BindsTo=@service@.socket -After=@service@.socket +Before=libvirtd.service +BindsTo=libvirtd.socket +After=libvirtd.socket [Socket] ListenStream=16509 -Service=@service@.service +Service=libvirtd.service [Install] WantedBy=sockets.target diff --git a/src/remote/libvirtd-tls.socket.in b/src/remote/libvirtd-tls.socket.in index c6dceb2d4e..868a0be318 100644 --- a/src/remote/libvirtd-tls.socket.in +++ b/src/remote/libvirtd-tls.socket.in @@ -1,12 +1,12 @@ [Unit] Description=@name@ TLS IP socket -Before=@service@.service -BindsTo=@service@.socket -After=@service@.socket +Before=libvirtd.service +BindsTo=libvirtd.socket +After=libvirtd.socket [Socket] ListenStream=16514 -Service=@service@.service +Service=libvirtd.service [Install] WantedBy=sockets.target diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in index aec0708fd4..ea0554546a 100644 --- a/src/remote/libvirtd.socket.in +++ b/src/remote/libvirtd.socket.in @@ -1,10 +1,10 @@ [Unit] Description=@name@ local socket -Before=@service@.service +Before=libvirtd.service [Socket] -ListenStream=@runstatedir@/libvirt/@sockprefix@-sock -Service=@service@.service +ListenStream=@runstatedir@/libvirt/libvirt-sock +Service=libvirtd.service SocketMode=@sockmode@ RemoveOnStop=yes -- 2.41.0
[libvirt PATCH v2 17/33] systemd: Switch virtxend to common templates
Signed-off-by: Andrea Bolognani --- src/libxl/meson.build | 7 ++- src/libxl/virtxend.service.extra.in | 12 +++ src/libxl/virtxend.service.in | 32 - src/libxl/virtxend.socket.extra.in | 2 ++ 4 files changed, 16 insertions(+), 37 deletions(-) create mode 100644 src/libxl/virtxend.service.extra.in delete mode 100644 src/libxl/virtxend.service.in create mode 100644 src/libxl/virtxend.socket.extra.in diff --git a/src/libxl/meson.build b/src/libxl/meson.build index a1553dbe27..171d6ca005 100644 --- a/src/libxl/meson.build +++ b/src/libxl/meson.build @@ -66,12 +66,9 @@ if conf.has('WITH_LIBXL') virt_daemon_units += { 'service': 'virtxend', -'service_in': files('virtxend.service.in'), 'name': 'Libvirt libxl', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, -'deps': 'ConditionPathExists=/proc/xen/capabilities', +'service_extra_in': files('virtxend.service.extra.in'), +'socket_extra_in': files('virtxend.socket.extra.in'), } openrc_init_files += { diff --git a/src/libxl/virtxend.service.extra.in b/src/libxl/virtxend.service.extra.in new file mode 100644 index 00..ba38ba9160 --- /dev/null +++ b/src/libxl/virtxend.service.extra.in @@ -0,0 +1,12 @@ +[Unit] +Wants=virtlockd.socket +After=remote-fs.target +After=xencommons.service +Conflicts=xendomains.service +ConditionPathExists=/proc/xen/capabilities + +[Service] +KillMode=process + +[Install] +Also=virtlockd.socket diff --git a/src/libxl/virtxend.service.in b/src/libxl/virtxend.service.in deleted file mode 100644 index c6a88f7fe9..00 --- a/src/libxl/virtxend.service.in +++ /dev/null @@ -1,32 +0,0 @@ -[Unit] -Description=Virtualization xen daemon -Conflicts=libvirtd.service -Requires=virtxend.socket -Requires=virtxend-ro.socket -Requires=virtxend-admin.socket -Wants=virtlockd.socket -After=network.target -After=dbus.service -After=apparmor.service -After=remote-fs.target -After=xencommons.service -Conflicts=xendomains.service -Documentation=man:virtxend(8) -Documentation=https://libvirt.org -ConditionPathExists=/proc/xen/capabilities - -[Service] -Type=notify -Environment=VIRTXEND_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtxend -ExecStart=@sbindir@/virtxend $VIRTXEND_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure -KillMode=process - -[Install] -WantedBy=multi-user.target -Also=virtlockd.socket -Also=virtxend.socket -Also=virtxend-ro.socket -Also=virtxend-admin.socket diff --git a/src/libxl/virtxend.socket.extra.in b/src/libxl/virtxend.socket.extra.in new file mode 100644 index 00..c8322efbbc --- /dev/null +++ b/src/libxl/virtxend.socket.extra.in @@ -0,0 +1,2 @@ +[Unit] +ConditionPathExists=/proc/xen/capabilities -- 2.41.0
[libvirt PATCH v2 26/33] systemd: Downgrade read-only/admin sockets to Wants
Only the main socket is actually necessary for the service to be usable. In the past, we've had security issues that could be exploited via access to the read-only socket, so a security-minded administrator might consider disabling all optional sockets. This change makes such a setup possible. Note that the services will still try to activate all their sockets on startup, even if they have been disabled. To make sure that the optional sockets are never started, they will have to be masked. Signed-off-by: Andrea Bolognani --- src/locking/virtlockd.service.in | 2 +- src/logging/virtlogd.service.in | 2 +- src/virtd.service.in | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index 35924a2ad7..fcf479c3c6 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -1,7 +1,7 @@ [Unit] Description=Virtual machine lock manager BindsTo=virtlockd.socket -Requires=virtlockd-admin.socket +Wants=virtlockd-admin.socket After=virtlockd.socket Before=libvirtd.service Documentation=man:virtlockd(8) diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index 79d34bc73e..3265ecd6af 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -1,7 +1,7 @@ [Unit] Description=Virtual machine log manager BindsTo=virtlogd.socket -Requires=virtlogd-admin.socket +Wants=virtlogd-admin.socket After=virtlogd.socket Before=libvirtd.service Documentation=man:virtlogd(8) diff --git a/src/virtd.service.in b/src/virtd.service.in index e7f08b4da9..f4f1bc217d 100644 --- a/src/virtd.service.in +++ b/src/virtd.service.in @@ -1,8 +1,8 @@ [Unit] Description=@name@ daemon BindsTo=@service@.socket -Requires=@service@-ro.socket -Requires=@service@-admin.socket +Wants=@service@-ro.socket +Wants=@service@-admin.socket After=@service@.socket Conflicts=libvirtd.service After=libvirtd.service -- 2.41.0
[libvirt PATCH v2 10/33] systemd: Switch virtnwfilterd to common templates
Signed-off-by: Andrea Bolognani --- src/nwfilter/meson.build | 4 src/nwfilter/virtnwfilterd.service.in | 25 - 2 files changed, 29 deletions(-) delete mode 100644 src/nwfilter/virtnwfilterd.service.in diff --git a/src/nwfilter/meson.build b/src/nwfilter/meson.build index de672bb827..c091bc3f1b 100644 --- a/src/nwfilter/meson.build +++ b/src/nwfilter/meson.build @@ -50,11 +50,7 @@ if conf.has('WITH_NWFILTER') virt_daemon_units += { 'service': 'virtnwfilterd', -'service_in': files('virtnwfilterd.service.in'), 'name': 'Libvirt nwfilter', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/nwfilter/virtnwfilterd.service.in b/src/nwfilter/virtnwfilterd.service.in deleted file mode 100644 index d6e98240a8..00 --- a/src/nwfilter/virtnwfilterd.service.in +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Virtualization nwfilter daemon -Conflicts=libvirtd.service -Requires=virtnwfilterd.socket -Requires=virtnwfilterd-ro.socket -Requires=virtnwfilterd-admin.socket -After=network.target -After=dbus.service -After=apparmor.service -Documentation=man:virtnwfilterd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTNWFILTERD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtnwfilterd -ExecStart=@sbindir@/virtnwfilterd $VIRTNWFILTERD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Also=virtnwfilterd.socket -Also=virtnwfilterd-ro.socket -Also=virtnwfilterd-admin.socket -- 2.41.0
[libvirt PATCH v2 32/33] systemd: Improve and unify unit descriptions
Hypervisors are referred to by their user-facing name rather than the name of their libvirt driver, the monolithic daemon is explicitly referred to as legacy, and a consistent format is used throughout. Signed-off-by: Andrea Bolognani --- src/ch/meson.build| 2 +- src/interface/meson.build | 2 +- src/libxl/meson.build | 2 +- src/locking/meson.build | 2 +- src/locking/virtlockd-admin.socket.in | 2 +- src/locking/virtlockd.service.in | 2 +- src/locking/virtlockd.socket.in | 2 +- src/logging/meson.build | 2 +- src/logging/virtlogd-admin.socket.in | 2 +- src/logging/virtlogd.service.in | 2 +- src/logging/virtlogd.socket.in| 2 +- src/lxc/meson.build | 2 +- src/network/meson.build | 2 +- src/node_device/meson.build | 2 +- src/nwfilter/meson.build | 2 +- src/qemu/meson.build | 2 +- src/remote/libvirtd-admin.socket.in | 2 +- src/remote/libvirtd-ro.socket.in | 2 +- src/remote/libvirtd-tcp.socket.in | 2 +- src/remote/libvirtd-tls.socket.in | 2 +- src/remote/libvirtd.service.in| 2 +- src/remote/libvirtd.socket.in | 2 +- src/remote/meson.build| 4 ++-- src/secret/meson.build| 2 +- src/storage/meson.build | 2 +- src/vbox/meson.build | 2 +- src/virtd-admin.socket.in | 2 +- src/virtd-ro.socket.in| 2 +- src/virtd-tcp.socket.in | 2 +- src/virtd-tls.socket.in | 2 +- src/virtd.service.in | 2 +- src/virtd.socket.in | 2 +- src/vz/meson.build| 2 +- 33 files changed, 34 insertions(+), 34 deletions(-) diff --git a/src/ch/meson.build b/src/ch/meson.build index 0ef7288257..df246ef9b0 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -57,7 +57,7 @@ if conf.has('WITH_CH') virt_daemon_units += { 'service': 'virtchd', -'name': 'Libvirt ch', +'name': 'Cloud Hypervisor', 'service_extra_in': files('virtchd.service.extra.in'), } diff --git a/src/interface/meson.build b/src/interface/meson.build index 54c0b1a935..b1617d83e6 100644 --- a/src/interface/meson.build +++ b/src/interface/meson.build @@ -44,7 +44,7 @@ if conf.has('WITH_INTERFACE') virt_daemon_units += { 'service': 'virtinterfaced', -'name': 'Libvirt interface', +'name': 'interface', } openrc_init_files += { diff --git a/src/libxl/meson.build b/src/libxl/meson.build index 171d6ca005..8e6f455139 100644 --- a/src/libxl/meson.build +++ b/src/libxl/meson.build @@ -66,7 +66,7 @@ if conf.has('WITH_LIBXL') virt_daemon_units += { 'service': 'virtxend', -'name': 'Libvirt libxl', +'name': 'Xen', 'service_extra_in': files('virtxend.service.extra.in'), 'socket_extra_in': files('virtxend.socket.extra.in'), } diff --git a/src/locking/meson.build b/src/locking/meson.build index 2ccc822ed3..6b3cd781d1 100644 --- a/src/locking/meson.build +++ b/src/locking/meson.build @@ -144,7 +144,7 @@ if conf.has('WITH_LIBVIRTD') virt_daemon_units += { 'service': 'virtlockd', 'service_in': files('virtlockd.service.in'), -'name': 'Libvirt locking', +'name': 'locking', 'sockets': [ 'main', 'admin' ], 'socket_in': files('virtlockd.socket.in'), 'socket_admin_in': files('virtlockd-admin.socket.in'), diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in index 0452a0cfdb..ed5b94edba 100644 --- a/src/locking/virtlockd-admin.socket.in +++ b/src/locking/virtlockd-admin.socket.in @@ -1,5 +1,5 @@ [Unit] -Description=Virtual machine lock manager admin socket +Description=libvirt locking daemon admin socket BindsTo=virtlockd.socket After=virtlockd.socket diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index 20b4b26f35..290a2887a5 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -1,5 +1,5 @@ [Unit] -Description=Virtual machine lock manager +Description=libvirt locking daemon BindsTo=virtlockd.socket Wants=virtlockd-admin.socket After=virtlockd.socket diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in index 31a576aa16..4eec90a95e 100644 --- a/src/locking/virtlockd.socket.in +++ b/src/locking/virtlockd.socket.in @@ -1,5 +1,5 @@ [Unit] -Description=Virtual machine lock manager socket +Description=libvirt locking daemon socket [Socket] ListenStream=@runstatedir@/libvirt/virtlockd-sock diff --git a/src/logging/meson.build b/src/logging/meson.build index 95d2ef2a3f..1527f91faf 100644 --- a/src/logging/meson.build +++ b/src/logging/meson.build @@ -91,7 +91,7 @@ if conf.has('WITH_LIBVIRTD') virt_daemon_units += { 'service': 'virtlogd', 'service_in': files('virtlogd.service.in'), -'name': 'Libvirt logging', +'name': 'logging
[libvirt PATCH v2 16/33] systemd: Switch virtchd to common templates
Signed-off-by: Andrea Bolognani --- src/ch/meson.build | 5 +--- src/ch/virtchd.service.extra.in | 22 + src/ch/virtchd.service.in | 44 - 3 files changed, 23 insertions(+), 48 deletions(-) create mode 100644 src/ch/virtchd.service.extra.in delete mode 100644 src/ch/virtchd.service.in diff --git a/src/ch/meson.build b/src/ch/meson.build index dc08069dcd..0ef7288257 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -57,11 +57,8 @@ if conf.has('WITH_CH') virt_daemon_units += { 'service': 'virtchd', -'service_in': files('virtchd.service.in'), 'name': 'Libvirt ch', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, +'service_extra_in': files('virtchd.service.extra.in'), } virt_install_dirs += [ diff --git a/src/ch/virtchd.service.extra.in b/src/ch/virtchd.service.extra.in new file mode 100644 index 00..bc2fef57cc --- /dev/null +++ b/src/ch/virtchd.service.extra.in @@ -0,0 +1,22 @@ +[Unit] +Wants=systemd-machined.service +After=systemd-machined.service +After=remote-fs.target + +[Service] +KillMode=process +# Raise hard limits to match behaviour of systemd >= 240. +# During startup, daemon will set soft limit to match hard limit +# per systemd recommendations +LimitNOFILE=1024:524288 +# The cgroups pids controller can limit the number of tasks started by +# the daemon, which can limit the number of domains for some hypervisors. +# A conservative default of 8 tasks per guest results in a TasksMax of +# 32k to support 4096 guests. +TasksMax=32768 +# With cgroups v2 there is no devices controller anymore, we have to use +# eBPF to control access to devices. In order to do that we create a eBPF +# hash MAP which locks memory. The default map size for 64 devices together +# with program takes 12k per guest. After rounding up we will get 64M to +# support 4096 guests. +LimitMEMLOCK=64M diff --git a/src/ch/virtchd.service.in b/src/ch/virtchd.service.in deleted file mode 100644 index 351eee312b..00 --- a/src/ch/virtchd.service.in +++ /dev/null @@ -1,44 +0,0 @@ -[Unit] -Description=Virtualization Cloud-Hypervisor daemon -Conflicts=libvirtd.service -Requires=virtchd.socket -Requires=virtchd-ro.socket -Requires=virtchd-admin.socket -Wants=systemd-machined.service -After=network.target -After=dbus.service -After=apparmor.service -After=remote-fs.target -After=systemd-machined.service -Documentation=man:virtchd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTCHD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtchd -ExecStart=@sbindir@/virtchd $VIRTCHD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest results in a TasksMax of -# 32k to support 4096 guests. -TasksMax=32768 -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M - -[Install] -WantedBy=multi-user.target -Also=virtchd.socket -Also=virtchd-ro.socket -Also=virtchd-admin.socket -- 2.41.0
[libvirt PATCH v2 20/33] systemd: Switch virtproxyd to common templates
Signed-off-by: Andrea Bolognani --- src/remote/meson.build | 6 -- src/remote/virtproxyd.service.in | 25 - 2 files changed, 31 deletions(-) delete mode 100644 src/remote/virtproxyd.service.in diff --git a/src/remote/meson.build b/src/remote/meson.build index 78c08bf5ad..5ee6d4e61c 100644 --- a/src/remote/meson.build +++ b/src/remote/meson.build @@ -224,15 +224,9 @@ if conf.has('WITH_REMOTE') virt_daemon_units += { 'service': 'virtproxyd', - 'service_in': files('virtproxyd.service.in'), 'name': 'Libvirt proxy', 'sockprefix': 'libvirt', 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], - 'socket_in': files('libvirtd.socket.in'), - 'socket_ro_in': files('libvirtd-ro.socket.in'), - 'socket_admin_in': files('libvirtd-admin.socket.in'), - 'socket_tcp_in': files('libvirtd-tcp.socket.in'), - 'socket_tls_in': files('libvirtd-tls.socket.in'), } openrc_init_files += { diff --git a/src/remote/virtproxyd.service.in b/src/remote/virtproxyd.service.in deleted file mode 100644 index 9b829641f7..00 --- a/src/remote/virtproxyd.service.in +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Virtualization daemon -Conflicts=libvirtd.service -Requires=virtproxyd.socket -Requires=virtproxyd-ro.socket -Requires=virtproxyd-admin.socket -After=network.target -After=dbus.service -After=apparmor.service -Documentation=man:virtproxyd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTPROXYD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtproxyd -ExecStart=@sbindir@/virtproxyd $VIRTPROXYD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Also=virtproxyd.socket -Also=virtproxyd-ro.socket -Also=virtproxyd-admin.socket -- 2.41.0
[libvirt PATCH v2 08/33] systemd: Switch virtnodedevd to common templates
Signed-off-by: Andrea Bolognani --- src/node_device/meson.build | 4 src/node_device/virtnodedevd.service.in | 25 - 2 files changed, 29 deletions(-) delete mode 100644 src/node_device/virtnodedevd.service.in diff --git a/src/node_device/meson.build b/src/node_device/meson.build index dd60b1f819..2614ff8b9c 100644 --- a/src/node_device/meson.build +++ b/src/node_device/meson.build @@ -52,11 +52,7 @@ if conf.has('WITH_NODE_DEVICES') virt_daemon_units += { 'service': 'virtnodedevd', -'service_in': files('virtnodedevd.service.in'), 'name': 'Libvirt nodedev', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/node_device/virtnodedevd.service.in b/src/node_device/virtnodedevd.service.in deleted file mode 100644 index 2ac41db32e..00 --- a/src/node_device/virtnodedevd.service.in +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Virtualization nodedev daemon -Conflicts=libvirtd.service -Requires=virtnodedevd.socket -Requires=virtnodedevd-ro.socket -Requires=virtnodedevd-admin.socket -After=network.target -After=dbus.service -After=apparmor.service -Documentation=man:virtnodedevd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTNODEDEVD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtnodedevd -ExecStart=@sbindir@/virtnodedevd $VIRTNODEDEVD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Also=virtnodedevd.socket -Also=virtnodedevd-ro.socket -Also=virtnodedevd-admin.socket -- 2.41.0
[libvirt PATCH v2 24/33] systemd: Make modular daemons conflict with libvirtd
We want to make sure that, at any given time, we have either the modular daemons or the monolithic one running, never both. In order to achieve that, make every single modular unit conflict with the corresponding libvirtd unit. We set both Conflicts=libvirtd.unit and After=libvirtd.unit: this tells systemd that, whenever virtfood.unit and libvirtd.unit are part of the same transaction, the former should win out. Thanks to this, if both the modular daemons and the monolithic one have been enabled because of outdated automation or a simple mistake of the administrator, the request to start libvirtd at boot will be ignored and the result will be a regular modular deployment. If the request to start libvirtd is made when the modular daemons are already running, we have no way to prevent systemd from complying with that request; however, thanks to the way the conflict relationship has been declared, they will be shut down cleanly before libvirtd is started. From the user's point of view, the transition from modular to monolithic will be completely transparent: it's basically the same scenario as a regular package upgrade, just with an extra twist. Note that, while switching from modular to monolithic at runtime happens automatically, going back requires manual intervention, i.e. starting all the necessary sockets one by one. That's okay: the goal here is to prevent misconfiguration and force of habit to accidentally disrupt a working setup, not to encourage the scenario. In a correctly configured and managed host, it should never occur. Signed-off-by: Andrea Bolognani Reviewed-by: Daniel P. Berrangé --- src/virtd-admin.socket.in | 2 ++ src/virtd-ro.socket.in| 2 ++ src/virtd-tcp.socket.in | 2 ++ src/virtd-tls.socket.in | 2 ++ src/virtd.service.in | 3 ++- src/virtd.socket.in | 2 ++ 6 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in index 39bb0badea..42cc1f670f 100644 --- a/src/virtd-admin.socket.in +++ b/src/virtd-admin.socket.in @@ -3,6 +3,8 @@ Description=@name@ admin socket Before=@service@.service BindsTo=@service@.socket After=@service@.socket +Conflicts=libvirtd-admin.socket +After=libvirtd-admin.socket [Socket] ListenStream=@runstatedir@/libvirt/@sockprefix@-admin-sock diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in index b7b7ae0dd8..7b8cbdba20 100644 --- a/src/virtd-ro.socket.in +++ b/src/virtd-ro.socket.in @@ -3,6 +3,8 @@ Description=@name@ local read-only socket Before=@service@.service BindsTo=@service@.socket After=@service@.socket +Conflicts=libvirtd-ro.socket +After=libvirtd-ro.socket [Socket] ListenStream=@runstatedir@/libvirt/@sockprefix@-sock-ro diff --git a/src/virtd-tcp.socket.in b/src/virtd-tcp.socket.in index 7c8bcdb525..9fe90ed0a0 100644 --- a/src/virtd-tcp.socket.in +++ b/src/virtd-tcp.socket.in @@ -3,6 +3,8 @@ Description=@name@ non-TLS IP socket Before=@service@.service BindsTo=@service@.socket After=@service@.socket +Conflicts=libvirtd-tcp.socket +After=libvirtd-tcp.socket [Socket] ListenStream=16509 diff --git a/src/virtd-tls.socket.in b/src/virtd-tls.socket.in index c6dceb2d4e..bb89daddb5 100644 --- a/src/virtd-tls.socket.in +++ b/src/virtd-tls.socket.in @@ -3,6 +3,8 @@ Description=@name@ TLS IP socket Before=@service@.service BindsTo=@service@.socket After=@service@.socket +Conflicts=libvirtd-tls.socket +After=libvirtd-tls.socket [Socket] ListenStream=16514 diff --git a/src/virtd.service.in b/src/virtd.service.in index 76f9c60351..60ab122cbc 100644 --- a/src/virtd.service.in +++ b/src/virtd.service.in @@ -1,9 +1,10 @@ [Unit] Description=@name@ daemon -Conflicts=libvirtd.service Requires=@service@.socket Requires=@service@-ro.socket Requires=@service@-admin.socket +Conflicts=libvirtd.service +After=libvirtd.service After=network.target After=dbus.service After=apparmor.service diff --git a/src/virtd.socket.in b/src/virtd.socket.in index aec0708fd4..053dc1c782 100644 --- a/src/virtd.socket.in +++ b/src/virtd.socket.in @@ -1,6 +1,8 @@ [Unit] Description=@name@ local socket Before=@service@.service +Conflicts=libvirtd.socket +After=libvirtd.socket [Socket] ListenStream=@runstatedir@/libvirt/@sockprefix@-sock -- 2.41.0
[libvirt PATCH v2 01/33] systemd: Drop Conflicts from virtproxyd sockets
The idea behind these is to prevent running both modular daemons and monolithic daemon at the same time. We will implement a more effective solution for that shortly. Signed-off-by: Andrea Bolognani --- src/remote/meson.build | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/remote/meson.build b/src/remote/meson.build index eb4f7a0068..dc2f528d0b 100644 --- a/src/remote/meson.build +++ b/src/remote/meson.build @@ -128,8 +128,6 @@ libvirtd_socket_unit_files = [ 'libvirtd-tls.socket', ] -libvirtd_socket_conflicts = ' '.join(libvirtd_socket_unit_files) - logrotate_files = [ 'libvirtd.qemu', 'libvirtd.lxc', @@ -225,7 +223,6 @@ if conf.has('WITH_REMOTE') 'name': 'Libvirt proxy', 'sockprefix': 'libvirt', 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], - 'deps': 'Conflicts=' + libvirtd_socket_conflicts, } openrc_init_files += { -- 2.41.0
[libvirt PATCH v2 00/33] systemd: Improve units for services and sockets
A grab bag of changes, ranging from very much functional ones to purely aesthetical ones. Changes from [v1] * patches 01-11 from the original series have been pushed; * patch 40 from the original series has been dropped; * patches 02 (cosmetic) and 31 (bug fix) have been added; * the templating mechanism has been completely overhauled, and now uses a Python script for performing service-specific unit customizations instead of meson's built-in templating capabilities; * as a result of the above, service-specific customizations are now stored in specific foo.{service,socket}.extra.in files instead of meson.build; * various other tweaks in response to review feedback. [v1] https://listman.redhat.com/archives/libvir-list/2023-September/242288.html Andrea Bolognani (33): systemd: Drop Conflicts from virtproxyd sockets systemd: Introduce service_in/service_out variables systemd: Make @service_in@ optional systemd: Introduce temporary libvirtd_socket*_in values systemd: Provide all input files explicitly systemd: Introduce common templates systemd: Use common templates by default systemd: Switch virtnodedevd to common templates systemd: Switch virtinterfaced to common templates systemd: Switch virtnwfilterd to common templates systemd: Switch virtsecretd to common templates systemd: Switch virtnetworkd to common templates systemd: Switch virtstoraged to common templates systemd: Switch virtvboxd to common templates systemd: Switch virtvzd to common templates systemd: Switch virtchd to common templates systemd: Switch virtxend to common templates systemd: Switch virtlxcd to common templates systemd: Switch virtqemud to common templates systemd: Switch virtproxyd to common templates systemd: Drop libvirtd_socket*_in values systemd: Drop @deps@ systemd: Drop parametrization from libvirtd sockets systemd: Make modular daemons conflict with libvirtd systemd: Replace Requires with BindTo+After for main socket systemd: Downgrade read-only/admin sockets to Wants systemd: Augment Requires/Wants with After systemd: Drop Before=libvirtd from virtlogd/virtlockd systemd: Drop Before=foo.service from sockets systemd: Add Also between sockets systemd: Add RemoveOnStop=yes to all sockets systemd: Improve and unify unit descriptions systemd: Move Documentation lines scripts/merge-systemd-units.py| 91 +++ scripts/meson.build | 1 + src/ch/meson.build| 4 +- src/ch/virtchd.service.extra.in | 22 + src/ch/virtchd.service.in | 44 - src/interface/meson.build | 3 +- src/interface/virtinterfaced.service.in | 25 - src/libxl/meson.build | 6 +- src/libxl/virtxend.service.extra.in | 13 +++ src/libxl/virtxend.service.in | 32 --- src/libxl/virtxend.socket.extra.in| 2 + src/locking/meson.build | 2 +- src/locking/virtlockd-admin.socket.in | 5 +- src/locking/virtlockd.service.in | 11 ++- src/locking/virtlockd.socket.in | 5 +- src/logging/meson.build | 2 +- src/logging/virtlogd-admin.socket.in | 5 +- src/logging/virtlogd.service.in | 11 ++- src/logging/virtlogd.socket.in| 5 +- src/lxc/meson.build | 4 +- src/lxc/virtlxcd.service.extra.in | 22 + src/lxc/virtlxcd.service.in | 44 - src/meson.build | 41 +++-- src/network/meson.build | 4 +- src/network/virtnetworkd.service.extra.in | 2 + src/network/virtnetworkd.service.in | 26 -- src/node_device/meson.build | 3 +- src/node_device/virtnodedevd.service.in | 25 - src/nwfilter/meson.build | 3 +- src/nwfilter/virtnwfilterd.service.in | 25 - src/qemu/meson.build | 4 +- src/qemu/virtqemud.service.extra.in | 30 ++ src/qemu/virtqemud.service.in | 48 -- src/remote/libvirtd-admin.socket.in | 15 +-- src/remote/libvirtd-ro.socket.in | 15 +-- src/remote/libvirtd-tcp.socket.in | 10 +- src/remote/libvirtd-tls.socket.in | 10 +- src/remote/libvirtd.service.in| 13 ++- src/remote/libvirtd.socket.in | 10 +- src/remote/meson.build| 13 +-- src/remote/virtproxyd.service.in | 25 - src/secret/meson.build| 3 +- src/secret/virtsecretd.service.in | 25 - src/storage/meson.build | 4 +- src/storage/virtstoraged.service.extra.in | 3 + src/storage/virtstoraged.service.in
[libvirt PATCH v2 19/33] systemd: Switch virtqemud to common templates
Signed-off-by: Andrea Bolognani --- src/qemu/meson.build| 5 +-- src/qemu/virtqemud.service.extra.in | 28 + src/qemu/virtqemud.service.in | 48 - 3 files changed, 29 insertions(+), 52 deletions(-) create mode 100644 src/qemu/virtqemud.service.extra.in delete mode 100644 src/qemu/virtqemud.service.in diff --git a/src/qemu/meson.build b/src/qemu/meson.build index b52497bdf0..1afc301a6d 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -183,11 +183,8 @@ if conf.has('WITH_QEMU') virt_daemon_units += { 'service': 'virtqemud', -'service_in': files('virtqemud.service.in'), 'name': 'Libvirt qemu', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, +'service_extra_in': files('virtqemud.service.extra.in'), } openrc_init_files += { diff --git a/src/qemu/virtqemud.service.extra.in b/src/qemu/virtqemud.service.extra.in new file mode 100644 index 00..eaf616f575 --- /dev/null +++ b/src/qemu/virtqemud.service.extra.in @@ -0,0 +1,28 @@ +[Unit] +Requires=virtlogd.socket +Wants=virtlockd.socket +Wants=systemd-machined.service +After=systemd-machined.service +After=remote-fs.target + +[Service] +KillMode=process +# Raise hard limits to match behaviour of systemd >= 240. +# During startup, daemon will set soft limit to match hard limit +# per systemd recommendations +LimitNOFILE=1024:524288 +# The cgroups pids controller can limit the number of tasks started by +# the daemon, which can limit the number of domains for some hypervisors. +# A conservative default of 8 tasks per guest results in a TasksMax of +# 32k to support 4096 guests. +TasksMax=32768 +# With cgroups v2 there is no devices controller anymore, we have to use +# eBPF to control access to devices. In order to do that we create a eBPF +# hash MAP which locks memory. The default map size for 64 devices together +# with program takes 12k per guest. After rounding up we will get 64M to +# support 4096 guests. +LimitMEMLOCK=64M + +[Install] +Also=virtlogd.socket +Also=virtlockd.socket diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in deleted file mode 100644 index e79670ca95..00 --- a/src/qemu/virtqemud.service.in +++ /dev/null @@ -1,48 +0,0 @@ -[Unit] -Description=Virtualization qemu daemon -Conflicts=libvirtd.service -Requires=virtlogd.socket -Requires=virtqemud.socket -Requires=virtqemud-ro.socket -Requires=virtqemud-admin.socket -Wants=virtlockd.socket -Wants=systemd-machined.service -After=network.target -After=dbus.service -After=apparmor.service -After=remote-fs.target -After=systemd-machined.service -Documentation=man:virtqemud(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTQEMUD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtqemud -ExecStart=@sbindir@/virtqemud $VIRTQEMUD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest results in a TasksMax of -# 32k to support 4096 guests. -TasksMax=32768 -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M - -[Install] -WantedBy=multi-user.target -Also=virtlogd.socket -Also=virtlockd.socket -Also=virtqemud.socket -Also=virtqemud-ro.socket -Also=virtqemud-admin.socket -- 2.41.0
[libvirt PATCH v2 30/33] systemd: Add Also between sockets
This results in all sockets for a service being enabled when a single one of them is. The -tcp and -tls sockets are intentionally excluded, because enabling them should require explicit action on the administrator's part; moreover, disabling them should not result in the local sockets being disabled too. Signed-off-by: Andrea Bolognani --- src/locking/virtlockd-admin.socket.in | 1 + src/locking/virtlockd.socket.in | 1 + src/logging/virtlogd-admin.socket.in | 1 + src/logging/virtlogd.socket.in| 1 + src/remote/libvirtd-admin.socket.in | 2 ++ src/remote/libvirtd-ro.socket.in | 2 ++ src/remote/libvirtd.socket.in | 2 ++ src/virtd-admin.socket.in | 2 ++ src/virtd-ro.socket.in| 2 ++ src/virtd.socket.in | 2 ++ 10 files changed, 16 insertions(+) diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in index d5ebd7f60b..d05ba982d9 100644 --- a/src/locking/virtlockd-admin.socket.in +++ b/src/locking/virtlockd-admin.socket.in @@ -10,3 +10,4 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=virtlockd.socket diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in index d2cc2a06a3..98aabb2511 100644 --- a/src/locking/virtlockd.socket.in +++ b/src/locking/virtlockd.socket.in @@ -8,3 +8,4 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=virtlockd-admin.socket diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in index 67259803ca..75ec7bd5fa 100644 --- a/src/logging/virtlogd-admin.socket.in +++ b/src/logging/virtlogd-admin.socket.in @@ -10,3 +10,4 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=virtlogd.socket diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in index 7b3fc73773..b044d62e7c 100644 --- a/src/logging/virtlogd.socket.in +++ b/src/logging/virtlogd.socket.in @@ -8,3 +8,4 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=virtlogd-admin.socket diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index 098e372971..6df038d95a 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -10,3 +10,5 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=libvirtd.socket +Also=libvirtd-ro.socket diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index 101555e8a0..6797517c50 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -10,3 +10,5 @@ SocketMode=0666 [Install] WantedBy=sockets.target +Also=libvirtd.socket +Also=libvirtd-admin.socket diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in index 3019821df3..f483facdf3 100644 --- a/src/remote/libvirtd.socket.in +++ b/src/remote/libvirtd.socket.in @@ -9,3 +9,5 @@ RemoveOnStop=yes [Install] WantedBy=sockets.target +Also=libvirtd-ro.socket +Also=libvirtd-admin.socket diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in index 63db2be5fe..5a5f577041 100644 --- a/src/virtd-admin.socket.in +++ b/src/virtd-admin.socket.in @@ -12,3 +12,5 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=@service@.socket +Also=@service@-ro.socket diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in index 32e4789b8b..692279665d 100644 --- a/src/virtd-ro.socket.in +++ b/src/virtd-ro.socket.in @@ -12,3 +12,5 @@ SocketMode=0666 [Install] WantedBy=sockets.target +Also=@service@.socket +Also=@service@-admin.socket diff --git a/src/virtd.socket.in b/src/virtd.socket.in index d0a0bb3b1c..7a8c4bf0c2 100644 --- a/src/virtd.socket.in +++ b/src/virtd.socket.in @@ -11,3 +11,5 @@ RemoveOnStop=yes [Install] WantedBy=sockets.target +Also=@service@-ro.socket +Also=@service@-admin.socket -- 2.41.0
[libvirt PATCH v2 09/33] systemd: Switch virtinterfaced to common templates
Signed-off-by: Andrea Bolognani --- src/interface/meson.build | 4 src/interface/virtinterfaced.service.in | 25 - 2 files changed, 29 deletions(-) delete mode 100644 src/interface/virtinterfaced.service.in diff --git a/src/interface/meson.build b/src/interface/meson.build index 6fa65117c3..54c0b1a935 100644 --- a/src/interface/meson.build +++ b/src/interface/meson.build @@ -44,11 +44,7 @@ if conf.has('WITH_INTERFACE') virt_daemon_units += { 'service': 'virtinterfaced', -'service_in': files('virtinterfaced.service.in'), 'name': 'Libvirt interface', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/interface/virtinterfaced.service.in b/src/interface/virtinterfaced.service.in deleted file mode 100644 index 5cb2cd19dc..00 --- a/src/interface/virtinterfaced.service.in +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Virtualization interface daemon -Conflicts=libvirtd.service -Requires=virtinterfaced.socket -Requires=virtinterfaced-ro.socket -Requires=virtinterfaced-admin.socket -After=network.target -After=dbus.service -After=apparmor.service -Documentation=man:virtinterfaced(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTINTERFACED_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtinterfaced -ExecStart=@sbindir@/virtinterfaced $VIRTINTERFACED_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Also=virtinterfaced.socket -Also=virtinterfaced-ro.socket -Also=virtinterfaced-admin.socket -- 2.41.0
[libvirt PATCH v2 15/33] systemd: Switch virtvzd to common templates
Signed-off-by: Andrea Bolognani --- src/vz/meson.build | 5 + src/vz/virtvzd.service.extra.in | 2 ++ src/vz/virtvzd.service.in | 26 -- 3 files changed, 3 insertions(+), 30 deletions(-) create mode 100644 src/vz/virtvzd.service.extra.in delete mode 100644 src/vz/virtvzd.service.in diff --git a/src/vz/meson.build b/src/vz/meson.build index 9c2eb90463..842cdb6136 100644 --- a/src/vz/meson.build +++ b/src/vz/meson.build @@ -48,11 +48,8 @@ if conf.has('WITH_VZ') virt_daemon_units += { 'service': 'virtvzd', -'service_in': files('virtvzd.service.in'), 'name': 'Libvirt vz', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, +'service_extra_in': files('virtvzd.service.extra.in'), } openrc_init_files += { diff --git a/src/vz/virtvzd.service.extra.in b/src/vz/virtvzd.service.extra.in new file mode 100644 index 00..ba3ad13ace --- /dev/null +++ b/src/vz/virtvzd.service.extra.in @@ -0,0 +1,2 @@ +[Unit] +After=remote-fs.target diff --git a/src/vz/virtvzd.service.in b/src/vz/virtvzd.service.in deleted file mode 100644 index 5521e89e10..00 --- a/src/vz/virtvzd.service.in +++ /dev/null @@ -1,26 +0,0 @@ -[Unit] -Description=Virtualization vz daemon -Conflicts=libvirtd.service -Requires=virtvzd.socket -Requires=virtvzd-ro.socket -Requires=virtvzd-admin.socket -After=network.target -After=dbus.service -After=apparmor.service -After=remote-fs.target -Documentation=man:virtvzd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTVZD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtvzd -ExecStart=@sbindir@/virtvzd $VIRTVZD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Also=virtvzd.socket -Also=virtvzd-ro.socket -Also=virtvzd-admin.socket -- 2.41.0
Re: [libvirt PATCH 34/42] systemd: Make modular daemons conflict with libvirtd
On Mon, Sep 25, 2023 at 08:58:32PM +0200, Andrea Bolognani wrote: > +++ b/src/virtd-tls.socket.in > @@ -3,6 +3,8 @@ Description=@name@ TLS IP socket > Before=@service@.service > BindsTo=@service@.socket > After=@service@.socket > +Conflicts=libvirt-tls.socket > +After=libvirt-tls.socket > @socket_unit_extra@ These should obviously have been libvirt*d*-tls.socket. -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 41/42] systemd: Improve and unify unit descriptions
On Wed, Sep 27, 2023 at 10:57:13AM +0100, Daniel P. Berrangé wrote: > On Mon, Sep 25, 2023 at 08:58:39PM +0200, Andrea Bolognani wrote: > > +++ b/src/locking/virtlockd-admin.socket.in > > @@ -1,5 +1,5 @@ > > [Unit] > > -Description=Virtual machine lock manager admin socket > > +Description=libvirt @name@ daemon admin socket > > Using a subsitution here does not add any value IMHO, it > just obscures the final text. Likewise for the similar > changes that follow. Point taken for libvirtd/virtlogd/virtlockd, which are special and don't follow the same process as other daemons. I'll drop that part. -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 40/42] systemd: Drop BindTo/After between sockets
On Wed, Sep 27, 2023 at 10:55:04AM +0100, Daniel P. Berrangé wrote: > On Mon, Sep 25, 2023 at 08:58:38PM +0200, Andrea Bolognani wrote: > > They are unnecessary, since all sockets for a service are now > > enabled as soon as one of them is and each service has a very > > strong dependency on all of its sockets. > > You earlier modified the .service units to have BindsTo= for > each of the sockets it depends to. > > Thus if any one of the .sockets is stopped, this means the > .service is stopped too. > > The logic removed here though was doing a different job. That > said that that if $FOO.socket is stopped, it would force stop > the $FOO-admin.socket and $FOO-ro.socket too. > > IOW, it prevented having only the RO/admin sockets running, > without the primary socket. > > I believe that's still needed > > Also, you didn't add BindsTo on the libvirtd.service, because > that has to be able to run without socket activation for > upgrade scenarios. So we shouldn't be modifying the libvirtd > sockets anyway. I'll perform some testing just to make sure, but I think you're right and I will most likely drop this patch in v2. -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 26/42] systemd: Switch virtchd to common templates
On Tue, Sep 26, 2023 at 01:14:33PM +0100, Daniel P. Berrangé wrote: > On Tue, Sep 26, 2023 at 07:02:19AM -0500, Andrea Bolognani wrote: > > I don't think it helps much with not storing additional data inside > > the build system, unless we want to store the contents of the various > > common snippets in separate files? Something like > > > > common_service = fs.read('common_service.inc') > > unit_conf = configuration_data({ > > 'common_service' = common_service, > > }) > > > > We'd have to fake fs.read() because it was introduced in 0.57 though. > > And we'd have to run the contents of the common parts through > > variable substitution anyway, because they will contain a bunch of > > lines like > > > > Also=@service@.socket > > Also=@service@-ro.socket > > Also=@service@-admin.socket > > > > I'm not sure the result would look much better, but I can give it a > > try. > > Don't try to do any of this in meson. We should just have a standalone > python script that can combine the daemon specific unit file contents > with the common unit file contents. eg > > scripts/merge-unit-file.py \ > src/qemu/virtqemud.service.in \ > src/rpc/virtd.service.in \ > build/src/virtqemud.service It feels a bit silly to shell out to Python to perform what is ultimately a bunch of variable substitutions, as if that wasn't part of Meson's core feature set... But I'll give it a try and see how it turns out. Can you please take a look at the remaining patches in the meantime, and provide feedback on the changes that are made to the various services and sockets as part of them? Thanks in advance :) -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 35/42] systemd: Replace Requires with BindTo+After for sockets
On Tue, Sep 26, 2023 at 01:36:39PM +0100, Daniel P. Berrangé wrote: > On Tue, Sep 26, 2023 at 04:09:17AM -0500, Andrea Bolognani wrote: > > On Tue, Sep 26, 2023 at 09:44:52AM +0100, Daniel P. Berrangé wrote: > > > On Mon, Sep 25, 2023 at 08:58:33PM +0200, Andrea Bolognani wrote: > > > > This is the strongest relationship that can be declared between > > > > two units, and causes the service to be terminated immediately > > > > if any of its sockets disappear. This is the behavior we want. > > > > > > IIUC, this prevents running the service with /only/ the main > > > socket, and ro/admin sockets disabled. Running without the > > > ro socket in particular was something we wanted to allow to > > > reduce exposure to unprivileged services (there have been > > > a number of CVEs where the read-only socket was the way in) > > > > This doesn't work today either AFAICT, since the ro/admin sockets are > > marked as Required by the various services. > > Doh, yes, I've confirmed. I'm sure it used to work, but we must have > broken it at some point as we tweaked the deps countless times over > to finese the setup. > > > If we want to support this configuration, then we need > > > > # foo.service > > [Unit] > > BindsTo=foo.socket > > Wants=foo-ro.socket > > Wants=foo-admin.socket > > After=foo.socket > > > > In the default scenario, things will work just the same as they do > > here, but it will also be possible to mask foo{-ro,-admin}.socket to > > obtain the hardened setup you describe. > > Or we just decide to keep life simple, and if people want to harden > things they can change permissions on the socket via a system unit > override locally. I don't think this is any more complicated than the version that uses BindsTo/After for all sockets, and it shouldn't make things any worse for people who stick with the defaults, so I don't mind trying to integrate this requirement into v2. -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 26/42] systemd: Switch virtchd to common templates
On Tue, Sep 26, 2023 at 11:23:51AM +0100, Daniel P. Berrangé wrote: > On Tue, Sep 26, 2023 at 11:09:44AM +0200, Pavel Hrdina wrote: > > On Mon, Sep 25, 2023 at 08:58:24PM +0200, Andrea Bolognani wrote: > > > +'service_unit_extra': [ > > > + 'Wants=systemd-machined.service', > > > + 'After=systemd-machined.service', > > > + 'After=remote-fs.target', > > > +], > > > +'service_service_extra': [ > > > + 'KillMode=process', > > > + '# Raise hard limits to match behaviour of systemd >= 240.', > > > + '# During startup, daemon will set soft limit to match hard limit', > > > + '# per systemd recommendations', > > > + 'LimitNOFILE=1024:524288', > > > + '# The cgroups pids controller can limit the number of tasks > > > started by', > > > + '# the daemon, which can limit the number of domains for some > > > hypervisors.', > > > + '# A conservative default of 8 tasks per guest results in a > > > TasksMax of', > > > + '# 32k to support 4096 guests.', > > > + 'TasksMax=32768', > > > + '# With cgroups v2 there is no devices controller anymore, we have > > > to use', > > > + '# eBPF to control access to devices. In order to do that we > > > create a eBPF', > > > + '# hash MAP which locks memory. The default map size for 64 > > > devices together', > > > + '# with program takes 12k per guest. After rounding up we will > > > get 64M to', > > > + '# support 4096 guests.', > > > + 'LimitMEMLOCK=64M', > > > +], > > > > This feels wrong to have it in meson.build file. In addition it is the > > same as for virtlxcd and virtqemud so we are basically duplicating the > > data and which makes it easy to make inconsistent changes not affecting > > all places. > > > > IMHO it would be better to have additional file that will be included > > into the template for services where we need it. > > > > I'm not sure about the `service_unit_extra` as well if we want to have > > it in meson.build files as it is not strictly related to the build > > process and there is more data compared to the old `deps`. > > If anything I'd reverse the model. The 'virtchd.service.in' file > should be the primary template, the common bits the injected data. > > ie > > cat virtchd.service.in > [Unit] > Description=Virtualization Cloud-Hypervisor daemon > ::common-unit:: > Wants=systemd-machined.service > After=remote-fs.target > After=systemd-machined.service > Documentation=man:virtchd(8) > > > [Service] > ::common-service:: > KillMode=process > # Raise hard limits to match behaviour of systemd >= 240. > # During startup, daemon will set soft limit to match hard limit > # per systemd recommendations > LimitNOFILE=1024:524288 > # The cgroups pids controller can limit the number of tasks started by > # the daemon, which can limit the number of domains for some hypervisors. > # A conservative default of 8 tasks per guest results in a TasksMax of > # 32k to support 4096 guests. > TasksMax=32768 > # With cgroups v2 there is no devices controller anymore, we have to use > # eBPF to control access to devices. In order to do that we create a eBPF > # hash MAP which locks memory. The default map size for 64 devices together > # with program takes 12k per guest. After rounding up we will get 64M to > # support 4096 guests. > LimitMEMLOCK=64M > > [Install] > ::common-install:: This doesn't address the problem with duplication that Pavel pointed out. I don't think it helps much with not storing additional data inside the build system, unless we want to store the contents of the various common snippets in separate files? Something like common_service = fs.read('common_service.inc') unit_conf = configuration_data({ 'common_service' = common_service, }) We'd have to fake fs.read() because it was introduced in 0.57 though. And we'd have to run the contents of the common parts through variable substitution anyway, because they will contain a bunch of lines like Also=@service@.socket Also=@service@-ro.socket Also=@service@-admin.socket I'm not sure the result would look much better, but I can give it a try. > arguably we don't even need the '::common-XXX::' lines in there. We can > simply see the headers [Unit], [Service], etc and inject the common > bits under each header. I think markers make things both easier to implement and more obvious (whoever looks at the file can immediately tell that some sort of post-processing is going to happen and probably even make a fairly accurate guess as what it will entail), so I'd prefer having them. But this is a fairly minor detail compared to the above. -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 26/42] systemd: Switch virtchd to common templates
On Tue, Sep 26, 2023 at 11:09:44AM +0200, Pavel Hrdina wrote: > On Mon, Sep 25, 2023 at 08:58:24PM +0200, Andrea Bolognani wrote: > > +'service_unit_extra': [ > > + 'Wants=systemd-machined.service', > > + 'After=systemd-machined.service', > > + 'After=remote-fs.target', > > +], > > +'service_service_extra': [ > > + 'KillMode=process', > > + '# Raise hard limits to match behaviour of systemd >= 240.', > > + '# During startup, daemon will set soft limit to match hard limit', > > + '# per systemd recommendations', > > + 'LimitNOFILE=1024:524288', > > + '# The cgroups pids controller can limit the number of tasks started > > by', > > + '# the daemon, which can limit the number of domains for some > > hypervisors.', > > + '# A conservative default of 8 tasks per guest results in a TasksMax > > of', > > + '# 32k to support 4096 guests.', > > + 'TasksMax=32768', > > + '# With cgroups v2 there is no devices controller anymore, we have > > to use', > > + '# eBPF to control access to devices. In order to do that we create > > a eBPF', > > + '# hash MAP which locks memory. The default map size for 64 devices > > together', > > + '# with program takes 12k per guest. After rounding up we will get > > 64M to', > > + '# support 4096 guests.', > > + 'LimitMEMLOCK=64M', > > +], > > This feels wrong to have it in meson.build file. In addition it is the > same as for virtlxcd and virtqemud so we are basically duplicating the > data and which makes it easy to make inconsistent changes not affecting > all places. You're right, it would make sense to deduplicate this further. > IMHO it would be better to have additional file that will be included > into the template for services where we need it. Wouldn't a variable be enough? In order to use a file, I can see two ways. First one is to have a separate virtd-hypervisor.service.in that contains the same stuff as virtd.service.in plus these comments, but that means introducing duplication on a different axis and risking the two files going out of sync. Second one is to have a virtd-comments.txt or whatever that gets included conditionally from virtd.service.in, but that means adding an extra processing step. Neither really feels an outright improvement over what we have here. Can you explain what did you have in mind? Maybe I'm just not seeing it :) > I'm not sure about the `service_unit_extra` as well if we want to have > it in meson.build files as it is not strictly related to the build > process and there is more data compared to the old `deps`. That's because the various services and sockets have tiny differences between them. Having a single template is IMO stictly better for maintenability than carrying around more than a dozen copies of the same basic information, which is what we have today. It's true that this is going a bit overboard compared to what we're using configuration data for elsewhere, but I don't think it's too much of a stretch or something that feels too out of place. That said, if you have an idea for an alternative approach to achieving the same result, please do share it! I'm not married to this specific implementation :) -- Andrea Bolognani / Red Hat / Virtualization
Re: [libvirt PATCH 35/42] systemd: Replace Requires with BindTo+After for sockets
On Tue, Sep 26, 2023 at 09:44:52AM +0100, Daniel P. Berrangé wrote: > On Mon, Sep 25, 2023 at 08:58:33PM +0200, Andrea Bolognani wrote: > > This is the strongest relationship that can be declared between > > two units, and causes the service to be terminated immediately > > if any of its sockets disappear. This is the behavior we want. > > IIUC, this prevents running the service with /only/ the main > socket, and ro/admin sockets disabled. Running without the > ro socket in particular was something we wanted to allow to > reduce exposure to unprivileged services (there have been > a number of CVEs where the read-only socket was the way in) This doesn't work today either AFAICT, since the ro/admin sockets are marked as Required by the various services. If we want to support this configuration, then we need # foo.service [Unit] BindsTo=foo.socket Wants=foo-ro.socket Wants=foo-admin.socket After=foo.socket In the default scenario, things will work just the same as they do here, but it will also be possible to mask foo{-ro,-admin}.socket to obtain the hardened setup you describe. -- Andrea Bolognani / Red Hat / Virtualization
[libvirt PATCH 33/42] systemd: Drop Conflicts from virtproxyd sockets
The idea behind these is to prevent running both modular daemons and monolithic daemon at the same time. We will implement a more effective solution for that shortly. Signed-off-by: Andrea Bolognani --- src/remote/meson.build | 5 - 1 file changed, 5 deletions(-) diff --git a/src/remote/meson.build b/src/remote/meson.build index 73a9f0a986..5ee6d4e61c 100644 --- a/src/remote/meson.build +++ b/src/remote/meson.build @@ -128,8 +128,6 @@ libvirtd_socket_unit_files = [ 'libvirtd-tls.socket', ] -libvirtd_socket_conflicts = ' '.join(libvirtd_socket_unit_files) - logrotate_files = [ 'libvirtd.qemu', 'libvirtd.lxc', @@ -229,9 +227,6 @@ if conf.has('WITH_REMOTE') 'name': 'Libvirt proxy', 'sockprefix': 'libvirt', 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], - 'socket_unit_extra': [ -'Conflicts=' + libvirtd_socket_conflicts, - ], } openrc_init_files += { -- 2.41.0
[libvirt PATCH 29/42] systemd: Switch virtqemud to common templates
Signed-off-by: Andrea Bolognani --- src/qemu/meson.build | 33 +--- src/qemu/virtqemud.service.in | 48 --- 2 files changed, 29 insertions(+), 52 deletions(-) delete mode 100644 src/qemu/virtqemud.service.in diff --git a/src/qemu/meson.build b/src/qemu/meson.build index b52497bdf0..7e5db09e0c 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -183,11 +183,36 @@ if conf.has('WITH_QEMU') virt_daemon_units += { 'service': 'virtqemud', -'service_in': files('virtqemud.service.in'), 'name': 'Libvirt qemu', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, +'service_unit_extra': [ + 'Requires=virtlogd.socket', + 'Wants=virtlockd.socket', + 'Wants=systemd-machined.service', + 'After=systemd-machined.service', + 'After=remote-fs.target', +], +'service_service_extra': [ + 'KillMode=process', + '# Raise hard limits to match behaviour of systemd >= 240.', + '# During startup, daemon will set soft limit to match hard limit', + '# per systemd recommendations', + 'LimitNOFILE=1024:524288', + '# The cgroups pids controller can limit the number of tasks started by', + '# the daemon, which can limit the number of domains for some hypervisors.', + '# A conservative default of 8 tasks per guest results in a TasksMax of', + '# 32k to support 4096 guests.', + 'TasksMax=32768', + '# With cgroups v2 there is no devices controller anymore, we have to use', + '# eBPF to control access to devices. In order to do that we create a eBPF', + '# hash MAP which locks memory. The default map size for 64 devices together', + '# with program takes 12k per guest. After rounding up we will get 64M to', + '# support 4096 guests.', + 'LimitMEMLOCK=64M', +], +'service_install_extra': [ + 'Also=virtlogd.socket', + 'Also=virtlockd.socket', +], } openrc_init_files += { diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in deleted file mode 100644 index e79670ca95..00 --- a/src/qemu/virtqemud.service.in +++ /dev/null @@ -1,48 +0,0 @@ -[Unit] -Description=Virtualization qemu daemon -Conflicts=libvirtd.service -Requires=virtlogd.socket -Requires=virtqemud.socket -Requires=virtqemud-ro.socket -Requires=virtqemud-admin.socket -Wants=virtlockd.socket -Wants=systemd-machined.service -After=network.target -After=dbus.service -After=apparmor.service -After=remote-fs.target -After=systemd-machined.service -Documentation=man:virtqemud(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTQEMUD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtqemud -ExecStart=@sbindir@/virtqemud $VIRTQEMUD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -# Raise hard limits to match behaviour of systemd >= 240. -# During startup, daemon will set soft limit to match hard limit -# per systemd recommendations -LimitNOFILE=1024:524288 -# The cgroups pids controller can limit the number of tasks started by -# the daemon, which can limit the number of domains for some hypervisors. -# A conservative default of 8 tasks per guest results in a TasksMax of -# 32k to support 4096 guests. -TasksMax=32768 -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M - -[Install] -WantedBy=multi-user.target -Also=virtlogd.socket -Also=virtlockd.socket -Also=virtqemud.socket -Also=virtqemud-ro.socket -Also=virtqemud-admin.socket -- 2.41.0
[libvirt PATCH 17/42] systemd: Switch virtnodedevd to common templates
Signed-off-by: Andrea Bolognani --- src/node_device/meson.build | 4 src/node_device/virtnodedevd.service.in | 25 - 2 files changed, 29 deletions(-) delete mode 100644 src/node_device/virtnodedevd.service.in diff --git a/src/node_device/meson.build b/src/node_device/meson.build index dd60b1f819..2614ff8b9c 100644 --- a/src/node_device/meson.build +++ b/src/node_device/meson.build @@ -52,11 +52,7 @@ if conf.has('WITH_NODE_DEVICES') virt_daemon_units += { 'service': 'virtnodedevd', -'service_in': files('virtnodedevd.service.in'), 'name': 'Libvirt nodedev', -'socket_in': libvirtd_socket_in, -'socket_ro_in': libvirtd_socket_ro_in, -'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/node_device/virtnodedevd.service.in b/src/node_device/virtnodedevd.service.in deleted file mode 100644 index 2ac41db32e..00 --- a/src/node_device/virtnodedevd.service.in +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Virtualization nodedev daemon -Conflicts=libvirtd.service -Requires=virtnodedevd.socket -Requires=virtnodedevd-ro.socket -Requires=virtnodedevd-admin.socket -After=network.target -After=dbus.service -After=apparmor.service -Documentation=man:virtnodedevd(8) -Documentation=https://libvirt.org - -[Service] -Type=notify -Environment=VIRTNODEDEVD_ARGS="--timeout 120" -EnvironmentFile=-@initconfdir@/virtnodedevd -ExecStart=@sbindir@/virtnodedevd $VIRTNODEDEVD_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Also=virtnodedevd.socket -Also=virtnodedevd-ro.socket -Also=virtnodedevd-admin.socket -- 2.41.0
[libvirt PATCH 11/42] systemd: Drop unnecessary uses of @sockprefix@
Now that providing the value is optional, we can remove almost all uses. Signed-off-by: Andrea Bolognani --- src/ch/meson.build | 1 - src/interface/meson.build | 1 - src/libxl/meson.build | 1 - src/locking/meson.build | 1 - src/logging/meson.build | 1 - src/lxc/meson.build | 1 - src/network/meson.build | 1 - src/node_device/meson.build | 1 - src/nwfilter/meson.build| 1 - src/qemu/meson.build| 1 - src/secret/meson.build | 1 - src/storage/meson.build | 1 - src/vbox/meson.build| 1 - src/vz/meson.build | 1 - 14 files changed, 14 deletions(-) diff --git a/src/ch/meson.build b/src/ch/meson.build index 5d1c3f6ca0..936b9bc95a 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -59,7 +59,6 @@ if conf.has('WITH_CH') 'service': 'virtchd', 'service_in': files('virtchd.service.in'), 'name': 'Libvirt ch', -'sockprefix': 'virtchd', } virt_install_dirs += [ diff --git a/src/interface/meson.build b/src/interface/meson.build index 3df9bbc9a4..06c5241fa3 100644 --- a/src/interface/meson.build +++ b/src/interface/meson.build @@ -46,7 +46,6 @@ if conf.has('WITH_INTERFACE') 'service': 'virtinterfaced', 'service_in': files('virtinterfaced.service.in'), 'name': 'Libvirt interface', -'sockprefix': 'virtinterfaced', } openrc_init_files += { diff --git a/src/libxl/meson.build b/src/libxl/meson.build index 967b6b587c..db8ccde38e 100644 --- a/src/libxl/meson.build +++ b/src/libxl/meson.build @@ -68,7 +68,6 @@ if conf.has('WITH_LIBXL') 'service': 'virtxend', 'service_in': files('virtxend.service.in'), 'name': 'Libvirt libxl', -'sockprefix': 'virtxend', 'deps': 'ConditionPathExists=/proc/xen/capabilities', } diff --git a/src/locking/meson.build b/src/locking/meson.build index b7ba342171..2ccc822ed3 100644 --- a/src/locking/meson.build +++ b/src/locking/meson.build @@ -145,7 +145,6 @@ if conf.has('WITH_LIBVIRTD') 'service': 'virtlockd', 'service_in': files('virtlockd.service.in'), 'name': 'Libvirt locking', -'sockprefix': '', 'sockets': [ 'main', 'admin' ], 'socket_in': files('virtlockd.socket.in'), 'socket_admin_in': files('virtlockd-admin.socket.in'), diff --git a/src/logging/meson.build b/src/logging/meson.build index aa8affb52c..95d2ef2a3f 100644 --- a/src/logging/meson.build +++ b/src/logging/meson.build @@ -92,7 +92,6 @@ if conf.has('WITH_LIBVIRTD') 'service': 'virtlogd', 'service_in': files('virtlogd.service.in'), 'name': 'Libvirt logging', -'sockprefix': '', 'sockets': [ 'main', 'admin' ], 'socket_in': files('virtlogd.socket.in'), 'socket_admin_in': files('virtlogd-admin.socket.in'), diff --git a/src/lxc/meson.build b/src/lxc/meson.build index 49cc5e6b26..a8773f64a5 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -166,7 +166,6 @@ if conf.has('WITH_LXC') 'service': 'virtlxcd', 'service_in': files('virtlxcd.service.in'), 'name': 'Libvirt lxc', -'sockprefix': 'virtlxcd', } openrc_init_files += { diff --git a/src/network/meson.build b/src/network/meson.build index 121172cafe..40abfaef7e 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -64,7 +64,6 @@ if conf.has('WITH_NETWORK') 'service': 'virtnetworkd', 'service_in': files('virtnetworkd.service.in'), 'name': 'Libvirt network', -'sockprefix': 'virtnetworkd', } openrc_init_files += { diff --git a/src/node_device/meson.build b/src/node_device/meson.build index 2610822d28..47d9f63600 100644 --- a/src/node_device/meson.build +++ b/src/node_device/meson.build @@ -54,7 +54,6 @@ if conf.has('WITH_NODE_DEVICES') 'service': 'virtnodedevd', 'service_in': files('virtnodedevd.service.in'), 'name': 'Libvirt nodedev', -'sockprefix': 'virtnodedevd', } openrc_init_files += { diff --git a/src/nwfilter/meson.build b/src/nwfilter/meson.build index bb03a47f8f..5efdee7189 100644 --- a/src/nwfilter/meson.build +++ b/src/nwfilter/meson.build @@ -52,7 +52,6 @@ if conf.has('WITH_NWFILTER') 'service': 'virtnwfilterd', 'service_in': files('virtnwfilterd.service.in'), 'name': 'Libvirt nwfilter', -'sockprefix': 'virtnwfilterd', } openrc_init_files += { diff --git a/src/qemu/meson.build b/src/qemu/meson.build index 2d55cd30cb..afa9139d9a 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -185,7 +185,6 @@ if conf.has('WITH_QEMU') 'service': 'virtqemud', 'service_in': files('virtqemud.service.in'), 'name': 'Libvirt qemu', -'sockprefix': 'virtqemud', } openrc_init_files += { diff --git a/src/secret/meson.build b/src/secret/meson.build index 882ed2ac70..49f6972f36 100644 --- a/src/secret/meson.build +++ b/src/secret/meson.build @@ -35,7 +35,6 @@ if conf.has('WITH_SECRETS') 'service': 'virtsecretd', 'service_in': files('virtsecretd.service.in'), 'name': 'Libvirt secret
[libvirt PATCH 15/42] systemd: Introduce common templates
These contain the part that is common to all existing service and socket definitions. Each section of each template ends with a placeholder, which marks the spot where additional, service-specific lines should be injected. Signed-off-by: Andrea Bolognani --- src/meson.build | 10 ++ src/virtd-admin.socket.in | 16 src/virtd-ro.socket.in| 16 src/virtd-tcp.socket.in | 15 +++ src/virtd-tls.socket.in | 15 +++ src/virtd.service.in | 28 src/virtd.socket.in | 15 +++ 7 files changed, 115 insertions(+) create mode 100644 src/virtd-admin.socket.in create mode 100644 src/virtd-ro.socket.in create mode 100644 src/virtd-tcp.socket.in create mode 100644 src/virtd-tls.socket.in create mode 100644 src/virtd.service.in create mode 100644 src/virtd.socket.in diff --git a/src/meson.build b/src/meson.build index fdd15906b9..d7133d1293 100644 --- a/src/meson.build +++ b/src/meson.build @@ -203,6 +203,8 @@ libvirtd_socket_admin_in = files('remote' / 'libvirtd-admin.socket.in') # * sockets - array of additional sockets (optional, default [ 'main', 'ro', 'admin' ]) # * service_in - service source file (optional, default remote/libvirtd.service.in) # * socket_$name_in - additional socket source files (optional, default remote/libvirtd.socket.in ) +# * service_$name_extra - additional lines for service's [$name] section (optional, default []) +# * socket_$name_extra - additional lines for socket's [$name] section (optional, default []) # * deps - socket dependencies (optional, default '') virt_daemon_units = [] @@ -817,11 +819,19 @@ if conf.has('WITH_LIBVIRTD') 'initconfdir': initconfdir, 'name': unit['name'], 'service': unit['service'], +'SERVICE': unit['service'].to_upper(), 'sockprefix': unit.get('sockprefix', unit['service']), 'deps': unit.get('deps', ''), 'sockmode': sockmode, }) + foreach extra : [ 'service_unit', 'service_service', 'service_install', +'socket_unit', 'socket_socket', 'socket_install' ] +extra_key = '@0@_extra'.format(extra) +extra_value = '\n'.join(unit.get(extra_key, [])) +unit_conf.set(extra_key, extra_value) + endforeach + configure_file( input: unit.get('service_in', service_in_default), output: '@0@.service'.format(unit['service']), diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in new file mode 100644 index 00..3a09951b12 --- /dev/null +++ b/src/virtd-admin.socket.in @@ -0,0 +1,16 @@ +[Unit] +Description=@name@ admin socket +Before=@service@.service +BindsTo=@service@.socket +After=@service@.socket +@socket_unit_extra@ + +[Socket] +ListenStream=@runstatedir@/libvirt/@sockprefix@-admin-sock +Service=@service@.service +SocketMode=0600 +@socket_socket_extra@ + +[Install] +WantedBy=sockets.target +@socket_install_extra@ diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in new file mode 100644 index 00..e882f25a7b --- /dev/null +++ b/src/virtd-ro.socket.in @@ -0,0 +1,16 @@ +[Unit] +Description=@name@ local read-only socket +Before=@service@.service +BindsTo=@service@.socket +After=@service@.socket +@socket_unit_extra@ + +[Socket] +ListenStream=@runstatedir@/libvirt/@sockprefix@-sock-ro +Service=@service@.service +SocketMode=0666 +@socket_socket_extra@ + +[Install] +WantedBy=sockets.target +@socket_install_extra@ diff --git a/src/virtd-tcp.socket.in b/src/virtd-tcp.socket.in new file mode 100644 index 00..26c6dfa75b --- /dev/null +++ b/src/virtd-tcp.socket.in @@ -0,0 +1,15 @@ +[Unit] +Description=@name@ non-TLS IP socket +Before=@service@.service +BindsTo=@service@.socket +After=@service@.socket +@socket_unit_extra@ + +[Socket] +ListenStream=16509 +Service=@service@.service +@socket_socket_extra@ + +[Install] +WantedBy=sockets.target +@socket_install_extra@ diff --git a/src/virtd-tls.socket.in b/src/virtd-tls.socket.in new file mode 100644 index 00..077c320cce --- /dev/null +++ b/src/virtd-tls.socket.in @@ -0,0 +1,15 @@ +[Unit] +Description=@name@ TLS IP socket +Before=@service@.service +BindsTo=@service@.socket +After=@service@.socket +@socket_unit_extra@ + +[Socket] +ListenStream=16514 +Service=@service@.service +@socket_socket_extra@ + +[Install] +WantedBy=sockets.target +@socket_install_extra@ diff --git a/src/virtd.service.in b/src/virtd.service.in new file mode 100644 index 00..c9afecad73 --- /dev/null +++ b/src/virtd.service.in @@ -0,0 +1,28 @@ +[Unit] +Description=@name@ daemon +Conflicts=libvirtd.service +Requires=@service@.socket +Requires=@service@-ro.socket +Requires=@service@-admin.socket +After=network.target +After=dbus.service +After=apparmor.service +Documentation=man:@service@(8) +Documentation=https://libvirt.org +@service_unit_extra@ + +[Service] +Type=notify +Environment=@SERVICE@_ARGS="--ti
[libvirt PATCH 16/42] systemd: Use common templates by default
All services are still listing their input files explicitly, so no changes to the output files will occur yet. Signed-off-by: Andrea Bolognani --- src/meson.build | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/meson.build b/src/meson.build index d7133d1293..b00895fd07 100644 --- a/src/meson.build +++ b/src/meson.build @@ -201,8 +201,8 @@ libvirtd_socket_admin_in = files('remote' / 'libvirtd-admin.socket.in') # * name - socket description (required) # * sockprefix - socket prefix name (optional, default unit['service']) # * sockets - array of additional sockets (optional, default [ 'main', 'ro', 'admin' ]) -# * service_in - service source file (optional, default remote/libvirtd.service.in) -# * socket_$name_in - additional socket source files (optional, default remote/libvirtd.socket.in ) +# * service_in - service source file (optional, default virtd.service.in) +# * socket_$name_in - additional socket source files (optional, default virtd.socket.in or virtd-$name.socket.in) # * service_$name_extra - additional lines for service's [$name] section (optional, default []) # * socket_$name_extra - additional lines for socket's [$name] section (optional, default []) # * deps - socket dependencies (optional, default '') @@ -809,7 +809,7 @@ if conf.has('WITH_LIBVIRTD') sockmode = '0600' endif -service_in_default = 'remote' / 'libvirtd.service.in' +service_in_default = 'virtd.service.in' foreach unit : virt_daemon_units unit_conf = configuration_data({ @@ -842,11 +842,11 @@ if conf.has('WITH_LIBVIRTD') foreach socket : unit.get('sockets', [ 'main', 'ro', 'admin' ]) if socket == 'main' - socket_in_default = 'remote' / 'libvirtd.socket.in' + socket_in_default = 'virtd.socket.in' socket_in = unit.get('socket_in', socket_in_default) socket_out = '@0@.socket'.format(unit['service']) else - socket_in_default = 'remote' / 'libvirtd-@0...@.socket.in'.format(socket) + socket_in_default = 'virtd-@0...@.socket.in'.format(socket) socket_in = unit.get('socket_@0@_in'.format(socket), socket_in_default) socket_out = '@0@-@1@.socket'.format(unit['service'], socket) endif -- 2.41.0
[libvirt PATCH 14/42] systemd: Provide all input files explicitly
We're about to change the defaults and start migrating to common templates: in order to be able to switch units over one at a time, make the input files that are currently used explicit rather than implicit. Signed-off-by: Andrea Bolognani --- src/ch/meson.build | 3 +++ src/interface/meson.build | 3 +++ src/libxl/meson.build | 3 +++ src/lxc/meson.build | 3 +++ src/network/meson.build | 3 +++ src/node_device/meson.build | 3 +++ src/nwfilter/meson.build| 3 +++ src/qemu/meson.build| 3 +++ src/remote/meson.build | 10 ++ src/secret/meson.build | 3 +++ src/storage/meson.build | 3 +++ src/vbox/meson.build| 3 +++ src/vz/meson.build | 3 +++ 13 files changed, 46 insertions(+) diff --git a/src/ch/meson.build b/src/ch/meson.build index 936b9bc95a..dc08069dcd 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -59,6 +59,9 @@ if conf.has('WITH_CH') 'service': 'virtchd', 'service_in': files('virtchd.service.in'), 'name': 'Libvirt ch', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } virt_install_dirs += [ diff --git a/src/interface/meson.build b/src/interface/meson.build index 06c5241fa3..6fa65117c3 100644 --- a/src/interface/meson.build +++ b/src/interface/meson.build @@ -46,6 +46,9 @@ if conf.has('WITH_INTERFACE') 'service': 'virtinterfaced', 'service_in': files('virtinterfaced.service.in'), 'name': 'Libvirt interface', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/libxl/meson.build b/src/libxl/meson.build index db8ccde38e..a1553dbe27 100644 --- a/src/libxl/meson.build +++ b/src/libxl/meson.build @@ -68,6 +68,9 @@ if conf.has('WITH_LIBXL') 'service': 'virtxend', 'service_in': files('virtxend.service.in'), 'name': 'Libvirt libxl', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, 'deps': 'ConditionPathExists=/proc/xen/capabilities', } diff --git a/src/lxc/meson.build b/src/lxc/meson.build index a8773f64a5..531078448c 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -166,6 +166,9 @@ if conf.has('WITH_LXC') 'service': 'virtlxcd', 'service_in': files('virtlxcd.service.in'), 'name': 'Libvirt lxc', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/network/meson.build b/src/network/meson.build index 40abfaef7e..2e51d5d47b 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -64,6 +64,9 @@ if conf.has('WITH_NETWORK') 'service': 'virtnetworkd', 'service_in': files('virtnetworkd.service.in'), 'name': 'Libvirt network', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/node_device/meson.build b/src/node_device/meson.build index 47d9f63600..dd60b1f819 100644 --- a/src/node_device/meson.build +++ b/src/node_device/meson.build @@ -54,6 +54,9 @@ if conf.has('WITH_NODE_DEVICES') 'service': 'virtnodedevd', 'service_in': files('virtnodedevd.service.in'), 'name': 'Libvirt nodedev', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/nwfilter/meson.build b/src/nwfilter/meson.build index 5efdee7189..de672bb827 100644 --- a/src/nwfilter/meson.build +++ b/src/nwfilter/meson.build @@ -52,6 +52,9 @@ if conf.has('WITH_NWFILTER') 'service': 'virtnwfilterd', 'service_in': files('virtnwfilterd.service.in'), 'name': 'Libvirt nwfilter', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/qemu/meson.build b/src/qemu/meson.build index afa9139d9a..b52497bdf0 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -185,6 +185,9 @@ if conf.has('WITH_QEMU') 'service': 'virtqemud', 'service_in': files('virtqemud.service.in'), 'name': 'Libvirt qemu', +'socket_in': libvirtd_socket_in, +'socket_ro_in': libvirtd_socket_ro_in, +'socket_admin_in': libvirtd_socket_admin_in, } openrc_init_files += { diff --git a/src/remote/meson.build b/src/remote/meson.build index eb4f7a0068..365d632095 100644 --- a/src/remote/meson.build +++ b/src/remote/meson.build @@ -196,6 +196,11 @@ if conf.has('WITH_REMOTE') 'name': 'Libvirt', 'sockprefix': 'libvirt', 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], + 'socket_in': files
[libvirt PATCH 36/42] systemd: Augment Requires/Wants with After
Requires/Wants only tells systemd that the corresponding unit should be started when the current one is, but that could very well happen in parallel. For virtlogd/virtlockd, we want the socket to be already active when the hypervisor driver is started. Signed-off-by: Andrea Bolognani --- src/libxl/meson.build | 1 + src/qemu/meson.build | 2 ++ src/remote/libvirtd.service.in | 7 ++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/libxl/meson.build b/src/libxl/meson.build index e84999e14d..ad8d9b757f 100644 --- a/src/libxl/meson.build +++ b/src/libxl/meson.build @@ -69,6 +69,7 @@ if conf.has('WITH_LIBXL') 'name': 'Libvirt libxl', 'service_unit_extra': [ 'Wants=virtlockd.socket', + 'After=virtlockd.socket', 'After=remote-fs.target', 'After=xencommons.service', 'Conflicts=xendomains.service', diff --git a/src/qemu/meson.build b/src/qemu/meson.build index 7e5db09e0c..bf900e3f14 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -187,6 +187,8 @@ if conf.has('WITH_QEMU') 'service_unit_extra': [ 'Requires=virtlogd.socket', 'Wants=virtlockd.socket', + 'After=virtlogd.socket', + 'After=virtlockd.socket', 'Wants=systemd-machined.service', 'After=systemd-machined.service', 'After=remote-fs.target', diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 8839c00a15..a2c3c8f8fa 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -1,13 +1,18 @@ [Unit] Description=Virtualization daemon -Requires=virtlogd.socket # Use Wants instead of Requires so that users # can disable these three .socket units to revert # to a traditional non-activation deployment setup Wants=libvirtd.socket Wants=libvirtd-ro.socket Wants=libvirtd-admin.socket +After=libvirtd.socket +After=libvirtd-ro.socket +After=libvirtd-admin.socket +Requires=virtlogd.socket Wants=virtlockd.socket +After=virtlogd.socket +After=virtlockd.socket Wants=systemd-machined.service After=network.target After=dbus.service -- 2.41.0
[libvirt PATCH 42/42] systemd: Move Documentation lines
Like the Description, these are intended to be displayed to the user, so it makes sense to have them towards the top of the file before all the information that systemd will parse to calculate dependencies. Signed-off-by: Andrea Bolognani --- src/locking/virtlockd.service.in | 4 ++-- src/logging/virtlogd.service.in | 4 ++-- src/remote/libvirtd.service.in | 4 ++-- src/virtd.service.in | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index d1ebbda2b7..ed3b7c7792 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -1,11 +1,11 @@ [Unit] Description=libvirt @name@ daemon +Documentation=man:virtlockd(8) +Documentation=https://libvirt.org/ BindsTo=virtlockd.socket BindsTo=virtlockd-admin.socket After=virtlockd.socket After=virtlockd-admin.socket -Documentation=man:virtlockd(8) -Documentation=https://libvirt.org [Service] Type=notify diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in index bfcc43d1b7..417770b139 100644 --- a/src/logging/virtlogd.service.in +++ b/src/logging/virtlogd.service.in @@ -1,11 +1,11 @@ [Unit] Description=libvirt @name@ daemon +Documentation=man:virtlogd(8) +Documentation=https://libvirt.org/ BindsTo=virtlogd.socket BindsTo=virtlogd-admin.socket After=virtlogd.socket After=virtlogd-admin.socket -Documentation=man:virtlogd(8) -Documentation=https://libvirt.org [Service] Type=notify diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 3b9819c3bc..2970e855d6 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -1,5 +1,7 @@ [Unit] Description=libvirt @name@ daemon +Documentation=man:libvirtd(8) +Documentation=https://libvirt.org/ # Use Wants instead of Requires so that users # can disable these three .socket units to revert # to a traditional non-activation deployment setup @@ -22,8 +24,6 @@ After=remote-fs.target After=systemd-machined.service After=xencommons.service Conflicts=xendomains.service -Documentation=man:libvirtd(8) -Documentation=https://libvirt.org [Service] Type=notify diff --git a/src/virtd.service.in b/src/virtd.service.in index e940b05b19..6b59803574 100644 --- a/src/virtd.service.in +++ b/src/virtd.service.in @@ -1,5 +1,7 @@ [Unit] Description=libvirt @name@ daemon +Documentation=man:@service@(8) +Documentation=https://libvirt.org/ BindsTo=@service@.socket BindsTo=@service@-ro.socket BindsTo=@service@-admin.socket @@ -11,8 +13,6 @@ After=libvirtd.service After=network.target After=dbus.service After=apparmor.service -Documentation=man:@service@(8) -Documentation=https://libvirt.org @service_unit_extra@ [Service] -- 2.41.0
[libvirt PATCH 40/42] systemd: Drop BindTo/After between sockets
They are unnecessary, since all sockets for a service are now enabled as soon as one of them is and each service has a very strong dependency on all of its sockets. Signed-off-by: Andrea Bolognani --- src/locking/virtlockd-admin.socket.in | 2 -- src/logging/virtlogd-admin.socket.in | 2 -- src/remote/libvirtd-admin.socket.in | 2 -- src/remote/libvirtd-ro.socket.in | 2 -- src/remote/libvirtd-tcp.socket.in | 2 -- src/remote/libvirtd-tls.socket.in | 2 -- src/virtd-admin.socket.in | 2 -- src/virtd-ro.socket.in| 2 -- src/virtd-tcp.socket.in | 2 -- src/virtd-tls.socket.in | 2 -- 10 files changed, 20 deletions(-) diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in index 63f78a02da..a773b511bd 100644 --- a/src/locking/virtlockd-admin.socket.in +++ b/src/locking/virtlockd-admin.socket.in @@ -1,7 +1,5 @@ [Unit] Description=Virtual machine lock manager admin socket -BindsTo=virtlockd.socket -After=virtlockd.socket [Socket] ListenStream=@runstatedir@/libvirt/virtlockd-admin-sock diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in index 1d18fe6f56..e0d35cbcf3 100644 --- a/src/logging/virtlogd-admin.socket.in +++ b/src/logging/virtlogd-admin.socket.in @@ -1,7 +1,5 @@ [Unit] Description=Virtual machine log manager socket -BindsTo=virtlogd.socket -After=virtlogd.socket [Socket] ListenStream=@runstatedir@/libvirt/virtlogd-admin-sock diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index 6df038d95a..ba060eaea4 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -1,7 +1,5 @@ [Unit] Description=@name@ admin socket -BindsTo=libvirtd.socket -After=libvirtd.socket [Socket] ListenStream=@runstatedir@/libvirt/libvirt-admin-sock diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index 6797517c50..d2ab7ba4f2 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -1,7 +1,5 @@ [Unit] Description=@name@ local read-only socket -BindsTo=libvirtd.socket -After=libvirtd.socket [Socket] ListenStream=@runstatedir@/libvirt/libvirt-sock-ro diff --git a/src/remote/libvirtd-tcp.socket.in b/src/remote/libvirtd-tcp.socket.in index 8b8fbcd01a..e32daddf25 100644 --- a/src/remote/libvirtd-tcp.socket.in +++ b/src/remote/libvirtd-tcp.socket.in @@ -1,7 +1,5 @@ [Unit] Description=@name@ non-TLS IP socket -BindsTo=libvirtd.socket -After=libvirtd.socket [Socket] ListenStream=16509 diff --git a/src/remote/libvirtd-tls.socket.in b/src/remote/libvirtd-tls.socket.in index fefda22c6b..2f34e8e0cd 100644 --- a/src/remote/libvirtd-tls.socket.in +++ b/src/remote/libvirtd-tls.socket.in @@ -1,7 +1,5 @@ [Unit] Description=@name@ TLS IP socket -BindsTo=libvirtd.socket -After=libvirtd.socket [Socket] ListenStream=16514 diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in index a4faeb7da8..dc2cb737ce 100644 --- a/src/virtd-admin.socket.in +++ b/src/virtd-admin.socket.in @@ -1,7 +1,5 @@ [Unit] Description=@name@ admin socket -BindsTo=@service@.socket -After=@service@.socket Conflicts=libvirtd-admin.socket After=libvirtd-admin.socket @socket_unit_extra@ diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in index 829c2e8b1f..ef1716e3f3 100644 --- a/src/virtd-ro.socket.in +++ b/src/virtd-ro.socket.in @@ -1,7 +1,5 @@ [Unit] Description=@name@ local read-only socket -BindsTo=@service@.socket -After=@service@.socket Conflicts=libvirtd-ro.socket After=libvirtd-ro.socket @socket_unit_extra@ diff --git a/src/virtd-tcp.socket.in b/src/virtd-tcp.socket.in index 2873c35135..26ead32789 100644 --- a/src/virtd-tcp.socket.in +++ b/src/virtd-tcp.socket.in @@ -1,7 +1,5 @@ [Unit] Description=@name@ non-TLS IP socket -BindsTo=@service@.socket -After=@service@.socket Conflicts=libvirtd-tcp.socket After=libvirtd-tcp.socket @socket_unit_extra@ diff --git a/src/virtd-tls.socket.in b/src/virtd-tls.socket.in index 2d4d589c8a..47da9317d6 100644 --- a/src/virtd-tls.socket.in +++ b/src/virtd-tls.socket.in @@ -1,7 +1,5 @@ [Unit] Description=@name@ TLS IP socket -BindsTo=@service@.socket -After=@service@.socket Conflicts=libvirt-tls.socket After=libvirt-tls.socket @socket_unit_extra@ -- 2.41.0
[libvirt PATCH 41/42] systemd: Improve and unify unit descriptions
Hypervisors are referred to by their user-facing name rather than the name of their libvirt driver, the monolithic daemon is explicitly referred to as legacy, and a consistent format is used throughout. Signed-off-by: Andrea Bolognani --- src/ch/meson.build| 2 +- src/interface/meson.build | 2 +- src/libxl/meson.build | 2 +- src/locking/meson.build | 2 +- src/locking/virtlockd-admin.socket.in | 2 +- src/locking/virtlockd.service.in | 2 +- src/locking/virtlockd.socket.in | 2 +- src/logging/meson.build | 2 +- src/logging/virtlogd-admin.socket.in | 2 +- src/logging/virtlogd.service.in | 2 +- src/logging/virtlogd.socket.in| 2 +- src/lxc/meson.build | 2 +- src/network/meson.build | 2 +- src/node_device/meson.build | 2 +- src/nwfilter/meson.build | 2 +- src/qemu/meson.build | 2 +- src/remote/libvirtd-admin.socket.in | 2 +- src/remote/libvirtd-ro.socket.in | 2 +- src/remote/libvirtd-tcp.socket.in | 2 +- src/remote/libvirtd-tls.socket.in | 2 +- src/remote/libvirtd.service.in| 2 +- src/remote/libvirtd.socket.in | 2 +- src/remote/meson.build| 4 ++-- src/secret/meson.build| 2 +- src/storage/meson.build | 2 +- src/vbox/meson.build | 2 +- src/virtd-admin.socket.in | 2 +- src/virtd-ro.socket.in| 2 +- src/virtd-tcp.socket.in | 2 +- src/virtd-tls.socket.in | 2 +- src/virtd.service.in | 2 +- src/virtd.socket.in | 2 +- src/vz/meson.build| 2 +- 33 files changed, 34 insertions(+), 34 deletions(-) diff --git a/src/ch/meson.build b/src/ch/meson.build index f6c443f3c6..cbac6e2de6 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -57,7 +57,7 @@ if conf.has('WITH_CH') virt_daemon_units += { 'service': 'virtchd', -'name': 'Libvirt ch', +'name': 'Cloud Hypervisor', 'service_unit_extra': [ 'Wants=systemd-machined.service', 'After=systemd-machined.service', diff --git a/src/interface/meson.build b/src/interface/meson.build index 54c0b1a935..b1617d83e6 100644 --- a/src/interface/meson.build +++ b/src/interface/meson.build @@ -44,7 +44,7 @@ if conf.has('WITH_INTERFACE') virt_daemon_units += { 'service': 'virtinterfaced', -'name': 'Libvirt interface', +'name': 'interface', } openrc_init_files += { diff --git a/src/libxl/meson.build b/src/libxl/meson.build index ad8d9b757f..5affd1e7c5 100644 --- a/src/libxl/meson.build +++ b/src/libxl/meson.build @@ -66,7 +66,7 @@ if conf.has('WITH_LIBXL') virt_daemon_units += { 'service': 'virtxend', -'name': 'Libvirt libxl', +'name': 'Xen', 'service_unit_extra': [ 'Wants=virtlockd.socket', 'After=virtlockd.socket', diff --git a/src/locking/meson.build b/src/locking/meson.build index 2ccc822ed3..6b3cd781d1 100644 --- a/src/locking/meson.build +++ b/src/locking/meson.build @@ -144,7 +144,7 @@ if conf.has('WITH_LIBVIRTD') virt_daemon_units += { 'service': 'virtlockd', 'service_in': files('virtlockd.service.in'), -'name': 'Libvirt locking', +'name': 'locking', 'sockets': [ 'main', 'admin' ], 'socket_in': files('virtlockd.socket.in'), 'socket_admin_in': files('virtlockd-admin.socket.in'), diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in index a773b511bd..90077b4915 100644 --- a/src/locking/virtlockd-admin.socket.in +++ b/src/locking/virtlockd-admin.socket.in @@ -1,5 +1,5 @@ [Unit] -Description=Virtual machine lock manager admin socket +Description=libvirt @name@ daemon admin socket [Socket] ListenStream=@runstatedir@/libvirt/virtlockd-admin-sock diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index ebf8cb9d5a..d1ebbda2b7 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -1,5 +1,5 @@ [Unit] -Description=Virtual machine lock manager +Description=libvirt @name@ daemon BindsTo=virtlockd.socket BindsTo=virtlockd-admin.socket After=virtlockd.socket diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in index 1cd50c70ec..5dba9dea00 100644 --- a/src/locking/virtlockd.socket.in +++ b/src/locking/virtlockd.socket.in @@ -1,5 +1,5 @@ [Unit] -Description=Virtual machine lock manager socket +Description=libvirt @name@ daemon socket [Socket] ListenStream=@runstatedir@/libvirt/virtlockd-sock diff --git a/src/logging/meson.build b/src/logging/meson.build index 95d2ef2a3f..1527f91faf 100644 --- a/src/logging/meson.build +++ b/src/logging/meson.build @@ -91,7 +91,7 @@ if conf.has('WITH_LIBVIRTD') virt_daemon_units += { 'service': 'virtlogd', 'service_in': files('virtlogd.service.in'), -'name': 'Libvirt logging
[libvirt PATCH 39/42] systemd: Add Also between sockets
This results in all sockets for a service being enabled when a single one of them is. The -tcp and -tls sockets are intentionally excluded, because enabling them should require explicit action on the administrator's part; moreover, disabling them should not result in the local sockets being disabled too. Signed-off-by: Andrea Bolognani --- src/locking/virtlockd-admin.socket.in | 1 + src/locking/virtlockd.socket.in | 1 + src/logging/virtlogd-admin.socket.in | 1 + src/logging/virtlogd.socket.in| 1 + src/remote/libvirtd-admin.socket.in | 2 ++ src/remote/libvirtd-ro.socket.in | 2 ++ src/remote/libvirtd.socket.in | 2 ++ src/virtd-admin.socket.in | 2 ++ src/virtd-ro.socket.in| 2 ++ src/virtd.socket.in | 2 ++ 10 files changed, 16 insertions(+) diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in index d5ebd7f60b..63f78a02da 100644 --- a/src/locking/virtlockd-admin.socket.in +++ b/src/locking/virtlockd-admin.socket.in @@ -10,3 +10,4 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=@service@.socket diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in index d2cc2a06a3..1cd50c70ec 100644 --- a/src/locking/virtlockd.socket.in +++ b/src/locking/virtlockd.socket.in @@ -8,3 +8,4 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=@service@-admin.socket diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in index 67259803ca..1d18fe6f56 100644 --- a/src/logging/virtlogd-admin.socket.in +++ b/src/logging/virtlogd-admin.socket.in @@ -10,3 +10,4 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=@service@.socket diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in index 7b3fc73773..0b85af927b 100644 --- a/src/logging/virtlogd.socket.in +++ b/src/logging/virtlogd.socket.in @@ -8,3 +8,4 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=@service@-admin.socket diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in index 098e372971..6df038d95a 100644 --- a/src/remote/libvirtd-admin.socket.in +++ b/src/remote/libvirtd-admin.socket.in @@ -10,3 +10,5 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=libvirtd.socket +Also=libvirtd-ro.socket diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in index 101555e8a0..6797517c50 100644 --- a/src/remote/libvirtd-ro.socket.in +++ b/src/remote/libvirtd-ro.socket.in @@ -10,3 +10,5 @@ SocketMode=0666 [Install] WantedBy=sockets.target +Also=libvirtd.socket +Also=libvirtd-admin.socket diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in index 3019821df3..f483facdf3 100644 --- a/src/remote/libvirtd.socket.in +++ b/src/remote/libvirtd.socket.in @@ -9,3 +9,5 @@ RemoveOnStop=yes [Install] WantedBy=sockets.target +Also=libvirtd-ro.socket +Also=libvirtd-admin.socket diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in index 8851dde1bc..a4faeb7da8 100644 --- a/src/virtd-admin.socket.in +++ b/src/virtd-admin.socket.in @@ -14,4 +14,6 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=@service@.socket +Also=@service@-ro.socket @socket_install_extra@ diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in index 89b8d80763..829c2e8b1f 100644 --- a/src/virtd-ro.socket.in +++ b/src/virtd-ro.socket.in @@ -14,4 +14,6 @@ SocketMode=0666 [Install] WantedBy=sockets.target +Also=@service@.socket +Also=@service@-admin.socket @socket_install_extra@ diff --git a/src/virtd.socket.in b/src/virtd.socket.in index df4a619dd4..dc25e4d781 100644 --- a/src/virtd.socket.in +++ b/src/virtd.socket.in @@ -13,4 +13,6 @@ RemoveOnStop=yes [Install] WantedBy=sockets.target +Also=@service@-ro.socket +Also=@service@-admin.socket @socket_install_extra@ -- 2.41.0