remote: add systemd socket units for UNIX/TCP sockets

We don't do socket activation of libvirtd, since we need to
unconditionally start libvirtd in order to perform autostart. This
doesn't mean we can't have systemd socket units. Some use cases will
not need libvirt's autostart & are thus free to use activation.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/libvirt.spec.in b/libvirt.spec.in
index d54f58f1d4eb15b85ef3f99808ad13cde3c05b24..b13b863928b31c935d7500aa355732c9157e9cfb 100644 (file)
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1342,6 +1342,8 @@ exit 0
 
 %systemd_post virtlockd.socket virtlockd-admin.socket
 %systemd_post virtlogd.socket virtlogd-admin.socket
+%systemd_post libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket
+%systemd_post libvirtd-tcp.socket libvirtd-tls.socket
 %systemd_post libvirtd.service
 
 # request daemon restart in posttrans
@@ -1350,6 +1352,8 @@ touch %{_localstatedir}/lib/rpm-state/libvirt/restart || :
 
 %preun daemon
 %systemd_preun libvirtd.service
+%systemd_preun libvirtd-tcp.socket libvirtd-tls.socket
+%systemd_preun libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket
 %systemd_preun virtlogd.socket virtlogd-admin.socket virtlogd.service
 %systemd_preun virtlockd.socket virtlockd-admin.socket virtlockd.service
 
@@ -1374,7 +1378,20 @@ fi
 
 %posttrans daemon
 if [ -f %{_localstatedir}/lib/rpm-state/libvirt/restart ]; then
-    /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
+    # Old libvirtd owns the sockets and will delete them on
+    # shutdown. Can't use a try-restart as libvirtd will simply
+    # own the sockets again when it comes back up. Thus we must
+    # do this particular ordering
+    /bin/systemctl is-active libvirtd.service 1>/dev/null 2>&1
+    if test $? = 0 ; then
+        /bin/systemctl stop libvirtd.service >/dev/null 2>&1 || :
+
+        /bin/systemctl try-restart libvirtd.socket >/dev/null 2>&1 || :
+        /bin/systemctl try-restart libvirtd-ro.socket >/dev/null 2>&1 || :
+        /bin/systemctl try-restart libvirtd-admin.socket >/dev/null 2>&1 || :
+
+        /bin/systemctl start libvirtd.service >/dev/null 2>&1 || :
+    fi
 fi
 rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
 
@@ -1505,6 +1522,11 @@ exit 0
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/
 
 %{_unitdir}/libvirtd.service
+%{_unitdir}/libvirtd.socket
+%{_unitdir}/libvirtd-ro.socket
+%{_unitdir}/libvirtd-admin.socket
+%{_unitdir}/libvirtd-tcp.socket
+%{_unitdir}/libvirtd-tls.socket
 %{_unitdir}/virt-guest-shutdown.target
 %{_unitdir}/virtlogd.service
 %{_unitdir}/virtlogd.socket

diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 851ab903fdcdca710739ba5a9d3166d0eca9bbd7..0cf00cb9020b428f668f793f30cf77f7929bb70b 100644 (file)
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -51,6 +51,11 @@ MANINFILES += libvirtd.8.in
 
 SYSTEMD_UNIT_FILES_IN += \
        remote/libvirtd.service.in \
+       remote/libvirtd.socket.in \
+       remote/libvirtd-ro.socket.in \
+       remote/libvirtd-admin.socket.in \
+       remote/libvirtd-tcp.socket.in \
+       remote/libvirtd-tls.socket.in \
        remote/virt-guest-shutdown.target.in \
        $(NULL)
 
@@ -267,6 +272,36 @@ libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status
            < $< > $@-t && \
            mv $@-t $@
 
+libvirtd.socket: remote/libvirtd.socket.in $(top_builddir)/config.status
+       $(AM_V_GEN)sed \
+           -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+           < $< > $@-t && \
+           mv $@-t $@
+
+libvirtd-ro.socket: remote/libvirtd-ro.socket.in $(top_builddir)/config.status
+       $(AM_V_GEN)sed \
+           -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+           < $< > $@-t && \
+           mv $@-t $@
+
+libvirtd-admin.socket: remote/libvirtd-admin.socket.in $(top_builddir)/config.status
+       $(AM_V_GEN)sed \
+           -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+           < $< > $@-t && \
+           mv $@-t $@
+
+libvirtd-tcp.socket: remote/libvirtd-tcp.socket.in $(top_builddir)/config.status
+       $(AM_V_GEN)sed \
+           -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+           < $< > $@-t && \
+           mv $@-t $@
+
+libvirtd-tls.socket: remote/libvirtd-tls.socket.in $(top_builddir)/config.status
+       $(AM_V_GEN)sed \
+           -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+           < $< > $@-t && \
+           mv $@-t $@
+
 virt-guest-shutdown.target: remote/virt-guest-shutdown.target.in \
                        $(top_builddir)/config.status
        $(AM_V_GEN)cp $< $@

diff --git a/src/remote/libvirtd-admin.socket.in b/src/remote/libvirtd-admin.socket.in
new file mode 100644 (file)
index 0000000..b791a2e
--- /dev/null
+++ b/src/remote/libvirtd-admin.socket.in
@@ -0,0 +1,13 @@
+[Unit]
+Description=Libvirt admin socket
+Before=libvirtd.service
+BindsTo=libvirtd.socket
+After=libvirtd.socket
+
+[Socket]
+ListenStream=@localstatedir@/run/libvirt/libvirt-admin-sock
+Service=libvirtd.service
+SocketMode=0600
+
+[Install]
+WantedBy=sockets.target

diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in
new file mode 100644 (file)
index 0000000..55c4494
--- /dev/null
+++ b/src/remote/libvirtd-ro.socket.in
@@ -0,0 +1,13 @@
+[Unit]
+Description=Libvirt local read-only socket
+Before=libvirtd.service
+BindsTo=libvirtd.socket
+After=libvirtd.socket
+
+[Socket]
+ListenStream=@localstatedir@/run/libvirt/libvirt-sock-ro
+Service=libvirtd.service
+SocketMode=0666
+
+[Install]
+WantedBy=sockets.target

diff --git a/src/remote/libvirtd-tcp.socket.in b/src/remote/libvirtd-tcp.socket.in
new file mode 100644 (file)
index 0000000..09d5d3d
--- /dev/null
+++ b/src/remote/libvirtd-tcp.socket.in
@@ -0,0 +1,12 @@
+[Unit]
+Description=Libvirt non-TLS IP socket
+Before=libvirtd.service
+BindsTo=libvirtd.socket
+After=libvirtd.socket
+
+[Socket]
+ListenStream=16509
+Service=libvirtd.service
+
+[Install]
+WantedBy=sockets.target

diff --git a/src/remote/libvirtd-tls.socket.in b/src/remote/libvirtd-tls.socket.in
new file mode 100644 (file)
index 0000000..c60f0c9
--- /dev/null
+++ b/src/remote/libvirtd-tls.socket.in
@@ -0,0 +1,12 @@
+[Unit]
+Description=Libvirt TLS IP socket
+Before=libvirtd.service
+BindsTo=libvirtd.socket
+After=libvirtd.socket
+
+[Socket]
+ListenStream=16514
+Service=libvirtd.service
+
+[Install]
+WantedBy=sockets.target

diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
index 7f689e08a85decb7dedc986db6b4c432fa061907..047620f79b2fe78c64fce29be9d6ffaf87cb2951 100644 (file)
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
@@ -1,12 +1,10 @@
-# NB we don't use socket activation. When libvirtd starts it will
-# spawn any virtual machines registered for autostart. We want this
-# to occur on every boot, regardless of whether any client connects
-# to a socket. Thus socket activation doesn't have any benefit
-
 [Unit]
 Description=Virtualization daemon
 Requires=virtlogd.socket
 Requires=virtlockd.socket
+Requires=libvirtd.socket
+Requires=libvirtd-ro.socket
+Requires=libvirtd-admin.socket
 Wants=systemd-machined.service
 Before=libvirt-guests.service
 After=network.target
@@ -42,3 +40,5 @@ TasksMax=32768
 WantedBy=multi-user.target
 Also=virtlockd.socket
 Also=virtlogd.socket
+Also=libvirtd.socket
+Also=libvirtd-ro.socket

diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in
new file mode 100644 (file)
index 0000000..e194c6e
--- /dev/null
+++ b/src/remote/libvirtd.socket.in
@@ -0,0 +1,11 @@
+[Unit]
+Description=Libvirt local socket
+Before=libvirtd.service
+
+[Socket]
+ListenStream=@localstatedir@/run/libvirt/libvirt-sock
+Service=libvirtd.service
+SocketMode=0666
+
+[Install]
+WantedBy=sockets.target