Make max_clients in virtlockd configurable

Each new VM requires a new connection from libvirtd to virtlockd.
The default max clients limit in virtlockd of 20 is thus woefully
insufficient. virtlockd sockets are only accessible to matching
users, so there is no security need for such a tight limit. Make
it configurable and default to 1024.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c
index 77d6e0d85ed344ced7a022eceb1ffb8541dcf50d..5f675ef7279fb0d2958a558ecf2b126717444a06 100644 (file)
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@@ -128,7 +128,7 @@ static void virLockDaemonLockSpaceDataFree(void *data,
 }
 
 static virLockDaemonPtr
-virLockDaemonNew(bool privileged)
+virLockDaemonNew(virLockDaemonConfigPtr config, bool privileged)
 {
     virLockDaemonPtr lockd;
 
@@ -142,7 +142,7 @@ virLockDaemonNew(bool privileged)
         return NULL;
     }
 
-    if (!(lockd->srv = virNetServerNew(1, 1, 0, 20,
+    if (!(lockd->srv = virNetServerNew(1, 1, 0, config->max_clients,
                                        -1, 0,
                                        false, NULL,
                                        virLockDaemonClientNew,
@@ -1335,7 +1335,7 @@ int main(int argc, char **argv) {
     /* rv == 1, means we setup everything from saved state,
      * so we only setup stuff from scratch if rv == 0 */
     if (rv == 0) {
-        if (!(lockDaemon = virLockDaemonNew(privileged))) {
+        if (!(lockDaemon = virLockDaemonNew(config, privileged))) {
             ret = VIR_LOCK_DAEMON_ERR_INIT;
             goto cleanup;
         }

diff --git a/src/locking/lock_daemon_config.c b/src/locking/lock_daemon_config.c
index 88c4150efa4e037e5d3d23ce65d6515579ffa134..8e632f58bd86b25bfe9d31eccde68b04d1c88707 100644 (file)
--- a/src/locking/lock_daemon_config.c
+++ b/src/locking/lock_daemon_config.c
@@ -114,6 +114,7 @@ virLockDaemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
         return NULL;
 
     data->log_buffer_size = 64;
+    data->max_clients = 1024;
 
     return data;
 }
@@ -139,6 +140,7 @@ virLockDaemonConfigLoadOptions(virLockDaemonConfigPtr data,
     GET_CONF_STR(conf, filename, log_filters);
     GET_CONF_STR(conf, filename, log_outputs);
     GET_CONF_INT(conf, filename, log_buffer_size);
+    GET_CONF_INT(conf, filename, max_clients);
 
     return 0;
 

diff --git a/src/locking/lock_daemon_config.h b/src/locking/lock_daemon_config.h
index 8cb0e5d568427fd0787a9038b3381ea21e4ee838..e75d4a9ed3ab1477acb966c519f7426240fe10b2 100644 (file)
--- a/src/locking/lock_daemon_config.h
+++ b/src/locking/lock_daemon_config.h
@@ -34,6 +34,7 @@ struct _virLockDaemonConfig {
     char *log_filters;
     char *log_outputs;
     int log_buffer_size;
+    int max_clients;
 };
 
 

diff --git a/src/locking/virtlockd.aug b/src/locking/virtlockd.aug
index 9d20e72a5d8bceb75740c9812f5d95ba92668933..d0b56c2caf9f548416aab4f98bb2a48d889405f2 100644 (file)
--- a/src/locking/virtlockd.aug
+++ b/src/locking/virtlockd.aug
@@ -28,6 +28,7 @@ module Libvirtd =
                      | str_entry "log_filters"
                      | str_entry "log_outputs"
                      | int_entry "log_buffer_size"
+                     | int_entry "max_clients"
 
    (* Each enty in the config is one of the following three ... *)
    let entry = logging_entry

diff --git a/src/locking/virtlockd.conf b/src/locking/virtlockd.conf
index b6450b42ae4de3f540753c5bbea7276cc16d0e1f..652e15604d5cd3a9a336972760dca136b3a42308 100644 (file)
--- a/src/locking/virtlockd.conf
+++ b/src/locking/virtlockd.conf
@@ -58,3 +58,10 @@
 # the default buffer size in kilobytes.
 # If value is 0 or less the debug log buffer is deactivated
 #log_buffer_size = 64
+
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+# Each running virtual machine will require one open connection
+# to virtlockd. So 'max_clients' will affect how many VMs can
+# be run on a host
+#max_clients = 1024