From: Daniel P. Berrangé Date: Fri, 21 Jun 2019 16:19:11 +0000 (+0100) Subject: remote: conditionalize IP socket config in augeas definitions X-Git-Tag: v5.7.0-rc1~287 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f449aea199fc06bbfe9138507530c2a55331daf;p=thirdparty%2Flibvirt.git remote: conditionalize IP socket config in augeas definitions Prepare for reusing libvirtd augeas defintions with other daemons by making the config parameters for IP sockets conditionally defined by the make rules. Reviewed-by: Andrea Bolognani Signed-off-by: Daniel P. Berrangé --- diff --git a/.gitignore b/.gitignore index 7d24dc3f5a..35dc2c8bec 100644 --- a/.gitignore +++ b/.gitignore @@ -158,6 +158,7 @@ /src/remote/*_client_bodies.h /src/remote/*_protocol.[ch] /src/remote/*_stubs.h +/src/remote/libvirtd.aug /src/remote/libvirtd.conf /src/remote/test_libvirtd.aug /src/rpc/virkeepaliveprotocol.[ch] diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index d7e614c476..314b90885f 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -75,7 +75,7 @@ EXTRA_DIST += \ $(REMOTE_DRIVER_SOURCES) \ $(LIBVIRTD_SOURCES) \ remote/test_libvirtd.aug.in \ - remote/libvirtd.aug \ + remote/libvirtd.aug.in \ remote/libvirtd.conf.in \ remote/libvirtd.policy \ remote/libvirtd.rules \ @@ -133,6 +133,8 @@ augeastest_DATA += remote/test_libvirtd.aug nodist_conf_DATA += remote/libvirtd.conf +CLEANFILES += remote/libvirtd.aug + man8_MANS += libvirtd.8 libvirtd_SOURCES = $(LIBVIRTD_SOURCES) @@ -197,9 +199,24 @@ install-data-remote: uninstall-data-remote: rmdir "$(DESTDIR)$(localstatedir)/log/libvirt" ||: +remote/libvirtd.aug: remote/libvirtd.aug.in + $(AM_V_GEN)$(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ + -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ + $< > $@ + remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \ remote/libvirtd.conf $(AUG_GENTEST) - $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf $< > $@ + $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf \ + $(srcdir)/remote/test_libvirtd.aug.in | \ + $(SED) \ + -e '/[@]CUT_ENABLE_IP[@]/d' \ + -e '/[@]END[@]/d' \ + -e 's|[@]DAEMON_NAME[@]|libvirtd|' \ + -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \ + > $@ || rm -f $@ if WITH_SYSCTL # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on diff --git a/src/remote/libvirtd.aug b/src/remote/libvirtd.aug.in similarity index 89% rename from src/remote/libvirtd.aug rename to src/remote/libvirtd.aug.in index 0188c23dd7..eec3433f29 100644 --- a/src/remote/libvirtd.aug +++ b/src/remote/libvirtd.aug.in @@ -1,6 +1,6 @@ -(* /etc/libvirt/libvirtd.conf *) +(* /etc/libvirt/@DAEMON_NAME@.conf *) -module Libvirtd = +module @DAEMON_NAME_UC@ = autoload xfm let eol = del /[ \t]*\n/ "\n" @@ -24,11 +24,13 @@ module Libvirtd = (* Config entry grouped by function - same order as example config *) +@CUT_ENABLE_IP@ let network_entry = bool_entry "listen_tls" | bool_entry "listen_tcp" | str_entry "tls_port" | str_entry "tcp_port" | str_entry "listen_addr" +@END@ let sock_acl_entry = str_entry "unix_sock_group" | str_entry "unix_sock_ro_perms" @@ -38,6 +40,7 @@ module Libvirtd = let authentication_entry = str_entry "auth_unix_ro" | str_entry "auth_unix_rw" +@CUT_ENABLE_IP@ | str_entry "auth_tcp" | str_entry "auth_tls" @@ -46,12 +49,14 @@ module Libvirtd = | str_entry "ca_file" | str_entry "crl_file" - let authorization_entry = bool_entry "tls_no_verify_certificate" + let tls_authorization_entry = bool_entry "tls_no_verify_certificate" | bool_entry "tls_no_sanity_certificate" | str_array_entry "tls_allowed_dn_list" - | str_array_entry "sasl_allowed_username_list" - | str_array_entry "access_drivers" | str_entry "tls_priority" +@END@ + + let misc_authorization_entry = str_array_entry "sasl_allowed_username_list" + | str_array_entry "access_drivers" let processing_entry = int_entry "min_workers" | int_entry "max_workers" @@ -87,11 +92,14 @@ module Libvirtd = | int_entry "ovs_timeout" (* Each enty in the config is one of the following three ... *) - let entry = network_entry - | sock_acl_entry + let entry = sock_acl_entry | authentication_entry +@CUT_ENABLE_IP@ + | network_entry | certificate_entry - | authorization_entry + | tls_authorization_entry +@END@ + | misc_authorization_entry | processing_entry | admin_processing_entry | logging_entry @@ -106,7 +114,7 @@ module Libvirtd = let lns = ( record | comment | empty ) * - let filter = incl "/etc/libvirt/libvirtd.conf" + let filter = incl "/etc/libvirt/@DAEMON_NAME@.conf" . Util.stdexcl let xfm = transform lns filter diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in index d768b30b55..2fd809af4a 100644 --- a/src/remote/test_libvirtd.aug.in +++ b/src/remote/test_libvirtd.aug.in @@ -1,12 +1,14 @@ -module Test_libvirtd = +module Test_@DAEMON_NAME@ = @CONFIG@ - test Libvirtd.lns get conf = + test @DAEMON_NAME_UC@.lns get conf = +@CUT_ENABLE_IP@ { "listen_tls" = "0" } { "listen_tcp" = "1" } { "tls_port" = "16514" } { "tcp_port" = "16509" } { "listen_addr" = "192.168.0.1" } +@END@ { "unix_sock_group" = "libvirt" } { "unix_sock_ro_perms" = "0777" } { "unix_sock_rw_perms" = "0770" } @@ -14,11 +16,14 @@ module Test_libvirtd = { "unix_sock_dir" = "/var/run/libvirt" } { "auth_unix_ro" = "none" } { "auth_unix_rw" = "none" } +@CUT_ENABLE_IP@ { "auth_tcp" = "sasl" } { "auth_tls" = "none" } +@END@ { "access_drivers" { "1" = "polkit" } } +@CUT_ENABLE_IP@ { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" } { "cert_file" = "/etc/pki/libvirt/servercert.pem" } { "ca_file" = "/etc/pki/CA/cacert.pem" } @@ -30,6 +35,7 @@ module Test_libvirtd = { "2" = "DN2"} } { "tls_priority" = "NORMAL" } +@END@ { "sasl_allowed_username_list" { "1" = "joe@EXAMPLE.COM" } { "2" = "fred@EXAMPLE.COM" } @@ -48,7 +54,7 @@ module Test_libvirtd = { "admin_max_client_requests" = "5" } { "log_level" = "3" } { "log_filters" = "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" } - { "log_outputs" = "3:syslog:libvirtd" } + { "log_outputs" = "3:syslog:@DAEMON_NAME@" } { "audit_level" = "2" } { "audit_logging" = "1" } { "host_uuid" = "00000000-0000-0000-0000-000000000000" }