From nobody Wed May 14 21:38:28 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1516713947246114.59788434270126; Tue, 23 Jan 2018 05:25:47 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0785CC098D3E; Tue, 23 Jan 2018 13:25:46 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D16335EDEB; Tue, 23 Jan 2018 13:25:45 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 96108410BB; Tue, 23 Jan 2018 13:25:45 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w0NDOkw3027119 for ; Tue, 23 Jan 2018 08:24:46 -0500 Received: by smtp.corp.redhat.com (Postfix) id E55F17B14E; Tue, 23 Jan 2018 13:24:46 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.82]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6D7EB7A31F; Tue, 23 Jan 2018 13:24:43 +0000 (UTC) From: "Daniel P. Berrange" To: libvir-list@redhat.com Date: Tue, 23 Jan 2018 13:23:47 +0000 Message-Id: <20180123132347.21944-12-berrange@redhat.com> In-Reply-To: <20180123132347.21944-1-berrange@redhat.com> References: <20180123132347.21944-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 11/11] lockd: add support for admin protocol in virtlockd X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 23 Jan 2018 13:25:46 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add a virtlockd-admin-sock can serves the admin protocol for the virtlockd daemon and define a virtlockd:///{system,session} URI scheme for connecting to it. Signed-off-by: Daniel P. Berrange --- cfg.mk | 1 - src/Makefile.am | 1 + src/libvirt-admin.c | 3 + src/locking/lock_daemon.c | 145 ++++++++++++++++++++++++++----= ---- src/locking/lock_daemon_config.c | 3 + src/locking/lock_daemon_config.h | 1 + src/locking/test_virtlockd.aug.in | 4 + src/locking/virtlockd-admin.socket.in | 10 +++ src/locking/virtlockd.aug | 1 + src/locking/virtlockd.conf | 6 ++ src/locking/virtlockd.service.in | 1 + 11 files changed, 142 insertions(+), 34 deletions(-) create mode 100644 src/locking/virtlockd-admin.socket.in diff --git a/cfg.mk b/cfg.mk index 1a5de2b154..5d369aadb2 100644 --- a/cfg.mk +++ b/cfg.mk @@ -775,7 +775,6 @@ sc_prohibit_cross_inclusion: case $$dir in \ util/) safe=3D"util";; \ access/ | conf/) safe=3D"($$dir|conf|util)";; \ - locking/) safe=3D"($$dir|util|conf|rpc)";; \ cpu/| network/| node_device/| rpc/| security/| storage/) \ safe=3D"($$dir|util|conf|storage)";; \ xenapi/ | xenconfig/ ) safe=3D"($$dir|util|conf|xen|cpu)";; \ diff --git a/src/Makefile.am b/src/Makefile.am index 828306fd35..42eee2ad90 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2646,6 +2646,7 @@ virtlockd_LDFLAGS =3D \ $(PIE_LDFLAGS) \ $(NULL) virtlockd_LDADD =3D \ + libvirt_driver_admin.la \ libvirt-net-rpc-server.la \ libvirt-net-rpc.la \ libvirt_util.la \ diff --git a/src/libvirt-admin.c b/src/libvirt-admin.c index 9d1bff536b..de595a9f7f 100644 --- a/src/libvirt-admin.c +++ b/src/libvirt-admin.c @@ -40,6 +40,7 @@ =20 #define LIBVIRTD_ADMIN_SOCK_NAME "libvirt-admin-sock" #define VIRTLOGD_ADMIN_SOCK_NAME "virtlogd-admin-sock" +#define VIRTLOCKD_ADMIN_SOCK_NAME "virtlockd-admin-sock" =20 =20 VIR_LOG_INIT("libvirt-admin"); @@ -134,6 +135,8 @@ getSocketPath(virURIPtr uri) sockbase =3D LIBVIRTD_ADMIN_SOCK_NAME; } else if (STREQ_NULLABLE(uri->scheme, "virtlogd")) { sockbase =3D VIRTLOGD_ADMIN_SOCK_NAME; + } else if (STREQ_NULLABLE(uri->scheme, "virtlockd")) { + sockbase =3D VIRTLOCKD_ADMIN_SOCK_NAME; } else { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Unsupported URI scheme '%s'"), diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c index b1f0665aaa..79ab90fc91 100644 --- a/src/locking/lock_daemon.c +++ b/src/locking/lock_daemon.c @@ -32,6 +32,7 @@ =20 #include "lock_daemon.h" #include "lock_daemon_config.h" +#include "admin/admin_server_dispatch.h" #include "virutil.h" #include "virfile.h" #include "virpidfile.h" @@ -148,7 +149,7 @@ static virLockDaemonPtr virLockDaemonNew(virLockDaemonConfigPtr config, bool privileged) { virLockDaemonPtr lockd; - virNetServerPtr srv; + virNetServerPtr srv =3D NULL; =20 if (VIR_ALLOC(lockd) < 0) return NULL; @@ -160,6 +161,9 @@ virLockDaemonNew(virLockDaemonConfigPtr config, bool pr= ivileged) return NULL; } =20 + if (!(lockd->dmn =3D virNetDaemonNew())) + goto error; + if (!(srv =3D virNetServerNew("virtlockd", 1, 1, 1, 0, config->max_clients, config->max_clients, -1, 0, @@ -170,9 +174,23 @@ virLockDaemonNew(virLockDaemonConfigPtr config, bool p= rivileged) (void*)(intptr_t)(privileged ? 0x1 : 0x0))= )) goto error; =20 - if (!(lockd->dmn =3D virNetDaemonNew()) || - virNetDaemonAddServer(lockd->dmn, srv) < 0) + if (virNetDaemonAddServer(lockd->dmn, srv) < 0) + goto error; + virObjectUnref(srv); + srv =3D NULL; + + if (!(srv =3D virNetServerNew("admin", 1, + 1, 1, 0, config->admin_max_clients, + config->admin_max_clients, -1, 0, + NULL, + remoteAdmClientNew, + remoteAdmClientPreExecRestart, + remoteAdmClientFree, + lockd->dmn))) goto error; + + if (virNetDaemonAddServer(lockd->dmn, srv) < 0) + goto error; virObjectUnref(srv); srv =3D NULL; =20 @@ -206,6 +224,14 @@ virLockDaemonNewServerPostExecRestart(virNetDaemonPtr = dmn ATTRIBUTE_UNUSED, virLockDaemonClientPreExecRe= start, virLockDaemonClientFree, opaque); + } else if (STREQ(name, "admin")) { + return virNetServerNewPostExecRestart(object, + name, + remoteAdmClientNew, + remoteAdmClientNewPostExecRe= start, + remoteAdmClientPreExecRestar= t, + remoteAdmClientFree, + dmn); } else { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unexpected server name '%s' during restart"), @@ -420,10 +446,12 @@ virLockDaemonForkIntoBackground(const char *argv0) =20 static int virLockDaemonUnixSocketPaths(bool privileged, - char **sockfile) + char **sockfile, + char **adminSockfile) { if (privileged) { - if (VIR_STRDUP(*sockfile, LOCALSTATEDIR "/run/libvirt/virtlockd-so= ck") < 0) + if (VIR_STRDUP(*sockfile, LOCALSTATEDIR "/run/libvirt/virtlockd-so= ck") < 0 || + VIR_STRDUP(*adminSockfile, LOCALSTATEDIR "/run/libvirt/virtloc= kd-admin-sock") < 0) goto error; } else { char *rundir =3D NULL; @@ -440,7 +468,8 @@ virLockDaemonUnixSocketPaths(bool privileged, } umask(old_umask); =20 - if (virAsprintf(sockfile, "%s/virtlockd-sock", rundir) < 0) { + if (virAsprintf(sockfile, "%s/virtlockd-sock", rundir) < 0 || + virAsprintf(adminSockfile, "%s/virtlockd-admin-sock", rundir) = < 0) { VIR_FREE(rundir); goto error; } @@ -557,29 +586,50 @@ virLockDaemonSetupSignals(virNetDaemonPtr dmn) =20 =20 static int -virLockDaemonSetupNetworkingSystemD(virNetServerPtr srv) +virLockDaemonSetupNetworkingSystemD(virNetServerPtr lockSrv, virNetServerP= tr adminSrv) { - virNetServerServicePtr svc; unsigned int nfds; + size_t i; =20 if ((nfds =3D virGetListenFDs()) =3D=3D 0) return 0; - if (nfds > 1) + if (nfds > 2) VIR_DEBUG("Too many (%d) file descriptors from systemd", nfds); - nfds =3D 1; =20 - /* Systemd passes FDs, starting immediately after stderr, - * so the first FD we'll get is '3'. */ - if (!(svc =3D virNetServerServiceNewFD(3, 0, + for (i =3D 0; i < nfds && i < 2; i++) { + virNetServerServicePtr svc; + char *path =3D virGetUNIXSocketPath(3 + i); + virNetServerPtr srv; + + if (!path) + return -1; + + if (strstr(path, "virtlockd-admin-sock")) { + srv =3D adminSrv; + } else if (strstr(path, "virtlockd-sock")) { + srv =3D lockSrv; + } else { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unknown UNIX socket %s passed in"), + path); + VIR_FREE(path); + return -1; + } + VIR_FREE(path); + + /* Systemd passes FDs, starting immediately after stderr, + * so the first FD we'll get is '3'. */ + if (!(svc =3D virNetServerServiceNewFD(3 + i, 0, #if WITH_GNUTLS - NULL, + NULL, #endif - false, 0, 1))) - return -1; + false, 0, 1))) + return -1; =20 - if (virNetServerAddService(srv, svc, NULL) < 0) { - virObjectUnref(svc); - return -1; + if (virNetServerAddService(srv, svc, NULL) < 0) { + virObjectUnref(svc); + return -1; + } } return 1; } @@ -1112,8 +1162,10 @@ virLockDaemonUsage(const char *argv0, bool privilege= d) } =20 int main(int argc, char **argv) { - virNetServerPtr srv =3D NULL; + virNetServerPtr lockSrv =3D NULL; + virNetServerPtr adminSrv =3D NULL; virNetServerProgramPtr lockProgram =3D NULL; + virNetServerProgramPtr adminProgram =3D NULL; char *remote_config_file =3D NULL; int statuswrite =3D -1; int ret =3D 1; @@ -1123,6 +1175,7 @@ int main(int argc, char **argv) { char *pid_file =3D NULL; int pid_file_fd =3D -1; char *sock_file =3D NULL; + char *admin_sock_file =3D NULL; int timeout =3D -1; /* -t: Shutdown timeout */ char *state_file =3D NULL; bool implicit_conf =3D false; @@ -1250,12 +1303,13 @@ int main(int argc, char **argv) { VIR_DEBUG("Decided on pid file path '%s'", NULLSTR(pid_file)); =20 if (virLockDaemonUnixSocketPaths(privileged, - &sock_file) < 0) { + &sock_file, + &admin_sock_file) < 0) { VIR_ERROR(_("Can't determine socket paths")); exit(EXIT_FAILURE); } - VIR_DEBUG("Decided on socket paths '%s'", - sock_file); + VIR_DEBUG("Decided on socket paths '%s' and '%s'", + sock_file, admin_sock_file); =20 if (virLockDaemonExecRestartStatePath(privileged, &state_file) < 0) { @@ -1330,22 +1384,30 @@ int main(int argc, char **argv) { goto cleanup; } =20 - srv =3D virNetDaemonGetServer(lockDaemon->dmn, "virtlockd"); - if ((rv =3D virLockDaemonSetupNetworkingSystemD(srv)) < 0) { + lockSrv =3D virNetDaemonGetServer(lockDaemon->dmn, "virtlockd"); + adminSrv =3D virNetDaemonGetServer(lockDaemon->dmn, "admin"); + if ((rv =3D virLockDaemonSetupNetworkingSystemD(lockSrv, adminSrv)= ) < 0) { ret =3D VIR_LOCK_DAEMON_ERR_NETWORK; goto cleanup; } =20 /* Only do this, if systemd did not pass a FD */ - if (rv =3D=3D 0 && - virLockDaemonSetupNetworkingNative(srv, sock_file) < 0) { - ret =3D VIR_LOCK_DAEMON_ERR_NETWORK; - goto cleanup; + if (rv =3D=3D 0) { + if (virLockDaemonSetupNetworkingNative(lockSrv, sock_file) < 0= || + virLockDaemonSetupNetworkingNative(adminSrv, admin_sock_fi= le) < 0) { + ret =3D VIR_LOCK_DAEMON_ERR_NETWORK; + goto cleanup; + } } - virObjectUnref(srv); + virObjectUnref(lockSrv); + virObjectUnref(adminSrv); } =20 - srv =3D virNetDaemonGetServer(lockDaemon->dmn, "virtlockd"); + lockSrv =3D virNetDaemonGetServer(lockDaemon->dmn, "virtlockd"); + /* If exec-restarting from old virtlockd, we won't have an + * admin server present */ + if (virNetDaemonHasServer(lockDaemon->dmn, "admin")) + adminSrv =3D virNetDaemonGetServer(lockDaemon->dmn, "admin"); =20 if (timeout !=3D -1) { VIR_DEBUG("Registering shutdown timeout %d", timeout); @@ -1366,11 +1428,25 @@ int main(int argc, char **argv) { goto cleanup; } =20 - if (virNetServerAddProgram(srv, lockProgram) < 0) { + if (virNetServerAddProgram(lockSrv, lockProgram) < 0) { ret =3D VIR_LOCK_DAEMON_ERR_INIT; goto cleanup; } =20 + if (adminSrv !=3D NULL) { + if (!(adminProgram =3D virNetServerProgramNew(ADMIN_PROGRAM, + ADMIN_PROTOCOL_VERSION, + adminProcs, + adminNProcs))) { + ret =3D VIR_LOCK_DAEMON_ERR_INIT; + goto cleanup; + } + if (virNetServerAddProgram(adminSrv, adminProgram) < 0) { + ret =3D VIR_LOCK_DAEMON_ERR_INIT; + goto cleanup; + } + } + /* Disable error func, now logging is setup */ virSetErrorFunc(NULL, virLockDaemonErrorHandler); =20 @@ -1401,8 +1477,10 @@ int main(int argc, char **argv) { ret =3D 0; =20 cleanup: - virObjectUnref(srv); virObjectUnref(lockProgram); + virObjectUnref(adminProgram); + virObjectUnref(lockSrv); + virObjectUnref(adminSrv); virLockDaemonFree(lockDaemon); if (statuswrite !=3D -1) { if (ret !=3D 0) { @@ -1418,6 +1496,7 @@ int main(int argc, char **argv) { virPidFileReleasePath(pid_file, pid_file_fd); VIR_FREE(pid_file); VIR_FREE(sock_file); + VIR_FREE(admin_sock_file); VIR_FREE(state_file); VIR_FREE(run_dir); return ret; diff --git a/src/locking/lock_daemon_config.c b/src/locking/lock_daemon_con= fig.c index 20824b870c..efa5655a30 100644 --- a/src/locking/lock_daemon_config.c +++ b/src/locking/lock_daemon_config.c @@ -72,6 +72,7 @@ virLockDaemonConfigNew(bool privileged ATTRIBUTE_UNUSED) return NULL; =20 data->max_clients =3D 1024; + data->admin_max_clients =3D 5000; =20 return data; } @@ -100,6 +101,8 @@ virLockDaemonConfigLoadOptions(virLockDaemonConfigPtr d= ata, return -1; if (virConfGetValueUInt(conf, "max_clients", &data->max_clients) < 0) return -1; + if (virConfGetValueUInt(conf, "admin_max_clients", &data->admin_max_cl= ients) < 0) + return -1; =20 return 0; } diff --git a/src/locking/lock_daemon_config.h b/src/locking/lock_daemon_con= fig.h index 6ab84c6a0a..3e642208f5 100644 --- a/src/locking/lock_daemon_config.h +++ b/src/locking/lock_daemon_config.h @@ -34,6 +34,7 @@ struct _virLockDaemonConfig { char *log_filters; char *log_outputs; unsigned int max_clients; + unsigned int admin_max_clients; }; =20 =20 diff --git a/src/locking/test_virtlockd.aug.in b/src/locking/test_virtlockd= .aug.in index 799818e5d1..2d69816b5c 100644 --- a/src/locking/test_virtlockd.aug.in +++ b/src/locking/test_virtlockd.aug.in @@ -3,6 +3,8 @@ module Test_virtlockd =3D log_filters=3D\"3:remote 4:event\" log_outputs=3D\"3:syslog:libvirtd\" log_buffer_size =3D 64 +max_clients =3D 10 +admin_max_clients =3D 10 " =20 test Virtlockd.lns get conf =3D @@ -10,3 +12,5 @@ log_buffer_size =3D 64 { "log_filters" =3D "3:remote 4:event" } { "log_outputs" =3D "3:syslog:libvirtd" } { "log_buffer_size" =3D "64" } + { "max_clients" =3D "10" } + { "admin_max_clients" =3D "10" } diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-= admin.socket.in new file mode 100644 index 0000000000..1fa0a3dc33 --- /dev/null +++ b/src/locking/virtlockd-admin.socket.in @@ -0,0 +1,10 @@ +[Unit] +Description=3DVirtual machine lock manager admin socket +Before=3Dlibvirtd.service + +[Socket] +ListenStream=3D@localstatedir@/run/libvirt/virtlockd-admin-sock +Server=3Dvirtlockd.service + +[Install] +WantedBy=3Dsockets.target diff --git a/src/locking/virtlockd.aug b/src/locking/virtlockd.aug index ec8d2b5c0a..7b152ed407 100644 --- a/src/locking/virtlockd.aug +++ b/src/locking/virtlockd.aug @@ -29,6 +29,7 @@ module Virtlockd =3D | str_entry "log_outputs" | int_entry "log_buffer_size" | int_entry "max_clients" + | int_entry "admin_max_clients" =20 (* Each enty in the config is one of the following three ... *) let entry =3D logging_entry diff --git a/src/locking/virtlockd.conf b/src/locking/virtlockd.conf index 4c935d0a2c..24b69aa425 100644 --- a/src/locking/virtlockd.conf +++ b/src/locking/virtlockd.conf @@ -65,3 +65,9 @@ # to virtlockd. So 'max_clients' will affect how many VMs can # be run on a host #max_clients =3D 1024 + +# Same processing controls, but this time for the admin interface. +# For description of each option, be so kind to scroll few lines +# upwards. + +#admin_max_clients =3D 5 diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.servi= ce.in index 07e48478b7..3c9d587032 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -1,6 +1,7 @@ [Unit] Description=3DVirtual machine lock manager Requires=3Dvirtlockd.socket +Requires=3Dvirtlockd-admin.socket Before=3Dlibvirtd.service Documentation=3Dman:virtlockd(8) Documentation=3Dhttps://libvirt.org --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list