From 584b44149ac2817d6a42cd3f5a18773f13e969bc Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Fri, 11 Mar 2016 20:12:27 +0100 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- init.d/libvirtd | 23 +++++++-------- init.d/virtlogd | 24 ++++++++++++++++ libvirt/libvirt-admin.conf | 16 +++++++++++ libvirt/libvirt.conf | 6 ++-- libvirt/qemu.conf | 15 ++++++++++ libvirt/virtlogd.conf | 59 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 127 insertions(+), 16 deletions(-) create mode 100755 init.d/virtlogd create mode 100644 libvirt/libvirt-admin.conf create mode 100644 libvirt/virtlogd.conf diff --git a/init.d/libvirtd b/init.d/libvirtd index 97184e36..790161ea 100755 --- a/init.d/libvirtd +++ b/init.d/libvirtd @@ -15,24 +15,21 @@ pidfile="/var/run/libvirtd.pid" retry="${LIBVIRTD_TERMTIMEOUT}" depend() { - - use avahi-daemon dbus virtlockd + need virtlogd + use dbus virtlockd after ntp-client ntpd nfs nfsmount portmap rpc.statd iptables ip6tables ebtables corosync sanlock cgconfig xenconsoled + + use avahi-daemon + + } start_pre() { # Test configuration directories in /etc/libvirt/ to be either not # present or a directory, i.e. not a regular file, bug #532892 - local has_errors=0 - ebegin "Checking for suitable directories in \"/etc/libvirt\"" - - for dir in lxc nwfilter qemu storage; do - if [ -f /etc/libvirt/$dir ]; then - has_errors=1 - eerror "/etc/libvirt/$dir was created as a regular file. It must be either" - eerror "a directory or not present for libvirtd to start up successfully." - fi - done - eend ${has_errors} "Please correct the error(s) above" + checkpath --directory /etc/libvirt/lxc || return 1 + checkpath --directory /etc/libvirt/nwfilter || return 1 + checkpath --directory /etc/libvirt/qemu || return 1 + checkpath --directory /etc/libvirt/storage || return 1 } diff --git a/init.d/virtlogd b/init.d/virtlogd new file mode 100755 index 00000000..fac51d99 --- /dev/null +++ b/init.d/virtlogd @@ -0,0 +1,24 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description="libvirt virtual machine logging manager" +command="/usr/sbin/virtlogd" +command_args="-d" +pidfile="/var/run/virtlogd.pid" + +extra_started_commands="reload" +description_reload="re-exec the daemon, while maintaining open connections" + + +depend() { + after ntp-client ntpd nfs nfsmount corosync +} + +reload() { + ebegin "re-exec() virtlogd" + + start-stop-daemon --signal SIGUSR1 \ + --exec "${command}" --pidfile "${pidfile}" +} diff --git a/libvirt/libvirt-admin.conf b/libvirt/libvirt-admin.conf new file mode 100644 index 00000000..d7cf12a2 --- /dev/null +++ b/libvirt/libvirt-admin.conf @@ -0,0 +1,16 @@ +# +# This can be used to setup URI aliases for frequently +# used connection URIs. Aliases may contain only the +# characters a-Z, 0-9, _, -. +# +# Following the '=' may be any valid libvirt admin connection +# URI, including arbitrary parameters + +#uri_aliases = [ +# "admin=libvirtd:///system", +#] + +# This specifies the default location the client tries to connect to if no other +# URI is provided by the application + +#uri_default = "libvirtd:///system" diff --git a/libvirt/libvirt.conf b/libvirt/libvirt.conf index 016cd242..da4dfbec 100644 --- a/libvirt/libvirt.conf +++ b/libvirt/libvirt.conf @@ -12,7 +12,7 @@ #] # -# This can be used to prevent probing of the hypervisor -# driver when no URI is supplied by the application. - +# These can be used in cases when no URI is supplied by the application +# (@uri_default also prevents probing of the hypervisor driver). +# #uri_default = "qemu:///system" diff --git a/libvirt/qemu.conf b/libvirt/qemu.conf index 1c589a23..4fa5e8ad 100644 --- a/libvirt/qemu.conf +++ b/libvirt/qemu.conf @@ -515,3 +515,18 @@ # "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd", # "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" #] + +# The backend to use for handling stdout/stderr output from +# QEMU processes. +# +# 'file': QEMU writes directly to a plain file. This is the +# historical default, but allows QEMU to inflict a +# denial of service attack on the host by exhausting +# filesystem space +# +# 'logd': QEMU writes to a pipe provided by virtlogd daemon. +# This is the current default, providing protection +# against denial of service by performing log file +# rollover when a size limit is hit. +# +#stdio_handler = "logd" diff --git a/libvirt/virtlogd.conf b/libvirt/virtlogd.conf new file mode 100644 index 00000000..abb36332 --- /dev/null +++ b/libvirt/virtlogd.conf @@ -0,0 +1,59 @@ +# Master virtlogd daemon configuration file +# + +################################################################# +# +# Logging controls +# + +# Logging level: 4 errors, 3 warnings, 2 information, 1 debug +# basically 1 will log everything possible +#log_level = 3 + +# Logging filters: +# A filter allows to select a different logging level for a given category +# of logs +# The format for a filter is one of: +# x:name +# x:+name +# where name is a string which is matched against source file name, +# e.g., "remote", "qemu", or "util/json", the optional "+" prefix +# tells libvirt to log stack trace for each message matching name, +# and x is the minimal level where matching messages should be logged: +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple filter can be defined in a single @filters, they just need to be +# separated by spaces. +# +# e.g. to only get warning or errors from the remote layer and only errors +# from the event layer: +#log_filters="3:remote 4:event" + +# Logging outputs: +# An output is one of the places to save logging information +# The format for an output can be: +# x:stderr +# output goes to stderr +# x:syslog:name +# use syslog for the output and use the given name as the ident +# x:file:file_path +# output to a file, with the given filepath +# x:journald +# ouput to the systemd journal +# In all case the x prefix is the minimal level, acting as a filter +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple output can be defined, they just need to be separated by spaces. +# e.g. to log all warnings and errors to syslog under the virtlogd ident: +#log_outputs="3:syslog:virtlogd" +# + +# The maximum number of concurrent client connections to allow +# over all sockets combined. +#max_clients = 1024 -- 2.39.5