On Mon, Mar 01, 2021 at 03:31:59PM +0000, Stefan Hajnoczi wrote: > The QMP monitor, NBD server, and vhost-user-blk export all support file > descriptor passing. This is a useful technique because it allows the > parent process to spawn and wait for qemu-storage-daemon without busy > waiting, which may delay startup due to arbitrary sleep() calls. > > This Python example is inspired by the test case written for libnbd by > Richard W.M. Jones <rjo...@redhat.com>: > https://gitlab.com/nbdkit/libnbd/-/commit/89113f484effb0e6c322314ba75c1cbe07a04543 > > Thanks to Daniel P. Berrangé <berra...@redhat.com> for suggestions on > how to get this working. Now let's document it! > > Reported-by: Richard W.M. Jones <rjo...@redhat.com> > Cc: Kevin Wolf <kw...@redhat.com> > Cc: Daniel P. Berrangé <berra...@redhat.com> > Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com> > --- > docs/tools/qemu-storage-daemon.rst | 38 ++++++++++++++++++++++++++++-- > 1 file changed, 36 insertions(+), 2 deletions(-) > > diff --git a/docs/tools/qemu-storage-daemon.rst > b/docs/tools/qemu-storage-daemon.rst > index f63627eaf6..45854c131e 100644 > --- a/docs/tools/qemu-storage-daemon.rst > +++ b/docs/tools/qemu-storage-daemon.rst > @@ -101,10 +101,12 @@ Standard options: > > .. option:: --nbd-server > addr.type=inet,addr.host=<host>,addr.port=<port>[,tls-creds=<id>][,tls-authz=<id>][,max-connections=<n>] > --nbd-server > addr.type=unix,addr.path=<path>[,tls-creds=<id>][,tls-authz=<id>][,max-connections=<n>] > + --nbd-server > addr.type=fd,addr.str=<fd>[,tls-creds=<id>][,tls-authz=<id>][,max-connections=<n>] > > is a server for NBD exports. Both TCP and UNIX domain sockets are > supported. > - TLS encryption can be configured using ``--object`` tls-creds-* and authz-* > - secrets (see below). > + A listen socket can be provided via file descriptor passing (see Examples > + below). TLS encryption can be configured using ``--object`` tls-creds-* and > + authz-* secrets (see below). > > To configure an NBD server on UNIX domain socket path ``/tmp/nbd.sock``:: > > @@ -127,6 +129,38 @@ QMP commands:: > --chardev socket,path=qmp.sock,server,nowait,id=char1 \ > --monitor chardev=char1 > > +Launch the daemon from Python with a QMP monitor socket using file descriptor > +passing so there is no need to busy wait for the QMP monitor to become > +available:: > + > + #!/usr/bin/env python3 > + import os > + import subprocess > + import socket > + > + sock_path = '/tmp/qmp-{}.sock'.format(os.getpid())
Example code inevitably gets cut+paste into real world apps, and this example is a tmpfile CVE flaw. At least put it in $CWD instead. > + > + with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as listen_sock: > + listen_sock.bind(sock_path) > + listen_sock.listen() > + > + fd = listen_sock.fileno() > + > + subprocess.Popen( > + ['qemu-storage-daemon', > + '--chardev', f'socket,fd={fd},server=on,id=char1', > + '--monitor', 'chardev=char1'], > + pass_fds=[fd], > + ) > + > + qmp_sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) > + qmp_sock.connect(sock_path) > + ...QMP interaction... > + > +The same socket spawning approach also works with the ``--nbd-server > +addr.type=fd,addr.str=<fd>`` and ``--export > +type=vhost-user-blk,addr.type=fd,addr.str=<fd>`` options. > + > Export raw image file ``disk.img`` over NBD UNIX domain socket ``nbd.sock``:: > > $ qemu-storage-daemon \ > -- > 2.29.2 > Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|