Source: libvirt Severity: minor Tags: patch Dear Maintainer,
I suggest documenting tcp/tls usage to stop libvirtd conffiles from being misleading. It will prevent from following situations: E.g. User uses virsh: $ virsh -c qemu+tcp://host/system error: unable to connect to server at 'host:16509': Connection refused error: failed to connect to the hypervisor Then wants to start the libvirt systemd service that starts the libvirt process with $libvirt_opts as a parameter to the executable. There are some options passed to libvirtd - add "-l" to listen on tcp libvirtd_opts="-l -d" - but adding any option in libvirtd_opts causes the service to fail on restart without the listener running on port 16509. >From the user's perspective it might look like the libvirtd.service file needs to be changed to enable the tcp listener instead of using the /etc/default/libvirtd config file. To prevent that, I propose the patch that is added as an attachment. -- System Information: Debian Release: bullseye/sid APT prefers focal-updates APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal-proposed'), (500, 'focal'), (100, 'focal-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.15.0-79-generic (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
>From e5628015f5a5005145f1d74dae89205be7255fb3 Mon Sep 17 00:00:00 2001 From: Michal Maloszewski <michal.maloszew...@canonical.com> Date: Thu, 24 Aug 2023 22:00:39 +0200 Subject: [PATCH] * d/libvirt-daemon-system.libvirtd.default: Document tcp/tls usage to stop libvirtd conffiles from being misleading. --- debian/libvirt-daemon-system.libvirtd.default | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/debian/libvirt-daemon-system.libvirtd.default b/debian/libvirt-daemon-system.libvirtd.default index 7db970d16..838f3d9a3 100644 --- a/debian/libvirt-daemon-system.libvirtd.default +++ b/debian/libvirt-daemon-system.libvirtd.default @@ -7,7 +7,21 @@ # connects. #LIBVIRTD_ARGS="--timeout 120" -# If systemd socket activation is disabled, then the following +# If systemd socket activation is enabled (this is the default), then the +# following can be used to listen on TCP/TLS sockets: +# $ systemctl start libvirtd-<socket_type>.socket +# where <socket_type> = tls or tcp. +# +# Note: In case the service is already running, this command might fail, but +# that does not matter as it has already started. If not using the daemon +# at the moment you might stop it so the socket(s) can be enabled: +# $ sudo systemctl stop libvirtd +# +# To configure the socket to be started and available on system startup use: +# $ sudo systemctl enable libvirtd-<socket_type>.socket +# where socket_type = tls or tcp. + +# If systemd socket activation has been disabled, then the following # can be used to listen on TCP/TLS sockets #LIBVIRTD_ARGS="--listen" -- 2.25.1