[systemd-devel] Antw: [EXT] Re: Q: (simple) socket activation

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Mon Jan 4 11:07:10 UTC 2021 

>>> Lennart Poettering <lennart at poettering.net> schrieb am 21.12.2020 um 16:18
in
Nachricht <20201221151821.GC50805 at gardel-login>:
> On Fr, 18.12.20 08:44, Ulrich Windl (Ulrich.Windl at rz.uni‑regensburg.de)
wrote:
> 
>> Hi!
>>
>> I have a simple question: For a socket‑unit I have:
>> LISTEN                                UNIT                            
> ACTIVATES
>> [::]:16514                            libvirtd‑tls.socket             
> libvirtd.service
>>
>> I had enabled/started libvirtd.service first, then configured TLS later, 
> enabling/starting the libvirtd‑tls.socket.
>> Should I disable libvirtd.service again, or would that block 
> libvirtd‑tls.socket from working?
>> At the moment I can't restart libvirtd‑tls.socket when libvirtd.service is

> running: I first have to stop libvirtd.service.
> 
> This really depends on how the libvirt object put together its unit
> files, and cannot be answered out of thin air.
> 
> Not sure what "configured TLS later" is even supposed to mean.

Obviously libvirtd-tls.socket uses TLS and it can't be started when TLS is not
configured (certificates, CAs, etc.).


libvirt.service has:
[Unit]
Description=Virtualization daemon
Requires=virtlogd.socket
Requires=virtlockd.socket
# Use Wants instead of Requires so that users
# can disable these three .socket units to revert
# to a traditional non-activation deployment setup
Wants=libvirtd.socket
Wants=libvirtd-ro.socket
Wants=libvirtd-admin.socket
Wants=systemd-machined.service
Before=libvirt-guests.service
After=network.target
After=dbus.service
After=iscsid.service
After=apparmor.service
After=local-fs.target
After=remote-fs.target
After=systemd-logind.service
After=systemd-machined.service
After=xencommons.service
Conflicts=xendomains.service
Documentation=man:libvirtd(8)
Documentation=https://libvirt.org
...

/usr/lib/systemd/system/libvirtd.socket has:
[Unit]
Description=Libvirt local socket
Before=libvirtd.service


[Socket]
# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir
setting
# when using systemd version < 227
ListenStream=/run/libvirt/libvirt-sock
Service=libvirtd.service
SocketMode=0666
....

/usr/lib/systemd/system/libvirtd-tls.socket has:
[Unit]
Description=Libvirt TLS IP socket
Before=libvirtd.service
BindsTo=libvirtd.socket
After=libvirtd.socket


[Socket]
# This must match the /etc/libvirt/libvirtd.conf tls_port setting
# when using systemd version < 227
ListenStream=16514
Service=libvirtd.service
...

Regards,
Ulrich

> 
> Lennart
> 
> ‑‑
> Lennart Poettering, Berlin

More information about the systemd-devel mailing list