libvirt: Initial package creation.

Signed-off-by: Raymond Danks <ray.danks@se-eng.com>
author: Raymond Danks <ray.danks@se-eng.com> 2012-06-21 15:32:51 -0600
committer: Raymond Danks <ray.danks@se-eng.com> 2012-06-21 15:32:51 -0600
commit: 8378d87ced87d96a16177ee7fe97c3868532f78b (patch)
tree: 5c225cd1e9b3bde410232ce710b1af7ff8c6779f /recipes-extended/libvirt/libvirt
parent: 20ba217312d37166d86d9562bcf5a7df9a9da05f (diff)
download: meta-virtualization-8378d87ced87d96a16177ee7fe97c3868532f78b.tar.gz
3 files changed, 532 insertions, 0 deletions
diff --git a/recipes-extended/libvirt/libvirt/libvirtd.conf b/recipes-extended/libvirt/libvirt/libvirtd.conf
new file mode 100644
index 00000000..c0462b47
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/libvirtd.conf
@@ -0,0 +1,393 @@
+# Master libvirt daemon configuration file
+#
+# For further information consult http://libvirt.org/format.html
+#
+# NOTE: the tests/daemon-conf regression test script requires
+# that each "PARAMETER = VALUE" line in this file have the parameter
+# name just after a leading "#".
+#################################################################
+#
+# Network connectivity controls
+#
+# Flag listening for secure TLS connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# It is necessary to setup a CA and issue server certificates before
+# using this capability.
+#
+# This is enabled by default, uncomment this to disable it
+listen_tls = 0
+# Listen for unencrypted TCP connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# Using the TCP socket requires SASL authentication by default. Only
+# SASL mechanisms which support data encryption are allowed. This is
+# DIGEST_MD5 and GSSAPI (Kerberos5)
+#
+# This is disabled by default, uncomment this to enable it.
+listen_tcp = 1
+# Override the port for accepting secure TLS connections
+# This can be a port number, or service name
+#
+#tls_port = "16514"
+# Override the port for accepting insecure TCP connections
+# This can be a port number, or service name
+#
+#tcp_port = "16509"
+# Override the default configuration which binds to all network
+# interfaces. This can be a numeric IPv4/6 address, or hostname
+#
+#listen_addr = "192.168.0.1"
+# Flag toggling mDNS advertizement of the libvirt service.
+#
+# Alternatively can disable for all services on a host by
+# stopping the Avahi daemon
+#
+# This is enabled by default, uncomment this to disable it
+#mdns_adv = 0
+# Override the default mDNS advertizement name. This must be
+# unique on the immediate broadcast network.
+#
+# The default is "Virtualization Host HOSTNAME", where HOSTNAME
+# is subsituted for the short hostname of the machine (without domain)
+#
+#mdns_name = "Virtualization Host Joe Demo"
+#################################################################
+#
+# UNIX socket access controls
+#
+# Set the UNIX domain socket group ownership. This can be used to
+# allow a 'trusted' set of users access to management capabilities
+# without becoming root.
+#
+# This is restricted to 'root' by default.
+#unix_sock_group = "libvirt"
+# Set the UNIX socket permissions for the R/O socket. This is used
+# for monitoring VM status only
+#
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
+#unix_sock_ro_perms = "0777"
+# Set the UNIX socket permissions for the R/W socket. This is used
+# for full management of VMs
+#
+# Default allows only root. If PolicyKit is enabled on the socket,
+# the default will change to allow everyone (eg, 0777)
+#
+# If not using PolicyKit and setting group ownership for access
+# control then you may want to relax this to:
+#unix_sock_rw_perms = "0770"
+# Set the name of the directory in which sockets will be found/created.
+#unix_sock_dir = "/var/run/libvirt"
+#################################################################
+#
+# Authentication.
+#
+#  - none: do not perform auth checks. If you can connect to the
+#          socket you are allowed. This is suitable if there are
+#          restrictions on connecting to the socket (eg, UNIX
+#          socket permissions), or if there is a lower layer in
+#          the network providing auth (eg, TLS/x509 certificates)
+#
+#  - sasl: use SASL infrastructure. The actual auth scheme is then
+#          controlled from /etc/sasl2/libvirt.conf. For the TCP
+#          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+#          For non-TCP or TLS sockets,  any scheme is allowed.
+#
+#  - polkit: use PolicyKit to authenticate. This is only suitable
+#            for use on the UNIX sockets. The default policy will
+#            require a user to supply their own password to gain
+#            full read/write access (aka sudo like), while anyone
+#            is allowed read/only access.
+#
+# Set an authentication scheme for UNIX read-only sockets
+# By default socket permissions allow anyone to connect
+#
+# To restrict monitoring of domains you may wish to enable
+# an authentication mechanism here
+#auth_unix_ro = "none"
+# Set an authentication scheme for UNIX read-write sockets
+# By default socket permissions only allow root. If PolicyKit
+# support was compiled into libvirt, the default will be to
+# use 'polkit' auth.
+#
+# If the unix_sock_rw_perms are changed you may wish to enable
+# an authentication mechanism here
+#auth_unix_rw = "none"
+# Change the authentication scheme for TCP sockets.
+#
+# If you don't enable SASL, then all TCP traffic is cleartext.
+# Don't do this outside of a dev/test scenario. For real world
+# use, always enable SASL and use the GSSAPI or DIGEST-MD5
+# mechanism in /etc/sasl2/libvirt.conf
+#auth_tcp = "sasl"
+# Change the authentication scheme for TLS sockets.
+#
+# TLS sockets already have encryption provided by the TLS
+# layer, and limited authentication is done by certificates
+#
+# It is possible to make use of any SASL authentication
+# mechanism as well, by using 'sasl' for this option
+#auth_tls = "none"
+#################################################################
+#
+# TLS x509 certificate configuration
+#
+# Override the default server key file path
+#
+#key_file = "/etc/pki/libvirt/private/serverkey.pem"
+# Override the default server certificate file path
+#
+#cert_file = "/etc/pki/libvirt/servercert.pem"
+# Override the default CA certificate path
+#
+#ca_file = "/etc/pki/CA/cacert.pem"
+# Specify a certificate revocation list.
+#
+# Defaults to not using a CRL, uncomment to enable it
+#crl_file = "/etc/pki/CA/crl.pem"
+#################################################################
+#
+# Authorization controls
+#
+# Flag to disable verification of our own server certificates
+#
+# When libvirtd starts it performs some sanity checks against
+# its own certificates.
+#
+# Default is to always run sanity checks. Uncommenting this
+# will disable sanity checks which is not a good idea
+#tls_no_sanity_certificate = 1
+# Flag to disable verification of client certificates
+#
+# Client certificate verification is the primary authentication mechanism.
+# Any client which does not present a certificate signed by the CA
+# will be rejected.
+#
+# Default is to always verify. Uncommenting this will disable
+# verification - make sure an IP whitelist is set
+#tls_no_verify_certificate = 1
+# A whitelist of allowed x509  Distinguished Names
+# This list may contain wildcards such as
+#
+#    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no DN's are checked
+#tls_allowed_dn_list = ["DN1", "DN2"]
+# A whitelist of allowed SASL usernames. The format for usernames
+# depends on the SASL authentication mechanism. Kerberos usernames
+# look like username@REALM
+#
+# This list may contain wildcards such as
+#
+#    "*@EXAMPLE.COM"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no Username's are checked
+#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
+#################################################################
+#
+# Processing controls
+#
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+#max_clients = 20
+# The minimum limit sets the number of workers to start up
+# initially. If the number of active clients exceeds this,
+# then more threads are spawned, upto max_workers limit.
+# Typically you'd want max_workers to equal maximum number
+# of clients allowed
+#min_workers = 5
+#max_workers = 20
+# The number of priority workers. If all workers from above
+# pool will stuck, some calls marked as high priority
+# (notably domainDestroy) can be executed in this pool.
+#prio_workers = 5
+# Total global limit on concurrent RPC calls. Should be
+# at least as large as max_workers. Beyond this, RPC requests
+# will be read into memory and queued. This directly impact
+# memory usage, currently each request requires 256 KB of
+# memory. So by default upto 5 MB of memory is used
+#
+# XXX this isn't actually enforced yet, only the per-client
+# limit is used so far
+#max_requests = 20
+# Limit on concurrent requests from a single client
+# connection. To avoid one client monopolizing the server
+# this should be a small fraction of the global max_requests
+# and max_workers parameter
+#max_client_requests = 5
+#################################################################
+#
+# Logging controls
+#
+# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# basically 1 will log everything possible
+#log_level = 3
+# Logging filters:
+# A filter allows to select a different logging level for a given category
+# of logs
+# The format for a filter is:
+#    x:name
+#      where name is a match string e.g. remote or qemu
+# the x prefix is the minimal level where matching messages should be logged
+#    1: DEBUG
+#    2: INFO
+#    3: WARNING
+#    4: ERROR
+#
+# Multiple filter can be defined in a single @filters, they just need to be
+# separated by spaces.
+#
+# e.g:
+# log_filters="3:remote 4:event"
+# to only get warning or errors from the remote layer and only errors from
+# the event layer.
+# Logging outputs:
+# An output is one of the places to save logging information
+# The format for an output can be:
+#    x:stderr
+#      output goes to stderr
+#    x:syslog:name
+#      use syslog for the output and use the given name as the ident
+#    x:file:file_path
+#      output to a file, with the given filepath
+# In all case the x prefix is the minimal level, acting as a filter
+#    1: DEBUG
+#    2: INFO
+#    3: WARNING
+#    4: ERROR
+#
+# Multiple output can be defined, they just need to be separated by spaces.
+# e.g.:
+# log_outputs="3:syslog:libvirtd"
+# to log all warnings and errors to syslog under the libvirtd ident
+# Log debug buffer size: default 64
+# The daemon keeps an internal debug log buffer which will be dumped in case
+# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
+# the default buffer size in kilobytes.
+# If value is 0 or less the debug log buffer is deactivated
+#log_buffer_size = 64
+##################################################################
+#
+# Auditing
+#
+# This setting allows usage of the auditing subsystem to be altered:
+#
+#   audit_level == 0  -> disable all auditing
+#   audit_level == 1  -> enable auditing, only if enabled on host (default)
+#   audit_level == 2  -> enable auditing, and exit if disabled on host
+#
+#audit_level = 2
+#
+# If set to 1, then audit messages will also be sent
+# via libvirt logging infrastructure. Defaults to 0
+#
+#audit_logging = 1
+###################################################################
+# UUID of the host:
+# Provide the UUID of the host here in case the command
+# 'dmidecode -s system-uuid' does not provide a valid uuid. In case
+# 'dmidecode' does not provide a valid UUID and none is provided here, a
+# temporary UUID will be generated.
+# Keep the format of the example UUID below. UUID must not have all digits
+# be the same.
+# NB This default all-zeros UUID will not work. Replace
+# it with the output of the 'uuidgen' command and then
+# uncomment this entry
+#host_uuid = "00000000-0000-0000-0000-000000000000"
+###################################################################
+# Keepalive protocol:
+# This allows libvirtd to detect broken client connections or even
+# dead client.  A keepalive message is sent to a client after
+# keepalive_interval seconds of inactivity to check if the client is
+# still responding; keepalive_count is a maximum number of keepalive
+# messages that are allowed to be sent to the client without getting
+# any response before the connection is considered broken.  In other
+# words, the connection is automatically closed approximately after
+# keepalive_interval * (keepalive_count + 1) seconds since the last
+# message received from the client.  If keepalive_interval is set to
+# -1, libvirtd will never send keepalive requests; however clients
+# can still send them and the deamon will send responses.  When
+# keepalive_count is set to 0, connections will be automatically
+# closed after keepalive_interval seconds of inactivity without
+# sending any keepalive messages.
+#
+#keepalive_interval = 5
+#keepalive_count = 5
+#
+# If set to 1, libvirtd will refuse to talk to clients that do not
+# support keepalive protocol.  Defaults to 0.
+#
+#keepalive_required = 1
diff --git a/recipes-extended/libvirt/libvirt/libvirtd.sh b/recipes-extended/libvirt/libvirt/libvirtd.sh
new file mode 100755
index 00000000..89b81d89
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/libvirtd.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: libvirtd
+# Required-Start: $local_fs $network dbus
+# Required-Stop: $local_fs $network dbus
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+### END INIT INFO
+if [ -f /lib/lsb/init-functions ]
+then
+    . /lib/lsb/init-functions
+else
+    # int log_begin_message (char *message)
+    log_begin_msg () {
+        if [ -z "$1" ]; then
+            return 1
+        fi
+        echo " * $@"
+    }
+    # int log_end_message (int exitstatus)
+    log_end_msg () {
+        
+    # If no arguments were passed, return
+        [ -z "$1" ] && return 1
+        
+    # Only do the fancy stuff if we have an appropriate terminal
+    # and if /usr is already mounted
+        TPUT=/usr/bin/tput
+        EXPR=/usr/bin/expr
+        if [ -x $TPUT ] && [ -x $EXPR ] && $TPUT hpa 60 >/dev/null 2>&1; then
+            COLS=`$TPUT cols`
+            if [ -n "$COLS" ]; then
+                COL=`$EXPR $COLS - 7`
+            else
+                COL=73
+            fi
+            UP=`$TPUT cuu1`
+            END=`$TPUT hpa $COL`
+            START=`$TPUT hpa 0`
+            RED=`$TPUT setaf 1`
+            NORMAL=`$TPUT op`
+            if [ $1 -eq 0 ]; then
+                echo "$UP$END[ ok ]"
+            else
+                echo -e "$UP$START $RED*$NORMAL$END[${RED}fail${NORMAL}]"
+            fi
+        else
+            if [ $1 -eq 0 ]; then
+                echo "   ...done."
+            else
+                echo "   ...fail!"
+            fi
+        fi
+        return $1
+    }
+    
+    log_warning_msg () {
+        if log_use_fancy_output; then
+            YELLOW=`$TPUT setaf 3`
+            NORMAL=`$TPUT op`
+            echo "$YELLOW*$NORMAL $@"
+        else
+            echo "$@"
+        fi
+    }
+fi
+case "$1" in
+        start)
+                if [ -e /var/run/libvirtd.pid ]; then
+                        if [ -d /proc/$(cat /var/run/libvirtd.pid) ]; then
+                                echo "virtualization library already started; not starting."
+                        else
+                                echo "Removing stale PID file /var/run/libvirtd.pid."
+                                rm -f /var/run/libvirtd.pid
+                        fi
+                fi
+                log_begin_msg "Starting virtualization library daemon: libvirtd"
+                start-stop-daemon --start --quiet --pidfile /var/run/libvirtd.pid --exec /usr/sbin/libvirtd -- --daemon --listen
+                log_end_msg $?
+                ;;
+        stop)
+                log_begin_msg "Stopping virtualization library daemon: libvirtd"
+                start-stop-daemon --stop --quiet --retry 3 --exec /usr/sbin/libvirtd --pidfile /var/run/libvirtd.pid
+                log_end_msg $?
+                rm -f /var/run/libvirtd.pid
+                ;;
+        restart)
+                $0 stop
+                sleep 1
+                $0 start
+                ;;
+        *)
+                echo "Usage: $0 {start|stop|restart}"
+                exit 1
+                ;;
+esac
diff --git a/recipes-extended/libvirt/libvirt/oe_PYTHON_INCLUDES.patch b/recipes-extended/libvirt/libvirt/oe_PYTHON_INCLUDES.patch
new file mode 100644
index 00000000..a4913ba3
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/oe_PYTHON_INCLUDES.patch
@@ -0,0 +1,39 @@
+--- libvirt-0.9.10/configure.ac.sav     2012-03-14 15:03:11.042785629 -0600
+++ libvirt-0.9.10/configure.ac 2012-03-14 15:17:13.722309867 -0600
+@@ -2052,26 +2052,22 @@
+         AM_PATH_PYTHON(,, [:])
+ 
+         if test "$PYTHON" != : ; then
+-            PYTHON_CONFIG="$PYTHON-config"
+-
+-            if test -x "$PYTHON_CONFIG"
+            if test -r `$as_dirname $PYTHON`/../include/python$PYTHON_VERSION/Python.h
+            then
+                PYTHON_INCLUDES=-I`$as_dirname $PYTHON`/../include/python$PYTHON_VERSION
+            elif test -r $PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION/Python.h
+             then
+-                PYTHON_INCLUDES=`$PYTHON_CONFIG --includes`
+                PYTHON_INCLUDES=-I$PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION
+             else
+-                if test -r $PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION/Python.h
+                if test -r $prefix/include/python$PYTHON_VERSION/Python.h
+                 then
+-                    PYTHON_INCLUDES=-I$PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION
+                    PYTHON_INCLUDES=-I$prefix/include/python$PYTHON_VERSION
+                 else
+-                    if test -r $prefix/include/python$PYTHON_VERSION/Python.h
+                    if test -r /usr/include/python$PYTHON_VERSION/Python.h
+                     then
+-                        PYTHON_INCLUDES=-I$prefix/include/python$PYTHON_VERSION
+                        PYTHON_INCLUDES=-I/usr/include/python$PYTHON_VERSION
+                     else
+-                        if test -r /usr/include/python$PYTHON_VERSION/Python.h
+-                        then
+-                            PYTHON_INCLUDES=-I/usr/include/python$PYTHON_VERSION
+-                        else
+-                            AC_MSG_ERROR([You must install python-devel to build Python bindings])
+-                        fi
+                        AC_MSG_ERROR([You must install python-devel to build Python bindings])
+                     fi
+                 fi
+             fi
author	Raymond Danks <ray.danks@se-eng.com>	2012-06-21 15:32:51 -0600
committer	Raymond Danks <ray.danks@se-eng.com>	2012-06-21 15:32:51 -0600
commit	8378d87ced87d96a16177ee7fe97c3868532f78b (patch)
tree	5c225cd1e9b3bde410232ce710b1af7ff8c6779f /recipes-extended/libvirt/libvirt
parent	20ba217312d37166d86d9562bcf5a7df9a9da05f (diff)
download	meta-virtualization-8378d87ced87d96a16177ee7fe97c3868532f78b.tar.gz

diff --git a/recipes-extended/libvirt/libvirt/libvirtd.conf b/recipes-extended/libvirt/libvirt/libvirtd.conf new file mode 100644 index 00000000..c0462b47 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/libvirtd.conf
@@ -0,0 +1,393 @@
	1	# Master libvirt daemon configuration file
	2	#
	3	# For further information consult http://libvirt.org/format.html
	4	#
	5	# NOTE: the tests/daemon-conf regression test script requires
	6	# that each "PARAMETER = VALUE" line in this file have the parameter
	7	# name just after a leading "#".
	8
	9	#################################################################
	10	#
	11	# Network connectivity controls
	12	#
	13
	14	# Flag listening for secure TLS connections on the public TCP/IP port.
	15	# NB, must pass the --listen flag to the libvirtd process for this to
	16	# have any effect.
	17	#
	18	# It is necessary to setup a CA and issue server certificates before
	19	# using this capability.
	20	#
	21	# This is enabled by default, uncomment this to disable it
	22	listen_tls = 0
	23
	24	# Listen for unencrypted TCP connections on the public TCP/IP port.
	25	# NB, must pass the --listen flag to the libvirtd process for this to
	26	# have any effect.
	27	#
	28	# Using the TCP socket requires SASL authentication by default. Only
	29	# SASL mechanisms which support data encryption are allowed. This is
	30	# DIGEST_MD5 and GSSAPI (Kerberos5)
	31	#
	32	# This is disabled by default, uncomment this to enable it.
	33	listen_tcp = 1
	34
	35
	36
	37	# Override the port for accepting secure TLS connections
	38	# This can be a port number, or service name
	39	#
	40	#tls_port = "16514"
	41
	42	# Override the port for accepting insecure TCP connections
	43	# This can be a port number, or service name
	44	#
	45	#tcp_port = "16509"
	46
	47
	48	# Override the default configuration which binds to all network
	49	# interfaces. This can be a numeric IPv4/6 address, or hostname
	50	#
	51	#listen_addr = "192.168.0.1"
	52
	53
	54	# Flag toggling mDNS advertizement of the libvirt service.
	55	#
	56	# Alternatively can disable for all services on a host by
	57	# stopping the Avahi daemon
	58	#
	59	# This is enabled by default, uncomment this to disable it
	60	#mdns_adv = 0
	61
	62	# Override the default mDNS advertizement name. This must be
	63	# unique on the immediate broadcast network.
	64	#
	65	# The default is "Virtualization Host HOSTNAME", where HOSTNAME
	66	# is subsituted for the short hostname of the machine (without domain)
	67	#
	68	#mdns_name = "Virtualization Host Joe Demo"
	69
	70
	71	#################################################################
	72	#
	73	# UNIX socket access controls
	74	#
	75
	76	# Set the UNIX domain socket group ownership. This can be used to
	77	# allow a 'trusted' set of users access to management capabilities
	78	# without becoming root.
	79	#
	80	# This is restricted to 'root' by default.
	81	#unix_sock_group = "libvirt"
	82
	83	# Set the UNIX socket permissions for the R/O socket. This is used
	84	# for monitoring VM status only
	85	#
	86	# Default allows any user. If setting group ownership may want to
	87	# restrict this to:
	88	#unix_sock_ro_perms = "0777"
	89
	90	# Set the UNIX socket permissions for the R/W socket. This is used
	91	# for full management of VMs
	92	#
	93	# Default allows only root. If PolicyKit is enabled on the socket,
	94	# the default will change to allow everyone (eg, 0777)
	95	#
	96	# If not using PolicyKit and setting group ownership for access
	97	# control then you may want to relax this to:
	98	#unix_sock_rw_perms = "0770"
	99
	100	# Set the name of the directory in which sockets will be found/created.
	101	#unix_sock_dir = "/var/run/libvirt"
	102
	103	#################################################################
	104	#
	105	# Authentication.
	106	#
	107	# - none: do not perform auth checks. If you can connect to the
	108	# socket you are allowed. This is suitable if there are
	109	# restrictions on connecting to the socket (eg, UNIX
	110	# socket permissions), or if there is a lower layer in
	111	# the network providing auth (eg, TLS/x509 certificates)
	112	#
	113	# - sasl: use SASL infrastructure. The actual auth scheme is then
	114	# controlled from /etc/sasl2/libvirt.conf. For the TCP
	115	# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
	116	# For non-TCP or TLS sockets, any scheme is allowed.
	117	#
	118	# - polkit: use PolicyKit to authenticate. This is only suitable
	119	# for use on the UNIX sockets. The default policy will
	120	# require a user to supply their own password to gain
	121	# full read/write access (aka sudo like), while anyone
	122	# is allowed read/only access.
	123	#
	124	# Set an authentication scheme for UNIX read-only sockets
	125	# By default socket permissions allow anyone to connect
	126	#
	127	# To restrict monitoring of domains you may wish to enable
	128	# an authentication mechanism here
	129	#auth_unix_ro = "none"
	130
	131	# Set an authentication scheme for UNIX read-write sockets
	132	# By default socket permissions only allow root. If PolicyKit
	133	# support was compiled into libvirt, the default will be to
	134	# use 'polkit' auth.
	135	#
	136	# If the unix_sock_rw_perms are changed you may wish to enable
	137	# an authentication mechanism here
	138	#auth_unix_rw = "none"
	139
	140	# Change the authentication scheme for TCP sockets.
	141	#
	142	# If you don't enable SASL, then all TCP traffic is cleartext.
	143	# Don't do this outside of a dev/test scenario. For real world
	144	# use, always enable SASL and use the GSSAPI or DIGEST-MD5
	145	# mechanism in /etc/sasl2/libvirt.conf
	146	#auth_tcp = "sasl"
	147
	148	# Change the authentication scheme for TLS sockets.
	149	#
	150	# TLS sockets already have encryption provided by the TLS
	151	# layer, and limited authentication is done by certificates
	152	#
	153	# It is possible to make use of any SASL authentication
	154	# mechanism as well, by using 'sasl' for this option
	155	#auth_tls = "none"
	156
	157
	158
	159	#################################################################
	160	#
	161	# TLS x509 certificate configuration
	162	#
	163
	164
	165	# Override the default server key file path
	166	#
	167	#key_file = "/etc/pki/libvirt/private/serverkey.pem"
	168
	169	# Override the default server certificate file path
	170	#
	171	#cert_file = "/etc/pki/libvirt/servercert.pem"
	172
	173	# Override the default CA certificate path
	174	#
	175	#ca_file = "/etc/pki/CA/cacert.pem"
	176
	177	# Specify a certificate revocation list.
	178	#
	179	# Defaults to not using a CRL, uncomment to enable it
	180	#crl_file = "/etc/pki/CA/crl.pem"
	181
	182
	183
	184	#################################################################
	185	#
	186	# Authorization controls
	187	#
	188
	189
	190	# Flag to disable verification of our own server certificates
	191	#
	192	# When libvirtd starts it performs some sanity checks against
	193	# its own certificates.
	194	#
	195	# Default is to always run sanity checks. Uncommenting this
	196	# will disable sanity checks which is not a good idea
	197	#tls_no_sanity_certificate = 1
	198
	199	# Flag to disable verification of client certificates
	200	#
	201	# Client certificate verification is the primary authentication mechanism.
	202	# Any client which does not present a certificate signed by the CA
	203	# will be rejected.
	204	#
	205	# Default is to always verify. Uncommenting this will disable
	206	# verification - make sure an IP whitelist is set
	207	#tls_no_verify_certificate = 1
	208
	209
	210	# A whitelist of allowed x509 Distinguished Names
	211	# This list may contain wildcards such as
	212	#
	213	# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
	214	#
	215	# See the POSIX fnmatch function for the format of the wildcards.
	216	#
	217	# NB If this is an empty list, no client can connect, so comment out
	218	# entirely rather than using empty list to disable these checks
	219	#
	220	# By default, no DN's are checked
	221	#tls_allowed_dn_list = ["DN1", "DN2"]
	222
	223
	224	# A whitelist of allowed SASL usernames. The format for usernames
	225	# depends on the SASL authentication mechanism. Kerberos usernames
	226	# look like username@REALM
	227	#
	228	# This list may contain wildcards such as
	229	#
	230	# "*@EXAMPLE.COM"
	231	#
	232	# See the POSIX fnmatch function for the format of the wildcards.
	233	#
	234	# NB If this is an empty list, no client can connect, so comment out
	235	# entirely rather than using empty list to disable these checks
	236	#
	237	# By default, no Username's are checked
	238	#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
	239
	240
	241
	242	#################################################################
	243	#
	244	# Processing controls
	245	#
	246
	247	# The maximum number of concurrent client connections to allow
	248	# over all sockets combined.
	249	#max_clients = 20
	250
	251
	252	# The minimum limit sets the number of workers to start up
	253	# initially. If the number of active clients exceeds this,
	254	# then more threads are spawned, upto max_workers limit.
	255	# Typically you'd want max_workers to equal maximum number
	256	# of clients allowed
	257	#min_workers = 5
	258	#max_workers = 20
	259
	260
	261	# The number of priority workers. If all workers from above
	262	# pool will stuck, some calls marked as high priority
	263	# (notably domainDestroy) can be executed in this pool.
	264	#prio_workers = 5
	265
	266	# Total global limit on concurrent RPC calls. Should be
	267	# at least as large as max_workers. Beyond this, RPC requests
	268	# will be read into memory and queued. This directly impact
	269	# memory usage, currently each request requires 256 KB of
	270	# memory. So by default upto 5 MB of memory is used
	271	#
	272	# XXX this isn't actually enforced yet, only the per-client
	273	# limit is used so far
	274	#max_requests = 20
	275
	276	# Limit on concurrent requests from a single client
	277	# connection. To avoid one client monopolizing the server
	278	# this should be a small fraction of the global max_requests
	279	# and max_workers parameter
	280	#max_client_requests = 5
	281
	282	#################################################################
	283	#
	284	# Logging controls
	285	#
	286
	287	# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
	288	# basically 1 will log everything possible
	289	#log_level = 3
	290
	291	# Logging filters:
	292	# A filter allows to select a different logging level for a given category
	293	# of logs
	294	# The format for a filter is:
	295	# x:name
	296	# where name is a match string e.g. remote or qemu
	297	# the x prefix is the minimal level where matching messages should be logged
	298	# 1: DEBUG
	299	# 2: INFO
	300	# 3: WARNING
	301	# 4: ERROR
	302	#
	303	# Multiple filter can be defined in a single @filters, they just need to be
	304	# separated by spaces.
	305	#
	306	# e.g:
	307	# log_filters="3:remote 4:event"
	308	# to only get warning or errors from the remote layer and only errors from
	309	# the event layer.
	310
	311	# Logging outputs:
	312	# An output is one of the places to save logging information
	313	# The format for an output can be:
	314	# x:stderr
	315	# output goes to stderr
	316	# x:syslog:name
	317	# use syslog for the output and use the given name as the ident
	318	# x:file:file_path
	319	# output to a file, with the given filepath
	320	# In all case the x prefix is the minimal level, acting as a filter
	321	# 1: DEBUG
	322	# 2: INFO
	323	# 3: WARNING
	324	# 4: ERROR
	325	#
	326	# Multiple output can be defined, they just need to be separated by spaces.
	327	# e.g.:
	328	# log_outputs="3:syslog:libvirtd"
	329	# to log all warnings and errors to syslog under the libvirtd ident
	330
	331	# Log debug buffer size: default 64
	332	# The daemon keeps an internal debug log buffer which will be dumped in case
	333	# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
	334	# the default buffer size in kilobytes.
	335	# If value is 0 or less the debug log buffer is deactivated
	336	#log_buffer_size = 64
	337
	338
	339	##################################################################
	340	#
	341	# Auditing
	342	#
	343	# This setting allows usage of the auditing subsystem to be altered:
	344	#
	345	# audit_level == 0 -> disable all auditing
	346	# audit_level == 1 -> enable auditing, only if enabled on host (default)
	347	# audit_level == 2 -> enable auditing, and exit if disabled on host
	348	#
	349	#audit_level = 2
	350	#
	351	# If set to 1, then audit messages will also be sent
	352	# via libvirt logging infrastructure. Defaults to 0
	353	#
	354	#audit_logging = 1
	355
	356	###################################################################
	357	# UUID of the host:
	358	# Provide the UUID of the host here in case the command
	359	# 'dmidecode -s system-uuid' does not provide a valid uuid. In case
	360	# 'dmidecode' does not provide a valid UUID and none is provided here, a
	361	# temporary UUID will be generated.
	362	# Keep the format of the example UUID below. UUID must not have all digits
	363	# be the same.
	364
	365	# NB This default all-zeros UUID will not work. Replace
	366	# it with the output of the 'uuidgen' command and then
	367	# uncomment this entry
	368	#host_uuid = "00000000-0000-0000-0000-000000000000"
	369
	370	###################################################################
	371	# Keepalive protocol:
	372	# This allows libvirtd to detect broken client connections or even
	373	# dead client. A keepalive message is sent to a client after
	374	# keepalive_interval seconds of inactivity to check if the client is
	375	# still responding; keepalive_count is a maximum number of keepalive
	376	# messages that are allowed to be sent to the client without getting
	377	# any response before the connection is considered broken. In other
	378	# words, the connection is automatically closed approximately after
	379	# keepalive_interval * (keepalive_count + 1) seconds since the last
	380	# message received from the client. If keepalive_interval is set to
	381	# -1, libvirtd will never send keepalive requests; however clients
	382	# can still send them and the deamon will send responses. When
	383	# keepalive_count is set to 0, connections will be automatically
	384	# closed after keepalive_interval seconds of inactivity without
	385	# sending any keepalive messages.
	386	#
	387	#keepalive_interval = 5
	388	#keepalive_count = 5
	389	#
	390	# If set to 1, libvirtd will refuse to talk to clients that do not
	391	# support keepalive protocol. Defaults to 0.
	392	#
	393	#keepalive_required = 1


diff --git a/recipes-extended/libvirt/libvirt/libvirtd.sh b/recipes-extended/libvirt/libvirt/libvirtd.sh new file mode 100755 index 00000000..89b81d89 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/libvirtd.sh
@@ -0,0 +1,100 @@
	1	#!/bin/sh
	2	### BEGIN INIT INFO
	3	# Provides: libvirtd
	4	# Required-Start: $local_fs $network dbus
	5	# Required-Stop: $local_fs $network dbus
	6	# Default-Start: 2 3 4 5
	7	# Default-Stop: 0 1 6
	8	### END INIT INFO
	9
	10	if [ -f /lib/lsb/init-functions ]
	11	then
	12	. /lib/lsb/init-functions
	13	else
	14	# int log_begin_message (char *message)
	15	log_begin_msg () {
	16	if [ -z "$1" ]; then
	17	return 1
	18	fi
	19	echo " * $@"
	20	}
	21
	22	# int log_end_message (int exitstatus)
	23	log_end_msg () {
	24
	25	# If no arguments were passed, return
	26	[ -z "$1" ] && return 1
	27
	28	# Only do the fancy stuff if we have an appropriate terminal
	29	# and if /usr is already mounted
	30	TPUT=/usr/bin/tput
	31	EXPR=/usr/bin/expr
	32	if [ -x $TPUT ] && [ -x $EXPR ] && $TPUT hpa 60 >/dev/null 2>&1; then
	33	COLS=`$TPUT cols`
	34	if [ -n "$COLS" ]; then
	35	COL=`$EXPR $COLS - 7`
	36	else
	37	COL=73
	38	fi
	39	UP=`$TPUT cuu1`
	40	END=`$TPUT hpa $COL`
	41	START=`$TPUT hpa 0`
	42	RED=`$TPUT setaf 1`
	43	NORMAL=`$TPUT op`
	44	if [ $1 -eq 0 ]; then
	45	echo "$UP$END[ ok ]"
	46	else
	47	echo -e "$UP$START $RED*$NORMAL$END[${RED}fail${NORMAL}]"
	48	fi
	49	else
	50	if [ $1 -eq 0 ]; then
	51	echo " ...done."
	52	else
	53	echo " ...fail!"
	54	fi
	55	fi
	56	return $1
	57	}
	58
	59	log_warning_msg () {
	60	if log_use_fancy_output; then
	61	YELLOW=`$TPUT setaf 3`
	62	NORMAL=`$TPUT op`
	63	echo "$YELLOW*$NORMAL $@"
	64	else
	65	echo "$@"
	66	fi
	67	}
	68
	69	fi
	70
	71	case "$1" in
	72	start)
	73	if [ -e /var/run/libvirtd.pid ]; then
	74	if [ -d /proc/$(cat /var/run/libvirtd.pid) ]; then
	75	echo "virtualization library already started; not starting."
	76	else
	77	echo "Removing stale PID file /var/run/libvirtd.pid."
	78	rm -f /var/run/libvirtd.pid
	79	fi
	80	fi
	81	log_begin_msg "Starting virtualization library daemon: libvirtd"
	82	start-stop-daemon --start --quiet --pidfile /var/run/libvirtd.pid --exec /usr/sbin/libvirtd -- --daemon --listen
	83	log_end_msg $?
	84	;;
	85	stop)
	86	log_begin_msg "Stopping virtualization library daemon: libvirtd"
	87	start-stop-daemon --stop --quiet --retry 3 --exec /usr/sbin/libvirtd --pidfile /var/run/libvirtd.pid
	88	log_end_msg $?
	89	rm -f /var/run/libvirtd.pid
	90	;;
	91	restart)
	92	$0 stop
	93	sleep 1
	94	$0 start
	95	;;
	96	*)
	97	echo "Usage: $0 {start\|stop\|restart}"
	98	exit 1
	99	;;
	100	esac


diff --git a/recipes-extended/libvirt/libvirt/oe_PYTHON_INCLUDES.patch b/recipes-extended/libvirt/libvirt/oe_PYTHON_INCLUDES.patch new file mode 100644 index 00000000..a4913ba3 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/oe_PYTHON_INCLUDES.patch
@@ -0,0 +1,39 @@
	1	--- libvirt-0.9.10/configure.ac.sav 2012-03-14 15:03:11.042785629 -0600
	2	+++ libvirt-0.9.10/configure.ac 2012-03-14 15:17:13.722309867 -0600
	3	@@ -2052,26 +2052,22 @@
	4	AM_PATH_PYTHON(,, [:])
	5
	6	if test "$PYTHON" != : ; then
	7	- PYTHON_CONFIG="$PYTHON-config"
	8	-
	9	- if test -x "$PYTHON_CONFIG"
	10	+ if test -r `$as_dirname $PYTHON`/../include/python$PYTHON_VERSION/Python.h
	11	+ then
	12	+ PYTHON_INCLUDES=-I`$as_dirname $PYTHON`/../include/python$PYTHON_VERSION
	13	+ elif test -r $PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION/Python.h
	14	then
	15	- PYTHON_INCLUDES=`$PYTHON_CONFIG --includes`
	16	+ PYTHON_INCLUDES=-I$PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION
	17	else
	18	- if test -r $PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION/Python.h
	19	+ if test -r $prefix/include/python$PYTHON_VERSION/Python.h
	20	then
	21	- PYTHON_INCLUDES=-I$PYTHON_EXEC_PREFIX/include/python$PYTHON_VERSION
	22	+ PYTHON_INCLUDES=-I$prefix/include/python$PYTHON_VERSION
	23	else
	24	- if test -r $prefix/include/python$PYTHON_VERSION/Python.h
	25	+ if test -r /usr/include/python$PYTHON_VERSION/Python.h
	26	then
	27	- PYTHON_INCLUDES=-I$prefix/include/python$PYTHON_VERSION
	28	+ PYTHON_INCLUDES=-I/usr/include/python$PYTHON_VERSION
	29	else
	30	- if test -r /usr/include/python$PYTHON_VERSION/Python.h
	31	- then
	32	- PYTHON_INCLUDES=-I/usr/include/python$PYTHON_VERSION
	33	- else
	34	- AC_MSG_ERROR([You must install python-devel to build Python bindings])
	35	- fi
	36	+ AC_MSG_ERROR([You must install python-devel to build Python bindings])
	37	fi
	38	fi
	39	fi