From 9f5b4b1f62aa10591f31d481bcd0f0b1db802bc8 Mon Sep 17 00:00:00 2001 From: David Weber Date: Mon, 19 Aug 2013 12:38:23 +0100 Subject: [PATCH] Make max_clients in virtlockd configurable Each new VM requires a new connection from libvirtd to virtlockd. The default max clients limit in virtlockd of 20 is thus woefully insufficient. virtlockd sockets are only accessible to matching users, so there is no security need for such a tight limit. Make it configurable and default to 1024. Signed-off-by: Daniel P. Berrange --- src/locking/lock_daemon.c | 6 +++--- src/locking/lock_daemon_config.c | 2 ++ src/locking/lock_daemon_config.h | 1 + src/locking/virtlockd.aug | 1 + src/locking/virtlockd.conf | 7 +++++++ 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c index 77d6e0d85e..5f675ef727 100644 --- a/src/locking/lock_daemon.c +++ b/src/locking/lock_daemon.c @@ -128,7 +128,7 @@ static void virLockDaemonLockSpaceDataFree(void *data, } static virLockDaemonPtr -virLockDaemonNew(bool privileged) +virLockDaemonNew(virLockDaemonConfigPtr config, bool privileged) { virLockDaemonPtr lockd; @@ -142,7 +142,7 @@ virLockDaemonNew(bool privileged) return NULL; } - if (!(lockd->srv = virNetServerNew(1, 1, 0, 20, + if (!(lockd->srv = virNetServerNew(1, 1, 0, config->max_clients, -1, 0, false, NULL, virLockDaemonClientNew, @@ -1335,7 +1335,7 @@ int main(int argc, char **argv) { /* rv == 1, means we setup everything from saved state, * so we only setup stuff from scratch if rv == 0 */ if (rv == 0) { - if (!(lockDaemon = virLockDaemonNew(privileged))) { + if (!(lockDaemon = virLockDaemonNew(config, privileged))) { ret = VIR_LOCK_DAEMON_ERR_INIT; goto cleanup; } diff --git a/src/locking/lock_daemon_config.c b/src/locking/lock_daemon_config.c index 88c4150efa..8e632f58bd 100644 --- a/src/locking/lock_daemon_config.c +++ b/src/locking/lock_daemon_config.c @@ -114,6 +114,7 @@ virLockDaemonConfigNew(bool privileged ATTRIBUTE_UNUSED) return NULL; data->log_buffer_size = 64; + data->max_clients = 1024; return data; } @@ -139,6 +140,7 @@ virLockDaemonConfigLoadOptions(virLockDaemonConfigPtr data, GET_CONF_STR(conf, filename, log_filters); GET_CONF_STR(conf, filename, log_outputs); GET_CONF_INT(conf, filename, log_buffer_size); + GET_CONF_INT(conf, filename, max_clients); return 0; diff --git a/src/locking/lock_daemon_config.h b/src/locking/lock_daemon_config.h index 8cb0e5d568..e75d4a9ed3 100644 --- a/src/locking/lock_daemon_config.h +++ b/src/locking/lock_daemon_config.h @@ -34,6 +34,7 @@ struct _virLockDaemonConfig { char *log_filters; char *log_outputs; int log_buffer_size; + int max_clients; }; diff --git a/src/locking/virtlockd.aug b/src/locking/virtlockd.aug index 9d20e72a5d..d0b56c2caf 100644 --- a/src/locking/virtlockd.aug +++ b/src/locking/virtlockd.aug @@ -28,6 +28,7 @@ module Libvirtd = | str_entry "log_filters" | str_entry "log_outputs" | int_entry "log_buffer_size" + | int_entry "max_clients" (* Each enty in the config is one of the following three ... *) let entry = logging_entry diff --git a/src/locking/virtlockd.conf b/src/locking/virtlockd.conf index b6450b42ae..652e15604d 100644 --- a/src/locking/virtlockd.conf +++ b/src/locking/virtlockd.conf @@ -58,3 +58,10 @@ # the default buffer size in kilobytes. # If value is 0 or less the debug log buffer is deactivated #log_buffer_size = 64 + +# The maximum number of concurrent client connections to allow +# over all sockets combined. +# Each running virtual machine will require one open connection +# to virtlockd. So 'max_clients' will affect how many VMs can +# be run on a host +#max_clients = 1024