maybe chmod 0644 './colordiffrc'
maybe chmod 0644 './colordiffrc-lightbg'
maybe chmod 0755 './conf.d'
+maybe chmod 0644 './conf.d/._cfg0000_libvirtd'
maybe chmod 0644 './conf.d/acpid'
maybe chmod 0644 './conf.d/alsasound'
maybe chmod 0644 './conf.d/apache2'
maybe chmod 0644 './imlib/im_palette.pal'
maybe chmod 0644 './imlib/imrc'
maybe chmod 0755 './init.d'
+maybe chmod 0755 './init.d/._cfg0000_libvirtd'
maybe chmod 0755 './init.d/NetworkManager'
maybe chmod 0755 './init.d/acpid'
maybe chmod 0755 './init.d/aiccu'
maybe chmod 0644 './lftp/lftp.conf'
maybe chmod 0640 './libaudit.conf'
maybe chmod 0755 './libvirt'
+maybe chmod 0644 './libvirt/._cfg0000_lxc.conf'
maybe chmod 0644 './libvirt/libvirt.conf'
maybe chmod 0644 './libvirt/libvirtd.conf'
maybe chmod 0644 './libvirt/lxc.conf'
maybe chmod 0755 './libvirt/nwfilter'
+maybe chmod 0644 './libvirt/nwfilter/._cfg0000_no-ip-spoofing.xml'
maybe chmod 0644 './libvirt/nwfilter/allow-arp.xml'
maybe chmod 0644 './libvirt/nwfilter/allow-dhcp-server.xml'
maybe chmod 0644 './libvirt/nwfilter/allow-dhcp.xml'
maybe chmod 0644 './sysctl.conf'
maybe chmod 0755 './sysctl.d'
maybe chmod 0644 './sysctl.d/libvirtd'
+maybe chmod 0644 './sysctl.d/libvirtd.conf'
maybe chmod 0755 './syslog-ng'
maybe chmod 0644 './syslog-ng/modules.conf'
maybe chmod 0755 './syslog-ng/patterndb.d'
--- /dev/null
+# /etc/conf.d/libvirtd
+
+# LIBVIRTD_OPTS
+# You may want to add '--listen' to have libvirtd listen for tcp/ip connections
+# if you want to use libvirt for remote control
+# Please consult 'libvirtd --help' for more options
+#LIBVIRTD_OPTS="--listen"
+
+# LIBVIRTD_KVM_SHUTDOWN
+# Valid options:
+# * shutdown - Sends an ACPI shutdown (think when you tap the power button
+# on your machine and it begins a graceful shutdown). If your
+# VM ignores this, it will have the power yanked out from under
+# it in LIBVIRTD_KVM_SHUTDOWN_MAXWAIT seconds.
+# * managedsave - Performs a state save external to the VM. qemu-kvm will stop
+# stop the CPU and save off all state to a separate file. When
+# the machine is started again, it will resume like nothing ever
+# happened. This is guarenteed to always successfully stop your
+# machine and restart it. However it may take some time to finish.
+# * none - No attempts will be made to stop any VMs. If you are restarting your
+# machine the qemu-kvm process will be simply killed, which may result
+# in your VMs having disk corruption.
+LIBVIRTD_KVM_SHUTDOWN="managedsave"
+
+# LIBVIRTD_KVM_SHUTDOWN_MAXWAIT
+# Timeout in seconds until stopping libvirtd and "pulling the plug" on the
+# remaining VM's still in a running state
+#LIBVIRTD_KVM_SHUTDOWN_MAXWAIT="500"
+
+# LIBVIRTD_KVM_NET_SHUTDOWN
+# If libvirtd created networks for you (e.g. NATed networks) then this init
+# script will shut them down for you if this is set to 'yes'. Otherwise,
+# the networks will be left running once libvirt is shutdown. For this
+# option to be useful you must have enabled the 'virt-network' USE flag and
+# have had libvirt create a NATed network for you.
+# Valid values: 'yes' or 'no'
+#LIBVIRTD_KVM_NET_SHUTDOWN="yes"
--- /dev/null
+#!/sbin/runscript
+
+description="Virtual Machine Management daemon (libvirt)"
+extra_started_commands="reload"
+extra_stopped_commands="halt"
+description_halt="Stops the libvirt daemon without stopping your VMs"
+description_reload="Restarts the libvirt daemon without stopping your VMs"
+
+depend() {
+ need net
+ after ntp-client ntpd nfs iscsid nfsmount portmap rpc.statd iptables ip6tables ebtables ceph corosync sanlock cgconfig
+}
+
+libvirtd_virsh() {
+ local mode=$1
+ shift
+
+ # Silence errors because virsh always throws an error about
+ # not finding the hypervisor version when connecting to libvirtd
+ LC_ALL=C virsh -c ${mode}:///system "$@" 2>/dev/null
+}
+
+libvirtd_dom_list() {
+ # Make sure that it wouldn't be confused if the domain name
+ # contains the word running.
+ libvirtd_virsh $1 list | awk '$3 == "running" { print $1 }'
+}
+
+libvirtd_dom_count() {
+ # Make sure that it wouldn't be confused if the domain name
+ # contains the word running.
+ libvirtd_virsh $1 list | awk 'BEGIN { count = 0 } \
+ $3 == "running" { count++ } \
+ END { print count }'
+}
+
+libvirtd_net_list() {
+ # The purpose of the awk is to avoid networks with 'active' in the name
+ libvirtd_virsh $1 net-list | awk '$2 == "active" { print $1 }'
+}
+
+libvirtd_net_count() {
+ # The purpose of the awk is to avoid networks with 'active' in the name
+ libvirtd_virsh $1 net-list | awk 'BEGIN { count = 0 } \
+ $2 == "active" { count++ } \
+ END { print count }'
+}
+
+
+start() {
+ ebegin "Starting libvirtd"
+ start-stop-daemon --start \
+ --env KRB5_KTNAME=/etc/libvirt/krb5.tab \
+ --exec /usr/sbin/libvirtd -- -d ${LIBVIRTD_OPTS}
+ eend $?
+}
+
+stop() {
+ local counter=
+ local vm_name=
+ local net_name=
+ local dom_id=
+
+ ebegin "Stopping libvirtd"
+ # try to shutdown all (KVM/Qemu) domains
+ if [ "${LIBVIRTD_KVM_SHUTDOWN}" != "none" ] \
+ && [ "$(libvirtd_dom_count qemu)" != "0" ] ; then
+
+ einfo " Shutting down domain(s):"
+ for dom_id in $(libvirtd_dom_list qemu) ; do
+ vm_name="$(libvirtd_virsh qemu domname ${dom_id} | head -n 1)"
+ einfo " ${vm_name}"
+ libvirtd_virsh qemu ${LIBVIRTD_KVM_SHUTDOWN} ${dom_id} > /dev/null
+ done
+
+ if [ -n "${LIBVIRTD_KVM_SHUTDOWN_MAXWAIT}" ] ; then
+ counter="${LIBVIRTD_KVM_SHUTDOWN_MAXWAIT}"
+ else
+ counter=500
+ fi
+
+ if [ "${LIBVIRTD_KVM_SHUTDOWN}" = "shutdown" ]; then
+ einfo " Waiting ${counter} seconds while domains shutdown ..."
+ DOM_COUNT="$(libvirtd_dom_count qemu)"
+ while [ ${DOM_COUNT} -gt 0 ] && [ ${counter} -gt 0 ] ; do
+ DOM_COUNT="$(libvirtd_dom_count qemu)"
+ sleep 1
+ counter=$((${counter} - 1))
+ echo -n "."
+ done
+ fi
+
+ if [ "$(libvirtd_dom_count qemu)" != "0" ] ; then
+ eerror " !!! Some guests are still running, stopping anyway"
+ fi
+
+ fi
+
+ if [ "${LIBVIRTD_KVM_NET_SHUTDOWN}" != "no" ] \
+ && [ "$(libvirtd_net_count qemu)" != "0" ]; then
+
+ einfo " Shutting down network(s):"
+ for net_name in $(libvirtd_net_list qemu); do
+ einfo " ${net_name}"
+ libvirtd_virsh qemu net-destroy ${net_name} > /dev/null
+ done
+
+ if [ "$(libvirtd_net_count qemu)" != "0" ]; then
+ eerror " !!! Some networks are still active, stopping anyway"
+ fi
+ fi
+
+ # Now actually stop the daemon
+ start-stop-daemon --stop --quiet --exec \
+ /usr/sbin/libvirtd --pidfile=/var/run/libvirtd.pid
+ eend $?
+}
+
+halt() {
+ ebegin "Stopping libvirtd without shutting down your VMs"
+ start-stop-daemon --stop --quiet --exec \
+ /usr/sbin/libvirtd --pidfile=/var/run/libvirtd.pid
+ eend $?
+}
+
+reload() {
+ halt
+ start
+}
--- /dev/null
+# Master configuration file for the LXC driver.
+# All settings described here are optional - if omitted, sensible
+# defaults are used.
+
+# By default, log messages generated by the lxc controller go to the
+# container logfile. It is also possible to accumulate log messages
+# from all lxc controllers along with libvirtd's log outputs. In this
+# case, the lxc controller will honor either LIBVIRT_LOG_OUTPUTS or
+# log_outputs from libvirtd.conf.
+#
+# This is disabled by default, uncomment below to enable it.
+#
+# log_with_libvirtd = 1
+
+
+# The default security driver is SELinux. If SELinux is disabled
+# on the host, then the security driver will automatically disable
+# itself. If you wish to disable QEMU SELinux security driver while
+# leaving SELinux enabled for the host in general, then set this
+# to 'none' instead.
+#
+# security_driver = "selinux"
+
+# If set to non-zero, then the default security labeling
+# will make guests confined. If set to zero, then guests
+# will be unconfined by default. Defaults to 0.
+# security_default_confined = 1
+
+# If set to non-zero, then attempts to create unconfined
+# guests will be blocked. Defaults to 0.
+# security_require_confined = 1
--- /dev/null
+<filter name='no-ip-spoofing' chain='ipv4-ip' priority='-710'>
+ <!-- allow UDP sent from 0.0.0.0 (DHCP); filter more exact later -->
+ <rule action='return' direction='out' priority='100'>
+ <ip srcipaddr='0.0.0.0' protocol='udp'/>
+ </rule>
+
+ <!-- allow all known IP addresses -->
+ <rule direction='out' action='return' priority='500'>
+ <ip srcipaddr='$IP'/>
+ </rule>
+
+ <!-- drop everything else -->
+ <rule direction='out' action='drop' priority='1000'/>
+</filter>
--- /dev/null
+# The kernel allocates aio memory on demand, and this number limits the
+# number of parallel aio requests; the only drawback of a larger limit is
+# that a malicious guest could issue parallel requests to cause the kernel
+# to set aside memory. Set this number at least as large as
+# 128 * (number of virtual disks on the host)
+# Libvirt uses a default of 1M requests to allow 8k disks, with at most
+# 64M of kernel memory if all disks hit an aio request at the same time.
+fs.aio-max-nr = 1048576
projects / config / samara / etc.git / commitdiff